Refactor WebsiteSettings to operate on a SecurityInfo
[chromium-blink-merge.git] / sync / engine / apply_control_data_updates.cc
blob3e167b1e547aafddbe5e0da498212ea2271f9f5d
1 // Copyright 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "sync/engine/apply_control_data_updates.h"
7 #include "base/metrics/histogram.h"
8 #include "sync/engine/conflict_resolver.h"
9 #include "sync/engine/conflict_util.h"
10 #include "sync/engine/syncer_util.h"
11 #include "sync/syncable/directory.h"
12 #include "sync/syncable/mutable_entry.h"
13 #include "sync/syncable/nigori_handler.h"
14 #include "sync/syncable/nigori_util.h"
15 #include "sync/syncable/syncable_write_transaction.h"
16 #include "sync/util/cryptographer.h"
18 namespace syncer {
20 void ApplyControlDataUpdates(syncable::Directory* dir) {
21 syncable::WriteTransaction trans(FROM_HERE, syncable::SYNCER, dir);
23 std::vector<int64> handles;
24 dir->GetUnappliedUpdateMetaHandles(
25 &trans, ToFullModelTypeSet(ControlTypes()), &handles);
27 // First, go through and manually apply any new top level datatype nodes (so
28 // that we don't have to worry about hitting a CONFLICT_HIERARCHY with an
29 // entry because we haven't applied its parent yet).
30 // TODO(sync): if at some point we support control datatypes with actual
31 // hierarchies we'll need to revisit this logic.
32 ModelTypeSet control_types = ControlTypes();
33 for (ModelTypeSet::Iterator iter = control_types.First(); iter.Good();
34 iter.Inc()) {
35 syncable::MutableEntry entry(&trans, syncable::GET_TYPE_ROOT, iter.Get());
36 if (!entry.good())
37 continue;
38 if (!entry.GetIsUnappliedUpdate())
39 continue;
41 ModelType type = entry.GetServerModelType();
42 if (type == NIGORI) {
43 // Nigori node applications never fail.
44 ApplyNigoriUpdate(&trans,
45 &entry,
46 dir->GetCryptographer(&trans));
47 } else {
48 ApplyControlUpdate(&trans,
49 &entry,
50 dir->GetCryptographer(&trans));
54 // Go through the rest of the unapplied control updates, skipping over any
55 // top level folders.
56 for (std::vector<int64>::const_iterator iter = handles.begin();
57 iter != handles.end(); ++iter) {
58 syncable::MutableEntry entry(&trans, syncable::GET_BY_HANDLE, *iter);
59 CHECK(entry.good());
60 ModelType type = entry.GetServerModelType();
61 CHECK(ControlTypes().Has(type));
62 if (!entry.GetUniqueServerTag().empty()) {
63 // We should have already applied all top level control nodes.
64 DCHECK(!entry.GetIsUnappliedUpdate());
65 continue;
68 ApplyControlUpdate(&trans,
69 &entry,
70 dir->GetCryptographer(&trans));
74 // Update the nigori handler with the server's nigori node.
76 // If we have a locally modified nigori node, we merge them manually. This
77 // handles the case where two clients both set a different passphrase. The
78 // second client to attempt to commit will go into a state of having pending
79 // keys, unioned the set of encrypted types, and eventually re-encrypt
80 // everything with the passphrase of the first client and commit the set of
81 // merged encryption keys. Until the second client provides the pending
82 // passphrase, the cryptographer will preserve the encryption keys based on the
83 // local passphrase, while the nigori node will preserve the server encryption
84 // keys.
85 void ApplyNigoriUpdate(syncable::WriteTransaction* const trans,
86 syncable::MutableEntry* const entry,
87 Cryptographer* cryptographer) {
88 DCHECK(entry->GetIsUnappliedUpdate());
90 // We apply the nigori update regardless of whether there's a conflict or
91 // not in order to preserve any new encrypted types or encryption keys.
92 // TODO(zea): consider having this return a bool reflecting whether it was a
93 // valid update or not, and in the case of invalid updates not overwrite the
94 // local data.
95 const sync_pb::NigoriSpecifics& nigori =
96 entry->GetServerSpecifics().nigori();
97 trans->directory()->GetNigoriHandler()->ApplyNigoriUpdate(nigori, trans);
99 // Make sure any unsynced changes are properly encrypted as necessary.
100 // We only perform this if the cryptographer is ready. If not, these are
101 // re-encrypted at SetDecryptionPassphrase time (via ReEncryptEverything).
102 // This logic covers the case where the nigori update marked new datatypes
103 // for encryption, but didn't change the passphrase.
104 if (cryptographer->is_ready()) {
105 // Note that we don't bother to encrypt any data for which IS_UNSYNCED
106 // == false here. The machine that turned on encryption should know about
107 // and re-encrypt all synced data. It's possible it could get interrupted
108 // during this process, but we currently reencrypt everything at startup
109 // as well, so as soon as a client is restarted with this datatype marked
110 // for encryption, all the data should be updated as necessary.
