Plumb consuming trusted vault keys on Android

Interface TrustedVaultClient is now implemented specifically for Android where the calls to fetch keys need to reach Java, where a embedder-specific logic should be integrated. The write path (i.e. TrustedVaultClient::StoreKeys()) is marked as unreachable because the codepath is unused on Android, and in fact the only real calling site (SyncEncryptionKeysTabHelper) is not even built. Bug: 1012659 Change-Id: I02e0b331f4cfd50cff0ff6f0af0e3dfe44601ae1 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1950993 Commit-Queue: Mikel Astiz <mastiz@chromium.org> Reviewed-by: Boris Sazonov <bsazonov@chromium.org> Reviewed-by: Marc Treib <treib@chromium.org> Cr-Commit-Position: refs/heads/master@{#723393}

Plumb consuming trusted vault keys on Android
Interface TrustedVaultClient is now implemented specifically for Android where the calls to fetch keys need to reach Java, where a embedder-specific logic should be integrated. The write path (i.e. TrustedVaultClient::StoreKeys()) is marked as unreachable because the codepath is unused on Android, and in fact the only real calling site (SyncEncryptionKeysTabHelper) is not even built. Bug: 1012659 Change-Id: I02e0b331f4cfd50cff0ff6f0af0e3dfe44601ae1 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1950993 Commit-Queue: Mikel Astiz <mastiz@chromium.org> Reviewed-by: Boris Sazonov <bsazonov@chromium.org> Reviewed-by: Marc Treib <treib@chromium.org> Cr-Commit-Position: refs/heads/master@{#723393}
76b2f7cf · Mikel Astiz · Commit Bot · aa906d38 · 76b2f7cf · 76b2f7cf
Commit 76b2f7cf authored Dec 10, 2019 by Mikel Astiz Committed by Commit Bot Dec 10, 2019
6 changed files
--- a/chrome/android/BUILD.gn
+++ b/chrome/android/BUILD.gn
@@ -2820,6 +2820,7 @@ generate_jni("chrome_jni_headers") {
    "java/src/org/chromium/chrome/browser/suggestions/mostvisited/MostVisitedSites.java",
    "java/src/org/chromium/chrome/browser/suggestions/mostvisited/MostVisitedSitesBridge.java",
    "java/src/org/chromium/chrome/browser/sync/ProfileSyncService.java",
+    "java/src/org/chromium/chrome/browser/sync/TrustedVaultClient.java",
    "java/src/org/chromium/chrome/browser/tab/InterceptNavigationDelegateImpl.java",
    "java/src/org/chromium/chrome/browser/tab/TabBrowserControlsConstraintsHelper.java",
    "java/src/org/chromium/chrome/browser/tab/TabFavicon.java",

--- a/chrome/android/java/src/org/chromium/chrome/browser/sync/TrustedVaultClient.java
+++ b/chrome/android/java/src/org/chromium/chrome/browser/sync/TrustedVaultClient.java
@@ -10,6 +10,7 @@ import android.content.Intent;
 import androidx.annotation.Nullable;
 import androidx.annotation.VisibleForTesting;
+import org.chromium.base.annotations.CalledByNative;
 import org.chromium.chrome.browser.AppHooks;
 import org.chromium.chrome.browser.util.IntentUtils;
@@ -104,4 +105,13 @@ public class TrustedVaultClient {
    public Intent createKeyRetrievalIntent() {
        return mBackend.createKeyRetrievalIntent();
    }
+    /**
+     * Forwards calls to Backend.fetchKeys().
+     */
+    @CalledByNative
+    private static byte[][] fetchKeys(String gaiaId) {
+        List<byte[]> keys = get().mBackend.fetchKeys(gaiaId);
+        return keys.toArray(new byte[0][]);
+    }
 }
--- a/chrome/browser/BUILD.gn
+++ b/chrome/browser/BUILD.gn
@@ -1804,6 +1804,8 @@ jumbo_static_library("browser") {
    "sync/sync_encryption_keys_tab_helper.h",
    "sync/sync_startup_tracker.cc",
    "sync/sync_startup_tracker.h",
+    "sync/trusted_vault_client_android.cc",
+    "sync/trusted_vault_client_android.h",
    "sync/user_event_service_factory.cc",
    "sync/user_event_service_factory.h",
    "tab_contents/navigation_metrics_recorder.cc",

