[Sync] Move the last things out of core/.

components/sync/engine_impl/sync_encryption_handler_impl.cc

 // Copyright 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "components/sync/core_impl/sync_encryption_handler_impl.h"
+#include "components/sync/engine_impl/sync_encryption_handler_impl.h"
 
 #include <stddef.h>
 #include <stdint.h>
 
 #include <memory>
 #include <queue>
 
 #include "base/base64.h"
 #include "base/bind.h"
 #include "base/json/json_string_value_serializer.h"
@@ skipping 273 matching lines @@
   } else {
     // If the above conditions have been met and the nigori node is still not
     // migrated, something failed in the migration process.
     UMA_HISTOGRAM_ENUMERATION("Sync.NigoriMigrationState",
                               NOT_MIGRATED_UNKNOWN_REASON,
                               MIGRATION_STATE_SIZE);
   }
 
   // Always trigger an encrypted types and cryptographer state change event at
   // init time so observers get the initial values.
-  FOR_EACH_OBSERVER(Observer, observers_,
-                    OnEncryptedTypesChanged(
-                        UnlockVault(trans.GetWrappedTrans()).encrypted_types,
-                        encrypt_everything_));
-  FOR_EACH_OBSERVER(
-      SyncEncryptionHandler::Observer, observers_,
-      OnCryptographerStateChanged(
-          &UnlockVaultMutable(trans.GetWrappedTrans())->cryptographer));
+  for (auto& observer : observers_) {
+    observer.OnEncryptedTypesChanged(
+        UnlockVault(trans.GetWrappedTrans()).encrypted_types,
+        encrypt_everything_);
+  }
+  for (auto& observer : observers_) {
+    observer.OnCryptographerStateChanged(
+        &UnlockVaultMutable(trans.GetWrappedTrans())->cryptographer);
+  }
 
   // If the cryptographer is not ready (either it has pending keys or we
   // failed to initialize it), we don't want to try and re-encrypt the data.
   // If we had encrypted types, the DataTypeManager will block, preventing
   // sync from happening until the the passphrase is provided.
   if (UnlockVault(trans.GetWrappedTrans()).cryptographer.is_ready())
     ReEncryptEverything(&trans);
 }
 
 void SyncEncryptionHandlerImpl::SetEncryptionPassphrase(
@@ skipping 70 matching lines @@
   if (!IsExplicitPassphrase(*passphrase_type)) {
     if (!cryptographer->has_pending_keys()) {
       if (cryptographer->AddKey(key_params)) {
         // Case 1 and 2. We set a new GAIA passphrase when there are no pending
         // keys (1), or overwriting an implicit passphrase with a new explicit
         // one (2) when there are no pending keys.
         if (is_explicit) {
           DVLOG(1) << "Setting explicit passphrase for encryption.";
           *passphrase_type = PassphraseType::CUSTOM_PASSPHRASE;
           custom_passphrase_time_ = base::Time::Now();
-          FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_,
-                            OnPassphraseTypeChanged(
-                                *passphrase_type,
-                                GetExplicitPassphraseTime(*passphrase_type)));
+          for (auto& observer : observers_) {
+            observer.OnPassphraseTypeChanged(
+                *passphrase_type, GetExplicitPassphraseTime(*passphrase_type));
+          }
         } else {
           DVLOG(1) << "Setting implicit passphrase for encryption.";
         }
         cryptographer->GetBootstrapToken(&bootstrap_token);
 
         // With M26, sync accounts can be in only one of two encryption states:
         // 1) Encrypt only passwords with an implicit passphrase.
         // 2) Encrypt all sync datatypes with an explicit passphrase.
         // We deprecate the "EncryptAllData" and "CustomPassphrase" histograms,
         // and keep track of an account's encryption state via the
@@ skipping 226 matching lines @@
     const sync_pb::NigoriSpecifics& nigori,
     syncable::BaseTransaction* const trans) {
   DCHECK(thread_checker_.CalledOnValidThread());
   DCHECK(trans);
   if (!ApplyNigoriUpdateImpl(nigori, trans)) {
     base::ThreadTaskRunnerHandle::Get()->PostTask(
         FROM_HERE, base::Bind(&SyncEncryptionHandlerImpl::RewriteNigori,
                               weak_ptr_factory_.GetWeakPtr()));
   }
 
