[Sync:USS] Add integration test for Nigori initialization

Once client received default NigoriSpecifics during initial sync it should fill NigoriSpecifics with keystore Nigori and commit changes to the server. This CL adds integration test for this case. Bug: 922900 Change-Id: I6bd3443fb699aeeb3609183377204a75b76fa6cc Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1609823 Commit-Queue: Maksim Moskvitin <mmoskvitin@google.com> Reviewed-by: Mikel Astiz <mastiz@chromium.org> Cr-Commit-Position: refs/heads/master@{#663018}

[Sync:USS] Add integration test for Nigori initialization
Once client received default NigoriSpecifics during initial sync it should fill NigoriSpecifics with keystore Nigori and commit changes to the server. This CL adds integration test for this case. Bug: 922900 Change-Id: I6bd3443fb699aeeb3609183377204a75b76fa6cc Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1609823 Commit-Queue: Maksim Moskvitin <mmoskvitin@google.com> Reviewed-by: Mikel Astiz <mastiz@chromium.org> Cr-Commit-Position: refs/heads/master@{#663018}
579fafc3 · Maksim Moskvitin · Commit Bot · 35c38c5d · 579fafc3 · 579fafc3
Commit 579fafc3 authored May 24, 2019 by Maksim Moskvitin Committed by Commit Bot May 24, 2019
8 changed files
--- a/chrome/browser/sync/test/integration/single_client_nigori_sync_test.cc
+++ b/chrome/browser/sync/test/integration/single_client_nigori_sync_test.cc
+// Copyright 2019 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/base64.h"
+#include "base/macros.h"
+#include "chrome/browser/sync/test/integration/encryption_helper.h"
+#include "chrome/browser/sync/test/integration/sync_test.h"
+#include "components/sync/base/nigori.h"
+#include "testing/gmock/include/gmock/gmock.h"
+
+namespace {
+
+using encryption_helper::GetServerNigori;
+
+syncer::KeyParams KeystoreKeyParams(const std::string& key) {
+  // Due to mis-encode of keystore keys to base64 we have to always encode such
+  // keys to provide backward compatibility.
+  std::string encoded_key;
+  base::Base64Encode(key, &encoded_key);
+  return {syncer::KeyDerivationParams::CreateForPbkdf2(),
+          std::move(encoded_key)};
+}
+
+MATCHER_P(IsDataEncryptedWith, key_params, "") {
+  const sync_pb::EncryptedData& encrypted_data = arg;
+  syncer::Nigori nigori;
+  nigori.InitByDerivation(key_params.derivation_params, key_params.password);
+  std::string nigori_name;
+  EXPECT_TRUE(nigori.Permute(syncer::Nigori::Type::Password,
+                             syncer::kNigoriKeyName, &nigori_name));
+  return encrypted_data.key_name() == nigori_name;
+}
+
+class SingleClientNigoriSyncTest : public SyncTest {
+ public:
+  SingleClientNigoriSyncTest() : SyncTest(SINGLE_CLIENT) {}
+  ~SingleClientNigoriSyncTest() override = default;
+
+ private:
+  DISALLOW_COPY_AND_ASSIGN(SingleClientNigoriSyncTest);
+};
+
+IN_PROC_BROWSER_TEST_F(SingleClientNigoriSyncTest,
+                       ShouldCommitKeystoreNigoriWhenReceivedDefault) {
+  // SetupSync() should make FakeServer send default NigoriSpecifics.
+  ASSERT_TRUE(SetupSync());
+  // TODO(crbug/922900): we may want to actually wait for specifics update in
+  // fake server. Due to implementation details it's not currently needed.
+  sync_pb::NigoriSpecifics specifics;
+  EXPECT_TRUE(GetServerNigori(GetFakeServer(), &specifics));
+
+  const std::vector<std::string>& keystore_keys =
+      GetFakeServer()->GetKeystoreKeys();
+  ASSERT_TRUE(keystore_keys.size() == 1);
+  EXPECT_THAT(specifics.encryption_keybag(),
+              IsDataEncryptedWith(KeystoreKeyParams(keystore_keys.back())));
+  EXPECT_EQ(specifics.passphrase_type(),
+            sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE);
+  EXPECT_TRUE(specifics.keybag_is_frozen());
+  EXPECT_TRUE(specifics.has_keystore_migration_time());
+}
+
+}  // namespace
--- a/chrome/test/BUILD.gn
+++ b/chrome/test/BUILD.gn
@@ -5639,6 +5639,7 @@ if (!is_android && !is_fuchsia) {
      "../browser/sync/test/integration/single_client_directory_sync_test.cc",
      "../browser/sync/test/integration/single_client_extensions_sync_test.cc",
      "../browser/sync/test/integration/single_client_history_delete_directives_sync_test.cc",
+      "../browser/sync/test/integration/single_client_nigori_sync_test.cc",
      "../browser/sync/test/integration/single_client_passwords_sync_test.cc",
      "../browser/sync/test/integration/single_client_polling_sync_test.cc",
      "../browser/sync/test/integration/single_client_preferences_sync_test.cc",

