[Sync] Split encryption state and logic out of PSS and SBHI.

components/browser_sync/profile_sync_service.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/browser_sync/profile_sync_service.h"
 
 #include <stddef.h>
 
 #include <cstddef>
 #include <map>
@@ skipping 100 matching lines @@
 using syncer::SyncCredentials;
 using syncer::SyncProtocolError;
 using syncer::WeakHandle;
 
 namespace browser_sync {
 
 namespace {
 
 typedef GoogleServiceAuthError AuthError;
 
-// Events in ClearServerData flow to be recorded in histogram. Existing
-// constants should not be deleted or reordered. New ones shold be added at the
-// end, before CLEAR_SERVER_DATA_MAX.
-enum ClearServerDataEvents {
-  // ClearServerData started after user switched to custom passphrase.
-  CLEAR_SERVER_DATA_STARTED,
-  // DataTypeManager reported that catchup configuration failed.
-  CLEAR_SERVER_DATA_CATCHUP_FAILED,
-  // ClearServerData flow restarted after browser restart.
-  CLEAR_SERVER_DATA_RETRIED,
-  // Success.
-  CLEAR_SERVER_DATA_SUCCEEDED,
-  // Client received RECET_LOCAL_SYNC_DATA after custom passphrase was enabled
-  // on different client.
-  CLEAR_SERVER_DATA_RESET_LOCAL_DATA_RECEIVED,
-  CLEAR_SERVER_DATA_MAX
-};
-
-const char kClearServerDataEventsHistogramName[] = "Sync.ClearServerDataEvents";
-
 const char kSyncUnrecoverableErrorHistogram[] = "Sync.UnrecoverableErrors";
 
 const net::BackoffEntry::Policy kRequestAccessTokenBackoffPolicy = {
     // Number of initial errors (in sequence) to ignore before applying
     // exponential back-off rules.
     0,
 
     // Initial delay for exponential back-off in ms.
     2000,
 
@@ skipping 27 matching lines @@
 ProfileSyncService::InitParams::~InitParams() = default;
 
 ProfileSyncService::ProfileSyncService(InitParams init_params)
     : SyncServiceBase(std::move(init_params.sync_client),
                       std::move(init_params.signin_wrapper),
                       init_params.channel,
                       init_params.base_directory,
                       init_params.debug_identifier),
       OAuth2TokenService::Consumer("sync"),
       last_auth_error_(AuthError::AuthErrorNone()),
-      passphrase_required_reason_(syncer::REASON_PASSPHRASE_NOT_REQUIRED),
       sync_service_url_(
           syncer::GetSyncServiceURL(*base::CommandLine::ForCurrentProcess(),
                                     init_params.channel)),
       network_time_update_callback_(
           std::move(init_params.network_time_update_callback)),
       url_request_context_(init_params.url_request_context),
       blocking_task_runner_(std::move(init_params.blocking_task_runner)),
       is_first_time_sync_configure_(false),
       engine_initialized_(false),
       sync_disabled_by_admin_(false),
       is_auth_in_progress_(false),
       local_sync_backend_folder_(init_params.local_sync_backend_folder),
       unrecoverable_error_reason_(ERROR_REASON_UNSET),
       expect_sync_configuration_aborted_(false),
-      encrypted_types_(syncer::SyncEncryptionHandler::SensitiveTypes()),
-      encrypt_everything_allowed_(true),
-      encrypt_everything_(false),
-      encryption_pending_(false),
       configure_status_(DataTypeManager::UNKNOWN),
       oauth2_token_service_(init_params.oauth2_token_service),
       request_access_token_backoff_(&kRequestAccessTokenBackoffPolicy),
       connection_status_(syncer::CONNECTION_NOT_ATTEMPTED),
       last_get_token_error_(GoogleServiceAuthError::AuthErrorNone()),
       gaia_cookie_manager_service_(init_params.gaia_cookie_manager_service),
       network_resources_(new syncer::HttpBridgeNetworkResources),
       start_behavior_(init_params.start_behavior),
       passphrase_prompt_triggered_by_version_(false),
       sync_enabled_weak_factory_(this),
@@ skipping 149 matching lines @@
   } else {
     startup_controller_->TryStart();
   }
 }
 
 void ProfileSyncService::StartSyncingWithServer() {
   if (base::FeatureList::IsEnabled(
           switches::kSyncClearDataOnPassphraseEncryption) &&
       sync_prefs_.GetPassphraseEncryptionTransitionInProgress()) {
     // We are restarting catchup configuration after browser restart.
-    UMA_HISTOGRAM_ENUMERATION(kClearServerDataEventsHistogramName,
-                              CLEAR_SERVER_DATA_RETRIED, CLEAR_SERVER_DATA_MAX);
+    UMA_HISTOGRAM_ENUMERATION("Sync.ClearServerDataEvents",
+                              syncer::CLEAR_SERVER_DATA_RETRIED,
+                              syncer::CLEAR_SERVER_DATA_MAX);
 