-  FOR_EACH_OBSERVER(
-      SyncEncryptionHandler::Observer, observers_,
-      OnCryptographerStateChanged(&UnlockVaultMutable(trans)->cryptographer));
+  for (auto& observer : observers_) {
+    observer.OnCryptographerStateChanged(
+        &UnlockVaultMutable(trans)->cryptographer);
+  }
 }
 
 void SyncEncryptionHandlerImpl::UpdateNigoriFromEncryptedTypes(
     sync_pb::NigoriSpecifics* nigori,
     syncable::BaseTransaction* const trans) const {
   DCHECK(thread_checker_.CalledOnValidThread());
   syncable::UpdateNigoriFromEncryptedTypes(UnlockVault(trans).encrypted_types,
                                            encrypt_everything_, nigori);
 }
 
@@ skipping 26 matching lines @@
     base::Base64Encode(keys.Get(i), &old_keystore_keys_[i]);
 
   Cryptographer* cryptographer = &UnlockVaultMutable(trans)->cryptographer;
 
   // Update the bootstrap token. If this fails, we persist an empty string,
   // which will force us to download the keystore keys again on the next
   // restart.
   std::string keystore_bootstrap = PackKeystoreBootstrapToken(
       old_keystore_keys_, keystore_key_, cryptographer->encryptor());
 
-  FOR_EACH_OBSERVER(
-      SyncEncryptionHandler::Observer, observers_,
-      OnBootstrapTokenUpdated(keystore_bootstrap, KEYSTORE_BOOTSTRAP_TOKEN));
+  for (auto& observer : observers_) {
+    observer.OnBootstrapTokenUpdated(keystore_bootstrap,
+                                     KEYSTORE_BOOTSTRAP_TOKEN);
+  }
   DVLOG(1) << "Keystore bootstrap token updated.";
 
   // If this is a first time sync, we get the encryption keys before we process
   // the nigori node. Just return for now, ApplyNigoriUpdate will be invoked
   // once we have the nigori node.
   syncable::Entry entry(trans, syncable::GET_TYPE_ROOT, NIGORI);
   if (!entry.good())
     return true;
 
   const sync_pb::NigoriSpecifics& nigori = entry.GetSpecifics().nigori();
@@ skipping 138 matching lines @@
       if (child.InitByIdLookup(child_id) != BaseNode::INIT_OK)
         break;  // Possible if we failed to decrypt the data for some reason.
       child.SetPasswordSpecifics(child.GetPasswordSpecifics());
       child_id = child.GetSuccessorId();
     }
   }
 
   DVLOG(1) << "Re-encrypt everything complete.";
 
   // NOTE: We notify from within a transaction.
-  FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_,
-                    OnEncryptionComplete());
+  for (auto& observer : observers_) {
+    observer.OnEncryptionComplete();
+  }
 }
 
 bool SyncEncryptionHandlerImpl::ApplyNigoriUpdateImpl(
     const sync_pb::NigoriSpecifics& nigori,
     syncable::BaseTransaction* const trans) {
   DCHECK(thread_checker_.CalledOnValidThread());
   DVLOG(1) << "Applying nigori node update.";
   bool nigori_types_need_update =
       !UpdateEncryptedTypesFromNigori(nigori, trans);
 
