Propagate account ID together with trusted vault keys

This allows verifying that the keys provided via Web correspond to the
sync-ing user.

Bug: 1000146
Change-Id: Ib6eed0d244679703d55b164d2f71432b43695e43
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1847219Reviewed-by: Marc Treib <treib@chromium.org>
Commit-Queue: Mikel Astiz <mastiz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#703664}

components/sync/driver/profile_sync_service.cc

@@ -859,7 +859,8 @@ void ProfileSyncService::OnEngineInitialized(
           initial_types, debug_info_listener, &data_type_controllers_,
           user_settings_.get(), engine_.get(), this);
 
-  crypto_.SetSyncEngine(engine_.get());
+  crypto_.SetSyncEngine(GetAuthenticatedAccountInfo().account_id,
+                        engine_.get());
 
   // Auto-start means IsFirstSetupComplete gets set automatically.
   if (start_behavior_ == AUTO_START &&

components/sync/driver/sync_service_crypto.cc

@@ -284,8 +284,11 @@ bool SyncServiceCrypto::SetDecryptionPassphrase(const std::string& passphrase) {
 }
 
 void SyncServiceCrypto::AddTrustedVaultDecryptionKeys(
+    const CoreAccountId& account_id,
     const std::vector<std::string>& keys) {
-  state_.engine->AddTrustedVaultDecryptionKeys(keys);
+  if (state_.engine && state_.account_id == account_id) {
+    state_.engine->AddTrustedVaultDecryptionKeys(keys);
+  }
 }
 
 PassphraseType SyncServiceCrypto::GetPassphraseType() const {
@@ -433,6 +436,13 @@ void SyncServiceCrypto::OnPassphraseTypeChanged(PassphraseType type,
   notify_observers_.Run();
 }
 
+void SyncServiceCrypto::SetSyncEngine(const CoreAccountId& account_id,
+                                      SyncEngine* engine) {
+  DCHECK(engine);
+  state_.account_id = account_id;
+  state_.engine = engine;
+}
+
 std::unique_ptr<SyncEncryptionHandler::Observer>
 SyncServiceCrypto::GetEncryptionObserverProxy() {
   DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);

components/sync/driver/sync_service_crypto.h

@@ -16,6 +16,7 @@
 #include "components/sync/engine/configure_reason.h"
 #include "components/sync/engine/sync_encryption_handler.h"
 #include "components/sync/engine/sync_engine.h"
+#include "google_apis/gaia/core_account_id.h"
 
 namespace syncer {
 
@@ -43,7 +44,8 @@ class SyncServiceCrypto : public SyncEncryptionHandler::Observer {
   bool IsEncryptEverythingEnabled() const;
   void SetEncryptionPassphrase(const std::string& passphrase);
   bool SetDecryptionPassphrase(const std::string& passphrase);
-  void AddTrustedVaultDecryptionKeys(const std::vector<std::string>& keys);
+  void AddTrustedVaultDecryptionKeys(const CoreAccountId& account_id,
+                                     const std::vector<std::string>& keys);
 
   // Returns the actual passphrase type being used for encryption.
   PassphraseType GetPassphraseType() const;
@@ -70,7 +72,7 @@ class SyncServiceCrypto : public SyncEncryptionHandler::Observer {
                                base::Time passphrase_time) override;
 
   // Used to provide the engine when it is initialized.
-  void SetSyncEngine(SyncEngine* engine) { state_.engine = engine; }
+  void SetSyncEngine(const CoreAccountId& account_id, SyncEngine* engine);
 
   // Creates a proxy observer object that will post calls to this thread.
   std::unique_ptr<SyncEncryptionHandler::Observer> GetEncryptionObserverProxy();
@@ -105,6 +107,9 @@ class SyncServiceCrypto : public SyncEncryptionHandler::Observer {
     // Not-null when the engine is initialized.
     SyncEngine* engine = nullptr;
 
+    // Populated when the engine is initialized.
+    CoreAccountId account_id;
+
     RequiredUserAction required_user_action = RequiredUserAction::kNone;
 
