Stop using the Keychain for passwords finally and clean up the Chrome entries there.

chrome/browser/password_manager/password_store_mac.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_BROWSER_PASSWORD_MANAGER_PASSWORD_STORE_MAC_H_
 #define CHROME_BROWSER_PASSWORD_MANAGER_PASSWORD_STORE_MAC_H_
 
 #include <memory>
 #include <string>
 #include <vector>
@@ skipping 17 matching lines @@
 // PasswordStoreProxyMac wrapper.
 // Implements PasswordStore on top of the OS X Keychain, with an internal
 // database for extra metadata. For an overview of the interactions with the
 // Keychain, as well as the rationale for some of the behaviors, see the
 // Keychain integration design doc:
 // http://dev.chromium.org/developers/design-documents/os-x-password-manager-keychain-integration
 class PasswordStoreMac : public password_manager::PasswordStore {
  public:
   enum MigrationResult {
     MIGRATION_OK,
-    LOGIN_DB_UNAVAILABLE,
     LOGIN_DB_FAILURE,
     ENCRYPTOR_FAILURE,
-    KEYCHAIN_BLOCKED,
+    // Chrome has read whatever it had access to. Not all the passwords were
+    // accessible.
+    MIGRATION_PARTIAL,
   };
 
   PasswordStoreMac(
       scoped_refptr<base::SingleThreadTaskRunner> main_thread_runner,
       scoped_refptr<base::SingleThreadTaskRunner> db_thread_runner,
       std::unique_ptr<crypto::AppleKeychain> keychain);
 
   // Sets the background thread.
   void InitWithTaskRunner(
       scoped_refptr<base::SingleThreadTaskRunner> background_task_runner);
 
-  // Reads all the passwords from the Keychain and stores them in LoginDatabase.
-  // After the successful migration PasswordStoreMac should not be used. If the
-  // migration fails, PasswordStoreMac remains the active backend for
-  // PasswordStoreProxyMac.
-  MigrationResult ImportFromKeychain();
+  // For all the entries in LoginDatabase reads the password value from the
+  // Keychain and updates the database.
+  // The method conducts "best effort" migration without the UI prompt.
+  // Inaccessible entries are deleted.
+  static MigrationResult ImportFromKeychain(
+      password_manager::LoginDatabase* login_db,
+      crypto::AppleKeychain* keychain);
+
+  // Delete Chrome-owned entries matching |forms| from the Keychain.
+  static void CleanUpKeychain(
+      crypto::AppleKeychain* keychain,
+      const std::vector<std::unique_ptr<autofill::PasswordForm>>& forms);
 
   // To be used for testing.
   password_manager::LoginDatabase* login_metadata_db() const {
     return login_metadata_db_;
   }
 
   void set_login_metadata_db(password_manager::LoginDatabase* login_db);
 
   // To be used for testing.
   crypto::AppleKeychain* keychain() const { return keychain_.get(); }
@@ skipping 64 matching lines @@
   std::unique_ptr<crypto::AppleKeychain> keychain_;
 
   // The login metadata SQL database. The caller is resonsible for initializing
   // it.
   password_manager::LoginDatabase* login_metadata_db_;
 
   DISALLOW_COPY_AND_ASSIGN(PasswordStoreMac);
 };
 
 #endif  // CHROME_BROWSER_PASSWORD_MANAGER_PASSWORD_STORE_MAC_H_