diff --git a/BUILD.gn b/BUILD.gn index d0a0b87ae3..33e5cb88fe 100644 --- a/BUILD.gn +++ b/BUILD.gn @@ -464,8 +464,6 @@ source_set("electron_lib") { "//components/os_crypt/async/browser", "//components/os_crypt/async/browser:key_provider_interface", "//components/os_crypt/sync", - "//components/password_manager/core/browser:password_switches", - "//components/password_manager/core/common:features", "//components/pref_registry", "//components/prefs", "//components/security_state/content", @@ -596,7 +594,6 @@ source_set("electron_lib") { use_libcxx_modules = false deps += [ - "//components/os_crypt/async/browser:keychain_key_provider", "//components/os_crypt/common:keychain_password_mac", "//components/remote_cocoa/app_shim", "//components/remote_cocoa/browser", @@ -659,8 +656,6 @@ source_set("electron_lib") { ":libnotify_loader", "//build/config/linux/gtk", "//components/crash/content/browser", - "//components/os_crypt/async/browser:freedesktop_secret_key_provider", - "//components/os_crypt/async/browser:posix_key_provider", "//dbus", "//device/bluetooth", "//third_party/crashpad/crashpad/client", @@ -701,7 +696,6 @@ source_set("electron_lib") { deps += [ "//components/app_launch_prefetch", "//components/crash/core/app:crash_export_thunks", - "//components/os_crypt/async/browser:dpapi_key_provider", "//third_party/libxml:xml_writer", "//ui/wm", "//ui/wm/public", diff --git a/patches/chromium/.patches b/patches/chromium/.patches index 13f3ba6db6..23d8fec1c1 100644 --- a/patches/chromium/.patches +++ b/patches/chromium/.patches @@ -143,3 +143,4 @@ chore_disable_protocol_handler_dcheck.patch fix_check_for_file_existence_before_setting_mtime.patch viz_create_isbufferqueuesupportedandenabled.patch viz_fix_visual_artifacts_while_resizing_window_with_dcomp.patch +fix_os_crypt_async_cookie_encryption.patch diff --git a/patches/chromium/fix_os_crypt_async_cookie_encryption.patch b/patches/chromium/fix_os_crypt_async_cookie_encryption.patch new file mode 100644 index 0000000000..2a96b10809 --- /dev/null +++ b/patches/chromium/fix_os_crypt_async_cookie_encryption.patch @@ -0,0 +1,786 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Keeley Hammond +Date: Tue, 13 Jan 2026 13:26:29 -0800 +Subject: fix: revert OS_Crypt Async in Cookie Encryption + +Electron 40/M144 uses os_crypt async by default for cookie store +providers when using cookie encryption. We need time to properly +implement this in Electron and make sure the async logic is +working properly. + +This patch reverts the port of os_crypt async and falls back to +the old sync logic to unlock Electron 40. This patch can be removed +when os_crypt async is added to Electron. + +Revert "Reland "Port net::CookieCryptoDelegate to os_crypt async"" + +This reverts commit f01b115c7e21a09cc762f65bf7fd9c6ea9d9d0f8. + +diff --git a/chrome/browser/BUILD.gn b/chrome/browser/BUILD.gn +index 563bfe0bd5d2fef7a6525ec69d9e8bd11ac55150..56ac425920e17f0130d9102392d438ec0ac54a00 100644 +--- a/chrome/browser/BUILD.gn ++++ b/chrome/browser/BUILD.gn +@@ -747,6 +747,8 @@ static_library("browser") { + "net/chrome_report_sender.h", + "net/convert_explicitly_allowed_network_ports_pref.cc", + "net/convert_explicitly_allowed_network_ports_pref.h", ++ "net/cookie_encryption_provider_impl.cc", ++ "net/cookie_encryption_provider_impl.h", + "net/default_dns_over_https_config_source.cc", + "net/default_dns_over_https_config_source.h", + "net/dns_over_https_config_source.h", +diff --git a/chrome/browser/extensions/chrome_extension_cookies.cc b/chrome/browser/extensions/chrome_extension_cookies.cc +index fc13abe302557d38cfce798d46551989337abb2c..22eac75cf685039796ecf40e7d86c9f54084a08b 100644 +--- a/chrome/browser/extensions/chrome_extension_cookies.cc ++++ b/chrome/browser/extensions/chrome_extension_cookies.cc +@@ -6,7 +6,6 @@ + + #include + +-#include "chrome/browser/browser_process.h" + #include "chrome/browser/content_settings/cookie_settings_factory.h" + #include "chrome/browser/content_settings/host_content_settings_map_factory.h" + #include "chrome/browser/extensions/chrome_extension_cookies_factory.h" +@@ -49,9 +48,7 @@ ChromeExtensionCookies::ChromeExtensionCookies(Profile* profile) + profile_->GetPath().Append(chrome::kExtensionsCookieFilename), + profile_->ShouldRestoreOldSessionCookies(), + profile_->ShouldPersistSessionCookies())); +- creation_config->crypto_delegate = cookie_config::GetCookieCryptoDelegate( +- g_browser_process->os_crypt_async(), +- content::GetUIThreadTaskRunner({})); ++ creation_config->crypto_delegate = cookie_config::GetCookieCryptoDelegate(); + } + creation_config->cookieable_schemes.push_back(extensions::kExtensionScheme); + +diff --git a/chrome/browser/net/chrome_network_service_browsertest.cc b/chrome/browser/net/chrome_network_service_browsertest.cc +index fa37d56b3a3b1e324ca121992fd7b54a945d75f7..05d4d5eaecf119a956210539f601b8f437aaa788 100644 +--- a/chrome/browser/net/chrome_network_service_browsertest.cc ++++ b/chrome/browser/net/chrome_network_service_browsertest.cc +@@ -5,7 +5,6 @@ + #include "base/feature_list.h" + #include "base/files/file_path.h" + #include "base/files/file_util.h" +-#include "base/task/sequenced_task_runner.h" + #include "base/test/bind.h" + #include "base/test/scoped_feature_list.h" + #include "base/threading/thread_restrictions.h" +@@ -20,7 +19,6 @@ + #include "chrome/test/base/in_process_browser_test.h" + #include "chrome/test/base/ui_test_utils.h" + #include "components/cookie_config/cookie_store_util.h" +-#include "components/os_crypt/async/browser/test_utils.h" + #include "content/public/browser/browser_context.h" + #include "content/public/browser/network_service_instance.h" + #include "content/public/browser/network_service_util.h" +@@ -139,16 +137,10 @@ class ChromeNetworkServiceBrowserTest + IN_PROC_BROWSER_TEST_P(ChromeNetworkServiceBrowserTest, + PRE_PRE_EncryptedCookies) { + // These test is only valid if crypto is enabled on the platform. +- auto os_crypt_async = os_crypt_async::GetTestOSCryptAsyncForTesting( +- /*is_sync_for_unittests=*/true); +- auto crypto_delegate = cookie_config::GetCookieCryptoDelegate( +- os_crypt_async.get(), base::SequencedTaskRunner::GetCurrentDefault()); ++ auto crypto_delegate = cookie_config::GetCookieCryptoDelegate(); + if (!crypto_delegate) { + GTEST_SKIP() << "No crypto on this platform."; + } +- base::RunLoop run_loop; +- crypto_delegate->Init(run_loop.QuitClosure()); +- run_loop.Run(); + std::string ciphertext; + crypto_delegate->EncryptString(kCookieValue, &ciphertext); + ASSERT_NE(ciphertext, kCookieValue) << "Crypto should really encrypt."; +diff --git a/services/network/public/cpp/cookie_encryption_provider_impl.cc b/chrome/browser/net/cookie_encryption_provider_impl.cc +similarity index 71% +rename from services/network/public/cpp/cookie_encryption_provider_impl.cc +rename to chrome/browser/net/cookie_encryption_provider_impl.cc +index 52fedf2057b963951be560a362fec28208c2a4b5..3f770666618f2df56b8cd6855766418d319481f0 100644 +--- a/services/network/public/cpp/cookie_encryption_provider_impl.cc ++++ b/chrome/browser/net/cookie_encryption_provider_impl.cc +@@ -1,19 +1,18 @@ +-// Copyright 2025 The Chromium Authors ++// Copyright 2024 The Chromium Authors + // Use of this source code is governed by a BSD-style license that can be + // found in the LICENSE file. + +-#include "services/network/public/cpp/cookie_encryption_provider_impl.h" ++#include "chrome/browser/net/cookie_encryption_provider_impl.h" + ++#include "chrome/browser/browser_process.h" + #include "components/os_crypt/async/browser/os_crypt_async.h" + +-CookieEncryptionProviderImpl::CookieEncryptionProviderImpl( +- os_crypt_async::OSCryptAsync* os_crypt_async) +- : os_crypt_async_(os_crypt_async) {} ++CookieEncryptionProviderImpl::CookieEncryptionProviderImpl() = default; + + CookieEncryptionProviderImpl::~CookieEncryptionProviderImpl() = default; + + void CookieEncryptionProviderImpl::GetEncryptor(GetEncryptorCallback callback) { +- os_crypt_async_->GetInstance(base::BindOnce( ++ g_browser_process->os_crypt_async()->GetInstance(base::BindOnce( + [](GetEncryptorCallback callback, os_crypt_async::Encryptor encryptor) { + std::move(callback).Run(std::move(encryptor)); + }, +diff --git a/services/network/public/cpp/cookie_encryption_provider_impl.h b/chrome/browser/net/cookie_encryption_provider_impl.h +similarity index 65% +rename from services/network/public/cpp/cookie_encryption_provider_impl.h +rename to chrome/browser/net/cookie_encryption_provider_impl.h +index 8f80cabd7c919c682e603ff6af0c12ae4431e366..68df8a7a04e9a8455b7143432173d9e48dc1ea5e 100644 +--- a/services/network/public/cpp/cookie_encryption_provider_impl.h ++++ b/chrome/browser/net/cookie_encryption_provider_impl.h +@@ -1,27 +1,20 @@ +-// Copyright 2025 The Chromium Authors ++// Copyright 2024 The Chromium Authors + // Use of this source code is governed by a BSD-style license that can be + // found in the LICENSE file. + +-#ifndef SERVICES_NETWORK_PUBLIC_CPP_COOKIE_ENCRYPTION_PROVIDER_IMPL_H_ +-#define SERVICES_NETWORK_PUBLIC_CPP_COOKIE_ENCRYPTION_PROVIDER_IMPL_H_ ++#ifndef CHROME_BROWSER_NET_COOKIE_ENCRYPTION_PROVIDER_IMPL_H_ ++#define CHROME_BROWSER_NET_COOKIE_ENCRYPTION_PROVIDER_IMPL_H_ + +-#include "base/component_export.h" +-#include "base/memory/raw_ptr.h" + #include "components/os_crypt/async/common/encryptor.h" + #include "mojo/public/cpp/bindings/receiver_set.h" + #include "services/network/public/mojom/cookie_encryption_provider.mojom.h" + +-namespace os_crypt_async { +-class OSCryptAsync; +-} +- + // Implementation of CookieEncryptionProvider interface. This is Windows only + // for now, but will be expanded to other platforms in future. +-class COMPONENT_EXPORT(NETWORK_CPP) CookieEncryptionProviderImpl ++class CookieEncryptionProviderImpl + : public network::mojom::CookieEncryptionProvider { + public: +- explicit CookieEncryptionProviderImpl( +- os_crypt_async::OSCryptAsync* os_crypt_async); ++ CookieEncryptionProviderImpl(); + ~CookieEncryptionProviderImpl() override; + + CookieEncryptionProviderImpl(const CookieEncryptionProviderImpl&) = delete; +@@ -37,7 +30,6 @@ class COMPONENT_EXPORT(NETWORK_CPP) CookieEncryptionProviderImpl + + private: + mojo::ReceiverSet receivers_; +- raw_ptr