[Sync] Implement encryption-aware conflict resolution.

chrome/browser/sync/engine/syncer_util.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/sync/engine/syncer_util.h"
 
 #include <algorithm>
 #include <set>
 #include <string>
 #include <vector>
 
 #include "base/location.h"
+#include "base/metrics/histogram.h"
 #include "chrome/browser/sync/engine/conflict_resolver.h"
 #include "chrome/browser/sync/engine/nigori_util.h"
 #include "chrome/browser/sync/engine/syncer_proto_util.h"
 #include "chrome/browser/sync/engine/syncer_types.h"
 #include "chrome/browser/sync/engine/syncproto.h"
 #include "chrome/browser/sync/protocol/bookmark_specifics.pb.h"
 #include "chrome/browser/sync/protocol/nigori_specifics.pb.h"
 #include "chrome/browser/sync/protocol/password_specifics.pb.h"
 #include "chrome/browser/sync/protocol/sync.pb.h"
 #include "chrome/browser/sync/syncable/directory_manager.h"
 #include "chrome/browser/sync/syncable/model_type.h"
 #include "chrome/browser/sync/syncable/syncable.h"
 #include "chrome/browser/sync/syncable/syncable_changes_version.h"
+#include "chrome/browser/sync/util/cryptographer.h"
 #include "chrome/browser/sync/util/time.h"
 
 using syncable::BASE_VERSION;
 using syncable::Blob;
 using syncable::CHANGES_VERSION;
 using syncable::CREATE;
 using syncable::CREATE_NEW_UPDATE_ITEM;
 using syncable::CTIME;
 using syncable::Directory;
 using syncable::Entry;
+using syncable::GetModelTypeFromSpecifics;
 using syncable::GET_BY_HANDLE;
 using syncable::GET_BY_ID;
 using syncable::ID;
 using syncable::IS_DEL;
 using syncable::IS_DIR;
 using syncable::IS_UNAPPLIED_UPDATE;
 using syncable::IS_UNSYNCED;
 using syncable::Id;
+using syncable::IsRealDataType;
 using syncable::META_HANDLE;
 using syncable::MTIME;
 using syncable::MutableEntry;
 using syncable::NEXT_ID;
 using syncable::NON_UNIQUE_NAME;
+using syncable::PREV_SERVER_SPECIFICS;
 using syncable::PARENT_ID;
 using syncable::PREV_ID;
 using syncable::ReadTransaction;
 using syncable::SERVER_CTIME;
 using syncable::SERVER_IS_DEL;
 using syncable::SERVER_IS_DIR;
 using syncable::SERVER_MTIME;
 using syncable::SERVER_NON_UNIQUE_NAME;
 using syncable::SERVER_PARENT_ID;
 using syncable::SERVER_POSITION_IN_PARENT;
@@ skipping 233 matching lines @@
       // so as soon as a client is restarted with this datatype encrypted, all
       // the data should be updated as necessary.
 
       // If this fails, something is wrong with the cryptographer, but there's
       // nothing we can do about it here.
       syncable::ProcessUnsyncedChangesForEncryption(trans,
                                                     cryptographer);
     }
   }
 
+  // Only apply updates that we can decrypt. If we can't decrypt the update, it
+  // is likely because the passphrase has not arrived yet. Because the
+  // passphrase may not arrive within this GetUpdates, we can't just return
+  // conflict, else we try to perform normal conflict resolution prematurely or
+  // the syncer may get stuck. As such, we return CONFLICT_ENCRYPTION, which is
+  // treated as a non-blocking conflict. See the description in syncer_types.h.
+  // This prevents any unsynced changes from commiting and postpones conflict
+  // resolution until all data can be decrypted.
+  if (specifics.has_encrypted() &&
+      !cryptographer->CanDecrypt(specifics.encrypted())) {
+    // We can't decrypt this node yet.
+    DVLOG(1) << "Received an undecryptable "
+             << syncable::ModelTypeToString(entry->GetServerModelType())
+             << " update, returning encryption_conflict.";
+    return CONFLICT_ENCRYPTION;
+  } else if (specifics.HasExtension(sync_pb::password) &&
+             entry->Get(UNIQUE_SERVER_TAG).empty()) {
+    // Passwords use their own legacy encryption scheme.
+    const sync_pb::PasswordSpecifics& password =
+        specifics.GetExtension(sync_pb::password);
+    if (!cryptographer->CanDecrypt(password.encrypted())) {
+      DVLOG(1) << "Received an undecryptable password update, returning "
+               << "encryption_conflict.";
+      return CONFLICT_ENCRYPTION;
+    }
+  }
+
   if (entry->Get(IS_UNSYNCED)) {
     DVLOG(1) << "Skipping update, returning conflict for: " << id
              << " ; it's unsynced.";
     return CONFLICT;
   }
   if (!entry->Get(SERVER_IS_DEL)) {
     syncable::Id new_parent = entry->Get(SERVER_PARENT_ID);
     Entry parent(trans, GET_BY_ID,  new_parent);
     // A note on non-directory parents:
     // We catch most unfixable tree invariant errors at update receipt time,
@@ skipping 15 matching lines @@
     Directory::ChildHandles handles;
     trans->directory()->GetChildHandlesById(trans, id, &handles);
     if (!handles.empty()) {
       // If we have still-existing children, then we need to deal with
       // them before we can process this change.
       DVLOG(1) << "Not deleting directory; it's not empty " << *entry;
       return CONFLICT;
     }
   }
 
