[Sync::USS] Encrypt passwords in NonBlockingTypeCommitContribution

This is necessary for full-blown USS. Bug: 902349 Change-Id: I1de4a3ac610151feb236c2f1696ba22b9f047568 Reviewed-on: https://chromium-review.googlesource.com/c/1336129 Commit-Queue: Mohamed Amir Yosef <mamir@chromium.org> Reviewed-by: Mikel Astiz <mastiz@chromium.org> Cr-Commit-Position: refs/heads/master@{#611620}

[Sync::USS] Encrypt passwords in NonBlockingTypeCommitContribution
This is necessary for full-blown USS. Bug: 902349 Change-Id: I1de4a3ac610151feb236c2f1696ba22b9f047568 Reviewed-on: https://chromium-review.googlesource.com/c/1336129 Commit-Queue: Mohamed Amir Yosef <mamir@chromium.org> Reviewed-by: Mikel Astiz <mastiz@chromium.org> Cr-Commit-Position: refs/heads/master@{#611620}
8ea63a76 · Mohamed Amir Yosef · Commit Bot · ea717408 · 8ea63a76 · 8ea63a76
Commit 8ea63a76 authored Nov 28, 2018 by Mohamed Amir Yosef Committed by Commit Bot Nov 28, 2018
2 changed files
--- a/components/sync/engine_impl/non_blocking_type_commit_contribution.cc
+++ b/components/sync/engine_impl/non_blocking_type_commit_contribution.cc
@@ -5,11 +5,13 @@
 #include "components/sync/engine_impl/non_blocking_type_commit_contribution.h"

 #include <algorithm>
+#include <utility>

 #include "base/guid.h"
 #include "base/values.h"
 #include "components/sync/base/time.h"
 #include "components/sync/base/unique_position.h"
+#include "components/sync/driver/sync_driver_switches.h"
 #include "components/sync/engine/non_blocking_sync_common.h"
 #include "components/sync/engine_impl/model_type_worker.h"
 #include "components/sync/protocol/proto_value_conversions.h"
@@ -229,6 +231,28 @@ void NonBlockingTypeCommitContribution::AdjustCommitProto(

  // Encrypt the specifics and hide the title if necessary.
  if (commit_proto->specifics().has_password()) {
+    if (base::FeatureList::IsEnabled(switches::kSyncUSSPasswords)) {
+      DCHECK(cryptographer_);
+      const sync_pb::PasswordSpecifics& password_specifics =
+          commit_proto->specifics().password();
+      const sync_pb::PasswordSpecificsData& password_data =
+          password_specifics.client_only_encrypted_data();
+      sync_pb::EntitySpecifics encrypted_password;
+      if (!IsExplicitPassphrase(passphrase_type_) &&
+          password_specifics.unencrypted_metadata().url() !=
+              password_data.signon_realm()) {
+        encrypted_password.mutable_password()
+            ->mutable_unencrypted_metadata()
+            ->set_url(password_data.signon_realm());
+      }
+
+      bool result = cryptographer_->Encrypt(
+          password_data,
+          encrypted_password.mutable_password()->mutable_encrypted());
+      DCHECK(result);
+      *commit_proto->mutable_specifics() = std::move(encrypted_password);
+      commit_proto->set_name("encrypted");
+    } else {
      // If explicit encryption is enabled, password metadata fields must be
      // cleared. See documentation in password_specifics.proto.
      if (IsExplicitPassphrase(passphrase_type_)) {
@@ -237,6 +261,7 @@ void NonBlockingTypeCommitContribution::AdjustCommitProto(
            ->clear_unencrypted_metadata();
      }
      commit_proto->set_name("encrypted");
+    }
  } else if (cryptographer_) {
    if (commit_proto->has_specifics()) {
      sync_pb::EntitySpecifics encrypted_specifics;

--- a/components/sync/engine_impl/non_blocking_type_commit_contribution.h
+++ b/components/sync/engine_impl/non_blocking_type_commit_contribution.h
@@ -53,7 +53,7 @@ class NonBlockingTypeCommitContribution : public CommitContribution {
                                  sync_pb::SyncEntity* commit_proto);

 private:
-  // Generates id for new entites and encrypts entity if needed.
+  // Generates id for new entities and encrypts entity if needed.
  void AdjustCommitProto(sync_pb::SyncEntity* commit_proto);

  const ModelType type_;