Allow embedder to use custom cryptography in Autofill table.

components/autofill/core/browser/webdata/autofill_table.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/autofill/core/browser/webdata/autofill_table.h"
 
 #include <stdint.h>
 
 #include <algorithm>
 #include <cmath>
@@ skipping 12 matching lines @@
 #include "base/strings/string_util.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/time/time.h"
 #include "components/autofill/core/browser/autofill_country.h"
 #include "components/autofill/core/browser/autofill_profile.h"
 #include "components/autofill/core/browser/autofill_type.h"
 #include "components/autofill/core/browser/credit_card.h"
 #include "components/autofill/core/browser/personal_data_manager.h"
 #include "components/autofill/core/browser/webdata/autofill_change.h"
 #include "components/autofill/core/browser/webdata/autofill_entry.h"
+#include "components/autofill/core/browser/webdata/autofill_table_encryptor_factory.h"
 #include "components/autofill/core/common/autofill_clock.h"
 #include "components/autofill/core/common/autofill_switches.h"
 #include "components/autofill/core/common/autofill_util.h"
 #include "components/autofill/core/common/form_field_data.h"
-#include "components/os_crypt/os_crypt.h"
 #include "components/sync/base/model_type.h"
 #include "components/sync/protocol/entity_metadata.pb.h"
 #include "components/sync/protocol/model_type_state.pb.h"
 #include "components/webdata/common/web_database.h"
 #include "sql/statement.h"
 #include "sql/transaction.h"
 #include "ui/base/l10n/l10n_util.h"
 #include "url/gurl.h"
 
 using base::ASCIIToUTF16;
@@ skipping 74 matching lines @@
   profile->set_use_count(s.ColumnInt64(index++));
   profile->set_use_date(Time::FromTimeT(s.ColumnInt64(index++)));
   profile->set_modification_date(Time::FromTimeT(s.ColumnInt64(index++)));
   profile->set_origin(s.ColumnString(index++));
   profile->set_language_code(s.ColumnString(index++));
 
   return profile;
 }
 
 void BindEncryptedCardToColumn(sql::Statement* s,
-                                 int column_index,
-                                 const base::string16& number) {
+                               int column_index,
+                               const base::string16& number,
+                               const AutofillTableEncryptor& encryptor) {
   std::string encrypted_data;
-  OSCrypt::EncryptString16(number, &encrypted_data);
+  encryptor.EncryptString16(number, &encrypted_data);
   s->BindBlob(column_index, encrypted_data.data(),
               static_cast<int>(encrypted_data.length()));
 }
 
 void BindCreditCardToStatement(const CreditCard& credit_card,
                                const Time& modification_date,
-                               sql::Statement* s) {
+                               sql::Statement* s,
+                               const AutofillTableEncryptor& encryptor) {
   DCHECK(base::IsValidGUID(credit_card.guid()));
   int index = 0;
   s->BindString(index++, credit_card.guid());
 
   s->BindString16(index++, GetInfo(credit_card, CREDIT_CARD_NAME_FULL));
   s->BindString16(index++, GetInfo(credit_card, CREDIT_CARD_EXP_MONTH));
   s->BindString16(index++, GetInfo(credit_card, CREDIT_CARD_EXP_4_DIGIT_YEAR));
-  BindEncryptedCardToColumn(s, index++,
-                            credit_card.GetRawInfo(CREDIT_CARD_NUMBER));
+  BindEncryptedCardToColumn(
+      s, index++, credit_card.GetRawInfo(CREDIT_CARD_NUMBER), encryptor);
 
   s->BindInt64(index++, credit_card.use_count());
   s->BindInt64(index++, credit_card.use_date().ToTimeT());
   s->BindInt64(index++, modification_date.ToTimeT());
   s->BindString(index++, credit_card.origin());
   s->BindString(index++, credit_card.billing_address_id());
 }
 
-base::string16 UnencryptedCardFromColumn(const sql::Statement& s,
-                                         int column_index) {
+base::string16 UnencryptedCardFromColumn(
+    const sql::Statement& s,
+    int column_index,
+    const AutofillTableEncryptor& encryptor) {
   base::string16 credit_card_number;
   int encrypted_number_len = s.ColumnByteLength(column_index);
   if (encrypted_number_len) {
     std::string encrypted_number;
     encrypted_number.resize(encrypted_number_len);
     memcpy(&encrypted_number[0], s.ColumnBlob(column_index),
            encrypted_number_len);
-    OSCrypt::DecryptString16(encrypted_number, &credit_card_number);
+    encryptor.DecryptString16(encrypted_number, &credit_card_number);
   }
   return credit_card_number;
 }
 
