Implement gnome-keyring for OSCrypt

components/os_crypt/key_storage_keyring.cc

+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "components/os_crypt/key_storage_keyring.h"
+
+#include <gnome-keyring.h>
+
+#include "base/base64.h"
+#include "base/bind.h"
+#include "base/rand_util.h"
+#include "base/strings/string_number_conversions.h"
+#include "base/threading/thread.h"

[Lei Zhang, 2016/08/30 23:19:24]

Given there's some threading here, do we want to use
base/threading/thread_checker.h to DCHECK KeyStorageKeyring lives on a single
thread?

[cfroussios, 2016/08/31 12:18:41]

I implemented it, but I think it's a bit meh. The best that it can guarantee is
that GetKeyDelegate() and AddRandomPasswordInKeyring() are called on the same
thread. Given how they are private methods that call each other, hardly anything
is checked.

Ideally, we would just have a check that we are on the main thread, but I didn't
find a way to do this in a component, expect by bring in system libraries.

[Lei Zhang, 2016/09/01 07:56:31]

I actually wasn't that interested in checking GetKeyDelegate() and
AddRandomPasswordInKeyring(). As you said, since they are private, if they are
not called on the right thread, then there is nobody to blame but us.

OTOH, the ctor + public methods to KeyStorageKeyring are being called by
external code that may or may not be under other control. That's where we want
to guard against misuse.

[cfroussios, 2016/09/01 10:58:16]

I think there might be a misunderstanding about the kind of threading that we
do.

Threading requirements are a quirk of gnome-keyring. I chose not to impose
threading expectations on the callers and/or other children of KeyStorageLinux
just for the sake of this one library, which is already deprecated and we're
just waiting for the users to move on.

The constructor and Init() don't need to be on the main thread. The only method
that makes calls to keyring is GetKey(). We guarantee that those come from the
main thread by switching to it only if we are not already on the main thread
(see line 45). Basically, it can be called from anywhere and it will fix it if
necessary.

Currently, it happens that the first caller (the one which also causes the lazy
instantiation of a KeyStorageLinux) is from the main thread. However, many
clients of OSCrypt are not, so all of this is to ensure that the contract is
maintained if something changes.

Unless there's something I am missing, and since you're not interested in
checking the private methods either, I think we can remove the checks.

+#include "components/os_crypt/keyring_util_linux.h"
+
+namespace {
+
+#if defined(GOOGLE_CHROME_BUILD)
+const char kApplicationName[] = "chrome";
+#else
+const char kApplicationName[] = "chromium";
+#endif
+
+const GnomeKeyringPasswordSchema kSchema = {
+    GNOME_KEYRING_ITEM_GENERIC_SECRET,
+    {{"application", GNOME_KEYRING_ATTRIBUTE_TYPE_STRING}, {nullptr}}};
+
+}  // namespace
+
+KeyStorageKeyring::KeyStorageKeyring(
+    scoped_refptr<base::SingleThreadTaskRunner> main_thread_runner) {
+  main_thread_runner_ = main_thread_runner;

[Lei Zhang, 2016/08/30 23:19:24]

Can we use the initializer list?

[cfroussios, 2016/08/31 12:18:41]

Done.

+}
+
+KeyStorageKeyring::~KeyStorageKeyring() {}
+
+bool KeyStorageKeyring::Init() {
+  return GnomeKeyringLoader::LoadGnomeKeyring();
+}
+
+std::string KeyStorageKeyring::GetKey() {
+  std::string password;
+
+  // Ensure GetKeyDelegate() is executed on the main thread.
+  if (main_thread_runner_->BelongsToCurrentThread()) {
+    GetKeyDelegate(&password, nullptr);
+  } else {
+    base::WaitableEvent password_loaded(
+        base::WaitableEvent::ResetPolicy::MANUAL,
+        base::WaitableEvent::InitialState::NOT_SIGNALED);
+    main_thread_runner_->PostTask(
+        FROM_HERE, base::Bind(&GetKeyDelegate, &password, &password_loaded));
+    password_loaded.Wait();
+  }
+
+  return password;
+}
+
+// static
+void KeyStorageKeyring::GetKeyDelegate(
+    std::string* password_ptr,
+    base::WaitableEvent* password_loaded_ptr) {
+  gchar* password = nullptr;
+  GnomeKeyringResult result =
+      GnomeKeyringLoader::gnome_keyring_find_password_sync_ptr(
+          &kSchema, &password, "application", kApplicationName, nullptr);
+  if (result == GNOME_KEYRING_RESULT_OK) {
+    *password_ptr = password;
+    GnomeKeyringLoader::gnome_keyring_free_password_ptr(password);
+  } else if (result == GNOME_KEYRING_RESULT_NO_MATCH) {
+    *password_ptr = KeyStorageKeyring::AddRandomPasswordInKeyring();
+    VLOG(1) << "OSCrypt generated a new password";
+  } else {
+    password_ptr->clear();
+    VLOG(1) << "OSCrypt failed to use gnome-keyring";
+  }
+
+  if (password_loaded_ptr)
+    password_loaded_ptr->Signal();
+}
+
+// static
+std::string KeyStorageKeyring::AddRandomPasswordInKeyring() {
+  // Generate password
+  std::string password;
+  base::Base64Encode(base::RandBytesAsString(16), &password);
+
+  // Store generated password
+  GnomeKeyringResult result =
+      GnomeKeyringLoader::gnome_keyring_store_password_sync_ptr(
+          &kSchema, nullptr /* default keyring */, KeyStorageLinux::kKey,
+          password.c_str(), "application", kApplicationName, nullptr);
+  if (result != GNOME_KEYRING_RESULT_OK) {
+    VLOG(1) << "Failed to store generated password to gnome-keyring";
+    return std::string();
+  }
+
+  return password;
+}