Make PassphraseType a "enum class" instead of "enum".

components/sync/core_impl/sync_encryption_handler_impl.cc

 // Copyright 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/sync/core_impl/sync_encryption_handler_impl.h"
 
 #include <stddef.h>
 #include <stdint.h>
 
 #include <memory>
@@ skipping 79 matching lines @@
           sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE &&
       nigori.keystore_decryptor_token().blob().empty())
     return false;
   return true;
 }
 
 PassphraseType ProtoPassphraseTypeToEnum(
     sync_pb::NigoriSpecifics::PassphraseType type) {
   switch (type) {
     case sync_pb::NigoriSpecifics::IMPLICIT_PASSPHRASE:
-      return IMPLICIT_PASSPHRASE;
+      return PassphraseType::IMPLICIT_PASSPHRASE;
     case sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE:
-      return KEYSTORE_PASSPHRASE;
+      return PassphraseType::KEYSTORE_PASSPHRASE;
     case sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE:
-      return CUSTOM_PASSPHRASE;
+      return PassphraseType::CUSTOM_PASSPHRASE;
     case sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE:
-      return FROZEN_IMPLICIT_PASSPHRASE;
+      return PassphraseType::FROZEN_IMPLICIT_PASSPHRASE;
     default:
       NOTREACHED();
-      return IMPLICIT_PASSPHRASE;
+      return PassphraseType::IMPLICIT_PASSPHRASE;
   }
 }
 
 sync_pb::NigoriSpecifics::PassphraseType EnumPassphraseTypeToProto(
     PassphraseType type) {
   switch (type) {
-    case IMPLICIT_PASSPHRASE:
+    case PassphraseType::IMPLICIT_PASSPHRASE:
       return sync_pb::NigoriSpecifics::IMPLICIT_PASSPHRASE;
-    case KEYSTORE_PASSPHRASE:
+    case PassphraseType::KEYSTORE_PASSPHRASE:
       return sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE;
-    case CUSTOM_PASSPHRASE:
+    case PassphraseType::CUSTOM_PASSPHRASE:
       return sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE;
-    case FROZEN_IMPLICIT_PASSPHRASE:
+    case PassphraseType::FROZEN_IMPLICIT_PASSPHRASE:
       return sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE;
     default:
       NOTREACHED();
       return sync_pb::NigoriSpecifics::IMPLICIT_PASSPHRASE;
   }
 }
 
 bool IsExplicitPassphrase(PassphraseType type) {
-  return type == CUSTOM_PASSPHRASE || type == FROZEN_IMPLICIT_PASSPHRASE;
+  return type == PassphraseType::CUSTOM_PASSPHRASE ||
+         type == PassphraseType::FROZEN_IMPLICIT_PASSPHRASE;
 }
 
 // Keystore Bootstrap Token helper methods.
 // The bootstrap is a base64 encoded, encrypted, ListValue of keystore key
 // strings, with the current keystore key as the last value in the list.
 std::string PackKeystoreBootstrapToken(
     const std::vector<std::string>& old_keystore_keys,
     const std::string& current_keystore_key,
     Encryptor* encryptor) {
   if (current_keystore_key.empty())
@@ skipping 62 matching lines @@
 SyncEncryptionHandlerImpl::Vault::~Vault() {}
 
 SyncEncryptionHandlerImpl::SyncEncryptionHandlerImpl(
     UserShare* user_share,
     Encryptor* encryptor,
     const std::string& restored_key_for_bootstrapping,
     const std::string& restored_keystore_key_for_bootstrapping)
     : user_share_(user_share),
       vault_unsafe_(encryptor, SensitiveTypes()),
       encrypt_everything_(false),
-      passphrase_type_(IMPLICIT_PASSPHRASE),
+      passphrase_type_(PassphraseType::IMPLICIT_PASSPHRASE),
       nigori_overwrite_count_(0),
       weak_ptr_factory_(this) {
   // Restore the cryptographer's previous keys. Note that we don't add the
   // keystore keys into the cryptographer here, in case a migration was pending.
   vault_unsafe_.cryptographer.Bootstrap(restored_key_for_bootstrapping);
 