-    BeginConfigureCatchUpBeforeClear();
+    crypto_->BeginConfigureCatchUpBeforeClear();
     return;
   }
 
   if (engine_)
     engine_->StartSyncingWithServer();
 }
 
 void ProfileSyncService::RegisterAuthNotifications() {
   DCHECK(thread_checker_.CalledOnValidThread());
   oauth2_token_service_->AddObserver(this);
@@ skipping 105 matching lines @@
   return syncer::MakeWeakHandle(sync_js_controller_.AsWeakPtr());
 }
 
 syncer::SyncEngine::HttpPostProviderFactoryGetter
 ProfileSyncService::MakeHttpPostProviderFactoryGetter() {
   return base::Bind(&syncer::NetworkResources::GetHttpPostProviderFactory,
                     base::Unretained(network_resources_.get()),
                     url_request_context_, network_time_update_callback_);
 }
 
-std::unique_ptr<syncer::SyncEncryptionHandler::NigoriState>
-ProfileSyncService::MoveSavedNigoriState() {
-  return std::move(saved_nigori_state_);
-}
-
 syncer::WeakHandle<syncer::UnrecoverableErrorHandler>
 ProfileSyncService::GetUnrecoverableErrorHandler() {
   return syncer::MakeWeakHandle(sync_enabled_weak_factory_.GetWeakPtr());
 }
 
 bool ProfileSyncService::IsEncryptedDatatypeEnabled() const {
   if (encryption_pending())
     return true;
   const syncer::ModelTypeSet preferred_types = GetPreferredDataTypes();
   const syncer::ModelTypeSet encrypted_types = GetEncryptedDataTypes();
@@ skipping 248 matching lines @@
 
   startup_controller_->Reset(GetRegisteredDataTypes());
 
   // If the sync DB is getting destroyed, the local DeviceInfo is no longer
   // valid and should be cleared from the cache.
   if (reason == syncer::ShutdownReason::DISABLE_SYNC) {
     local_device_->Clear();
   }
 
   // Clear various state.
+  ResetCryptoState();
   expect_sync_configuration_aborted_ = false;
   is_auth_in_progress_ = false;
   engine_initialized_ = false;
-  cached_passphrase_.clear();
-  encryption_pending_ = false;
-  encrypt_everything_ = false;
-  encrypted_types_ = syncer::SyncEncryptionHandler::SensitiveTypes();
-  passphrase_required_reason_ = syncer::REASON_PASSPHRASE_NOT_REQUIRED;
   access_token_.clear();
   request_access_token_retry_timer_.Stop();
   last_snapshot_ = syncer::SyncCycleSnapshot();
   // Revert to "no auth error".
   if (last_auth_error_.state() != GoogleServiceAuthError::NONE)
     UpdateAuthErrorState(GoogleServiceAuthError::AuthErrorNone());
 
   NotifyObservers();
 
   // Mark this as a clean shutdown(without crash).
@@ skipping 25 matching lines @@
   sync_prefs_.SetFirstSetupComplete();
   if (IsEngineInitialized()) {
     ReconfigureDatatypeManager();
   }
 }
 
 void ProfileSyncService::UpdateLastSyncedTime() {
   sync_prefs_.SetLastSyncedTime(base::Time::Now());
 }
 
-void ProfileSyncService::NotifyObservers() {
-  for (auto& observer : observers_)
-    observer.OnStateChanged();
-}
-
 void ProfileSyncService::NotifySyncCycleCompleted() {
   for (auto& observer : observers_)
     observer.OnSyncCycleCompleted();
 }
 
 void ProfileSyncService::NotifyForeignSessionUpdated() {
   for (auto& observer : observers_)
     observer.OnForeignSessionUpdated();
 }
 
@@ skipping 123 matching lines @@
     engine_->RequestBufferedProtocolEventsAndEnableForwarding();
   }
 
   if (type_debug_info_observers_.might_have_observers()) {
     engine_->EnableDirectoryTypeDebugInfoForwarding();
   }
 
   // If we have a cached passphrase use it to decrypt/encrypt data now that the
   // backend is initialized. We want to call this before notifying observers in
   // case this operation affects the "passphrase required" status.
-  ConsumeCachedPassphraseIfPossible();
+  crypto_->ConsumeCachedPassphraseIfPossible();
 