112 // If this fails, something is wrong with the cryptographer, but there's
113 // nothing we can do about it here.
114 DVLOG(1) << "Received new nigori, encrypting unsynced changes.";
115 syncable::ProcessUnsyncedChangesForEncryption(trans);
118 if (!entry->GetIsUnsynced()) { // Update only.
119 UpdateLocalDataFromServerData(trans, entry);
120 } else { // Conflict.
121 const sync_pb::EntitySpecifics& server_specifics =
122 entry->GetServerSpecifics();
123 const sync_pb::NigoriSpecifics& server_nigori = server_specifics.nigori();
124 const sync_pb::EntitySpecifics& local_specifics =
125 entry->GetSpecifics();
126 const sync_pb::NigoriSpecifics& local_nigori = local_specifics.nigori();
128 // We initialize the new nigori with the server state, and will override
129 // it as necessary below.
130 sync_pb::EntitySpecifics new_specifics = entry->GetServerSpecifics();
131 sync_pb::NigoriSpecifics* new_nigori = new_specifics.mutable_nigori();
133 // If the cryptographer is not ready, another client set a new encryption
134 // passphrase. If we had migrated locally, we will re-migrate when the
135 // pending keys are provided. If we had set a new custom passphrase locally
136 // the user will have another chance to set a custom passphrase later
137 // (assuming they hadn't set a custom passphrase on the other client).
138 // Therefore, we only attempt to merge the nigori nodes if the cryptographer
139 // is ready.
140 // Note: we only update the encryption keybag if we're sure that we aren't
141 // invalidating the keystore_decryptor_token (i.e. we're either
142 // not migrated or we copying over all local state).
143 if (cryptographer->is_ready()) {
144 if (local_nigori.has_passphrase_type() &&
145 server_nigori.has_passphrase_type()) {
146 // They're both migrated, preserve the local nigori if the passphrase
147 // type is more conservative.
148 if (server_nigori.passphrase_type() ==
149 sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE &&
150 local_nigori.passphrase_type() !=
151 sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE) {
152 DCHECK(local_nigori.passphrase_type() ==
153 sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE ||
154 local_nigori.passphrase_type() ==
155 sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE);
156 new_nigori->CopyFrom(local_nigori);
157 cryptographer->GetKeys(new_nigori->mutable_encryption_keybag());
159 } else if (!local_nigori.has_passphrase_type() &&
160 !server_nigori.has_passphrase_type()) {
161 // Set the explicit passphrase based on the local state. If the server
162 // had set an explict passphrase, we should have pending keys, so
163 // should not reach this code.
164 // Because neither side is migrated, we don't have to worry about the
165 // keystore decryptor token.
166 new_nigori->set_keybag_is_frozen(local_nigori.keybag_is_frozen());
167 cryptographer->GetKeys(new_nigori->mutable_encryption_keybag());
168 } else if (local_nigori.has_passphrase_type()) {
169 // Local is migrated but server is not. Copy over the local migrated
170 // data.
171 new_nigori->CopyFrom(local_nigori);
172 cryptographer->GetKeys(new_nigori->mutable_encryption_keybag());
173 } // else leave the new nigori with the server state.
176 // Always update to the safest set of encrypted types.
177 trans->directory()->GetNigoriHandler()->UpdateNigoriFromEncryptedTypes(
178 new_nigori,
179 trans);
181 entry->PutSpecifics(new_specifics);
182 DVLOG(1) << "Resolving simple conflict, merging nigori nodes: "
183 << entry;
185 conflict_util::OverwriteServerChanges(entry);
187 UMA_HISTOGRAM_ENUMERATION("Sync.ResolveSimpleConflict",
188 ConflictResolver::NIGORI_MERGE,
189 ConflictResolver::CONFLICT_RESOLUTION_SIZE);
193 void ApplyControlUpdate(syncable::WriteTransaction* const trans,
194 syncable::MutableEntry* const entry,
195 Cryptographer* cryptographer) {
196 DCHECK_NE(entry->GetServerModelType(), NIGORI);
197 DCHECK(entry->GetIsUnappliedUpdate());
198 if (entry->GetIsUnsynced()) {
199 // We just let the server win all conflicts with control types.
200 DVLOG(1) << "Ignoring local changes for control update.";
201 conflict_util::IgnoreLocalChanges(entry);
202 UMA_HISTOGRAM_ENUMERATION("Sync.ResolveSimpleConflict",
203 ConflictResolver::OVERWRITE_LOCAL,
204 ConflictResolver::CONFLICT_RESOLUTION_SIZE);
207 UpdateAttemptResponse response = AttemptToUpdateEntry(
208 trans, entry, cryptographer);
209 DCHECK_EQ(SUCCESS, response);
212 } // namespace syncer