   // If this fails, we won't have a valid keystore key, and will simply request
   // new ones from the server on the next DownloadUpdates.
   UnpackKeystoreBootstrapToken(restored_keystore_key_for_bootstrapping,
                                encryptor, &old_keystore_keys_, &keystore_key_);
@@ skipping 18 matching lines @@
   WriteTransaction trans(FROM_HERE, user_share_);
   WriteNode node(&trans);
 
   if (node.InitTypeRoot(NIGORI) != BaseNode::INIT_OK)
     return;
   if (!ApplyNigoriUpdateImpl(node.GetNigoriSpecifics(),
                              trans.GetWrappedTrans())) {
     WriteEncryptionStateToNigori(&trans);
   }
 
-  UMA_HISTOGRAM_ENUMERATION("Sync.PassphraseType", GetPassphraseType(),
-                            PASSPHRASE_TYPE_SIZE);
+  UMA_HISTOGRAM_ENUMERATION(
+      "Sync.PassphraseType", static_cast<unsigned>(GetPassphraseType()),
+      static_cast<unsigned>(PassphraseType::PASSPHRASE_TYPE_SIZE));
 
   bool has_pending_keys =
       UnlockVault(trans.GetWrappedTrans()).cryptographer.has_pending_keys();
   bool is_ready = UnlockVault(trans.GetWrappedTrans()).cryptographer.is_ready();
   // Log the state of the cryptographer regardless of migration state.
   UMA_HISTOGRAM_BOOLEAN("Sync.CryptographerReady", is_ready);
   UMA_HISTOGRAM_BOOLEAN("Sync.CryptographerPendingKeys", has_pending_keys);
   if (IsNigoriMigratedToKeystore(node.GetNigoriSpecifics())) {
     // This account has a nigori node that has been migrated to support
     // keystore.
     UMA_HISTOGRAM_ENUMERATION("Sync.NigoriMigrationState", MIGRATED,
                               MIGRATION_STATE_SIZE);
-    if (has_pending_keys && passphrase_type_ == KEYSTORE_PASSPHRASE) {
+    if (has_pending_keys &&
+        passphrase_type_ == PassphraseType::KEYSTORE_PASSPHRASE) {
       // If this is happening, it means the keystore decryptor is either
       // undecryptable with the available keystore keys or does not match the
       // nigori keybag's encryption key. Otherwise we're simply missing the
       // keystore key.
       UMA_HISTOGRAM_BOOLEAN("Sync.KeystoreDecryptionFailed",
                             !keystore_key_.empty());
     }
   } else if (!is_ready) {
     // Migration cannot occur until the cryptographer is ready (initialized
     // with GAIA password and any pending keys resolved).
@@ skipping 104 matching lines @@
   // bootstrap token will be derived from the most recently provided explicit
   // passphrase (that was able to decrypt the data).
   if (!IsExplicitPassphrase(passphrase_type_)) {
     if (!cryptographer->has_pending_keys()) {
       if (cryptographer->AddKey(key_params)) {
         // Case 1 and 2. We set a new GAIA passphrase when there are no pending
         // keys (1), or overwriting an implicit passphrase with a new explicit
         // one (2) when there are no pending keys.
         if (is_explicit) {
           DVLOG(1) << "Setting explicit passphrase for encryption.";
-          passphrase_type_ = CUSTOM_PASSPHRASE;
+          passphrase_type_ = PassphraseType::CUSTOM_PASSPHRASE;
           custom_passphrase_time_ = base::Time::Now();
           FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_,
                             OnPassphraseTypeChanged(
                                 passphrase_type_, GetExplicitPassphraseTime()));
         } else {
           DVLOG(1) << "Setting implicit passphrase for encryption.";
         }
         cryptographer->GetBootstrapToken(&bootstrap_token);
 
