Thread-safe version of PassphraseType.

components/sync/core_impl/sync_encryption_handler_impl.h

 // Copyright 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef COMPONENTS_SYNC_CORE_IMPL_SYNC_ENCRYPTION_HANDLER_IMPL_H_
 #define COMPONENTS_SYNC_CORE_IMPL_SYNC_ENCRYPTION_HANDLER_IMPL_H_
 
 #include <string>
 #include <vector>
 
@@ skipping 43 matching lines @@
 
   // SyncEncryptionHandler implementation.
   void AddObserver(Observer* observer) override;
   void RemoveObserver(Observer* observer) override;
   void Init() override;
   void SetEncryptionPassphrase(const std::string& passphrase,
                                bool is_explicit) override;
   void SetDecryptionPassphrase(const std::string& passphrase) override;
   void EnableEncryptEverything() override;
   bool IsEncryptEverythingEnabled() const override;
-  PassphraseType GetPassphraseType() const override;
 
   // NigoriHandler implementation.
   // Note: all methods are invoked while the caller holds a transaction.
   void ApplyNigoriUpdate(const sync_pb::NigoriSpecifics& nigori,
                          syncable::BaseTransaction* const trans) override;
   void UpdateNigoriFromEncryptedTypes(
       sync_pb::NigoriSpecifics* nigori,
       syncable::BaseTransaction* const trans) const override;
   bool NeedKeystoreKey(syncable::BaseTransaction* const trans) const override;
   bool SetKeystoreKeys(
       const google::protobuf::RepeatedPtrField<google::protobuf::string>& keys,
       syncable::BaseTransaction* const trans) override;
   // Can be called from any thread.
   ModelTypeSet GetEncryptedTypes(
       syncable::BaseTransaction* const trans) const override;
+  PassphraseType GetPassphraseType(
+      syncable::BaseTransaction* const trans) const override;
 
   // Unsafe getters. Use only if sync is not up and running and there is no risk
   // of other threads calling this.
   Cryptographer* GetCryptographerUnsafe();
   ModelTypeSet GetEncryptedTypesUnsafe();
 
   bool MigratedToKeystore();
   base::Time migration_time() const;
   base::Time custom_passphrase_time() const;
 
@@ skipping 30 matching lines @@
   FRIEND_TEST_ALL_PREFIXES(SyncEncryptionHandlerImplTest,
                            MigrateOnEncryptEverythingKeystorePassphrase);
   FRIEND_TEST_ALL_PREFIXES(SyncEncryptionHandlerImplTest,
                            ReceiveMigratedNigoriWithOldPassphrase);
 
   // Container for members that require thread safety protection.  All members
   // that can be accessed from more than one thread should be held here and
   // accessed via UnlockVault(..) and UnlockVaultMutable(..), which enforce
   // that a transaction is held.
   struct Vault {
-    Vault(Encryptor* encryptor, ModelTypeSet encrypted_types);
+    Vault(Encryptor* encryptor,
+          ModelTypeSet encrypted_types,
+          PassphraseType passphrase_type);
     ~Vault();
 
     // Sync's cryptographer. Used for encrypting and decrypting sync data.
     Cryptographer cryptographer;
     // The set of types that require encryption.
     ModelTypeSet encrypted_types;
+    // The current state of the passphrase required to decrypt the encryption
+    // keys stored in the nigori node.
+    PassphraseType passphrase_type;
 
    private:
     DISALLOW_COPY_AND_ASSIGN(Vault);
   };
 
   // Iterate over all encrypted types ensuring each entry is properly encrypted.
   void ReEncryptEverything(WriteTransaction* trans);
 
   // Updates internal and cryptographer state.
   //
@@ skipping 72 matching lines @@
 
   // Helper method for determining if migration of a nigori node should be
   // triggered or not.
   // Conditions for triggering migration:
   // 1. Cryptographer has no pending keys
   // 2. Nigori node isn't already properly migrated or we need to rotate keys.
   // 3. Keystore key is available.
   // Note: if the nigori node is migrated but has an invalid state, will return
   // true (e.g. node has KEYSTORE_PASSPHRASE, local is CUSTOM_PASSPHRASE).
   bool ShouldTriggerMigration(const sync_pb::NigoriSpecifics& nigori,
-                              const Cryptographer& cryptographer) const;
+                              const Cryptographer& cryptographer,
+                              PassphraseType passphrase_type) const;
 
   // Performs the actual migration of the |nigori_node| to support keystore
   // encryption iff ShouldTriggerMigration(..) returns true.
   bool AttemptToMigrateNigoriToKeystore(WriteTransaction* trans,
                                         WriteNode* nigori_node);
 
   // Fill |encrypted_blob| with the keystore decryptor token if
   // |encrypted_blob|'s contents didn't already contain the key.
   // The keystore decryptor token is the serialized current default encryption
   // key, encrypted with the keystore key.
@@ skipping 16 matching lines @@
       const std::string& keystore_key,
       const sync_pb::EncryptedData& keystore_bootstrap,
       Cryptographer* cryptographer);
 
   // Helper to enable encrypt everything, notifying observers if necessary.
   // Will not perform re-encryption.
   void EnableEncryptEverythingImpl(syncable::BaseTransaction* const trans);
 
   // If an explicit passphrase is in use, returns the time at which it was set
   // (if known). Else return base::Time().
-  base::Time GetExplicitPassphraseTime() const;
+  base::Time GetExplicitPassphraseTime(PassphraseType passphrase_type) const;
 
   // Notify observers when a custom passphrase is set by this device.
   void NotifyObserversOfLocalCustomPassphrase(WriteTransaction* trans);
 
   base::ThreadChecker thread_checker_;
 
   base::ObserverList<SyncEncryptionHandler::Observer> observers_;
 
   // The current user share (for creating transactions).
   UserShare* user_share_;
 
   // Container for all data that can be accessed from multiple threads. Do not
   // access this object directly. Instead access it via UnlockVault(..) and
   // UnlockVaultMutable(..).
   Vault vault_unsafe_;
 
   // Sync encryption state that is only modified and accessed from the sync
   // thread.
   // Whether all current and future types should be encrypted.
   bool encrypt_everything_;
-  // The current state of the passphrase required to decrypt the encryption
-  // keys stored in the nigori node.
-  PassphraseType passphrase_type_;
 
   // The current keystore key provided by the server.
   std::string keystore_key_;
 
   // The set of old keystore keys. Every time a key rotation occurs, the server
   // sends down all previous keystore keys as well as the new key. We preserve
   // the old keys so that when we re-encrypt we can ensure they're all added to
   // the keybag (and to detect that a key rotation has occurred).
   std::vector<std::string> old_keystore_keys_;
 
@@ skipping 11 matching lines @@
   base::Time custom_passphrase_time_;
 
   base::WeakPtrFactory<SyncEncryptionHandlerImpl> weak_ptr_factory_;
 
   DISALLOW_COPY_AND_ASSIGN(SyncEncryptionHandlerImpl);
 };
 
 }  // namespace syncer
 
 #endif  // COMPONENTS_SYNC_CORE_IMPL_SYNC_ENCRYPTION_HANDLER_IMPL_H_