   // The very first time the backend initializes is effectively the first time
   // we can say we successfully "synced".  LastSyncedTime will only be null in
   // this case, because the pref wasn't restored on StartUp.
   if (sync_prefs_.GetLastSyncedTime().is_null()) {
     UpdateLastSyncedTime();
   }
 
   data_type_manager_.reset(
       sync_client_->GetSyncApiComponentFactory()->CreateDataTypeManager(
           initial_types, debug_info_listener_, &data_type_controllers_, this,
           engine_.get(), this));
 
+  crypto_->SetSyncEngine(engine_.get());
+  crypto_->SetDataTypeManager(data_type_manager_.get());
+
   // Auto-start means IsFirstSetupComplete gets set automatically.
   if (start_behavior_ == AUTO_START && !IsFirstSetupComplete()) {
     // This will trigger a configure if it completes setup.
     SetFirstSetupComplete();
   } else if (CanConfigureDataTypes()) {
     ConfigureDataTypeManager();
   }
 
   // Check for a cookie jar mismatch.
   std::vector<gaia::ListedAccount> accounts;
@@ skipping 129 matching lines @@
       }
     }
 
     const GoogleServiceAuthError auth_error =
         ConnectionStatusToAuthError(status);
     DVLOG(1) << "Connection status change: " << auth_error.ToString();
     UpdateAuthErrorState(auth_error);
   }
 }
 
-void ProfileSyncService::OnPassphraseRequired(
-    syncer::PassphraseRequiredReason reason,
-    const sync_pb::EncryptedData& pending_keys) {
-  DCHECK(thread_checker_.CalledOnValidThread());
-  DCHECK(engine_);
-  DCHECK(engine_->IsNigoriEnabled());
-
-  // TODO(lipalani) : add this check to other locations as well.
-  if (HasUnrecoverableError()) {
-    // When unrecoverable error is detected we post a task to shutdown the
-    // engine. The task might not have executed yet.
-    return;
-  }
-
-  DVLOG(1) << "Passphrase required with reason: "
-           << syncer::PassphraseRequiredReasonToString(reason);
-  passphrase_required_reason_ = reason;
-
-  const syncer::ModelTypeSet types = GetPreferredDataTypes();
-  if (data_type_manager_) {
-    // Reconfigure without the encrypted types (excluded implicitly via the
-    // failed datatypes handler).
-    data_type_manager_->Configure(types, syncer::CONFIGURE_REASON_CRYPTO);
-  }
-
-  // Notify observers that the passphrase status may have changed.
-  NotifyObservers();
-}
-
-void ProfileSyncService::OnPassphraseAccepted() {
-  DCHECK(thread_checker_.CalledOnValidThread());
-  DVLOG(1) << "Received OnPassphraseAccepted.";
-
-  // If the pending keys were resolved via keystore, it's possible we never
-  // consumed our cached passphrase. Clear it now.
-  if (!cached_passphrase_.empty())
-    cached_passphrase_.clear();
-
-  // Reset passphrase_required_reason_ since we know we no longer require the
-  // passphrase.
-  passphrase_required_reason_ = syncer::REASON_PASSPHRASE_NOT_REQUIRED;
-
-  // Make sure the data types that depend on the passphrase are started at
-  // this time.
-  const syncer::ModelTypeSet types = GetPreferredDataTypes();
-  if (data_type_manager_) {
-    // Re-enable any encrypted types if necessary.
-    data_type_manager_->Configure(types, syncer::CONFIGURE_REASON_CRYPTO);
-  }
-
-  NotifyObservers();
-}
-
-void ProfileSyncService::OnEncryptedTypesChanged(
-    syncer::ModelTypeSet encrypted_types,
-    bool encrypt_everything) {
-  DCHECK(thread_checker_.CalledOnValidThread());
-  encrypted_types_ = encrypted_types;
-  encrypt_everything_ = encrypt_everything;
-  DCHECK(encrypt_everything_allowed_ || !encrypt_everything_);
-  DVLOG(1) << "Encrypted types changed to "
-           << syncer::ModelTypeSetToString(encrypted_types_)
-           << " (encrypt everything is set to "
-           << (encrypt_everything_ ? "true" : "false") << ")";
-  DCHECK(encrypted_types_.Has(syncer::PASSWORDS));
-
-  NotifyObservers();
-}
-
-void ProfileSyncService::OnEncryptionComplete() {
-  DCHECK(thread_checker_.CalledOnValidThread());
-  DVLOG(1) << "Encryption complete";
-  if (encryption_pending_ && encrypt_everything_) {
-    encryption_pending_ = false;
-    // This is to nudge the integration tests when encryption is
-    // finished.
-    NotifyObservers();
-  }
-}
-
 void ProfileSyncService::OnMigrationNeededForTypes(syncer::ModelTypeSet types) {
   DCHECK(thread_checker_.CalledOnValidThread());
   DCHECK(engine_initialized_);
   DCHECK(data_type_manager_);
 