         // With M26, sync accounts can be in only one of two encryption states:
@@ skipping 469 matching lines @@
 
     // Only update the local passphrase state if it's a valid transition:
     // - implicit -> keystore
     // - implicit -> frozen implicit
     // - implicit -> custom
     // - keystore -> custom
     // Note: frozen implicit -> custom is not technically a valid transition,
     // but we let it through here as well in case future versions do add support
     // for this transition.
     if (passphrase_type_ != nigori_passphrase_type &&
-        nigori_passphrase_type != IMPLICIT_PASSPHRASE &&
-        (passphrase_type_ == IMPLICIT_PASSPHRASE ||
-         nigori_passphrase_type == CUSTOM_PASSPHRASE)) {
+        nigori_passphrase_type != PassphraseType::IMPLICIT_PASSPHRASE &&
+        (passphrase_type_ == PassphraseType::IMPLICIT_PASSPHRASE ||
+         nigori_passphrase_type == PassphraseType::CUSTOM_PASSPHRASE)) {
       DVLOG(1) << "Changing passphrase state from "
                << PassphraseTypeToString(passphrase_type_) << " to "
                << PassphraseTypeToString(nigori_passphrase_type);
       passphrase_type_ = nigori_passphrase_type;
       FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_,
                         OnPassphraseTypeChanged(passphrase_type_,
                                                 GetExplicitPassphraseTime()));
     }
-    if (passphrase_type_ == KEYSTORE_PASSPHRASE && encrypt_everything_) {
+    if (passphrase_type_ == PassphraseType::KEYSTORE_PASSPHRASE &&
+        encrypt_everything_) {
       // This is the case where another client that didn't support keystore
       // encryption attempted to enable full encryption. We detect it
       // and switch the passphrase type to frozen implicit passphrase instead
       // due to full encryption not being compatible with keystore passphrase.
       // Because the local passphrase type will not match the nigori passphrase
       // type, we will trigger a rewrite and subsequently a re-migration.
       DVLOG(1) << "Changing passphrase state to FROZEN_IMPLICIT_PASSPHRASE "
                << "due to full encryption.";
-      passphrase_type_ = FROZEN_IMPLICIT_PASSPHRASE;
+      passphrase_type_ = PassphraseType::FROZEN_IMPLICIT_PASSPHRASE;
       FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_,
                         OnPassphraseTypeChanged(passphrase_type_,
                                                 GetExplicitPassphraseTime()));
     }
   } else {
     // It's possible that while we're waiting for migration a client that does
     // not have keystore encryption enabled switches to a custom passphrase.
-    if (nigori.keybag_is_frozen() && passphrase_type_ != CUSTOM_PASSPHRASE) {
-      passphrase_type_ = CUSTOM_PASSPHRASE;
+    if (nigori.keybag_is_frozen() &&
+        passphrase_type_ != PassphraseType::CUSTOM_PASSPHRASE) {
+      passphrase_type_ = PassphraseType::CUSTOM_PASSPHRASE;
       FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_,
                         OnPassphraseTypeChanged(passphrase_type_,
                                                 GetExplicitPassphraseTime()));
     }
   }
 
   Cryptographer* cryptographer = &UnlockVaultMutable(trans)->cryptographer;
   bool nigori_needs_new_keys = false;
   if (!nigori.encryption_keybag().blob().empty()) {
     // We only update the default key if this was a new explicit passphrase.
@@ skipping 49 matching lines @@
     FOR_EACH_OBSERVER(
         SyncEncryptionHandler::Observer, observers_,
         OnPassphraseRequired(REASON_ENCRYPTION, sync_pb::EncryptedData()));
   }
 