@@ skipping 16 matching lines @@
     // but we let it through here as well in case future versions do add support
     // for this transition.
     if (*passphrase_type != nigori_passphrase_type &&
         nigori_passphrase_type != PassphraseType::IMPLICIT_PASSPHRASE &&
         (*passphrase_type == PassphraseType::IMPLICIT_PASSPHRASE ||
          nigori_passphrase_type == PassphraseType::CUSTOM_PASSPHRASE)) {
       DVLOG(1) << "Changing passphrase state from "
                << PassphraseTypeToString(*passphrase_type) << " to "
                << PassphraseTypeToString(nigori_passphrase_type);
       *passphrase_type = nigori_passphrase_type;
-      FOR_EACH_OBSERVER(
-          SyncEncryptionHandler::Observer, observers_,
-          OnPassphraseTypeChanged(*passphrase_type,
-                                  GetExplicitPassphraseTime(*passphrase_type)));
+      for (auto& observer : observers_) {
+        observer.OnPassphraseTypeChanged(
+            *passphrase_type, GetExplicitPassphraseTime(*passphrase_type));
+      }
     }
     if (*passphrase_type == PassphraseType::KEYSTORE_PASSPHRASE &&
         encrypt_everything_) {
       // This is the case where another client that didn't support keystore
       // encryption attempted to enable full encryption. We detect it
       // and switch the passphrase type to frozen implicit passphrase instead
       // due to full encryption not being compatible with keystore passphrase.
       // Because the local passphrase type will not match the nigori passphrase
       // type, we will trigger a rewrite and subsequently a re-migration.
       DVLOG(1) << "Changing passphrase state to FROZEN_IMPLICIT_PASSPHRASE "
                << "due to full encryption.";
       *passphrase_type = PassphraseType::FROZEN_IMPLICIT_PASSPHRASE;
-      FOR_EACH_OBSERVER(
-          SyncEncryptionHandler::Observer, observers_,
-          OnPassphraseTypeChanged(*passphrase_type,
-                                  GetExplicitPassphraseTime(*passphrase_type)));
+      for (auto& observer : observers_) {
+        observer.OnPassphraseTypeChanged(
+            *passphrase_type, GetExplicitPassphraseTime(*passphrase_type));
+      }
     }
   } else {
     // It's possible that while we're waiting for migration a client that does
     // not have keystore encryption enabled switches to a custom passphrase.
     if (nigori.keybag_is_frozen() &&
         *passphrase_type != PassphraseType::CUSTOM_PASSPHRASE) {
       *passphrase_type = PassphraseType::CUSTOM_PASSPHRASE;
-      FOR_EACH_OBSERVER(
-          SyncEncryptionHandler::Observer, observers_,
-          OnPassphraseTypeChanged(*passphrase_type,
-                                  GetExplicitPassphraseTime(*passphrase_type)));
+      for (auto& observer : observers_) {
+        observer.OnPassphraseTypeChanged(
+            *passphrase_type, GetExplicitPassphraseTime(*passphrase_type));
+      }
     }
   }
 
   Cryptographer* cryptographer = &UnlockVaultMutable(trans)->cryptographer;
   bool nigori_needs_new_keys = false;
   if (!nigori.encryption_keybag().blob().empty()) {
     // We only update the default key if this was a new explicit passphrase.
     // Else, since it was decryptable, it must not have been a new key.
     bool need_new_default_key = false;
     if (is_nigori_migrated) {
@@ skipping 30 matching lines @@
     // local encryption keys into it.
     LOG(WARNING) << "Nigori had empty encryption keybag.";
     nigori_needs_new_keys = true;
   }
 
