fix: fix cookie encryption provider loading on Windows and Linux (#49375)

* fix: support cookie encryption provider cross-platform

Co-authored-by: Keeley Hammond <khammond@slack-corp.com>

* fix: add async macos key provider

Co-authored-by: Keeley Hammond <khammond@slack-corp.com>

---------

Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: Keeley Hammond <khammond@slack-corp.com>

BUILD.gn

@@ -464,6 +464,8 @@ source_set("electron_lib") {
     "//components/os_crypt/async/browser",
     "//components/os_crypt/async/browser:key_provider_interface",
     "//components/os_crypt/sync",
+    "//components/password_manager/core/browser:password_switches",
+    "//components/password_manager/core/common:features",
     "//components/pref_registry",
     "//components/prefs",
     "//components/security_state/content",
@@ -594,6 +596,7 @@ source_set("electron_lib") {
     use_libcxx_modules = false
 
     deps += [
+      "//components/os_crypt/async/browser:keychain_key_provider",
       "//components/os_crypt/common:keychain_password_mac",
       "//components/remote_cocoa/app_shim",
       "//components/remote_cocoa/browser",
@@ -656,6 +659,8 @@ source_set("electron_lib") {
       ":libnotify_loader",
       "//build/config/linux/gtk",
       "//components/crash/content/browser",
+      "//components/os_crypt/async/browser:freedesktop_secret_key_provider",
+      "//components/os_crypt/async/browser:posix_key_provider",
       "//dbus",
       "//device/bluetooth",
       "//third_party/crashpad/crashpad/client",
@@ -696,6 +701,7 @@ source_set("electron_lib") {
     deps += [
       "//components/app_launch_prefetch",
       "//components/crash/core/app:crash_export_thunks",
+      "//components/os_crypt/async/browser:dpapi_key_provider",
       "//third_party/libxml:xml_writer",
       "//ui/wm",
       "//ui/wm/public",

shell/browser/browser_process_impl.cc

@@ -12,11 +12,27 @@
 #include "base/files/file_path.h"
 #include "base/notimplemented.h"
 #include "base/path_service.h"
+#include "build/build_config.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/common/chrome_switches.h"
 #include "components/os_crypt/async/browser/key_provider.h"
 #include "components/os_crypt/async/browser/os_crypt_async.h"
 #include "components/os_crypt/sync/os_crypt.h"
+#include "components/password_manager/core/browser/password_manager_switches.h"
+
+#if BUILDFLAG(IS_WIN)
+#include "components/os_crypt/async/browser/dpapi_key_provider.h"
+#endif
+
+#if BUILDFLAG(IS_LINUX)
+#include "components/os_crypt/async/browser/freedesktop_secret_key_provider.h"
+#include "components/os_crypt/async/browser/posix_key_provider.h"
+#endif
+
+#if BUILDFLAG(IS_MAC)
+#include "components/os_crypt/async/browser/keychain_key_provider.h"
+#endif
+
 #include "components/prefs/in_memory_pref_store.h"
 #include "components/prefs/json_pref_store.h"
 #include "components/prefs/overlay_user_pref_store.h"
@@ -410,15 +426,45 @@ void BrowserProcessImpl::CreateNetworkQualityObserver() {
 }
 
 void BrowserProcessImpl::CreateOSCryptAsync() {
-  // source: https://chromium-review.googlesource.com/c/chromium/src/+/4455776
+  // Initialize OSCryptAsync with platform-specific key providers.
+  // See https://chromium-review.googlesource.com/c/chromium/src/+/6996667
+  std::vector<std::pair<size_t, std::unique_ptr<os_crypt_async::KeyProvider>>>
+      providers;
 
-  // For now, initialize OSCryptAsync with no providers. This delegates all
-  // encryption operations to OSCrypt.
-  // TODO(crbug.com/1373092): Add providers behind features, as support for them
-  // is added.
-  os_crypt_async_ = std::make_unique<os_crypt_async::OSCryptAsync>(
-      std::vector<
-          std::pair<size_t, std::unique_ptr<os_crypt_async::KeyProvider>>>());
+#if BUILDFLAG(IS_WIN)
+  // On Windows, use DPAPI key provider for cookie encryption.
+  providers.emplace_back(
+      /*precedence=*/10u,
+      std::make_unique<os_crypt_async::DPAPIKeyProvider>(local_state()));
+#endif  // BUILDFLAG(IS_WIN)
+
+#if BUILDFLAG(IS_LINUX)
+  // On Linux, use FreedesktopSecretKeyProvider (for GNOME Keyring, KWallet,
+  // etc.) with PosixKeyProvider as fallback.
+  base::CommandLine* cmd_line = base::CommandLine::ForCurrentProcess();
+  const auto password_store =
+      cmd_line->GetSwitchValueASCII(password_manager::kPasswordStore);
+
+  providers.emplace_back(
+      /*precedence=*/10u,
+      std::make_unique<os_crypt_async::FreedesktopSecretKeyProvider>(
+          password_store, "Electron", nullptr));
+
+  // PosixKeyProvider as fallback with lower precedence.
+  providers.emplace_back(
+      /*precedence=*/5u, std::make_unique<os_crypt_async::PosixKeyProvider>());
+#endif  // BUILDFLAG(IS_LINUX)
+
+#if BUILDFLAG(IS_MAC)
+  // On macOS, use KeychainKeyProvider for cookie encryption.
+  // This is enabled by default in Chrome via features::kUseKeychainKeyProvider.
+  providers.emplace_back(
+      /*precedence=*/10u,
+      std::make_unique<os_crypt_async::KeychainKeyProvider>());
+#endif  // BUILDFLAG(IS_MAC)
+
+  os_crypt_async_ =
+      std::make_unique<os_crypt_async::OSCryptAsync>(std::move(providers));
 
   // Trigger async initialization of OSCrypt key providers.
   os_crypt_async_->GetInstance(base::DoNothing());