   // Check if the current local encryption state is stricter/newer than the
   // nigori state. If so, we need to overwrite the nigori node with the local
   // state.
   bool passphrase_type_matches = true;
   if (!is_nigori_migrated) {
-    DCHECK(passphrase_type_ == CUSTOM_PASSPHRASE ||
-           passphrase_type_ == IMPLICIT_PASSPHRASE);
+    DCHECK(passphrase_type_ == PassphraseType::CUSTOM_PASSPHRASE ||
+           passphrase_type_ == PassphraseType::IMPLICIT_PASSPHRASE);
     passphrase_type_matches =
         nigori.keybag_is_frozen() == IsExplicitPassphrase(passphrase_type_);
   } else {
     passphrase_type_matches =
         (ProtoPassphraseTypeToEnum(nigori.passphrase_type()) ==
          passphrase_type_);
   }
   if (!passphrase_type_matches ||
       nigori.encrypt_everything() != encrypt_everything_ ||
       nigori_types_need_update || nigori_needs_new_keys) {
@@ skipping 100 matching lines @@
 }
 
 void SyncEncryptionHandlerImpl::SetCustomPassphrase(
     const std::string& passphrase,
     WriteTransaction* trans,
     WriteNode* nigori_node) {
   DCHECK(thread_checker_.CalledOnValidThread());
   DCHECK(IsNigoriMigratedToKeystore(nigori_node->GetNigoriSpecifics()));
   KeyParams key_params = {"localhost", "dummy", passphrase};
 
-  if (passphrase_type_ != KEYSTORE_PASSPHRASE) {
+  if (passphrase_type_ != PassphraseType::KEYSTORE_PASSPHRASE) {
     DVLOG(1) << "Failing to set a custom passphrase because one has already "
              << "been set.";
     FinishSetPassphrase(false, std::string(), trans, nigori_node);
     return;
   }
 
   Cryptographer* cryptographer =
       &UnlockVaultMutable(trans->GetWrappedTrans())->cryptographer;
   if (cryptographer->has_pending_keys()) {
     // This theoretically shouldn't happen, because the only way to have pending
     // keys after migrating to keystore support is if a custom passphrase was
     // set, which should update passpshrase_state_ and should be caught by the
     // if statement above. For the sake of safety though, we check for it in
     // case a client is misbehaving.
     LOG(ERROR) << "Failing to set custom passphrase because of pending keys.";
     FinishSetPassphrase(false, std::string(), trans, nigori_node);
     return;
   }
 
   std::string bootstrap_token;
   if (!cryptographer->AddKey(key_params)) {
     NOTREACHED() << "Failed to add key to cryptographer.";
     return;
   }
 
   DVLOG(1) << "Setting custom passphrase.";
   cryptographer->GetBootstrapToken(&bootstrap_token);
-  passphrase_type_ = CUSTOM_PASSPHRASE;
+  passphrase_type_ = PassphraseType::CUSTOM_PASSPHRASE;
   custom_passphrase_time_ = base::Time::Now();
   FOR_EACH_OBSERVER(
       SyncEncryptionHandler::Observer, observers_,
       OnPassphraseTypeChanged(passphrase_type_, GetExplicitPassphraseTime()));
   FinishSetPassphrase(true, bootstrap_token, trans, nigori_node);
 }
 
 void SyncEncryptionHandlerImpl::NotifyObserversOfLocalCustomPassphrase(
     WriteTransaction* trans) {
   WriteNode nigori_node(trans);
@@ skipping 162 matching lines @@
   // encrypted with the pending keys will not be decryptable).
   if (cryptographer.has_pending_keys())
     return false;
   if (IsNigoriMigratedToKeystore(nigori)) {
     // If the nigori is already migrated but does not reflect the explicit
     // passphrase state, remigrate. Similarly, if the nigori has an explicit
     // passphrase but does not have full encryption, or the nigori has an
     // implicit passphrase but does have full encryption, re-migrate.
     // Note that this is to defend against other clients without keystore
     // encryption enabled transitioning to states that are no longer valid.
-    if (passphrase_type_ != KEYSTORE_PASSPHRASE &&
+    if (passphrase_type_ != PassphraseType::KEYSTORE_PASSPHRASE &&
         nigori.passphrase_type() ==
             sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE) {
       return true;
     } else if (IsExplicitPassphrase(passphrase_type_) && !encrypt_everything_) {
       return true;
-    } else if (passphrase_type_ == KEYSTORE_PASSPHRASE && encrypt_everything_) {
+    } else if (passphrase_type_ == PassphraseType::KEYSTORE_PASSPHRASE &&
+               encrypt_everything_) {
       return true;
     } else if (cryptographer.is_ready() &&
                !cryptographer.CanDecryptUsingDefaultKey(
                    nigori.encryption_keybag())) {
       // We need to overwrite the keybag. This might involve overwriting the
       // keystore decryptor too.
       return true;
     } else if (old_keystore_keys_.size() > 0 && !keystore_key_.empty()) {
       // Check to see if a server key rotation has happened, but the nigori
       // node's keys haven't been rotated yet, and hence we should re-migrate.
@@ skipping 32 matching lines @@
     return false;
 