   // If we've completed a sync cycle and the cryptographer isn't ready
   // yet or has pending keys, prompt the user for a passphrase.
   if (cryptographer->has_pending_keys()) {
     DVLOG(1) << "OnPassphraseRequired Sent";
     sync_pb::EncryptedData pending_keys = cryptographer->GetPendingKeys();
-    FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_,
-                      OnPassphraseRequired(REASON_DECRYPTION, pending_keys));
+    for (auto& observer : observers_) {
+      observer.OnPassphraseRequired(REASON_DECRYPTION, pending_keys);
+    }
   } else if (!cryptographer->is_ready()) {
     DVLOG(1) << "OnPassphraseRequired sent because cryptographer is not "
              << "ready";
-    FOR_EACH_OBSERVER(
-        SyncEncryptionHandler::Observer, observers_,
-        OnPassphraseRequired(REASON_ENCRYPTION, sync_pb::EncryptedData()));
+    for (auto& observer : observers_) {
+      observer.OnPassphraseRequired(REASON_ENCRYPTION,
+                                    sync_pb::EncryptedData());
+    }
   }
 
   // Check if the current local encryption state is stricter/newer than the
   // nigori state. If so, we need to overwrite the nigori node with the local
   // state.
   bool passphrase_type_matches = true;
   if (!is_nigori_migrated) {
     DCHECK(*passphrase_type == PassphraseType::CUSTOM_PASSPHRASE ||
            *passphrase_type == PassphraseType::IMPLICIT_PASSPHRASE);
     passphrase_type_matches =
@@ skipping 89 matching lines @@
   nigori_encrypted_types.PutAll(SensitiveTypes());
 
   // If anything more than the sensitive types were encrypted, and
   // encrypt_everything is not explicitly set to false, we assume it means
   // a client intended to enable encrypt everything.
   if (!nigori.has_encrypt_everything() &&
       !Difference(nigori_encrypted_types, SensitiveTypes()).Empty()) {
     if (!encrypt_everything_) {
       encrypt_everything_ = true;
       *encrypted_types = EncryptableUserTypes();
-      FOR_EACH_OBSERVER(
-          Observer, observers_,
-          OnEncryptedTypesChanged(*encrypted_types, encrypt_everything_));
+      for (auto& observer : observers_) {
+        observer.OnEncryptedTypesChanged(*encrypted_types, encrypt_everything_);
+      }
     }
     DCHECK(*encrypted_types == EncryptableUserTypes());
     return false;
   }
 
   MergeEncryptedTypes(nigori_encrypted_types, trans);
   return *encrypted_types == nigori_encrypted_types;
 }
 
 void SyncEncryptionHandlerImpl::SetCustomPassphrase(
@@ skipping 30 matching lines @@
     NOTREACHED() << "Failed to add key to cryptographer.";
     return;
   }
 
   DVLOG(1) << "Setting custom passphrase.";
   cryptographer->GetBootstrapToken(&bootstrap_token);
   PassphraseType* passphrase_type =
       &UnlockVaultMutable(trans->GetWrappedTrans())->passphrase_type;
   *passphrase_type = PassphraseType::CUSTOM_PASSPHRASE;
   custom_passphrase_time_ = base::Time::Now();
-  FOR_EACH_OBSERVER(
-      SyncEncryptionHandler::Observer, observers_,
-      OnPassphraseTypeChanged(*passphrase_type,
-                              GetExplicitPassphraseTime(*passphrase_type)));
+  for (auto& observer : observers_) {
+    observer.OnPassphraseTypeChanged(
+        *passphrase_type, GetExplicitPassphraseTime(*passphrase_type));
+  }
   FinishSetPassphrase(true, bootstrap_token, trans, nigori_node);
 }
 
 void SyncEncryptionHandlerImpl::NotifyObserversOfLocalCustomPassphrase(
     WriteTransaction* trans) {
   WriteNode nigori_node(trans);
   BaseNode::InitByLookupResult init_result = nigori_node.InitTypeRoot(NIGORI);
   DCHECK_EQ(init_result, BaseNode::INIT_OK);
   NigoriState nigori_state;
   nigori_state.nigori_specifics = nigori_node.GetNigoriSpecifics();
   DCHECK(nigori_state.nigori_specifics.passphrase_type() ==
              sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE ||
          nigori_state.nigori_specifics.passphrase_type() ==
              sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE);
-  FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_,
-                    OnLocalSetPassphraseEncryption(nigori_state));
+  for (auto& observer : observers_) {
+    observer.OnLocalSetPassphraseEncryption(nigori_state);
+  }
 }
 
