Implement Mac Keychain migration algorithm.

chrome/browser/password_manager/password_store_mac.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/password_manager/password_store_mac.h"
 #include "chrome/browser/password_manager/password_store_mac_internal.h"
 
 #include <CoreServices/CoreServices.h>
 #include <set>
 #include <string>
 #include <utility>
 #include <vector>
 
 #include "base/callback.h"
 #include "base/logging.h"
 #include "base/mac/foundation_util.h"
 #include "base/mac/mac_logging.h"
 #include "base/message_loop/message_loop.h"
+#include "base/metrics/histogram_macros.h"
 #include "base/stl_util.h"
 #include "base/strings/string_util.h"
 #include "base/strings/utf_string_conversions.h"
 #include "chrome/browser/mac/security_wrappers.h"
+#include "components/os_crypt/os_crypt.h"
 #include "components/password_manager/core/browser/affiliation_utils.h"
 #include "components/password_manager/core/browser/login_database.h"
 #include "components/password_manager/core/browser/password_store_change.h"
 #include "content/public/browser/browser_thread.h"
 #include "crypto/apple_keychain.h"
 
 using autofill::PasswordForm;
 using crypto::AppleKeychain;
 using password_manager::PasswordStoreChange;
 using password_manager::PasswordStoreChangeList;
@@ skipping 395 matching lines @@
     // TODO(stuartmorgan): Handle proxies, which need a different signon_realm
     // format.
     form->signon_realm = form->origin.GetOrigin().spec();
     if (form->scheme != PasswordForm::SCHEME_HTML) {
       form->signon_realm.append(security_domain);
     }
   }
   return true;
 }
 
+bool HasChromeCreatorCode(const AppleKeychain& keychain,
+                          const SecKeychainItemRef& keychain_item) {
+  SecKeychainAttributeInfo attrInfo;
+  UInt32 tags[] = {kSecCreatorItemAttr};
+  attrInfo.count = arraysize(tags);
+  attrInfo.tag = tags;
+  attrInfo.format = NULL;
+
+  SecKeychainAttributeList* attrList;
+  UInt32 password_length;
+  OSStatus result = keychain.ItemCopyAttributesAndData(
+      keychain_item, &attrInfo, nullptr, &attrList, &password_length, nullptr);
+  if (result != noErr)
+    return false;
+  OSType creator_code = 0;
+  for (unsigned int i = 0; i < attrList->count; i++) {
+    SecKeychainAttribute attr = attrList->attr[i];
+    if (!attr.data) {
+      continue;
+    }
+    if (attr.tag == kSecCreatorItemAttr) {
+      creator_code = *(static_cast<FourCharCode*>(attr.data));
+      break;
+    }
+  }
+  keychain.ItemFreeAttributesAndData(attrList, nullptr);
+  return creator_code && creator_code == base::mac::CreatorCodeForApplication();
+}
+
 bool FormsMatchForMerge(const PasswordForm& form_a,
                         const PasswordForm& form_b,
                         FormMatchStrictness strictness) {
   // We never merge blacklist entries between our store and the Keychain,
   // and federated logins should not be stored in the Keychain at all.
   if (form_a.blacklisted_by_user || form_b.blacklisted_by_user ||
       !form_a.federation_url.is_empty() || !form_b.federation_url.is_empty()) {
     return false;
   }
   bool equal_realm = form_a.signon_realm == form_b.signon_realm;
@@ skipping 467 matching lines @@
 #pragma mark -
 
 PasswordStoreMac::PasswordStoreMac(
     scoped_refptr<base::SingleThreadTaskRunner> main_thread_runner,
     scoped_refptr<base::SingleThreadTaskRunner> db_thread_runner,
     scoped_ptr<AppleKeychain> keychain,
     password_manager::LoginDatabase* login_db)
     : password_manager::PasswordStore(main_thread_runner, db_thread_runner),
       keychain_(keychain.Pass()),
       login_metadata_db_(login_db) {
-  DCHECK(keychain_.get());
+  DCHECK(keychain_);
   login_metadata_db_->set_clear_password_values(true);
 }
 
 PasswordStoreMac::~PasswordStoreMac() {}
 
 void PasswordStoreMac::InitWithTaskRunner(
     scoped_refptr<base::SingleThreadTaskRunner> background_task_runner) {
   DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
   db_thread_runner_ = background_task_runner;
 }
 
+PasswordStoreMac::MigrationResult PasswordStoreMac::ImportFromKeychain() {
+  using namespace internal_keychain_helpers;

[Ilya Sherman, 2015/06/25 21:46:25]

Hmm, why isn't this at the top of the file?

[Ryan Sleevi, 2015/06/26 10:46:37]

It's not required to be:
http://google-styleguide.googlecode.com/svn/trunk/cppguide.html#Namespaces

You may use a using-declaration anywhere in a .cc file, and in functions,
methods or classes in .h files.
// OK in .cc files.
// Must be in a function, method or class in .h files.
using ::foo::bar;

[vasilii, 2015/06/26 12:18:47]

Though it prohibits "using namespace foo;"  so I removed it.

[vasilii, 2015/06/26 12:18:47]

I removed it.