--- a/components/sync/base/cryptographer.cc
+++ b/components/sync/base/cryptographer.cc
@@ -18,12 +18,6 @@ namespace syncer {

 const char kNigoriTag[] = "google_chrome_nigori";

-// We name a particular Nigori instance (ie. a triplet consisting of a hostname,
-// a username, and a password) by calling Permute on this string. Since the
-// output of Permute is always the same for a given triplet, clients will always
-// assign the same name to a particular triplet.
-const char kNigoriKeyName[] = "nigori-key";
-
 KeyParams::KeyParams(KeyDerivationParams derivation_params,
                     const std::string& password)
    : derivation_params(derivation_params), password(password) {}

--- a/components/sync/base/nigori.cc
+++ b/components/sync/base/nigori.cc
@@ -35,6 +35,8 @@ const size_t kHashSize = 32;

 namespace syncer {

+const char kNigoriKeyName[] = "nigori-key";
+
 namespace {

 // NigoriStream simplifies the concatenation operation of the Nigori protocol.

--- a/components/sync/base/nigori.h
+++ b/components/sync/base/nigori.h
@@ -21,6 +21,9 @@ namespace syncer {

 class Nigori;

+// TODO(crbug.com/922900): inline kNigoriKeyName into Nigori::Permute().
+extern const char kNigoriKeyName[];
+
 class KeyDerivationParams {
 public:
  static KeyDerivationParams CreateForPbkdf2();

--- a/components/sync/engine_impl/loopback_server/loopback_server.h
+++ b/components/sync/engine_impl/loopback_server/loopback_server.h
@@ -73,6 +73,10 @@ class LoopbackServer {
    }
  }

+  const std::vector<std::string>& GetKeystoreKeysForTesting() const {
+    return keystore_keys_;
+  }
+
 private:
  // Allow the FakeServer decorator to inspect the internals of this class.
  friend class fake_server::FakeServer;

--- a/components/sync/test/fake_server/fake_server.cc
+++ b/components/sync/test/fake_server/fake_server.cc
@@ -309,6 +309,11 @@ std::string FakeServer::GetTopLevelPermanentItemId(
  return loopback_server_->GetTopLevelPermanentItemId(model_type);
 }

+const std::vector<std::string>& FakeServer::GetKeystoreKeys() const {
+  DCHECK(thread_checker_.CalledOnValidThread());
+  return loopback_server_->GetKeystoreKeysForTesting();
+}
+
 void FakeServer::InjectEntity(std::unique_ptr<LoopbackServerEntity> entity) {
  DCHECK(thread_checker_.CalledOnValidThread());
  DCHECK(entity->GetModelType() != syncer::AUTOFILL_WALLET_DATA)

--- a/components/sync/test/fake_server/fake_server.h
+++ b/components/sync/test/fake_server/fake_server.h
@@ -95,6 +95,9 @@ class FakeServer : public syncer::LoopbackServer::ObserverForTests {
  // was created.
  std::string GetTopLevelPermanentItemId(syncer::ModelType model_type);

+  // Returns all keystore keys from the server.
+  const std::vector<std::string>& GetKeystoreKeys() const;
+
  // Adds |entity| to the server's collection of entities. This method makes no
  // guarantees that the added entity will result in successful server
  // operations.
@@ -211,9 +214,6 @@ class FakeServer : public syncer::LoopbackServer::ObserverForTests {
  // If set, the server will return HTTP errors.
  base::Optional<net::HttpStatusCode> http_error_status_code_;

-  // All Keystore keys known to the server.
-  std::vector<std::string> keystore_keys_;
-
  // All URLs received via history sync (powered by SESSIONS).
  std::set<std::string> committed_history_urls_;