-std::unique_ptr<CreditCard> CreditCardFromStatement(const sql::Statement& s) {
+std::unique_ptr<CreditCard> CreditCardFromStatement(
+    const sql::Statement& s,
+    const AutofillTableEncryptor& encryptor) {
   std::unique_ptr<CreditCard> credit_card(new CreditCard);
 
   int index = 0;
   credit_card->set_guid(s.ColumnString(index++));
   DCHECK(base::IsValidGUID(credit_card->guid()));
 
   credit_card->SetRawInfo(CREDIT_CARD_NAME_FULL, s.ColumnString16(index++));
   credit_card->SetRawInfo(CREDIT_CARD_EXP_MONTH, s.ColumnString16(index++));
   credit_card->SetRawInfo(CREDIT_CARD_EXP_4_DIGIT_YEAR,
                           s.ColumnString16(index++));
   credit_card->SetRawInfo(CREDIT_CARD_NUMBER,
-                          UnencryptedCardFromColumn(s, index++));
+                          UnencryptedCardFromColumn(s, index++, encryptor));
   credit_card->set_use_count(s.ColumnInt64(index++));
   credit_card->set_use_date(Time::FromTimeT(s.ColumnInt64(index++)));
   credit_card->set_modification_date(Time::FromTimeT(s.ColumnInt64(index++)));
   credit_card->set_origin(s.ColumnString(index++));
   credit_card->set_billing_address_id(s.ColumnString(index++));
 
   return credit_card;
 }
 
 bool AddAutofillProfileNamesToProfile(sql::Connection* db,
@@ skipping 195 matching lines @@
   }
 
   return result;
 }
 
 }  // namespace
 
 // static
 const size_t AutofillTable::kMaxDataLength = 1024;
 
-AutofillTable::AutofillTable() {
-}
+AutofillTable::AutofillTable()
+    : AutofillTable(
+          std::move(AutofillTableEncryptorFactory::GetInstance()->Create())) {}

[Roger McFarlane (Chromium), 2017/02/17 21:04:08]

nit:

you don't need to std::move() a temporary. std::move() turns its argument into a
temporary.

i.e.,

  // Result bound to a name is no longer temporary, requiring
  // std::move()...
  auto foo = GetMoveOnlyObject();
  transfer(std::move(foo));

  // Is equivalent to...
  transfer(GetMoveOnlyObject());

You _do_ need it in the other constructor though. :)

[devarajn, 2017/02/17 22:28:53]

Done.

+
+AutofillTable::AutofillTable(
+    std::unique_ptr<AutofillTableEncryptor> autofill_table_encryptor)
+    : autofill_table_encryptor_(std::move(autofill_table_encryptor)) {}
 
 AutofillTable::~AutofillTable() {
 }
 
 AutofillTable* AutofillTable::FromWebDatabase(WebDatabase* db) {
   return static_cast<AutofillTable*>(db->GetTable(GetKey()));
 }
 
 WebDatabaseTable::TypeKey AutofillTable::GetTypeKey() const {
   return GetKey();
@@ skipping 744 matching lines @@
   return s4.Run();
 }
 
 bool AutofillTable::AddCreditCard(const CreditCard& credit_card) {
   sql::Statement s(db_->GetUniqueStatement(
       "INSERT INTO credit_cards"
       "(guid, name_on_card, expiration_month, expiration_year, "
       " card_number_encrypted, use_count, use_date, date_modified, origin,"
       " billing_address_id)"
       "VALUES (?,?,?,?,?,?,?,?,?,?)"));
-  BindCreditCardToStatement(credit_card, AutofillClock::Now(), &s);
+  BindCreditCardToStatement(credit_card, AutofillClock::Now(), &s,
+                            *autofill_table_encryptor_);
 
   if (!s.Run())
     return false;
 