 void SyncEncryptionHandlerImpl::DecryptPendingKeysWithExplicitPassphrase(
     const std::string& passphrase,
     WriteTransaction* trans,
     WriteNode* nigori_node) {
   DCHECK(thread_checker_.CalledOnValidThread());
   DCHECK(IsExplicitPassphrase(GetPassphraseType(trans->GetWrappedTrans())));
   KeyParams key_params = {"localhost", "dummy", passphrase};
 
@@ skipping 27 matching lines @@
   }
   FinishSetPassphrase(success, bootstrap_token, trans, nigori_node);
 }
 
 void SyncEncryptionHandlerImpl::FinishSetPassphrase(
     bool success,
     const std::string& bootstrap_token,
     WriteTransaction* trans,
     WriteNode* nigori_node) {
   DCHECK(thread_checker_.CalledOnValidThread());
-  FOR_EACH_OBSERVER(
-      SyncEncryptionHandler::Observer, observers_,
-      OnCryptographerStateChanged(
-          &UnlockVaultMutable(trans->GetWrappedTrans())->cryptographer));
+  for (auto& observer : observers_) {
+    observer.OnCryptographerStateChanged(
+        &UnlockVaultMutable(trans->GetWrappedTrans())->cryptographer);
+  }
 
   // It's possible we need to change the bootstrap token even if we failed to
   // set the passphrase (for example if we need to preserve the new GAIA
   // passphrase).
   if (!bootstrap_token.empty()) {
     DVLOG(1) << "Passphrase bootstrap token updated.";
-    FOR_EACH_OBSERVER(
-        SyncEncryptionHandler::Observer, observers_,
-        OnBootstrapTokenUpdated(bootstrap_token, PASSPHRASE_BOOTSTRAP_TOKEN));
+    for (auto& observer : observers_) {
+      observer.OnBootstrapTokenUpdated(bootstrap_token,
+                                       PASSPHRASE_BOOTSTRAP_TOKEN);
+    }
   }
 
   const Cryptographer& cryptographer =
       UnlockVault(trans->GetWrappedTrans()).cryptographer;
   if (!success) {
     if (cryptographer.is_ready()) {
       LOG(ERROR) << "Attempt to change passphrase failed while cryptographer "
                  << "was ready.";
     } else if (cryptographer.has_pending_keys()) {
-      FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_,
-                        OnPassphraseRequired(REASON_DECRYPTION,
-                                             cryptographer.GetPendingKeys()));
+      for (auto& observer : observers_) {
+        observer.OnPassphraseRequired(REASON_DECRYPTION,
+                                      cryptographer.GetPendingKeys());
+      }
     } else {
-      FOR_EACH_OBSERVER(
-          SyncEncryptionHandler::Observer, observers_,
-          OnPassphraseRequired(REASON_ENCRYPTION, sync_pb::EncryptedData()));
+      for (auto& observer : observers_) {
+        observer.OnPassphraseRequired(REASON_ENCRYPTION,
+                                      sync_pb::EncryptedData());
+      }
     }
     return;
   }
   DCHECK(success);
   DCHECK(cryptographer.is_ready());
 
   // Will do nothing if we're already properly migrated or unable to migrate
   // (in otherwords, if ShouldTriggerMigration is false).
   // Otherwise will update the nigori node with the current migrated state,
   // writing all encryption state as it does.
@@ skipping 15 matching lines @@
     // If we set a new custom passphrase, store the timestamp.
     if (!custom_passphrase_time_.is_null()) {
       nigori.set_custom_passphrase_time(
           TimeToProtoTime(custom_passphrase_time_));
     }
     nigori_node->SetNigoriSpecifics(nigori);
   }
 
