1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/net/cookie_store_util.h"
7 #include "base/lazy_instance.h"
8 #include "chrome/browser/browser_process.h"
9 #include "chrome/common/chrome_constants.h"
10 #include "chrome/common/chrome_switches.h"
11 #include "components/os_crypt/os_crypt.h"
12 #include "content/public/common/content_constants.h"
13 #include "extensions/common/constants.h"
14 #include "net/extras/sqlite/cookie_crypto_delegate.h"
16 namespace chrome_browser_net
{
18 #if defined(OS_WIN) || defined(OS_MACOSX) || defined(OS_LINUX)
21 // Use the operating system's mechanisms to encrypt cookies before writing
22 // them to persistent store. Currently this only is done with desktop OS's
23 // because ChromeOS and Android already protect the entire profile contents.
24 class CookieOSCryptoDelegate
: public net::CookieCryptoDelegate
{
26 bool ShouldEncrypt() override
;
27 bool EncryptString(const std::string
& plaintext
,
28 std::string
* ciphertext
) override
;
29 bool DecryptString(const std::string
& ciphertext
,
30 std::string
* plaintext
) override
;
33 bool CookieOSCryptoDelegate::ShouldEncrypt() {
35 // Cookie encryption is not necessary on iOS, due to OS-protected storage.
36 // However, due to https://codereview.chromium.org/135183021/, cookies were
37 // accidentally encrypted. In order to allow these cookies to still be used,a
38 // a CookieCryptoDelegate is provided that can decrypt existing cookies.
39 // However, new cookies will not be encrypted. The alternatives considered
40 // were not supplying a delegate at all (thus invalidating all existing
41 // encrypted cookies) or in migrating all cookies at once, which may impose
42 // startup costs. Eventually, all cookies will get migrated as they are
50 bool CookieOSCryptoDelegate::EncryptString(const std::string
& plaintext
,
51 std::string
* ciphertext
) {
52 return OSCrypt::EncryptString(plaintext
, ciphertext
);
55 bool CookieOSCryptoDelegate::DecryptString(const std::string
& ciphertext
,
56 std::string
* plaintext
) {
57 return OSCrypt::DecryptString(ciphertext
, plaintext
);
60 // Using a LazyInstance is safe here because this class is stateless and
61 // requires 0 initialization.
62 base::LazyInstance
<CookieOSCryptoDelegate
> g_cookie_crypto_delegate
=
63 LAZY_INSTANCE_INITIALIZER
;
67 net::CookieCryptoDelegate
* GetCookieCryptoDelegate() {
68 return g_cookie_crypto_delegate
.Pointer();
70 #else // defined(OS_WIN) || defined(OS_MACOSX) || defined(OS_LINUX)
71 net::CookieCryptoDelegate
* GetCookieCryptoDelegate() {
74 #endif // defined(OS_WIN) || defined(OS_MACOSX) || defined(OS_LINUX)
76 } // namespace chrome_browser_net