   DVLOG(1) << "Starting nigori migration to keystore support.";
   sync_pb::NigoriSpecifics migrated_nigori(old_nigori);
 
   PassphraseType new_passphrase_type = passphrase_type_;
   bool new_encrypt_everything = encrypt_everything_;
   if (encrypt_everything_ && !IsExplicitPassphrase(passphrase_type_)) {
     DVLOG(1) << "Switching to frozen implicit passphrase due to already having "
              << "full encryption.";
-    new_passphrase_type = FROZEN_IMPLICIT_PASSPHRASE;
+    new_passphrase_type = PassphraseType::FROZEN_IMPLICIT_PASSPHRASE;
     migrated_nigori.clear_keystore_decryptor_token();
   } else if (IsExplicitPassphrase(passphrase_type_)) {
     DVLOG_IF(1, !encrypt_everything_) << "Enabling encrypt everything due to "
                                       << "explicit passphrase";
     new_encrypt_everything = true;
     migrated_nigori.clear_keystore_decryptor_token();
   } else {
     DCHECK(!encrypt_everything_);
-    new_passphrase_type = KEYSTORE_PASSPHRASE;
+    new_passphrase_type = PassphraseType::KEYSTORE_PASSPHRASE;
     DVLOG(1) << "Switching to keystore passphrase state.";
   }
   migrated_nigori.set_encrypt_everything(new_encrypt_everything);
   migrated_nigori.set_passphrase_type(
       EnumPassphraseTypeToProto(new_passphrase_type));
   migrated_nigori.set_keybag_is_frozen(true);
 
   if (!keystore_key_.empty()) {
     KeyParams key_params = {"localhost", "dummy", keystore_key_};
     if ((old_keystore_keys_.size() > 0 &&
-         new_passphrase_type == KEYSTORE_PASSPHRASE) ||
+         new_passphrase_type == PassphraseType::KEYSTORE_PASSPHRASE) ||
         !cryptographer->is_initialized()) {
       // Either at least one key rotation has been performed, so we no longer
       // care about backwards compatibility, or we're generating keystore-based
       // encryption keys without knowing the GAIA password (and therefore the
       // cryptographer is not initialized), so we can't support backwards
       // compatibility. Ensure the keystore key is the default key.
       DVLOG(1) << "Migrating keybag to keystore key.";
       bool cryptographer_was_ready = cryptographer->is_ready();
       if (!cryptographer->AddKey(key_params)) {
         LOG(ERROR) << "Failed to add keystore key as default key";
@@ skipping 25 matching lines @@
     // Go through and add all the old keystore keys as non default keys, so
     // they'll be preserved in the encryption_keybag when we next write the
     // nigori node.
     for (std::vector<std::string>::const_iterator iter =
              old_keystore_keys_.begin();
          iter != old_keystore_keys_.end(); ++iter) {
       KeyParams key_params = {"localhost", "dummy", *iter};
       cryptographer->AddNonDefaultKey(key_params);
     }
   }
-  if (new_passphrase_type == KEYSTORE_PASSPHRASE &&
+  if (new_passphrase_type == PassphraseType::KEYSTORE_PASSPHRASE &&
       !GetKeystoreDecryptor(
           *cryptographer, keystore_key_,
           migrated_nigori.mutable_keystore_decryptor_token())) {
     LOG(ERROR) << "Failed to extract keystore decryptor token.";
     UMA_HISTOGRAM_ENUMERATION("Sync.AttemptNigoriMigration",
                               FAILED_TO_EXTRACT_DECRYPTOR,
                               MIGRATION_RESULT_SIZE);
     return false;
   }
   if (!cryptographer->GetKeys(migrated_nigori.mutable_encryption_keybag())) {
@@ skipping 27 matching lines @@
   } else if (!cryptographer->CanDecryptUsingDefaultKey(
                  old_nigori.encryption_keybag())) {
     DVLOG(1) << "Rencrypting everything due to key rotation.";
     ReEncryptEverything(trans);
   }
 