   // Must do this after OnPassphraseTypeChanged, in order to ensure the PSS
   // checks the passphrase state after it has been set.
-  FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_,
-                    OnPassphraseAccepted());
+  for (auto& observer : observers_) {
+    observer.OnPassphraseAccepted();
+  }
 
   // Does nothing if everything is already encrypted.
   // TODO(zea): If we just migrated and enabled encryption, this will be
   // redundant. Figure out a way to not do this unnecessarily.
   ReEncryptEverything(trans);
 }
 
 void SyncEncryptionHandlerImpl::MergeEncryptedTypes(
     ModelTypeSet new_encrypted_types,
     syncable::BaseTransaction* const trans) {
   DCHECK(thread_checker_.CalledOnValidThread());
 
   // Only UserTypes may be encrypted.
   DCHECK(EncryptableUserTypes().HasAll(new_encrypted_types));
 
   ModelTypeSet* encrypted_types = &UnlockVaultMutable(trans)->encrypted_types;
   if (!encrypted_types->HasAll(new_encrypted_types)) {
     *encrypted_types = new_encrypted_types;
-    FOR_EACH_OBSERVER(
-        Observer, observers_,
-        OnEncryptedTypesChanged(*encrypted_types, encrypt_everything_));
+    for (auto& observer : observers_) {
+      observer.OnEncryptedTypesChanged(*encrypted_types, encrypt_everything_);
+    }
   }
 }
 
 SyncEncryptionHandlerImpl::Vault* SyncEncryptionHandlerImpl::UnlockVaultMutable(
     syncable::BaseTransaction* const trans) {
   DCHECK_EQ(user_share_->directory.get(), trans->directory());
   return &vault_unsafe_;
 }
 
 const SyncEncryptionHandlerImpl::Vault& SyncEncryptionHandlerImpl::UnlockVault(
@@ skipping 110 matching lines @@
       DVLOG(1) << "Migrating keybag to keystore key.";
       bool cryptographer_was_ready = cryptographer->is_ready();
       if (!cryptographer->AddKey(key_params)) {
         LOG(ERROR) << "Failed to add keystore key as default key";
         UMA_HISTOGRAM_ENUMERATION("Sync.AttemptNigoriMigration",
                                   FAILED_TO_SET_DEFAULT_KEYSTORE,
                                   MIGRATION_RESULT_SIZE);
         return false;
       }
       if (!cryptographer_was_ready && cryptographer->is_ready()) {
-        FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_,
-                          OnPassphraseAccepted());
+        for (auto& observer : observers_) {
+          observer.OnPassphraseAccepted();
+        }
       }
     } else {
       // We're in backwards compatible mode -- either the account has an
       // explicit passphrase, or we want to preserve the current GAIA-based key
       // as the default because we can (there have been no key rotations since
       // the migration).
       DVLOG(1) << "Migrating keybag while preserving old key";
       if (!cryptographer->AddNonDefaultKey(key_params)) {
         LOG(ERROR) << "Failed to add keystore key as non-default key.";
         UMA_HISTOGRAM_ENUMERATION("Sync.AttemptNigoriMigration",
@@ skipping 33 matching lines @@
 
   if (migration_time_.is_null())
     migration_time_ = base::Time::Now();
   migrated_nigori.set_keystore_migration_time(TimeToProtoTime(migration_time_));
 
   if (!custom_passphrase_time_.is_null()) {
     migrated_nigori.set_custom_passphrase_time(
         TimeToProtoTime(custom_passphrase_time_));
   }
 
