Broadcast changes in sync trusted vault backend keys on Android

With this patch TrustedVaultClient.Backend has the ability to notify
native code that the keys in the vault may have changed. This
notification makes its way via TrustedVaultClientAndroid to ultimately
SyncServiceCrypto, where refetching logic is triggered.

This is expected to be an effective means for resolving encryption
issues transparently without user action and without having to restart
the browser.

The very same method is also used upon relevant user action such as
triggering the retrieval flow, in case the keys within the vault have
changed since the last fetch (e.g. if the backend failed to or does not
support broadcasting change notifications).

Bug: 1012659
Change-Id: I985db773fe5b18f107a8c8731d31dbd80aaf599c
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1978005Reviewed-by: Boris Sazonov <bsazonov@chromium.org>
Commit-Queue: Mikel Astiz <mastiz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#730147}

chrome/android/java/src/org/chromium/chrome/browser/sync/TrustedVaultClient.java

@@ -105,9 +105,6 @@ public class TrustedVaultClient {
      * Displays a UI that allows the user to reauthenticate and retrieve the sync encryption keys.
      */
     public void displayKeyRetrievalDialog(Context context) {
-        // TODO(crbug.com/1012659): Before starting the intent, one last attempt
-        // should be made to read the currently-available keys.
-
         Intent intent = createKeyRetrievalIntent();
         if (intent == null) return;
 
@@ -128,6 +125,16 @@ public class TrustedVaultClient {
         return mBackend.createKeyRetrievalIntent();
     }
 
+    /**
+     * Notifies all registered native clients (in practice, exactly one) that keys in the backend
+     * may have changed, which usually leads to refetching the keys from the backend.
+     */
+    public void notifyKeysChanged() {
+        for (long nativeTrustedVaultClientAndroid : mNativeTrustedVaultClientAndroidSet) {
+            TrustedVaultClientJni.get().notifyKeysChanged(nativeTrustedVaultClientAndroid);
+        }
+    }
+
     /**
      * Registers a C++ client, which is a prerequisite before interacting with Java.
      */
@@ -207,5 +214,6 @@ public class TrustedVaultClient {
     interface Natives {
         void fetchKeysCompleted(long nativeTrustedVaultClientAndroid, String gaiaId, byte[][] keys);
         void markKeysAsStaleCompleted(long nativeTrustedVaultClientAndroid, boolean result);
+        void notifyKeysChanged(long nativeTrustedVaultClientAndroid);
     }
 }

chrome/browser/sync/trusted_vault_client_android.cc

@@ -62,6 +62,10 @@ void TrustedVaultClientAndroid::MarkKeysAsStaleCompleted(JNIEnv* env,
   std::move(cb).Run(!!result);
 }
 
+void TrustedVaultClientAndroid::NotifyKeysChanged(JNIEnv* env) {
+  observer_list_.Notify();
+}
+
 std::unique_ptr<TrustedVaultClientAndroid::Subscription>
 TrustedVaultClientAndroid::AddKeysChangedObserver(
     const base::RepeatingClosure& cb) {

chrome/browser/sync/trusted_vault_client_android.h

@@ -41,6 +41,9 @@ class TrustedVaultClientAndroid : public syncer::TrustedVaultClient {
   // ongoing MarkKeysAsStale() request.
   void MarkKeysAsStaleCompleted(JNIEnv* env, jboolean result);
 
+  // Called from Java to notify that the keys in the vault may have changed.
+  void NotifyKeysChanged(JNIEnv* env);
+
   // TrustedVaultClient implementation.
   std::unique_ptr<Subscription> AddKeysChangedObserver(
       const base::RepeatingClosure& cb) override;