OLD | NEW |
| (Empty) |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "chrome/browser/net/cookie_store_util.h" | |
6 | |
7 #include "base/lazy_instance.h" | |
8 #include "chrome/browser/browser_process.h" | |
9 #include "chrome/common/chrome_constants.h" | |
10 #include "chrome/common/chrome_switches.h" | |
11 #include "components/os_crypt/os_crypt.h" | |
12 #include "content/public/common/content_constants.h" | |
13 #include "extensions/common/constants.h" | |
14 #include "net/extras/sqlite/cookie_crypto_delegate.h" | |
15 | |
16 namespace chrome_browser_net { | |
17 | |
18 #if defined(OS_WIN) || defined(OS_MACOSX) || defined(OS_LINUX) | |
19 namespace { | |
20 | |
21 // Use the operating system's mechanisms to encrypt cookies before writing | |
22 // them to persistent store. Currently this only is done with desktop OS's | |
23 // because ChromeOS and Android already protect the entire profile contents. | |
24 class CookieOSCryptoDelegate : public net::CookieCryptoDelegate { | |
25 public: | |
26 bool ShouldEncrypt() override; | |
27 bool EncryptString(const std::string& plaintext, | |
28 std::string* ciphertext) override; | |
29 bool DecryptString(const std::string& ciphertext, | |
30 std::string* plaintext) override; | |
31 }; | |
32 | |
33 bool CookieOSCryptoDelegate::ShouldEncrypt() { | |
34 #if defined(OS_IOS) | |
35 // Cookie encryption is not necessary on iOS, due to OS-protected storage. | |
36 // However, due to https://codereview.chromium.org/135183021/, cookies were | |
37 // accidentally encrypted. In order to allow these cookies to still be used,a | |
38 // a CookieCryptoDelegate is provided that can decrypt existing cookies. | |
39 // However, new cookies will not be encrypted. The alternatives considered | |
40 // were not supplying a delegate at all (thus invalidating all existing | |
41 // encrypted cookies) or in migrating all cookies at once, which may impose | |
42 // startup costs. Eventually, all cookies will get migrated as they are | |
43 // rewritten. | |
44 return false; | |
45 #else | |
46 return true; | |
47 #endif | |
48 } | |
49 | |
50 bool CookieOSCryptoDelegate::EncryptString(const std::string& plaintext, | |
51 std::string* ciphertext) { | |
52 return OSCrypt::EncryptString(plaintext, ciphertext); | |
53 } | |
54 | |
55 bool CookieOSCryptoDelegate::DecryptString(const std::string& ciphertext, | |
56 std::string* plaintext) { | |
57 return OSCrypt::DecryptString(ciphertext, plaintext); | |
58 } | |
59 | |
60 // Using a LazyInstance is safe here because this class is stateless and | |
61 // requires 0 initialization. | |
62 base::LazyInstance<CookieOSCryptoDelegate> g_cookie_crypto_delegate = | |
63 LAZY_INSTANCE_INITIALIZER; | |
64 | |
65 } // namespace | |
66 | |
67 net::CookieCryptoDelegate* GetCookieCryptoDelegate() { | |
68 return g_cookie_crypto_delegate.Pointer(); | |
69 } | |
70 #else // defined(OS_WIN) || defined(OS_MACOSX) || defined(OS_LINUX) | |
71 net::CookieCryptoDelegate* GetCookieCryptoDelegate() { | |
72 return NULL; | |
73 } | |
74 #endif // defined(OS_WIN) || defined(OS_MACOSX) || defined(OS_LINUX) | |
75 | |
76 } // namespace chrome_browser_net | |
OLD | NEW |