   // Migrator must be valid, because we don't sync until it is created and this
   // callback originates from a sync cycle.
   migrator_->MigrateTypes(types);
 }
 
@@ skipping 34 matching lines @@
       break;
     case syncer::STOP_SYNC_FOR_DISABLED_ACCOUNT:
       // Sync disabled by domain admin. we should stop syncing until next
       // restart.
       sync_disabled_by_admin_ = true;
       ShutdownImpl(syncer::DISABLE_SYNC);
       break;
     case syncer::RESET_LOCAL_SYNC_DATA:
       ShutdownImpl(syncer::DISABLE_SYNC);
       startup_controller_->TryStart();
-      UMA_HISTOGRAM_ENUMERATION(kClearServerDataEventsHistogramName,
-                                CLEAR_SERVER_DATA_RESET_LOCAL_DATA_RECEIVED,
-                                CLEAR_SERVER_DATA_MAX);
+      UMA_HISTOGRAM_ENUMERATION(
+          "Sync.ClearServerDataEvents",
+          syncer::CLEAR_SERVER_DATA_RESET_LOCAL_DATA_RECEIVED,
+          syncer::CLEAR_SERVER_DATA_MAX);
       break;
     default:
       NOTREACHED();
   }
   NotifyObservers();
 }
 
-void ProfileSyncService::OnLocalSetPassphraseEncryption(
-    const syncer::SyncEncryptionHandler::NigoriState& nigori_state) {
-  DCHECK(thread_checker_.CalledOnValidThread());
-  if (!base::FeatureList::IsEnabled(
-          switches::kSyncClearDataOnPassphraseEncryption))
-    return;
-
-  // At this point the user has set a custom passphrase and we have received the
-  // updated nigori state. Time to cache the nigori state, and catch up the
-  // active data types.
-  UMA_HISTOGRAM_ENUMERATION(kClearServerDataEventsHistogramName,
-                            CLEAR_SERVER_DATA_STARTED, CLEAR_SERVER_DATA_MAX);
-  sync_prefs_.SetNigoriSpecificsForPassphraseTransition(
-      nigori_state.nigori_specifics);
-  sync_prefs_.SetPassphraseEncryptionTransitionInProgress(true);
-  BeginConfigureCatchUpBeforeClear();
-}
-
-void ProfileSyncService::BeginConfigureCatchUpBeforeClear() {
-  DCHECK(data_type_manager_);
-  DCHECK(!saved_nigori_state_);
-  saved_nigori_state_ =
-      base::MakeUnique<syncer::SyncEncryptionHandler::NigoriState>();
-  sync_prefs_.GetNigoriSpecificsForPassphraseTransition(
-      &saved_nigori_state_->nigori_specifics);
-  const syncer::ModelTypeSet types = GetActiveDataTypes();
-  data_type_manager_->Configure(types, syncer::CONFIGURE_REASON_CATCH_UP);
-}
-
 void ProfileSyncService::ClearAndRestartSyncForPassphraseEncryption() {
   DCHECK(thread_checker_.CalledOnValidThread());
   engine_->ClearServerData(
       base::Bind(&ProfileSyncService::OnClearServerDataDone,
                  sync_enabled_weak_factory_.GetWeakPtr()));
 }
 
 void ProfileSyncService::OnClearServerDataDone() {
   DCHECK(sync_prefs_.GetPassphraseEncryptionTransitionInProgress());
   sync_prefs_.SetPassphraseEncryptionTransitionInProgress(false);
 
   // Call to ClearServerData generates new keystore key on the server. This
   // makes keystore bootstrap token invalid. Let's clear it from preferences.
   sync_prefs_.SetKeystoreEncryptionBootstrapToken(std::string());
 
   // Shutdown sync, delete the Directory, then restart, restoring the cached
   // nigori state.
   ShutdownImpl(syncer::DISABLE_SYNC);
   startup_controller_->TryStart();
-  UMA_HISTOGRAM_ENUMERATION(kClearServerDataEventsHistogramName,
-                            CLEAR_SERVER_DATA_SUCCEEDED, CLEAR_SERVER_DATA_MAX);
+  UMA_HISTOGRAM_ENUMERATION("Sync.ClearServerDataEvents",
+                            syncer::CLEAR_SERVER_DATA_SUCCEEDED,
+                            syncer::CLEAR_SERVER_DATA_MAX);
 }
 
 void ProfileSyncService::OnConfigureDone(
     const DataTypeManager::ConfigureResult& result) {
   DCHECK(thread_checker_.CalledOnValidThread());
   configure_status_ = result.status;
   data_type_status_table_ = result.data_type_status_table;
 
