Encrypt all stored cookies on selected operating systems.

chrome/browser/profiles/profile_impl_io_data.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/profiles/profile_impl_io_data.h"
 
 #include "base/bind.h"
 #include "base/command_line.h"
 #include "base/logging.h"
 #include "base/metrics/field_trial.h"
@@ skipping 14 matching lines @@
 #include "chrome/browser/net/chrome_network_delegate.h"
 #include "chrome/browser/net/connect_interceptor.h"
 #include "chrome/browser/net/http_server_properties_manager.h"
 #include "chrome/browser/net/predictor.h"
 #include "chrome/browser/net/sqlite_server_bound_cert_store.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/common/chrome_constants.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/pref_names.h"
 #include "chrome/common/url_constants.h"
+#include "components/webdata/encryptor/encryptor.h"
 #include "content/public/browser/browser_thread.h"
+#include "content/public/browser/cookie_crypto_delegate.h"
 #include "content/public/browser/cookie_store_factory.h"
 #include "content/public/browser/notification_service.h"
 #include "content/public/browser/resource_context.h"
 #include "content/public/browser/storage_partition.h"
 #include "extensions/common/constants.h"
 #include "net/base/cache_type.h"
 #include "net/ftp/ftp_network_layer.h"
 #include "net/http/http_cache.h"
 #include "net/ssl/server_bound_cert_service.h"
 #include "net/url_request/protocol_intercept_job_factory.h"
 #include "net/url_request/url_request_job_factory_impl.h"
 #include "webkit/browser/quota/special_storage_policy.h"
 
 #if defined(OS_ANDROID) || defined(OS_IOS)
 #include "chrome/browser/net/spdyproxy/data_reduction_proxy_settings.h"
 #endif
 
 namespace {
 
+// Use the operating system's mechanisms to encrypt cookies before writing
+// them to persistent store.  Currently this only is done with desktop OS's
+// because ChromeOS and Android already protect the entire profile contents.
+//
+// TODO(bcwhite): Enable on MACOSX -- requires all Cookie tests to call
+// Encryptor::UseMockKeychain or will hang waiting for user input.
+#if defined(OS_WIN) || defined(OS_LINUX)  //  || defined(OS_MACOSX)
+class CookieOSCryptoDelegate : public content::CookieCryptoDelegate {
+ public:
+  virtual bool EncryptString(const std::string& plaintext,
+                             std::string* ciphertext) OVERRIDE;
+  virtual bool DecryptString(const std::string& ciphertext,
+                             std::string* plaintext) OVERRIDE;
+};
+
+bool CookieOSCryptoDelegate::EncryptString(const std::string& plaintext,
+                                           std::string* ciphertext) {
+  return Encryptor::EncryptString(plaintext, ciphertext);
+}
+
+bool CookieOSCryptoDelegate::DecryptString(const std::string& ciphertext,
+                                           std::string* plaintext) {
+  return Encryptor::DecryptString(ciphertext, plaintext);
+}
+
+scoped_ptr<content::CookieCryptoDelegate> CreateCookieCryptoIfUseful() {
+  return scoped_ptr<content::CookieCryptoDelegate>(
+      new CookieOSCryptoDelegate);
+}
+#else
+scoped_ptr<content::CookieCryptoDelegate> CreateCookieCryptoIfUseful() {
+  return scoped_ptr<content::CookieCryptoDelegate>();
+}
+#endif
+
+
 net::BackendType ChooseCacheBackendType() {
   const CommandLine& command_line = *CommandLine::ForCurrentProcess();
   if (command_line.HasSwitch(switches::kUseSimpleCacheBackend)) {
     const std::string opt_value =
         command_line.GetSwitchValueASCII(switches::kUseSimpleCacheBackend);
     if (LowerCaseEqualsASCII(opt_value, "off"))
       return net::CACHE_BACKEND_BLOCKFILE;
     if (opt_value == "" || LowerCaseEqualsASCII(opt_value, "on"))
       return net::CACHE_BACKEND_SIMPLE;
   }
@@ skipping 332 matching lines @@
   }
 
   // setup cookie store
   if (!cookie_store.get()) {
     DCHECK(!lazy_params_->cookie_path.empty());
 
     cookie_store = content::CreatePersistentCookieStore(
         lazy_params_->cookie_path,
         lazy_params_->restore_old_session_cookies,
         lazy_params_->special_storage_policy.get(),
-        profile_params->cookie_monster_delegate.get());
+        profile_params->cookie_monster_delegate.get(),
+        CreateCookieCryptoIfUseful());
     cookie_store->GetCookieMonster()->SetPersistSessionCookies(true);
   }
 
   main_context->set_cookie_store(cookie_store.get());
 
   // Setup server bound cert service.
   if (!server_bound_cert_service) {
     DCHECK(!lazy_params_->server_bound_cert_path.empty());
 
     scoped_refptr<SQLiteServerBoundCertStore> server_bound_cert_db =
@@ skipping 77 matching lines @@
   extensions_context->set_net_log(io_thread->net_log());
 
   extensions_context->set_throttler_manager(
       io_thread_globals->throttler_manager.get());
 
   net::CookieStore* extensions_cookie_store =
       content::CreatePersistentCookieStore(
           lazy_params_->extensions_cookie_path,
           lazy_params_->restore_old_session_cookies,
           NULL,
-          NULL);
+          NULL,
+          CreateCookieCryptoIfUseful());
   // Enable cookies for devtools and extension URLs.
   const char* schemes[] = {chrome::kChromeDevToolsScheme,
                            extensions::kExtensionScheme};
   extensions_cookie_store->GetCookieMonster()->SetCookieableSchemes(schemes, 2);
   extensions_context->set_cookie_store(extensions_cookie_store);
 
   scoped_ptr<net::URLRequestJobFactoryImpl> extensions_job_factory(
       new net::URLRequestJobFactoryImpl());
   // TODO(shalev): The extensions_job_factory has a NULL NetworkDelegate.
   // Without a network_delegate, this protocol handler will never
@@ skipping 65 matching lines @@
   if (!cookie_store.get()) {
     DCHECK(!cookie_path.empty());
 
     // TODO(creis): We should have a cookie delegate for notifying the cookie
     // extensions API, but we need to update it to understand isolated apps
     // first.
     cookie_store = content::CreatePersistentCookieStore(
         cookie_path,
         false,
         NULL,
-        NULL);
+        NULL,
+        CreateCookieCryptoIfUseful());
   }
 
   // Transfer ownership of the cookies and cache to AppRequestContext.
   context->SetCookieStore(cookie_store.get());
   context->SetHttpTransactionFactory(
       scoped_ptr<net::HttpTransactionFactory>(app_http_cache));
 
   scoped_ptr<net::URLRequestJobFactoryImpl> job_factory(
       new net::URLRequestJobFactoryImpl());
   InstallProtocolHandlers(job_factory.get(), protocol_handlers);
@@ skipping 102 matching lines @@
     const base::Closure& completion) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
   DCHECK(initialized());
 
   DCHECK(transport_security_state());
   // Completes synchronously.
   transport_security_state()->DeleteAllDynamicDataSince(time);
   DCHECK(http_server_properties_manager_);
   http_server_properties_manager_->Clear(completion);
 }