+
+  DCHECK(GetBackgroundTaskRunner()->BelongsToCurrentThread());
+  if (!login_metadata_db_)
+    return LOGIN_DB_UNAVAILABLE;
+  ScopedVector<PasswordForm> database_forms;
+  if (!login_metadata_db_->GetAutofillableLogins(&database_forms))
+    return LOGIN_DB_FAILURE;
+  ScopedVector<PasswordForm> uninteresting_forms;
+  internal_keychain_helpers::ExtractNonKeychainForms(&database_forms,
+                                                     &uninteresting_forms);
+  // If there are no passwords to lookup in the Keychain then we're done.
+  if (database_forms.empty())
+    return MIGRATION_OK;
+
+  // Make sure that the encryption key is retrieved from the Keychain so the
+  // encryption can be done.
+  DCHECK(!database_forms[0]->origin.is_empty());
+  std::string ciphertext;
+  if (!OSCrypt::EncryptString(database_forms[0]->origin.spec(), &ciphertext))
+    return ENCRYPTOR_FAILURE;
+  // Mute the Keychain.
+  chrome::ScopedSecKeychainSetUserInteractionAllowed user_interaction_allowed(
+      false);
+
+  // Retrieve the passwords.
+  // Get all the password attributes first.
+  std::vector<SecKeychainItemRef> keychain_items;
+  std::vector<ItemFormPair> item_form_pairs =
+      ExtractAllKeychainItemAttributesIntoPasswordForms(&keychain_items,
+                                                        *keychain_);
+  // Next, compare the attributes of the PasswordForms in |database_forms|
+  // against those in |item_form_pairs|, and extract password data for each
+  // matching PasswordForm using its corresponding SecKeychainItemRef.
+  int unmerged_forms_count = 0;
+  int chrome_owned_locked_forms_count = 0;
+  for (PasswordForm* form : database_forms) {
+    ScopedVector<autofill::PasswordForm> keychain_matches =
+        ExtractPasswordsMergeableWithForm(*keychain_, item_form_pairs, *form);
+
+    const PasswordForm* best_match =
+        BestKeychainFormForForm(*form, keychain_matches.get());
+    if (best_match) {
+      form->password_value = best_match->password_value;
+    } else {
+      unmerged_forms_count++;
+      // Check if the corresponding keychain items are created by Chrome
+      for (const auto& item_form_pair : item_form_pairs) {
+        if (FormIsValidAndMatchesOtherForm(*form, *item_form_pair.second) &&
+            HasChromeCreatorCode(*keychain_, *item_form_pair.first))
+          chrome_owned_locked_forms_count++;
+      }
+    }
+  }
+  STLDeleteContainerPairSecondPointers(item_form_pairs.begin(),
+                                       item_form_pairs.end());
+  for (SecKeychainItemRef item : keychain_items) {
+    keychain_->Free(item);
+  }

[Ryan Sleevi, 2015/06/26 10:46:37]

STYLE: You're inconsistent with the braces for single-lines within this
function/file (compare w/ 972, 975, 981, 988, 1040)

[vasilii, 2015/06/26 12:18:47]

I'm consistent. It was a copy-paste :-)

+  if (unmerged_forms_count) {
+    UMA_HISTOGRAM_COUNTS("PasswordManager.KeychainMigration.NumPasswords",
+                         database_forms.size());
+    UMA_HISTOGRAM_COUNTS("PasswordManager.KeychainMigration.NumLockedPasswords",
+                         unmerged_forms_count);
+    UMA_HISTOGRAM_COUNTS(
+        "PasswordManager.KeychainMigration.NumChromeOwnedLockedPasswords",
+        unmerged_forms_count);

[Ilya Sherman, 2015/06/25 21:46:24]

It looks like you emit "unmerged_forms_count" to both of the latter two
histograms.  Why do you need both?

[vasilii, 2015/06/26 12:18:47]

Oh, that's a bug. It should be chrome_owned_locked_forms_count.

+    return KEYCHAIN_BLOCKED;
+  }
+  // Now all the passwords are available. It's time to update LoginDatabase.
+  login_metadata_db_->set_clear_password_values(false);
+  for (PasswordForm* form : database_forms)
+    login_metadata_db_->UpdateLogin(*form);
+  return MIGRATION_OK;
+}
+
 bool PasswordStoreMac::Init(
     const syncer::SyncableService::StartSyncFlare& flare) {
   // The class should be used inside PasswordStoreProxyMac only.
   NOTREACHED();
   return true;
 }
 
 void PasswordStoreMac::ReportMetricsImpl(const std::string& sync_username,
                                          bool custom_passphrase_sync_enabled) {
   if (!login_metadata_db_)
@@ skipping 258 matching lines @@
   ScopedVector<PasswordForm> forms_with_keychain_entry;
   internal_keychain_helpers::GetPasswordsForForms(*keychain_, &database_forms,
                                                   &forms_with_keychain_entry);
 
   // Clean up any orphaned database entries.
   RemoveDatabaseForms(&database_forms);
 
   // Move the orphaned DB forms to the output parameter.
   AppendSecondToFirst(orphaned_forms, &database_forms);
 }