   DCHECK_GT(db_->GetLastChangeCount(), 0);
   return true;
 }
 
 std::unique_ptr<CreditCard> AutofillTable::GetCreditCard(
     const std::string& guid) {
   DCHECK(base::IsValidGUID(guid));
   sql::Statement s(db_->GetUniqueStatement(
       "SELECT guid, name_on_card, expiration_month, expiration_year, "
              "card_number_encrypted, use_count, use_date, date_modified, "
              "origin, billing_address_id "
       "FROM credit_cards "
       "WHERE guid = ?"));
   s.BindString(0, guid);
 
   if (!s.Step())
     return std::unique_ptr<CreditCard>();
 
-  return CreditCardFromStatement(s);
+  return CreditCardFromStatement(s, *autofill_table_encryptor_);
 }
 
 bool AutofillTable::GetCreditCards(
     std::vector<std::unique_ptr<CreditCard>>* credit_cards) {
   DCHECK(credit_cards);
   credit_cards->clear();
 
   sql::Statement s(db_->GetUniqueStatement(
       "SELECT guid "
       "FROM credit_cards "
@@ skipping 28 matching lines @@
       "exp_year,"                     // 9
       "metadata.billing_address_id "  // 10
       "FROM masked_credit_cards masked "
       "LEFT OUTER JOIN unmasked_credit_cards USING (id) "
       "LEFT OUTER JOIN server_card_metadata metadata USING (id)"));
   while (s.Step()) {
     int index = 0;
 
     // If the card_number_encrypted field is nonempty, we can assume this card
     // is a full card, otherwise it's masked.
-    base::string16 full_card_number = UnencryptedCardFromColumn(s, index++);
+    base::string16 full_card_number =
+        UnencryptedCardFromColumn(s, index++, *autofill_table_encryptor_);
     base::string16 last_four = s.ColumnString16(index++);
     CreditCard::RecordType record_type = full_card_number.empty() ?
         CreditCard::MASKED_SERVER_CARD :
         CreditCard::FULL_SERVER_CARD;
     std::string server_id = s.ColumnString(index++);
 
     std::unique_ptr<CreditCard> card =
         base::MakeUnique<CreditCard>(record_type, server_id);
     card->SetRawInfo(
         CREDIT_CARD_NUMBER,
@@ skipping 86 matching lines @@
   MaskServerCreditCard(masked.server_id());
   sql::Statement s(db_->GetUniqueStatement(
       "INSERT INTO unmasked_credit_cards("
           "id,"
           "card_number_encrypted,"
           "unmask_date)"
       "VALUES (?,?,?)"));
   s.BindString(0, masked.server_id());
 
   std::string encrypted_data;
-  OSCrypt::EncryptString16(full_number, &encrypted_data);
+  autofill_table_encryptor_->EncryptString16(full_number, &encrypted_data);
   s.BindBlob(1, encrypted_data.data(),
              static_cast<int>(encrypted_data.length()));
   s.BindInt64(2, AutofillClock::Now().ToInternalValue());  // unmask_date
 
   s.Run();
 
   CreditCard unmasked = masked;
   unmasked.set_record_type(CreditCard::FULL_SERVER_CARD);
   unmasked.SetNumber(full_number);
   unmasked.RecordAndLogUse();
@@ skipping 113 matching lines @@
   sql::Statement s(db_->GetUniqueStatement(
       "UPDATE credit_cards "
       "SET guid=?, name_on_card=?, expiration_month=?,"
           "expiration_year=?, card_number_encrypted=?, use_count=?, use_date=?,"
           "date_modified=?, origin=?, billing_address_id=?"
       "WHERE guid=?1"));
   BindCreditCardToStatement(credit_card,
                             update_modification_date
                                 ? AutofillClock::Now()
                                 : old_credit_card->modification_date(),
-                            &s);
+                            &s, *autofill_table_encryptor_);
 
   bool result = s.Run();
   DCHECK_GT(db_->GetLastChangeCount(), 0);
   return result;
 }
 
 bool AutofillTable::RemoveCreditCard(const std::string& guid) {
   DCHECK(base::IsValidGUID(guid));
   sql::Statement s(db_->GetUniqueStatement(
       "DELETE FROM credit_cards WHERE guid = ?"));
@@ skipping 1034 matching lines @@
   if (!db_->Execute("DROP TABLE masked_credit_cards") ||
       !db_->Execute("ALTER TABLE masked_credit_cards_temp "
                     "RENAME TO masked_credit_cards")) {
     return false;
   }
 
   return transaction.Commit();
 }
 
 }  // namespace autofill