os_crypt_async_; + }; + +-#endif // SERVICES_NETWORK_PUBLIC_CPP_COOKIE_ENCRYPTION_PROVIDER_IMPL_H_ ++#endif // CHROME_BROWSER_NET_COOKIE_ENCRYPTION_PROVIDER_IMPL_H_ +diff --git a/chrome/browser/net/cookie_encryption_provider_interactive_uitest.cc b/chrome/browser/net/cookie_encryption_provider_interactive_uitest.cc +index b862afe7663111a6cbd342d33723942770bb0490..9dc46cedb109cea63bf71aa43fc7a2b64730ed12 100644 +--- a/chrome/browser/net/cookie_encryption_provider_interactive_uitest.cc ++++ b/chrome/browser/net/cookie_encryption_provider_interactive_uitest.cc +@@ -13,6 +13,7 @@ + #include "base/test/test_future.h" + #include "build/config/linux/dbus/buildflags.h" + #include "chrome/browser/browser_features.h" ++#include "chrome/browser/net/cookie_encryption_provider_impl.h" + #include "chrome/browser/policy/chrome_browser_policy_connector.h" + #include "chrome/browser/profiles/profile.h" + #include "chrome/browser/ui/browser.h" +@@ -25,7 +26,6 @@ + #include "content/public/test/browser_test.h" + #include "content/public/test/test_launcher.h" + #include "net/cookies/canonical_cookie.h" +-#include "services/network/public/cpp/cookie_encryption_provider_impl.h" + #include "services/network/public/mojom/cookie_manager.mojom.h" + #include "services/network/public/mojom/network_context.mojom.h" + #include "testing/gtest/include/gtest/gtest.h" +diff --git a/chrome/browser/net/system_network_context_manager.cc b/chrome/browser/net/system_network_context_manager.cc +index 63c1941becda2f3c33b31d060f7b817425e72ed9..6638517850731606cf832261e1920e630ad9a2ee 100644 +--- a/chrome/browser/net/system_network_context_manager.cc ++++ b/chrome/browser/net/system_network_context_manager.cc +@@ -915,13 +915,8 @@ void SystemNetworkContextManager::DisableQuic() { + void SystemNetworkContextManager:: + AddCookieEncryptionManagerToNetworkContextParams( + network::mojom::NetworkContextParams* network_context_params) { +- if (!cookie_encryption_provider_) { +- cookie_encryption_provider_ = +- std::make_unique( +- g_browser_process->os_crypt_async()); +- } + network_context_params->cookie_encryption_provider = +- cookie_encryption_provider_->BindNewRemote(); ++ cookie_encryption_provider_.BindNewRemote(); + } + + void SystemNetworkContextManager::AddSSLConfigToNetworkContextParams( +diff --git a/chrome/browser/net/system_network_context_manager.h b/chrome/browser/net/system_network_context_manager.h +index 3e2382418337c22625abfd8ee4f5b04f8dbb8059..600242238eeb41705ac74a24f8682d791cc4c84e 100644 +--- a/chrome/browser/net/system_network_context_manager.h ++++ b/chrome/browser/net/system_network_context_manager.h +@@ -14,6 +14,7 @@ + #include "base/memory/raw_ptr.h" + #include "base/memory/scoped_refptr.h" + #include "chrome/browser/net/cert_verifier_service_time_updater.h" ++#include "chrome/browser/net/cookie_encryption_provider_impl.h" + #include "chrome/browser/net/proxy_config_monitor.h" + #include "chrome/browser/net/stub_resolver_config_reader.h" + #include "chrome/browser/ssl/ssl_config_service_manager.h" +@@ -23,7 +24,6 @@ + #include "mojo/public/cpp/bindings/pending_receiver.h" + #include "mojo/public/cpp/bindings/remote.h" + #include "services/cert_verifier/public/mojom/cert_verifier_service_factory.mojom-forward.h" +-#include "services/network/public/cpp/cookie_encryption_provider_impl.h" + #include "services/network/public/mojom/host_resolver.mojom-forward.h" + #include "services/network/public/mojom/network_context.mojom.h" + #include "services/network/public/mojom/network_service.mojom.h" +@@ -302,7 +302,7 @@ class SystemNetworkContextManager { + GssapiLibraryLoadObserver gssapi_library_loader_observer_{this}; + #endif // BUILDFLAG(IS_LINUX) + +- std::unique_ptr cookie_encryption_provider_; ++ CookieEncryptionProviderImpl cookie_encryption_provider_; + + std::unique_ptr cert_verifier_time_updater_; + }; +diff --git a/components/cookie_config/BUILD.gn b/components/cookie_config/BUILD.gn +index e348b0d1a59470c5cf153ae02e420b9dd6bd1892..a7a51003386fe7b62aaf5b7008c63acefd428942 100644 +--- a/components/cookie_config/BUILD.gn ++++ b/components/cookie_config/BUILD.gn +@@ -13,7 +13,7 @@ component("cookie_config") { + public_deps = [ "//base" ] + + deps = [ +- "//components/os_crypt/async/browser", ++ "//components/os_crypt/sync", + "//net:extras", + ] + } +diff --git a/components/cookie_config/DEPS b/components/cookie_config/DEPS +index 2c847bf159af83cd12bb343deff0cae9957a4183..a428c0b502bee622fbc7eff7d83a2e8500c058df 100644 +--- a/components/cookie_config/DEPS ++++ b/components/cookie_config/DEPS +@@ -1,4 +1,4 @@ + include_rules = [ +- "+components/os_crypt/async", ++ "+components/os_crypt/sync", + "+net/extras/sqlite", + ] +diff --git a/components/cookie_config/cookie_store_util.cc b/components/cookie_config/cookie_store_util.cc +index 55742de998756cbcd686d13a77b2a695eda06884..e7efdfe3a5ecae3b5461bba469f0377b3c920b21 100644 +--- a/components/cookie_config/cookie_store_util.cc ++++ b/components/cookie_config/cookie_store_util.cc +@@ -5,12 +5,8 @@ + #include "components/cookie_config/cookie_store_util.h" + + #include "base/functional/callback.h" +-#include "base/memory/scoped_refptr.h" +-#include "base/memory/weak_ptr.h" +-#include "base/task/sequenced_task_runner.h" + #include "build/build_config.h" +-#include "components/os_crypt/async/browser/os_crypt_async.h" +-#include "components/os_crypt/async/common/encryptor.h" ++#include "components/os_crypt/sync/os_crypt.h" + #include "net/extras/sqlite/cookie_crypto_delegate.h" + + namespace cookie_config { +@@ -19,123 +15,40 @@ namespace cookie_config { + BUILDFLAG(IS_CHROMEOS) + namespace { + +-void OnOsCryptReadyOnUi( +- base::OnceCallback callback, +- scoped_refptr task_runner, +- os_crypt_async::Encryptor encryptor) { +- task_runner->PostTask( +- FROM_HERE, base::BindOnce(std::move(callback), std::move(encryptor))); +-} +- +-void InitOnUi(base::OnceCallback callback, +- os_crypt_async::OSCryptAsync* os_crypt_async, +- scoped_refptr task_runner) { +- os_crypt_async->GetInstance( +- base::BindOnce(&OnOsCryptReadyOnUi, std::move(callback), +- std::move(task_runner)), +- os_crypt_async::Encryptor::Option::kEncryptSyncCompat); +-} +- + // Use the operating system's mechanisms to encrypt cookies before writing + // them to persistent store. Currently this only is done with desktop OS's + // because ChromeOS and Android already protect the entire profile contents. + class CookieOSCryptoDelegate : public net::CookieCryptoDelegate { + public: +- CookieOSCryptoDelegate( +- os_crypt_async::OSCryptAsync* os_crypt_async, +- scoped_refptr ui_task_runner); +- +- CookieOSCryptoDelegate(const CookieOSCryptoDelegate&) = delete; +- CookieOSCryptoDelegate& operator=(const CookieOSCryptoDelegate&) = delete; +- +- ~CookieOSCryptoDelegate() override; +- +- // net::CookieCryptoDelegate implementation: + void Init(base::OnceClosure callback) override; + bool EncryptString(const std::string& plaintext, + std::string* ciphertext) override; + bool DecryptString(const std::string& ciphertext, + std::string* plaintext) override; +- +- private: +- void OnOsCryptReady(os_crypt_async::Encryptor encryptor); +- +- raw_ptr os_crypt_async_; +- scoped_refptr ui_task_runner_; +- std::optional encryptor_; +- +- bool initializing_ = false; +- std::vector init_callbacks_; +- +- base::WeakPtrFactory weak_ptr_factory_{this}; + }; + +-CookieOSCryptoDelegate::CookieOSCryptoDelegate( +- os_crypt_async::OSCryptAsync* os_crypt_async, +- scoped_refptr ui_task_runner) +- : os_crypt_async_(os_crypt_async), ui_task_runner_(ui_task_runner) {} +- +-CookieOSCryptoDelegate::~CookieOSCryptoDelegate() = default; +- + void CookieOSCryptoDelegate::Init(base::OnceClosure callback) { +- if (encryptor_.has_value()) { +- std::move(callback).Run(); +- return; +- } +- +- init_callbacks_.emplace_back(std::move(callback)); +- if (initializing_) { +- return; +- } +- initializing_ = true; +- +- // PostTaskAndReplyWithResult can't be used here because +- // OSCryptAsync::GetInstance() is async. +- ui_task_runner_->PostTask( +- FROM_HERE, +- base::BindOnce(&InitOnUi, +- base::BindOnce(&CookieOSCryptoDelegate::OnOsCryptReady, +- weak_ptr_factory_.GetWeakPtr()), +- os_crypt_async_, +- base::SequencedTaskRunner::GetCurrentDefault())); +- os_crypt_async_ = nullptr; ++ std::move(callback).Run(); + } + + bool CookieOSCryptoDelegate::EncryptString(const std::string& plaintext, + std::string* ciphertext) { +- CHECK(encryptor_) << "EncryptString called before Init completed"; +- return encryptor_->EncryptString(plaintext, ciphertext); ++ return OSCrypt::EncryptString(plaintext, ciphertext); + } + + bool CookieOSCryptoDelegate::DecryptString(const std::string& ciphertext, + std::string* plaintext) { +- CHECK(encryptor_) << "DecryptString called before Init completed"; +- return encryptor_->DecryptString(ciphertext, plaintext); +-} +- +-void CookieOSCryptoDelegate::OnOsCryptReady( +- os_crypt_async::Encryptor encryptor) { +- encryptor_ = std::move(encryptor); +- initializing_ = false; +- for (auto& callback : init_callbacks_) { +- std::move(callback).Run(); +- } +- init_callbacks_.clear(); ++ return OSCrypt::DecryptString(ciphertext, plaintext); + } + + } // namespace + +-std::unique_ptr GetCookieCryptoDelegate( +- os_crypt_async::OSCryptAsync* os_crypt_async, +- scoped_refptr ui_task_runner) { +- return std::make_unique(os_crypt_async, +- ui_task_runner); ++std::unique_ptr GetCookieCryptoDelegate() { ++ return std::make_unique(); + } + #else // BUILDFLAG(IS_WIN) || BUILDFLAG(IS_MAC) || BUILDFLAG(IS_LINUX) || + // BUILDFLAG(IS_CHROMEOS) +-std::unique_ptr GetCookieCryptoDelegate( +- os_crypt_async::OSCryptAsync* os_crypt_async, +- scoped_refptr ui_task_runner) { ++std::unique_ptr GetCookieCryptoDelegate() { + return nullptr; + } + #endif // BUILDFLAG(IS_WIN) || BUILDFLAG(IS_MAC) || BUILDFLAG(IS_LINUX) || +diff --git a/components/cookie_config/cookie_store_util.h b/components/cookie_config/cookie_store_util.h +index 9d142e9f13fb0d30d5795c2a82f2cbc5274d381c..1e1b7ebc234d7e3f981e023fe49cd0b13ed62c6e 100644 +--- a/components/cookie_config/cookie_store_util.h ++++ b/components/cookie_config/cookie_store_util.h +@@ -8,28 +8,17 @@ + #include + + #include "base/component_export.h" +-#include "base/memory/scoped_refptr.h" +- +-namespace base { +-class SequencedTaskRunner; +-} + + namespace net { + class CookieCryptoDelegate; + } // namespace net + +-namespace os_crypt_async { +-class OSCryptAsync; +-} // namespace os_crypt_async +- + namespace cookie_config { + + // Factory method for returning a CookieCryptoDelegate if one is appropriate for + // this platform. + COMPONENT_EXPORT(COMPONENTS_COOKIE_CONFIG) +-std::unique_ptr GetCookieCryptoDelegate( +- os_crypt_async::OSCryptAsync* os_crypt_async, +- scoped_refptr ui_task_runner); ++std::unique_ptr GetCookieCryptoDelegate(); + + } // namespace cookie_config + +diff --git a/components/os_crypt/sync/BUILD.gn b/components/os_crypt/sync/BUILD.gn +index bb308187837371ecfa2482affaf35ac7ed98c1f3..1e554fe95b0521a883ced83fc67f5d52a3d45759 100644 +--- a/components/os_crypt/sync/BUILD.gn ++++ b/components/os_crypt/sync/BUILD.gn +@@ -12,7 +12,13 @@ component("sync") { + visibility = [ + "//electron:*", + "//chrome/browser", ++ "//chrome/browser/prefs:impl", ++ "//chrome/browser/ui", ++ "//chrome/browser/web_applications", + "//chrome/test:test_support", ++ "//components/autofill/content/browser", ++ "//components/cookie_config", ++ "//components/gcm_driver", + "//components/os_crypt/async/browser:dpapi_key_provider", + "//components/os_crypt/async/browser:freedesktop_secret_key_provider", + "//components/os_crypt/async/browser:keychain_key_provider", +@@ -22,18 +28,24 @@ component("sync") { + "//components/os_crypt/async/common:unit_tests", + "//components/os_crypt/sync:test_support", + "//components/os_crypt/sync:unit_tests", ++ "//components/password_manager/core/browser", ++ "//components/password_manager/core/browser:hash_password_manager", ++ "//components/password_manager/core/browser:unit_tests", ++ "//components/password_manager/core/browser/password_store:password_store_impl", ++ "//components/password_manager/core/browser/password_store:unit_tests", + "//components/signin/core/browser", + "//components/sync:unit_tests", + "//components/sync/nigori", + "//components/sync/service", ++ "//components/trusted_vault", ++ "//components/trusted_vault:unit_tests", ++ "//content/browser", + "//headless:headless_non_renderer", ++ "//headless:headless_shell_lib", + "//ios/chrome/browser/web/model:web_internal", + "//services/network:network_service", + "//services/test/echo:lib", + ] +- if (is_mac) { +- visibility += [ "//headless:headless_shell_lib" ] +- } + + sources = [ + "os_crypt.h", +diff --git a/headless/BUILD.gn b/headless/BUILD.gn +index 3b7ac1e77fb8f1696e6fea46e5e76fd05151b6c0..fa9731f028cf2e2ba7c821e67d3fca95f3e16f36 100644 +--- a/headless/BUILD.gn ++++ b/headless/BUILD.gn +@@ -373,7 +373,6 @@ component("headless_non_renderer") { + "//components/keyed_service/content", + "//components/origin_trials:browser", + "//components/origin_trials:common", +- "//components/os_crypt/async/browser", + "//components/os_crypt/sync", + "//components/policy:generated", + "//components/policy/content", +diff --git a/headless/lib/browser/DEPS b/headless/lib/browser/DEPS +index 75d0960a5964fabf518d0b8b2f67e29e9b3d6fe6..8261f1ab27597459726063cc6faa2a5ed0bfce17 100644 +--- a/headless/lib/browser/DEPS ++++ b/headless/lib/browser/DEPS +@@ -44,7 +44,6 @@ specific_include_rules = { + "headless_browser_impl.*": [ + "+services/device/public/cpp/geolocation/system_geolocation_source_apple.h", + "+services/device/public/cpp/geolocation/geolocation_system_permission_manager.h", +- "+components/os_crypt/async", + "+components/password_manager/core/browser/password_manager_switches.h", + "+components/policy", + "+components/prefs", +@@ -53,9 +52,6 @@ specific_include_rules = { + "+components/metrics", + "+components/variations", + ], +- "headless_request_context_manager.cc": [ +- "+components/os_crypt/async/browser", +- ], + "headless_browser_impl_unittest.cc": [ + "+third_party/blink/public/common/features.h", + ], +diff --git a/headless/lib/browser/headless_browser_context_impl.cc b/headless/lib/browser/headless_browser_context_impl.cc +index f664e9994a3c38ef2aa30773f6ca4668451dd76c..ad83a721a8bf17225af7d2c5954ecdd82cf8e1dc 100644 +--- a/headless/lib/browser/headless_browser_context_impl.cc ++++ b/headless/lib/browser/headless_browser_context_impl.cc +@@ -77,7 +77,7 @@ HeadlessBrowserContextImpl::HeadlessBrowserContextImpl( + ? base::FilePath() + : path_; + request_context_manager_ = std::make_unique( +- context_options_.get(), user_data_path, browser->os_crypt_async()); ++ context_options_.get(), user_data_path); + profile_metrics::SetBrowserProfileType( + this, IsOffTheRecord() ? profile_metrics::BrowserProfileType::kIncognito + : profile_metrics::BrowserProfileType::kRegular); +diff --git a/headless/lib/browser/headless_browser_impl.cc b/headless/lib/browser/headless_browser_impl.cc +index f0c79ccd63e102c4ef51535f476ceddc6c5156a9..c1e9430b3f5b67338f204ca5563a02c2da87cd49 100644 +--- a/headless/lib/browser/headless_browser_impl.cc ++++ b/headless/lib/browser/headless_browser_impl.cc +@@ -16,8 +16,6 @@ + #include "base/task/single_thread_task_runner.h" + #include "build/config/linux/dbus/buildflags.h" + #include "components/embedder_support/user_agent_utils.h" +-#include "components/os_crypt/async/browser/os_crypt_async.h" +-#include "components/os_crypt/async/common/encryptor.h" + #include "components/version_info/version_info.h" + #include "content/public/browser/browser_task_traits.h" + #include "content/public/browser/browser_thread.h" +@@ -212,8 +210,7 @@ void HeadlessBrowserImpl::SetDefaultBrowserContext( + if (default_browser_context_ && !system_request_context_manager_) { + system_request_context_manager_ = + HeadlessRequestContextManager::CreateSystemContext( +- HeadlessBrowserContextImpl::From(browser_context)->options(), +- os_crypt_async()); ++ HeadlessBrowserContextImpl::From(browser_context)->options()); + } + } + +@@ -269,8 +266,6 @@ bool HeadlessBrowserImpl::ShouldStartDevToolsServer() { + } + + void HeadlessBrowserImpl::PreMainMessageLoopRun() { +- CreateOSCryptAsync(); +- + platform_delegate_->Initialize(options_.value()); + + // We don't support the tethering domain on this agent host. +@@ -287,7 +282,6 @@ void HeadlessBrowserImpl::WillRunMainMessageLoop(base::RunLoop& run_loop) { + } + + void HeadlessBrowserImpl::PostMainMessageLoopRun() { +- os_crypt_async_.reset(); + #if defined(HEADLESS_USE_PREFS) + if (local_state_) { + local_state_->CommitPendingWrite(); +diff --git a/headless/lib/browser/headless_browser_impl.h b/headless/lib/browser/headless_browser_impl.h +index 1d9ba1861de0065cb059710fab7b619c0df55216..e08bf0a94e8b06dea68a86560b903523e1d78a9a 100644 +--- a/headless/lib/browser/headless_browser_impl.h ++++ b/headless/lib/browser/headless_browser_impl.h +@@ -31,10 +31,6 @@ class PolicyService; + class PrefService; + #endif + +-namespace os_crypt_async { +-class OSCryptAsync; +-} +- + namespace ui { + class Compositor; + } +@@ -99,10 +95,6 @@ class HEADLESS_EXPORT HeadlessBrowserImpl : public HeadlessBrowser { + + int exit_code() const { return exit_code_; } + +- os_crypt_async::OSCryptAsync* os_crypt_async() { +- return os_crypt_async_.get(); +- } +- + #if defined(HEADLESS_USE_PREFS) + void CreatePrefService(); + PrefService* GetPrefs(); +@@ -121,8 +113,6 @@ class HEADLESS_EXPORT HeadlessBrowserImpl : public HeadlessBrowser { + + int exit_code_ = 0; + +- std::unique_ptr os_crypt_async_; +- + base::flat_map> + browser_contexts_; + raw_ptr +diff --git a/headless/lib/browser/headless_request_context_manager.cc b/headless/lib/browser/headless_request_context_manager.cc +index 6c4ce0a6fa6624cace08bfdb2c62b12836a744fa..fe1a11f94a709400434fb41a5bdcdb8f4d47a959 100644 +--- a/headless/lib/browser/headless_request_context_manager.cc ++++ b/headless/lib/browser/headless_request_context_manager.cc +@@ -11,7 +11,6 @@ + #include "base/task/single_thread_task_runner.h" + #include "build/build_config.h" + #include "components/embedder_support/switches.h" +-#include "components/os_crypt/async/browser/os_crypt_async.h" + #include "content/public/browser/browser_thread.h" + #include "content/public/browser/network_service_instance.h" + #include "headless/lib/browser/headless_browser_context_options.h" +@@ -138,10 +137,9 @@ class HeadlessProxyConfigMonitor + // static + std::unique_ptr + HeadlessRequestContextManager::CreateSystemContext( +- const HeadlessBrowserContextOptions* options, +- os_crypt_async::OSCryptAsync* os_crypt_async) { ++ const HeadlessBrowserContextOptions* options) { + auto manager = std::make_unique( +- options, base::FilePath(), os_crypt_async); ++ options, base::FilePath()); + + base::CommandLine* command_line = base::CommandLine::ForCurrentProcess(); + auto auth_params = ::network::mojom::HttpAuthDynamicParams::New(); +@@ -172,8 +170,7 @@ HeadlessRequestContextManager::CreateSystemContext( + + HeadlessRequestContextManager::HeadlessRequestContextManager( + const HeadlessBrowserContextOptions* options, +- base::FilePath user_data_path, +- os_crypt_async::OSCryptAsync* os_crypt_async) ++ base::FilePath user_data_path) + : + // On Windows, Cookie encryption requires access to local_state prefs. + #if BUILDFLAG(IS_WIN) && !defined(HEADLESS_USE_PREFS) +@@ -183,7 +180,6 @@ HeadlessRequestContextManager::HeadlessRequestContextManager( + !base::CommandLine::ForCurrentProcess()->HasSwitch( + switches::kDisableCookieEncryption)), + #endif +- os_crypt_async_(os_crypt_async), + user_data_path_(std::move(user_data_path)), + disk_cache_dir_(options->disk_cache_dir()), + accept_language_(options->accept_language()), +@@ -192,10 +188,6 @@ HeadlessRequestContextManager::HeadlessRequestContextManager( + options->proxy_config() + ? std::make_unique(*options->proxy_config()) + : nullptr) { +- if (cookie_encryption_enabled_) { +- cookie_encryption_provider_ = +- std::make_unique(os_crypt_async_.get()); +- } + if (!proxy_config_) { + base::CommandLine* command_line = base::CommandLine::ForCurrentProcess(); + if (command_line->HasSwitch(switches::kNoSystemProxyConfigService)) { +@@ -240,10 +232,6 @@ void HeadlessRequestContextManager::ConfigureNetworkContextParamsInternal( + + if (!user_data_path_.empty()) { + context_params->enable_encrypted_cookies = cookie_encryption_enabled_; +- if (cookie_encryption_enabled_) { +- context_params->cookie_encryption_provider = +- cookie_encryption_provider_->BindNewRemote(); +- } + context_params->file_paths = + ::network::mojom::NetworkContextFilePaths::New(); + context_params->file_paths->data_directory = +diff --git a/headless/lib/browser/headless_request_context_manager.h b/headless/lib/browser/headless_request_context_manager.h +index 91d74eaadd9f4d451e809b38a2f999b298068820..e45427ce90f909e609688ab59f4581b185b6757e 100644 +--- a/headless/lib/browser/headless_request_context_manager.h ++++ b/headless/lib/browser/headless_request_context_manager.h +@@ -13,13 +13,8 @@ + #include "content/public/browser/browser_context.h" + #include "mojo/public/cpp/bindings/pending_remote.h" + #include "services/cert_verifier/public/mojom/cert_verifier_service_factory.mojom-forward.h" +-#include "services/network/public/cpp/cookie_encryption_provider_impl.h" + #include "services/network/public/mojom/network_context.mojom.h" + +-namespace os_crypt_async { +-class OSCryptAsync; +-} +- + namespace headless { + + class HeadlessBrowserContextOptions; +@@ -28,12 +23,10 @@ class HeadlessProxyConfigMonitor; + class HeadlessRequestContextManager { + public: + static std::unique_ptr CreateSystemContext( +- const HeadlessBrowserContextOptions* options, +- os_crypt_async::OSCryptAsync* os_crypt_async); ++ const HeadlessBrowserContextOptions* options); + + HeadlessRequestContextManager(const HeadlessBrowserContextOptions* options, +- base::FilePath user_data_path, +- os_crypt_async::OSCryptAsync* os_crypt_async); ++ base::FilePath user_data_path); + + HeadlessRequestContextManager(const HeadlessRequestContextManager&) = delete; + HeadlessRequestContextManager& operator=( +@@ -56,15 +49,12 @@ class HeadlessRequestContextManager { + + const bool cookie_encryption_enabled_; + +- const raw_ptr os_crypt_async_; +- + base::FilePath user_data_path_; + base::FilePath disk_cache_dir_; + std::string accept_language_; + std::string user_agent_; + std::unique_ptr proxy_config_; + std::unique_ptr proxy_config_monitor_; +- std::unique_ptr cookie_encryption_provider_; + + mojo::PendingRemote<::network::mojom::NetworkContext> system_context_; + }; +diff --git a/services/network/network_context.cc b/services/network/network_context.cc +index 0ea9555487f6e63de95053a6e1124369770a5d09..c38a2f62a67bd970bf2862c229cfc04427aa28b7 100644 +--- a/services/network/network_context.cc ++++ b/services/network/network_context.cc +@@ -3282,12 +3282,7 @@ NetworkContext::MakeSessionCleanupCookieStore() const { + crypto_delegate = std::make_unique( + std::move(params_->cookie_encryption_provider)); + } else { +-#if !BUILDFLAG(IS_ANDROID) +- // A cookie crypto delegate should not be created on Android to +- // match the behavior of cookie_config::GetCookieCryptoDelegate(). +- // See https://crbug.com/449652881 +- NOTREACHED(); +-#endif ++ crypto_delegate = cookie_config::GetCookieCryptoDelegate(); + } + } + +diff --git a/services/network/public/cpp/BUILD.gn b/services/network/public/cpp/BUILD.gn +index b48bdf27cd97142ceebc1f0b769b502bf037ce36..3b1424b6df37aa4a3cd341e8b89524e34480d4ac 100644 +--- a/services/network/public/cpp/BUILD.gn ++++ b/services/network/public/cpp/BUILD.gn +@@ -69,8 +69,6 @@ component("cpp") { + "content_decoding_interceptor.h", + "content_language_parser.cc", + "content_language_parser.h", +- "cookie_encryption_provider_impl.cc", +- "cookie_encryption_provider_impl.h", + "cors/cors.cc", + "cors/cors.h", + "cors/origin_access_list.cc", +@@ -187,8 +185,6 @@ component("cpp") { + deps = [ + "//base", + "//components/link_header_util", +- "//components/os_crypt/async/browser", +- "//components/os_crypt/async/common", + "//components/prefs", + "//ipc", + "//net", +diff --git a/services/network/public/mojom/network_context.mojom b/services/network/public/mojom/network_context.mojom +index fcb6654e449a5ba5bd083be4c912f4a496184dd4..84da0a0b8e697b7927a62dd6d484fd8bc75c66d7 100644 +--- a/services/network/public/mojom/network_context.mojom ++++ b/services/network/public/mojom/network_context.mojom +@@ -571,9 +571,10 @@ struct NetworkContextParams { + bool acam_preflight_spec_conformant = true; + + // Sets the cookie encryption provider to be used by this network context if +- // `enable_encrypted_cookies` is enabled. +- // The `GetEncryptor` method on the supplied `cookie_encryption_provider` is +- // called to obtain a valid set of keys for cookie encryption. ++ // `enable_encrypted_cookies` is also enabled. ++ // If both are set then the `GetEncryptor` method on the supplied ++ // `cookie_encryption_provider` is called to obtain a valid set of keys for ++ // cookie encryption. + pending_remote? cookie_encryption_provider; + + // Enables Device Bound Session Credential for this network context. diff --git a/shell/browser/browser_process_impl.cc b/shell/browser/browser_process_impl.cc index bf4b452e4b..54379e9b52 100644 --- a/shell/browser/browser_process_impl.cc +++ b/shell/browser/browser_process_impl.cc @@ -12,27 +12,11 @@ #include "base/files/file_path.h" #include "base/notimplemented.h" #include "base/path_service.h" -#include "build/build_config.h" #include "chrome/browser/browser_process.h" #include "chrome/common/chrome_switches.h" #include "components/os_crypt/async/browser/key_provider.h" #include "components/os_crypt/async/browser/os_crypt_async.h" #include "components/os_crypt/sync/os_crypt.h" -#include "components/password_manager/core/browser/password_manager_switches.h" - -#if BUILDFLAG(IS_WIN) -#include "components/os_crypt/async/browser/dpapi_key_provider.h" -#endif - -#if BUILDFLAG(IS_LINUX) -#include "components/os_crypt/async/browser/freedesktop_secret_key_provider.h" -#include "components/os_crypt/async/browser/posix_key_provider.h" -#endif - -#if BUILDFLAG(IS_MAC) -#include "components/os_crypt/async/browser/keychain_key_provider.h" -#endif - #include "components/prefs/in_memory_pref_store.h" #include "components/prefs/json_pref_store.h" #include "components/prefs/overlay_user_pref_store.h" @@ -426,45 +410,15 @@ void BrowserProcessImpl::CreateNetworkQualityObserver() { } void BrowserProcessImpl::CreateOSCryptAsync() { - // Initialize OSCryptAsync with platform-specific key providers. - // See https://chromium-review.googlesource.com/c/chromium/src/+/6996667 - std::vector>> - providers; + // source: https://chromium-review.googlesource.com/c/chromium/src/+/4455776 -#if BUILDFLAG(IS_WIN) - // On Windows, use DPAPI key provider for cookie encryption. - providers.emplace_back( - /*precedence=*/10u, - std::make_unique(local_state())); -#endif // BUILDFLAG(IS_WIN) - -#if BUILDFLAG(IS_LINUX) - // On Linux, use FreedesktopSecretKeyProvider (for GNOME Keyring, KWallet, - // etc.) with PosixKeyProvider as fallback. - base::CommandLine* cmd_line = base::CommandLine::ForCurrentProcess(); - const auto password_store = - cmd_line->GetSwitchValueASCII(password_manager::kPasswordStore); - - providers.emplace_back( - /*precedence=*/10u, - std::make_unique( - password_store, "Electron", nullptr)); - - // PosixKeyProvider as fallback with lower precedence. - providers.emplace_back( - /*precedence=*/5u, std::make_unique()); -#endif // BUILDFLAG(IS_LINUX) - -#if BUILDFLAG(IS_MAC) - // On macOS, use KeychainKeyProvider for cookie encryption. - // This is enabled by default in Chrome via features::kUseKeychainKeyProvider. - providers.emplace_back( - /*precedence=*/10u, - std::make_unique()); -#endif // BUILDFLAG(IS_MAC) - - os_crypt_async_ = - std::make_unique(std::move(providers)); + // For now, initialize OSCryptAsync with no providers. This delegates all + // encryption operations to OSCrypt. + // TODO(crbug.com/1373092): Add providers behind features, as support for them + // is added. + os_crypt_async_ = std::make_unique( + std::vector< + std::pair>>()); // Trigger async initialization of OSCrypt key providers. os_crypt_async_->GetInstance(base::DoNothing()); diff --git a/shell/browser/net/network_context_service.cc b/shell/browser/net/network_context_service.cc index 9fc2a1b36a..7c465c9991 100644 --- a/shell/browser/net/network_context_service.cc +++ b/shell/browser/net/network_context_service.cc @@ -14,7 +14,6 @@ #include "net/http/http_util.h" #include "net/net_buildflags.h" #include "services/network/network_service.h" -#include "services/network/public/cpp/cookie_encryption_provider_impl.h" #include "services/network/public/cpp/cors/origin_access_list.h" #include "shell/browser/browser_process_impl.h" #include "shell/browser/electron_browser_client.h" @@ -115,18 +114,6 @@ void NetworkContextService::ConfigureNetworkContextParams( network_context_params->enable_encrypted_cookies = electron::fuses::IsCookieEncryptionEnabled(); - // If cookie encryption is enabled, we need to provide a cookie encryption - // provider for the network service to use. - if (network_context_params->enable_encrypted_cookies) { - if (!cookie_encryption_provider_) { - cookie_encryption_provider_ = - std::make_unique( - g_browser_process->os_crypt_async()); - } - network_context_params->cookie_encryption_provider = - cookie_encryption_provider_->BindNewRemote(); - } - network_context_params->file_paths->transport_security_persister_file_name = base::FilePath(chrome::kTransportSecurityPersisterFilename); } diff --git a/shell/browser/net/network_context_service.h b/shell/browser/net/network_context_service.h index 1c3e4f9bea..42efd6c212 100644 --- a/shell/browser/net/network_context_service.h +++ b/shell/browser/net/network_context_service.h @@ -5,16 +5,12 @@ #ifndef ELECTRON_SHELL_BROWSER_NET_NETWORK_CONTEXT_SERVICE_H_ #define ELECTRON_SHELL_BROWSER_NET_NETWORK_CONTEXT_SERVICE_H_ -#include - #include "base/memory/raw_ptr.h" #include "chrome/browser/net/proxy_config_monitor.h" #include "components/keyed_service/core/keyed_service.h" #include "services/cert_verifier/public/mojom/cert_verifier_service_factory.mojom-forward.h" #include "services/network/public/mojom/network_context.mojom-forward.h" -class CookieEncryptionProviderImpl; - namespace base { class FilePath; } // namespace base @@ -50,7 +46,6 @@ class NetworkContextService : public KeyedService { raw_ptr browser_context_; ProxyConfigMonitor proxy_config_monitor_; - std::unique_ptr cookie_encryption_provider_; }; } // namespace electron