   // We should have cleared our cached passphrase before we get here (in
   // OnEngineInitialized()).
-  DCHECK(cached_passphrase_.empty());
+  DCHECK(crypto_->cached_passphrase().empty());
 
   if (!sync_configure_start_time_.is_null()) {
     if (configure_status_ == DataTypeManager::OK) {
       base::Time sync_configure_stop_time = base::Time::Now();
       base::TimeDelta delta =
           sync_configure_stop_time - sync_configure_start_time_;
       if (is_first_time_sync_configure_) {
         UMA_HISTOGRAM_LONG_TIMES("Sync.ServiceInitialConfigureTime", delta);
       } else {
         UMA_HISTOGRAM_LONG_TIMES("Sync.ServiceSubsequentConfigureTime", delta);
@@ skipping 18 matching lines @@
       expect_sync_configuration_aborted_) {
     DVLOG(0) << "ProfileSyncService::Observe Sync Configure aborted";
     expect_sync_configuration_aborted_ = false;
     return;
   }
 
   // Handle unrecoverable error.
   if (configure_status_ != DataTypeManager::OK) {
     if (result.was_catch_up_configure) {
       // Record catchup configuration failure.
-      UMA_HISTOGRAM_ENUMERATION(kClearServerDataEventsHistogramName,
-                                CLEAR_SERVER_DATA_CATCHUP_FAILED,
-                                CLEAR_SERVER_DATA_MAX);
+      UMA_HISTOGRAM_ENUMERATION("Sync.ClearServerDataEvents",
+                                syncer::CLEAR_SERVER_DATA_CATCHUP_FAILED,
+                                syncer::CLEAR_SERVER_DATA_MAX);
     }
     // Something catastrophic had happened. We should only have one
     // error representing it.
     syncer::SyncError error = data_type_status_table_.GetUnrecoverableError();
     DCHECK(error.IsSet());
     std::string message =
         "Sync configuration failed with status " +
         DataTypeManager::ConfigureStatusToString(configure_status_) +
         " caused by " +
         syncer::ModelTypeSetToString(
             data_type_status_table_.GetUnrecoverableErrorTypes()) +
         ": " + error.message();
     LOG(ERROR) << "ProfileSyncService error: " << message;
     OnInternalUnrecoverableError(error.location(), message, true,
                                  ERROR_REASON_CONFIGURATION_FAILURE);
     return;
   }
 
   DCHECK_EQ(DataTypeManager::OK, configure_status_);
 
   // We should never get in a state where we have no encrypted datatypes
   // enabled, and yet we still think we require a passphrase for decryption.
   DCHECK(
       !(IsPassphraseRequiredForDecryption() && !IsEncryptedDatatypeEnabled()));
 
   // This must be done before we start syncing with the server to avoid
   // sending unencrypted data up on a first time sync.
-  if (encryption_pending_)
+  if (crypto_->encryption_pending())
     engine_->EnableEncryptEverything();
   NotifyObservers();
 
   if (migrator_.get() && migrator_->state() != BackendMigrator::IDLE) {
     // Migration in progress.  Let the migrator know we just finished
     // configuring something.  It will be up to the migrator to call
     // StartSyncingWithServer() if migration is now finished.
     migrator_->OnConfigureDone(result);
     return;
   }
@@ skipping 165 matching lines @@
   return current_experiments_;
 }
 
 bool ProfileSyncService::HasUnrecoverableError() const {
   DCHECK(thread_checker_.CalledOnValidThread());
   return unrecoverable_error_reason_ != ERROR_REASON_UNSET;
 }
 
 bool ProfileSyncService::IsPassphraseRequired() const {
   DCHECK(thread_checker_.CalledOnValidThread());
-  return passphrase_required_reason_ != syncer::REASON_PASSPHRASE_NOT_REQUIRED;
+  return crypto_->passphrase_required_reason() !=
+         syncer::REASON_PASSPHRASE_NOT_REQUIRED;
 }
 
 bool ProfileSyncService::IsPassphraseRequiredForDecryption() const {
   DCHECK(thread_checker_.CalledOnValidThread());
   // If there is an encrypted datatype enabled and we don't have the proper
   // passphrase, we must prompt the user for a passphrase. The only way for the
   // user to avoid entering their passphrase is to disable the encrypted types.
   return IsEncryptedDatatypeEnabled() && IsPassphraseRequired();
 }
 