     // The current set of encrypted types. Always a superset of

components/sync/driver/sync_user_settings.h

@@ -15,6 +15,8 @@
 #include "components/sync/base/user_selectable_type.h"
 #include "components/sync/driver/data_type_encryption_handler.h"
 
+struct CoreAccountId;
+
 namespace syncer {
 
 // GENERATED_JAVA_ENUM_PACKAGE: org.chromium.chrome.browser
@@ -118,6 +120,7 @@ class SyncUserSettings : public syncer::DataTypeEncryptionHandler {
   // TRUSTED_VAULT_PASSPHRASE: it provides new decryption keys that could
   // allow decrypting pending Nigori keys.
   virtual void AddTrustedVaultDecryptionKeys(
+      const CoreAccountId& account_id,
       const std::vector<std::string>& keys) = 0;
 };
 

components/sync/driver/sync_user_settings_impl.cc

@@ -171,9 +171,10 @@ bool SyncUserSettingsImpl::SetDecryptionPassphrase(
 }
 
 void SyncUserSettingsImpl::AddTrustedVaultDecryptionKeys(
+    const CoreAccountId& account_id,
     const std::vector<std::string>& keys) {
   DVLOG(1) << "Adding trusted vault decryption keys.";
-  crypto_->AddTrustedVaultDecryptionKeys(keys);
+  crypto_->AddTrustedVaultDecryptionKeys(account_id, keys);
 }
 
 void SyncUserSettingsImpl::SetSyncRequestedIfNotSetExplicitly() {

components/sync/driver/sync_user_settings_impl.h

@@ -14,6 +14,8 @@
 #include "components/sync/driver/sync_type_preference_provider.h"
 #include "components/sync/driver/sync_user_settings.h"
 
+struct CoreAccountId;
+
 namespace syncer {
 
 class SyncPrefs;
@@ -63,6 +65,7 @@ class SyncUserSettingsImpl : public SyncUserSettings {
   void SetEncryptionPassphrase(const std::string& passphrase) override;
   bool SetDecryptionPassphrase(const std::string& passphrase) override;
   void AddTrustedVaultDecryptionKeys(
+      const CoreAccountId& account_id,
       const std::vector<std::string>& keys) override;
 
   void SetSyncRequestedIfNotSetExplicitly();

components/sync/driver/sync_user_settings_mock.h

@@ -9,6 +9,7 @@
 #include <vector>
 
 #include "components/sync/driver/sync_user_settings.h"
+#include "google_apis/gaia/core_account_id.h"
 #include "testing/gmock/include/gmock/gmock.h"
 
 namespace syncer {
@@ -47,8 +48,8 @@ class SyncUserSettingsMock : public SyncUserSettings {
 
   MOCK_METHOD1(SetEncryptionPassphrase, void(const std::string&));
   MOCK_METHOD1(SetDecryptionPassphrase, bool(const std::string&));
-  MOCK_METHOD1(AddTrustedVaultDecryptionKeys,
-               void(const std::vector<std::string>&));
+  MOCK_METHOD2(AddTrustedVaultDecryptionKeys,
+               void(const CoreAccountId&, const std::vector<std::string>&));
 };
 
 }  // namespace syncer

components/sync/driver/test_sync_user_settings.cc

@@ -153,6 +153,7 @@ bool TestSyncUserSettings::SetDecryptionPassphrase(
 }
 
 void TestSyncUserSettings::AddTrustedVaultDecryptionKeys(
+    const CoreAccountId& account_id,
     const std::vector<std::string>& keys) {}
 
 void TestSyncUserSettings::SetFirstSetupComplete() {

components/sync/driver/test_sync_user_settings.h

@@ -10,6 +10,8 @@
 
 #include "components/sync/driver/sync_user_settings.h"
 
+struct CoreAccountId;
+
 namespace syncer {
 
 class TestSyncService;
@@ -52,6 +54,7 @@ class TestSyncUserSettings : public SyncUserSettings {
   void SetEncryptionPassphrase(const std::string& passphrase) override;
   bool SetDecryptionPassphrase(const std::string& passphrase) override;
   void AddTrustedVaultDecryptionKeys(
+      const CoreAccountId& account_id,
       const std::vector<std::string>& keys) override;
 
   void SetFirstSetupComplete();