Encrypt all stored cookies on selected operating systems.

chrome/browser/profiles/profile_impl_io_data.cc

Index: chrome/browser/profiles/profile_impl_io_data.cc
diff --git a/chrome/browser/profiles/profile_impl_io_data.cc b/chrome/browser/profiles/profile_impl_io_data.cc
index c5c383eb2f037c1f56af0c20fcb520a5cdd26774..279c431248a975123ce0186534a928e44403aa61 100644
--- a/chrome/browser/profiles/profile_impl_io_data.cc
+++ b/chrome/browser/profiles/profile_impl_io_data.cc
@@ -32,7 +32,9 @@
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/pref_names.h"
 #include "chrome/common/url_constants.h"
+#include "components/webdata/encryptor/encryptor.h"
 #include "content/public/browser/browser_thread.h"
+#include "content/public/browser/cookie_crypto_delegate.h"
 #include "content/public/browser/cookie_store_factory.h"
 #include "content/public/browser/notification_service.h"
 #include "content/public/browser/resource_context.h"
@@ -52,6 +54,42 @@
 
 namespace {
 
+// Use the operating system's mechanisms to encrypt cookies before writing
+// them to persistent store.  Currently this only is done with desktop OS's
+// because ChromeOS and Android already protect the entire profile contents.
+//
+// TODO(bcwhite): Enable on MACOSX -- requires all Cookie tests to call
+// Encryptor::UseMockKeychain or will hang waiting for user input.
+#if defined(OS_WIN) || defined(OS_LINUX)  //  || defined(OS_MACOSX)
+class CookieOSCryptoDelegate : public content::CookieCryptoDelegate {
+ public:
+  virtual bool EncryptString(const std::string& plaintext,
+                             std::string* ciphertext) OVERRIDE;
+  virtual bool DecryptString(const std::string& ciphertext,
+                             std::string* plaintext) OVERRIDE;
+};
+
+bool CookieOSCryptoDelegate::EncryptString(const std::string& plaintext,
+                                           std::string* ciphertext) {
+  return Encryptor::EncryptString(plaintext, ciphertext);
+}
+
+bool CookieOSCryptoDelegate::DecryptString(const std::string& ciphertext,
+                                           std::string* plaintext) {
+  return Encryptor::DecryptString(ciphertext, plaintext);
+}
+
+scoped_ptr<content::CookieCryptoDelegate> CreateCookieCryptoIfUseful() {
+  return scoped_ptr<content::CookieCryptoDelegate>(
+      new CookieOSCryptoDelegate);
+}
+#else
+scoped_ptr<content::CookieCryptoDelegate> CreateCookieCryptoIfUseful() {
+  return scoped_ptr<content::CookieCryptoDelegate>();
+}
+#endif
+
+
 net::BackendType ChooseCacheBackendType() {
   const CommandLine& command_line = *CommandLine::ForCurrentProcess();
   if (command_line.HasSwitch(switches::kUseSimpleCacheBackend)) {
@@ -404,7 +442,8 @@ void ProfileImplIOData::InitializeInternal(
         lazy_params_->cookie_path,
         lazy_params_->restore_old_session_cookies,
         lazy_params_->special_storage_policy.get(),
-        profile_params->cookie_monster_delegate.get());
+        profile_params->cookie_monster_delegate.get(),
+        CreateCookieCryptoIfUseful());
     cookie_store->GetCookieMonster()->SetPersistSessionCookies(true);
   }
 
@@ -502,7 +541,8 @@ void ProfileImplIOData::
           lazy_params_->extensions_cookie_path,
           lazy_params_->restore_old_session_cookies,
           NULL,
-          NULL);
+          NULL,
+          CreateCookieCryptoIfUseful());
   // Enable cookies for devtools and extension URLs.
   const char* schemes[] = {chrome::kChromeDevToolsScheme,
                            extensions::kExtensionScheme};
@@ -588,7 +628,8 @@ ProfileImplIOData::InitializeAppRequestContext(
         cookie_path,
         false,
         NULL,
-        NULL);
+        NULL,
+        CreateCookieCryptoIfUseful());
   }
 
   // Transfer ownership of the cookies and cache to AppRequestContext.