@@ skipping 152 matching lines @@
   for (DataTypeController::TypeMap::const_iterator it =
            data_type_controllers_.begin();
        it != data_type_controllers_.end(); ++it) {
     registered_types.Put(it->first);
   }
   return registered_types;
 }
 
 bool ProfileSyncService::IsUsingSecondaryPassphrase() const {
   DCHECK(thread_checker_.CalledOnValidThread());
-  syncer::PassphraseType passphrase_type = GetPassphraseType();
-  return passphrase_type ==
-             syncer::PassphraseType::FROZEN_IMPLICIT_PASSPHRASE ||
-         passphrase_type == syncer::PassphraseType::CUSTOM_PASSPHRASE;
+  return crypto_->IsUsingSecondaryPassphrase();
 }
 
 std::string ProfileSyncService::GetCustomPassphraseKey() const {
   DCHECK(thread_checker_.CalledOnValidThread());
   syncer::SystemEncryptor encryptor;
   syncer::Cryptographer cryptographer(&encryptor);
   cryptographer.Bootstrap(sync_prefs_.GetEncryptionBootstrapToken());
   return cryptographer.GetDefaultNigoriKeyData();
 }
 
 syncer::PassphraseType ProfileSyncService::GetPassphraseType() const {
   DCHECK(thread_checker_.CalledOnValidThread());
-  return engine_->GetPassphraseType();
+  return crypto_->GetPassphraseType();
 }
 
 base::Time ProfileSyncService::GetExplicitPassphraseTime() const {
   DCHECK(thread_checker_.CalledOnValidThread());
-  return engine_->GetExplicitPassphraseTime();
+  return crypto_->GetExplicitPassphraseTime();
 }
 
 bool ProfileSyncService::IsCryptographerReady(
     const syncer::BaseTransaction* trans) const {
   DCHECK(thread_checker_.CalledOnValidThread());
   return engine_ && engine_->IsCryptographerReady(trans);
 }
 
 void ProfileSyncService::SetPlatformSyncAllowedProvider(
     const PlatformSyncAllowedProvider& platform_sync_allowed_provider) {
@@ skipping 188 matching lines @@
       dtc_iter->second->GetStatusCounters(BindToCurrentThread(
           base::Bind(&ProfileSyncService::OnDatatypeStatusCounterUpdated,
                      base::Unretained(this))));
     }
 
     result->Append(std::move(type_status));
   }
   return std::move(result);
 }
 
-void ProfileSyncService::ConsumeCachedPassphraseIfPossible() {
-  // If no cached passphrase, or sync engine hasn't started up yet, just exit.
-  // If the engine isn't running yet, OnEngineInitialized() will call this
-  // method again after the engine starts up.
-  if (cached_passphrase_.empty() || !IsEngineInitialized())
-    return;
-
-  // Engine is up and running, so we can consume the cached passphrase.
-  std::string passphrase = cached_passphrase_;
-  cached_passphrase_.clear();
-
-  // If we need a passphrase to decrypt data, try the cached passphrase.
-  if (passphrase_required_reason() == syncer::REASON_DECRYPTION) {
-    if (SetDecryptionPassphrase(passphrase)) {
-      DVLOG(1) << "Cached passphrase successfully decrypted pending keys";
-      return;
-    }
-  }
-
-  // If we get here, we don't have pending keys (or at least, the passphrase
-  // doesn't decrypt them) - just try to re-encrypt using the encryption
-  // passphrase.
-  if (!IsUsingSecondaryPassphrase())
-    SetEncryptionPassphrase(passphrase, IMPLICIT);
-}
-
 void ProfileSyncService::RequestAccessToken() {
   // Only one active request at a time.
   if (access_token_request_ != nullptr)
     return;
   request_access_token_retry_timer_.Stop();
   OAuth2TokenService::ScopeSet oauth2_scopes;
   oauth2_scopes.insert(signin_->GetSyncScopeToUse());
 
   // Invalidate previous token, otherwise token service will return the same
   // token again.
   const std::string& account_id = signin_->GetAccountIdToUse();
   if (!access_token_.empty()) {
     oauth2_token_service_->InvalidateAccessToken(account_id, oauth2_scopes,
                                                  access_token_);
   }
 
   access_token_.clear();
 
   token_request_time_ = base::Time::Now();
   token_receive_time_ = base::Time();
   next_token_request_time_ = base::Time();
   access_token_request_ =
       oauth2_token_service_->StartRequest(account_id, oauth2_scopes, this);
 }
 