--- a/chrome/browser/sync/chrome_sync_client.cc
+++ b/chrome/browser/sync/chrome_sync_client.cc
@@ -112,6 +112,10 @@
 #include "chrome/browser/spellchecker/spellcheck_service.h"
 #endif  // BUILDFLAG(ENABLE_SPELLCHECK)
+#if defined(OS_ANDROID)
+#include "chrome/browser/sync/trusted_vault_client_android.h"
+#endif  // defined(OS_ANDROID)
 #if defined(OS_CHROMEOS)
 #include "ash/public/cpp/app_list/app_list_switches.h"
 #include "chrome/browser/chromeos/arc/arc_util.h"
@@ -207,11 +211,12 @@ ChromeSyncClient::ChromeSyncClient(Profile* profile) : profile_(profile) {
      account_password_store_,
      BookmarkSyncServiceFactory::GetForProfile(profile_));
-  // TODO(crbug.com/1012659): Instantiate an Android-specific client.
+#if defined(OS_ANDROID)
-#if !defined(OS_ANDROID)
+  trusted_vault_client_ = std::make_unique<TrustedVaultClientAndroid>();
+#else
  trusted_vault_client_ = std::make_unique<syncer::FileBasedTrustedVaultClient>(
      profile_->GetPath().Append(kTrustedVaultFilename));
-#endif  // !defined(OS_ANDROID)
+#endif  // defined(OS_ANDROID)
 }
 ChromeSyncClient::~ChromeSyncClient() {}

--- a/chrome/browser/sync/trusted_vault_client_android.cc
+++ b/chrome/browser/sync/trusted_vault_client_android.cc
+// Copyright 2019 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+#include "chrome/browser/sync/trusted_vault_client_android.h"
+#include "base/android/jni_android.h"
+#include "base/android/jni_array.h"
+#include "base/android/jni_string.h"
+#include "base/android/scoped_java_ref.h"
+#include "base/callback.h"
+#include "base/logging.h"
+#include "chrome/android/chrome_jni_headers/TrustedVaultClient_jni.h"
+TrustedVaultClientAndroid::TrustedVaultClientAndroid() = default;
+TrustedVaultClientAndroid::~TrustedVaultClientAndroid() = default;
+void TrustedVaultClientAndroid::FetchKeys(
+    const std::string& gaia_id,
+    base::OnceCallback<void(const std::vector<std::string>&)> cb) {
+  JNIEnv* const env = base::android::AttachCurrentThread();
+  const base::android::ScopedJavaLocalRef<jstring> java_gaia_id =
+      base::android::ConvertUTF8ToJavaString(env, gaia_id);
+  // Fetch keys from the implementation in Java.
+  const base::android::ScopedJavaLocalRef<jobjectArray> java_keys =
+      Java_TrustedVaultClient_fetchKeys(env, java_gaia_id);
+  DCHECK(java_keys);
+  // Convert from Java bytes[][] to the C++ equivalent, in this case
+  // std::vector<std::string>.
+  // TODO(crbug.com/1027676): Avoid std::string for binary keys.
+  std::vector<std::string> keys;
+  JavaArrayOfByteArrayToStringVector(env, java_keys, &keys);
+  std::move(cb).Run(keys);
+}
+void TrustedVaultClientAndroid::StoreKeys(
+    const std::string& gaia_id,
+    const std::vector<std::string>& keys) {
+  // Not supported on Android, where keys are fetched outside the browser.
+  NOTREACHED();
+}
--- a/chrome/browser/sync/trusted_vault_client_android.h
+++ b/chrome/browser/sync/trusted_vault_client_android.h
+// Copyright 2019 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+#ifndef CHROME_BROWSER_SYNC_TRUSTED_VAULT_CLIENT_ANDROID_H_
+#define CHROME_BROWSER_SYNC_TRUSTED_VAULT_CLIENT_ANDROID_H_
+#include <string>
+#include <vector>
+#include "base/callback_forward.h"
+#include "components/sync/driver/trusted_vault_client.h"
+// JNI bridge for a Java implementation of the TrustedVaultClient interface,
+// used on Android.
+//
+// This class must be accessed from the UI thread.
+class TrustedVaultClientAndroid : public syncer::TrustedVaultClient {
+ public:
+  TrustedVaultClientAndroid();
+  ~TrustedVaultClientAndroid() override;
+  TrustedVaultClientAndroid(const TrustedVaultClientAndroid&) = delete;
+  TrustedVaultClientAndroid& operator=(const TrustedVaultClientAndroid&) =
+      delete;
+  // TrustedVaultClient implementation.
+  void FetchKeys(
+      const std::string& gaia_id,
+      base::OnceCallback<void(const std::vector<std::string>&)> cb) override;
+  void StoreKeys(const std::string& gaia_id,
+                 const std::vector<std::string>& keys) override;
+};
+#endif  // CHROME_BROWSER_SYNC_TRUSTED_VAULT_CLIENT_ANDROID_H_