   DVLOG(1) << "Completing nigori migration to keystore support.";
   nigori_node->SetNigoriSpecifics(migrated_nigori);
 
   if (new_encrypt_everything &&
-      (new_passphrase_type == FROZEN_IMPLICIT_PASSPHRASE ||
-       new_passphrase_type == CUSTOM_PASSPHRASE)) {
+      (new_passphrase_type == PassphraseType::FROZEN_IMPLICIT_PASSPHRASE ||
+       new_passphrase_type == PassphraseType::CUSTOM_PASSPHRASE)) {
     NotifyObserversOfLocalCustomPassphrase(trans);
   }
 
   switch (new_passphrase_type) {
-    case KEYSTORE_PASSPHRASE:
+    case PassphraseType::KEYSTORE_PASSPHRASE:
       if (old_keystore_keys_.size() > 0) {
         UMA_HISTOGRAM_ENUMERATION("Sync.AttemptNigoriMigration",
                                   MIGRATION_SUCCESS_KEYSTORE_NONDEFAULT,
                                   MIGRATION_RESULT_SIZE);
       } else {
         UMA_HISTOGRAM_ENUMERATION("Sync.AttemptNigoriMigration",
                                   MIGRATION_SUCCESS_KEYSTORE_DEFAULT,
                                   MIGRATION_RESULT_SIZE);
       }
       break;
-    case FROZEN_IMPLICIT_PASSPHRASE:
+    case PassphraseType::FROZEN_IMPLICIT_PASSPHRASE:
       UMA_HISTOGRAM_ENUMERATION("Sync.AttemptNigoriMigration",
                                 MIGRATION_SUCCESS_FROZEN_IMPLICIT,
                                 MIGRATION_RESULT_SIZE);
       break;
-    case CUSTOM_PASSPHRASE:
+    case PassphraseType::CUSTOM_PASSPHRASE:
       UMA_HISTOGRAM_ENUMERATION("Sync.AttemptNigoriMigration",
                                 MIGRATION_SUCCESS_CUSTOM,
                                 MIGRATION_RESULT_SIZE);
       break;
     default:
       NOTREACHED();
       break;
   }
   return true;
 }
@@ skipping 111 matching lines @@
           OnBootstrapTokenUpdated(bootstrap_token, PASSPHRASE_BOOTSTRAP_TOKEN));
       FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_,
                         OnCryptographerStateChanged(cryptographer));
       return true;
     }
   }
   return false;
 }
 
 base::Time SyncEncryptionHandlerImpl::GetExplicitPassphraseTime() const {
-  if (passphrase_type_ == FROZEN_IMPLICIT_PASSPHRASE)
+  if (passphrase_type_ == PassphraseType::FROZEN_IMPLICIT_PASSPHRASE)
     return migration_time();
-  else if (passphrase_type_ == CUSTOM_PASSPHRASE)
+  else if (passphrase_type_ == PassphraseType::CUSTOM_PASSPHRASE)
     return custom_passphrase_time();
   return base::Time();
 }
 
 }  // namespace syncer