 void ProfileSyncService::SetEncryptionPassphrase(const std::string& passphrase,
                                                  PassphraseType type) {
   DCHECK(thread_checker_.CalledOnValidThread());
-  // This should only be called when the engine has been initialized.
-  DCHECK(IsEngineInitialized());
-  DCHECK(!(type == IMPLICIT && IsUsingSecondaryPassphrase()))
-      << "Data is already encrypted using an explicit passphrase";
-  DCHECK(!(type == EXPLICIT &&
-           passphrase_required_reason_ == syncer::REASON_DECRYPTION))
-      << "Can not set explicit passphrase when decryption is needed.";
-
-  DVLOG(1) << "Setting " << (type == EXPLICIT ? "explicit" : "implicit")
-           << " passphrase for encryption.";
-  if (passphrase_required_reason_ == syncer::REASON_ENCRYPTION) {
-    // REASON_ENCRYPTION implies that the cryptographer does not have pending
-    // keys. Hence, as long as we're not trying to do an invalid passphrase
-    // change (e.g. explicit -> explicit or explicit -> implicit), we know this
-    // will succeed. If for some reason a new encryption key arrives via
-    // sync later, the SBH will trigger another OnPassphraseRequired().
-    passphrase_required_reason_ = syncer::REASON_PASSPHRASE_NOT_REQUIRED;
-    NotifyObservers();
-  }
-  engine_->SetEncryptionPassphrase(passphrase, type == EXPLICIT);
+  crypto_->SetEncryptionPassphrase(passphrase, type == EXPLICIT);
 }
 
 bool ProfileSyncService::SetDecryptionPassphrase(
     const std::string& passphrase) {
   DCHECK(thread_checker_.CalledOnValidThread());
   if (IsPassphraseRequired()) {
     DVLOG(1) << "Setting passphrase for decryption.";
-    bool result = engine_->SetDecryptionPassphrase(passphrase);
+    bool result = crypto_->SetDecryptionPassphrase(passphrase);
     UMA_HISTOGRAM_BOOLEAN("Sync.PassphraseDecryptionSucceeded", result);
     return result;
   } else {
     NOTREACHED() << "SetDecryptionPassphrase must not be called when "
                     "IsPassphraseRequired() is false.";
     return false;
   }
 }
 
 bool ProfileSyncService::IsEncryptEverythingAllowed() const {
   DCHECK(thread_checker_.CalledOnValidThread());
-  return encrypt_everything_allowed_;
+  return crypto_->IsEncryptEverythingAllowed();
 }
 
 void ProfileSyncService::SetEncryptEverythingAllowed(bool allowed) {
   DCHECK(thread_checker_.CalledOnValidThread());
-  DCHECK(allowed || !IsEngineInitialized() || !IsEncryptEverythingEnabled());
-  encrypt_everything_allowed_ = allowed;
+  crypto_->SetEncryptEverythingAllowed(allowed);
 }
 
 void ProfileSyncService::EnableEncryptEverything() {
   DCHECK(thread_checker_.CalledOnValidThread());
-  DCHECK(IsEncryptEverythingAllowed());
-
-  // Tests override IsEngineInitialized() to always return true, so we
-  // must check that instead of |engine_initialized_|.
-  // TODO(akalin): Fix the above. :/
-  DCHECK(IsEngineInitialized());
-  // TODO(atwilson): Persist the encryption_pending_ flag to address the various
-  // problems around cancelling encryption in the background (crbug.com/119649).
-  if (!encrypt_everything_)
-    encryption_pending_ = true;
+  crypto_->EnableEncryptEverything();
 }
 
 bool ProfileSyncService::encryption_pending() const {
   DCHECK(thread_checker_.CalledOnValidThread());
   // We may be called during the setup process before we're
   // initialized (via IsEncryptedDatatypeEnabled and
   // IsPassphraseRequiredForDecryption).
-  return encryption_pending_;
+  return crypto_->encryption_pending();
 }
 
 bool ProfileSyncService::IsEncryptEverythingEnabled() const {
   DCHECK(thread_checker_.CalledOnValidThread());
-  DCHECK(engine_initialized_);
-  return encrypt_everything_ || encryption_pending_;
+  return crypto_->IsEncryptEverythingEnabled();
 }
 
 syncer::ModelTypeSet ProfileSyncService::GetEncryptedDataTypes() const {
   DCHECK(thread_checker_.CalledOnValidThread());
-  DCHECK(encrypted_types_.Has(syncer::PASSWORDS));
-  // We may be called during the setup process before we're
-  // initialized.  In this case, we default to the sensitive types.
-  return encrypted_types_;
+  return crypto_->GetEncryptedDataTypes();
 }
 