-  // Only apply updates that we can decrypt. If we can't decrypt the update, it
-  // is likely because the passphrase has not arrived yet. Because the
-  // passphrase may not arrive within this GetUpdates, we can't just return
-  // conflict, else the syncer gets stuck. As such, we return
-  // CONFLICT_ENCRYPTION, which is treated as a non-blocking conflict. See the
-  // description in syncer_types.h.
-  if (specifics.has_encrypted() &&
-      !cryptographer->CanDecrypt(specifics.encrypted())) {
-    // We can't decrypt this node yet.
-    DVLOG(1) << "Received an undecryptable "
+  if (specifics.has_encrypted()) {
+    DVLOG(2) << "Received a decryptable "
              << syncable::ModelTypeToString(entry->GetServerModelType())
-             << " update, returning encryption_conflict.";
-    return CONFLICT_ENCRYPTION;
-  } else if (specifics.HasExtension(sync_pb::password) &&
-             entry->Get(UNIQUE_SERVER_TAG).empty()) {
-    // Passwords use their own legacy encryption scheme.
-    const sync_pb::PasswordSpecifics& password =
-        specifics.GetExtension(sync_pb::password);
-    if (!cryptographer->CanDecrypt(password.encrypted())) {
-      DVLOG(1) << "Received an undecryptable password update, returning "
-               << "encryption_conflict.";
-      return CONFLICT_ENCRYPTION;
-    }
+             << " update, applying normally.";
   } else {
-    if (specifics.has_encrypted()) {
-      DVLOG(2) << "Received a decryptable "
-               << syncable::ModelTypeToString(entry->GetServerModelType())
-               << " update, applying normally.";
-    } else {
-      DVLOG(2) << "Received an unencrypted "
-               << syncable::ModelTypeToString(entry->GetServerModelType())
-               << " update, applying normally.";
-    }
+    DVLOG(2) << "Received an unencrypted "
+             << syncable::ModelTypeToString(entry->GetServerModelType())
+             << " update, applying normally.";
   }
 
   SyncerUtil::UpdateLocalDataFromServerData(trans, entry);
 
   return SUCCESS;
 }
 
 namespace {
 // Helper to synthesize a new-style sync_pb::EntitySpecifics for use locally,
 // when the server speaks only the old sync_pb::SyncEntity_BookmarkData-based
@@ skipping 86 matching lines @@
   // commit we don't apply it as time differences may occur.
   if (update.version() > target->Get(BASE_VERSION)) {
     target->Put(IS_UNAPPLIED_UPDATE, true);
   }
 }
 
 // Creates a new Entry iff no Entry exists with the given id.
 // static
 void SyncerUtil::CreateNewEntry(syncable::WriteTransaction *trans,
                                 const syncable::Id& id) {
-  syncable::MutableEntry entry(trans, syncable::GET_BY_ID, id);
+  syncable::MutableEntry entry(trans, GET_BY_ID, id);
   if (!entry.good()) {
     syncable::MutableEntry new_entry(trans, syncable::CREATE_NEW_UPDATE_ITEM,
                                      id);
   }
 }
 
 // static
 void SyncerUtil::SplitServerInformationIntoNewEntry(
     syncable::WriteTransaction* trans,
     syncable::MutableEntry* entry) {
@@ skipping 14 matching lines @@
 // static
 void SyncerUtil::UpdateLocalDataFromServerData(
     syncable::WriteTransaction* trans,
     syncable::MutableEntry* entry) {
   DCHECK(!entry->Get(IS_UNSYNCED));
   DCHECK(entry->Get(IS_UNAPPLIED_UPDATE));
 
   DVLOG(2) << "Updating entry : " << *entry;
   // Start by setting the properties that determine the model_type.
   entry->Put(SPECIFICS, entry->Get(SERVER_SPECIFICS));
+  // Clear the previous server specifics now that we're applying successfully.
+  entry->Put(PREV_SERVER_SPECIFICS, sync_pb::EntitySpecifics());
   entry->Put(IS_DIR, entry->Get(SERVER_IS_DIR));
   // This strange dance around the IS_DEL flag avoids problems when setting
   // the name.
   // TODO(chron): Is this still an issue? Unit test this codepath.
   if (entry->Get(SERVER_IS_DEL)) {
     entry->Put(IS_DEL, true);
   } else {
     entry->Put(NON_UNIQUE_NAME, entry->Get(SERVER_NON_UNIQUE_NAME));
     entry->Put(PARENT_ID, entry->Get(SERVER_PARENT_ID));
     CHECK(entry->Put(IS_DEL, false));
@@ skipping 239 matching lines @@
   if (update.version() < target->Get(SERVER_VERSION)) {
     LOG(WARNING) << "Update older than current server version for "
                  << *target << " Update:"
                  << SyncerProtoUtil::SyncEntityDebugString(update);
     return VERIFY_SUCCESS;  // Expected in new sync protocol.
   }
   return VERIFY_UNDECIDED;
 }
 
 }  // namespace browser_sync