-  FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_,
-                    OnCryptographerStateChanged(cryptographer));
+  for (auto& observer : observers_) {
+    observer.OnCryptographerStateChanged(cryptographer);
+  }
   if (*passphrase_type != new_passphrase_type) {
     *passphrase_type = new_passphrase_type;
-    FOR_EACH_OBSERVER(
-        SyncEncryptionHandler::Observer, observers_,
-        OnPassphraseTypeChanged(*passphrase_type,
-                                GetExplicitPassphraseTime(*passphrase_type)));
+    for (auto& observer : observers_) {
+      observer.OnPassphraseTypeChanged(
+          *passphrase_type, GetExplicitPassphraseTime(*passphrase_type));
+    }
   }
 
   if (new_encrypt_everything && !encrypt_everything_) {
     EnableEncryptEverythingImpl(trans->GetWrappedTrans());
     ReEncryptEverything(trans);
   } else if (!cryptographer->CanDecryptUsingDefaultKey(
                  old_nigori.encryption_keybag())) {
     DVLOG(1) << "Rencrypting everything due to key rotation.";
     ReEncryptEverything(trans);
   }
@@ skipping 72 matching lines @@
 
 void SyncEncryptionHandlerImpl::EnableEncryptEverythingImpl(
     syncable::BaseTransaction* const trans) {
   ModelTypeSet* encrypted_types = &UnlockVaultMutable(trans)->encrypted_types;
   if (encrypt_everything_) {
     DCHECK_EQ(EncryptableUserTypes(), *encrypted_types);
     return;
   }
   encrypt_everything_ = true;
   *encrypted_types = EncryptableUserTypes();
-  FOR_EACH_OBSERVER(
-      Observer, observers_,
-      OnEncryptedTypesChanged(*encrypted_types, encrypt_everything_));
+  for (auto& observer : observers_) {
+    observer.OnEncryptedTypesChanged(*encrypted_types, encrypt_everything_);
+  }
 }
 
 bool SyncEncryptionHandlerImpl::DecryptPendingKeysWithKeystoreKey(
     const sync_pb::EncryptedData& keystore_decryptor_token,
     Cryptographer* cryptographer) {
   DCHECK(cryptographer->has_pending_keys());
   if (keystore_decryptor_token.blob().empty())
     return false;
   Cryptographer temp_cryptographer(cryptographer->encryptor());
 
@@ skipping 39 matching lines @@
     } else {
       // Theoretically the encryption keybag should already contain the keystore
       // key. We explicitly add it as a safety measure.
       DVLOG(1) << "Pending keys based on newest keystore key.";
       cryptographer->AddNonDefaultKey(keystore_params);
     }
     if (cryptographer->is_ready()) {
       std::string bootstrap_token;
       cryptographer->GetBootstrapToken(&bootstrap_token);
       DVLOG(1) << "Keystore decryptor token decrypted pending keys.";
-      FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_,
-                        OnPassphraseAccepted());
-      FOR_EACH_OBSERVER(
-          SyncEncryptionHandler::Observer, observers_,
-          OnBootstrapTokenUpdated(bootstrap_token, PASSPHRASE_BOOTSTRAP_TOKEN));
-      FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_,
-                        OnCryptographerStateChanged(cryptographer));
+      for (auto& observer : observers_) {

[skym, 2016/10/14 18:42:14]

Can you throw in a comment noting that these 3 loops are to avoid accidentally
introducing a bug, and not because we know this is the only/better way?

[maxbogue, 2016/10/14 20:25:00]

Done.

+        observer.OnPassphraseAccepted();
+      }
+      for (auto& observer : observers_) {
+        observer.OnBootstrapTokenUpdated(bootstrap_token,
+                                         PASSPHRASE_BOOTSTRAP_TOKEN);
+      }
+      for (auto& observer : observers_) {
+        observer.OnCryptographerStateChanged(cryptographer);
+      }
       return true;
     }
   }
   return false;
 }
 
 base::Time SyncEncryptionHandlerImpl::GetExplicitPassphraseTime(
     PassphraseType passphrase_type) const {
   if (passphrase_type == PassphraseType::FROZEN_IMPLICIT_PASSPHRASE)
     return migration_time();
   else if (passphrase_type == PassphraseType::CUSTOM_PASSPHRASE)
     return custom_passphrase_time();
   return base::Time();
 }
 
 }  // namespace syncer