 void ProfileSyncService::OnSyncManagedPrefChange(bool is_sync_managed) {
   DCHECK(thread_checker_.CalledOnValidThread());
   if (is_sync_managed) {
     StopImpl(CLEAR_DATA);
   } else {
     // Sync is no longer disabled by policy. Try starting it up if appropriate.
     startup_controller_->TryStart();
   }
 }
 
 void ProfileSyncService::GoogleSigninSucceeded(const std::string& account_id,
                                                const std::string& username,
                                                const std::string& password) {
   DCHECK(thread_checker_.CalledOnValidThread());
   if (IsSyncRequested() && !password.empty()) {
-    cached_passphrase_ = password;
+    crypto_->CachePassphrase(password);
     // Try to consume the passphrase we just cached. If the sync engine
     // is not running yet, the passphrase will remain cached until the
     // engine starts up.
-    ConsumeCachedPassphraseIfPossible();
+    crypto_->ConsumeCachedPassphraseIfPossible();
   }
 #if defined(OS_CHROMEOS)
   RefreshSpareBootstrapToken(password);
 #endif
   if (!IsEngineInitialized() || GetAuthError().state() != AuthError::NONE) {
     // Track the fact that we're still waiting for auth to complete.
     is_auth_in_progress_ = true;
   }
 }
 
@@ skipping 24 matching lines @@
       cookie_jar_mismatch = false;
       break;
     }
   }
 
   DVLOG(1) << "Cookie jar mismatch: " << cookie_jar_mismatch;
   DVLOG(1) << "Cookie jar empty: " << cookie_jar_empty;
   engine_->OnCookieJarChanged(cookie_jar_mismatch, cookie_jar_empty);
 }
 
-void ProfileSyncService::AddObserver(syncer::SyncServiceObserver* observer) {
-  DCHECK(thread_checker_.CalledOnValidThread());
-  observers_.AddObserver(observer);
-}
-
-void ProfileSyncService::RemoveObserver(syncer::SyncServiceObserver* observer) {
-  DCHECK(thread_checker_.CalledOnValidThread());
-  observers_.RemoveObserver(observer);
-}
-
 void ProfileSyncService::AddProtocolEventObserver(
     ProtocolEventObserver* observer) {
   DCHECK(thread_checker_.CalledOnValidThread());
   protocol_event_observers_.AddObserver(observer);
   if (HasSyncingEngine()) {
     engine_->RequestBufferedProtocolEventsAndEnableForwarding();
   }
 }
 
 void ProfileSyncService::RemoveProtocolEventObserver(
@@ skipping 131 matching lines @@
     } else {
       // Control Types
       helper->OnReceivedNodesForType(
           it.Get(),
           syncer::DirectoryDataTypeController::GetAllNodesForTypeFromDirectory(
               it.Get(), GetUserShare()->directory.get()));
     }
   }
 }
 
-bool ProfileSyncService::HasObserver(
-    const syncer::SyncServiceObserver* observer) const {
-  DCHECK(thread_checker_.CalledOnValidThread());
-  return observers_.HasObserver(observer);
-}
-
 base::WeakPtr<syncer::JsController> ProfileSyncService::GetJsController() {
   DCHECK(thread_checker_.CalledOnValidThread());
   return sync_js_controller_.AsWeakPtr();
 }
 
 // static
 void ProfileSyncService::SyncEvent(SyncEventCodes code) {
   UMA_HISTOGRAM_ENUMERATION("Sync.EventCodes", code, MAX_SYNC_EVENT_CODE);
 }
 
@@ skipping 164 matching lines @@
 
 base::MessageLoop* ProfileSyncService::GetSyncLoopForTest() const {
   DCHECK(thread_checker_.CalledOnValidThread());
   if (sync_thread_) {
     return sync_thread_->message_loop();
   } else {
     return nullptr;
   }
 }
 
+syncer::SyncEncryptionHandler::Observer*
+ProfileSyncService::GetEncryptionObserverForTest() const {
+  return crypto_.get();
+}
+
 void ProfileSyncService::RefreshTypesForTest(syncer::ModelTypeSet types) {
   DCHECK(thread_checker_.CalledOnValidThread());
   if (engine_initialized_)
     engine_->RefreshTypesForTest(types);
 }
 
 void ProfileSyncService::RemoveClientFromServer() const {
   if (!engine_initialized_)
     return;
   const std::string cache_guid = local_device_->GetLocalSyncCacheGUID();
@@ skipping 61 matching lines @@
 
   DCHECK(startup_controller_->IsSetupInProgress());
   startup_controller_->SetSetupInProgress(false);
 
   if (IsEngineInitialized())
     ReconfigureDatatypeManager();
   NotifyObservers();
 }
 
 }  // namespace browser_sync