[Sync] Move the last things out of core/.

components/sync/core/sync_encryption_handler.h

-// Copyright 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef COMPONENTS_SYNC_CORE_SYNC_ENCRYPTION_HANDLER_H_
-#define COMPONENTS_SYNC_CORE_SYNC_ENCRYPTION_HANDLER_H_
-
-#include <string>
-
-#include "base/time/time.h"
-#include "components/sync/base/model_type.h"
-#include "components/sync/protocol/sync.pb.h"
-
-namespace syncer {
-
-class Cryptographer;
-enum class PassphraseType;
-
-// Reasons due to which Cryptographer might require a passphrase.
-enum PassphraseRequiredReason {
-  REASON_PASSPHRASE_NOT_REQUIRED = 0,  // Initial value.
-  REASON_ENCRYPTION = 1,               // The cryptographer requires a
-                                       // passphrase for its first attempt at
-                                       // encryption. Happens only during
-                                       // migration or upgrade.
-  REASON_DECRYPTION = 2,               // The cryptographer requires a
-                                       // passphrase for its first attempt at
-                                       // decryption.
-};
-
-// Enum used to distinguish which bootstrap encryption token is being updated.
-enum BootstrapTokenType {
-  PASSPHRASE_BOOTSTRAP_TOKEN,
-  KEYSTORE_BOOTSTRAP_TOKEN
-};
-
-// Sync's encryption handler. Handles tracking encrypted types, ensuring the
-// cryptographer encrypts with the proper key and has the most recent keybag,
-// and keeps the nigori node up to date.
-// Implementations of this class must be assumed to be non-thread-safe. All
-// methods must be invoked on the sync thread.
-class SyncEncryptionHandler {
- public:
-  class NigoriState;
-
-  // All Observer methods are done synchronously from within a transaction and
-  // on the sync thread.
-  class Observer {
-   public:
-    Observer();
-
-    // Called when user interaction is required to obtain a valid passphrase.
-    // - If the passphrase is required for encryption, |reason| will be
-    //   REASON_ENCRYPTION.
-    // - If the passphrase is required for the decryption of data that has
-    //   already been encrypted, |reason| will be REASON_DECRYPTION.
-    // - If the passphrase is required because decryption failed, and a new
-    //   passphrase is required, |reason| will be REASON_SET_PASSPHRASE_FAILED.
-    //
-    // |pending_keys| is a copy of the cryptographer's pending keys, that may be
-    // cached by the frontend for subsequent use by the UI.
-    virtual void OnPassphraseRequired(
-        PassphraseRequiredReason reason,
-        const sync_pb::EncryptedData& pending_keys) = 0;
-    // Called when the passphrase provided by the user has been accepted and is
-    // now used to encrypt sync data.
-
-    virtual void OnPassphraseAccepted() = 0;
-    // |bootstrap_token| is an opaque base64 encoded representation of the key
-    // generated by the current passphrase, and is provided to the observer for
-    // persistence purposes and use in a future initialization of sync (e.g.
-    // after restart). The boostrap token will always be derived from the most
-    // recent GAIA password (for accounts with implicit passphrases), even if
-    // the data is still encrypted with an older GAIA password. For accounts
-    // with explicit passphrases, it will be the most recently seen custom
-    // passphrase.
-    virtual void OnBootstrapTokenUpdated(const std::string& bootstrap_token,
-                                         BootstrapTokenType type) = 0;
-
-    // Called when the set of encrypted types or the encrypt
-    // everything flag has been changed.  Note that encryption isn't
-    // complete until the OnEncryptionComplete() notification has been
-    // sent (see below).
-    //
-    // |encrypted_types| will always be a superset of
-    // Cryptographer::SensitiveTypes().  If |encrypt_everything| is
-    // true, |encrypted_types| will be the set of all known types.
-    //
-    // Until this function is called, observers can assume that the
-    // set of encrypted types is Cryptographer::SensitiveTypes() and
-    // that the encrypt everything flag is false.
-    virtual void OnEncryptedTypesChanged(ModelTypeSet encrypted_types,
-                                         bool encrypt_everything) = 0;
-
-    // Called after we finish encrypting the current set of encrypted
-    // types.
-    virtual void OnEncryptionComplete() = 0;
-
-    // The cryptographer has been updated. Listeners should check that their
-    // own state matches the cryptographer.
-    // Used primarily for debugging.
-    virtual void OnCryptographerStateChanged(Cryptographer* cryptographer) = 0;
-
-    // The passphrase type has changed. |type| is the new type,
-    // |passphrase_time| is the time the passphrase was set (unset if |type|
-    // is KEYSTORE_PASSPHRASE or the passphrase was set before we started
-    // recording the time).
-    virtual void OnPassphraseTypeChanged(PassphraseType type,
-                                         base::Time passphrase_time) = 0;
-
-    // The user has set a passphrase using this device.
-    //
-    // |nigori_state| can be used to restore nigori state across
-    // SyncEncryptionHandlerImpl lifetimes. See also SyncEncryptionHandlerImpl's
-    // RestoredNigori method.
-    virtual void OnLocalSetPassphraseEncryption(
-        const NigoriState& nigori_state) = 0;
-
-   protected:
-    virtual ~Observer();
-  };
-
-  class NigoriState {
-   public:
-    NigoriState() {}
-    sync_pb::NigoriSpecifics nigori_specifics;
-  };
-
-  SyncEncryptionHandler();
-  virtual ~SyncEncryptionHandler();
-
-  // Add/Remove SyncEncryptionHandler::Observers.
-  virtual void AddObserver(Observer* observer) = 0;
-  virtual void RemoveObserver(Observer* observer) = 0;
-
-  // Reads the nigori node, updates internal state as needed, and, if an
-  // empty/stale nigori node is detected, overwrites the existing
-  // nigori node. Upon completion, if the cryptographer is still ready
-  // attempts to re-encrypt all sync data.
-  // Note: This method is expensive (it iterates through all encrypted types),
-  // so should only be used sparingly (e.g. on startup).
-  virtual void Init() = 0;
-
-  // Attempts to re-encrypt encrypted data types using the passphrase provided.
-  // Notifies observers of the result of the operation via OnPassphraseAccepted
-  // or OnPassphraseRequired, updates the nigori node, and does re-encryption as
-  // appropriate. If an explicit password has been set previously, we drop
-  // subsequent requests to set a passphrase. If the cryptographer has pending
-  // keys, and a new implicit passphrase is provided, we try decrypting the
-  // pending keys with it, and if that fails, we cache the passphrase for
-  // re-encryption once the pending keys are decrypted.
-  virtual void SetEncryptionPassphrase(const std::string& passphrase,
-                                       bool is_explicit) = 0;
-
-  // Provides a passphrase for decrypting the user's existing sync data.
-  // Notifies observers of the result of the operation via OnPassphraseAccepted
-  // or OnPassphraseRequired, updates the nigori node, and does re-encryption as
-  // appropriate if there is a previously cached encryption passphrase. It is an
-  // error to call this when we don't have pending keys.
-  virtual void SetDecryptionPassphrase(const std::string& passphrase) = 0;
-
-  // Enables encryption of all datatypes.
-  virtual void EnableEncryptEverything() = 0;
-
-  // Whether encryption of all datatypes is enabled. If false, only sensitive
-  // types are encrypted.
-  virtual bool IsEncryptEverythingEnabled() const = 0;
-
-  // The set of types that are always encrypted.
-  static ModelTypeSet SensitiveTypes();
-};
-
-}  // namespace syncer
-
-#endif  // COMPONENTS_SYNC_CORE_SYNC_ENCRYPTION_HANDLER_H_