blob: c1aa494335c04e4181659257e0e7859696eb71c3 [file] [log] [blame]
// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "components/cookie_config/cookie_store_util.h"
#include "base/lazy_instance.h"
#include "build/build_config.h"
#include "components/os_crypt/os_crypt.h"
#include "net/extras/sqlite/cookie_crypto_delegate.h"
namespace cookie_config {
#if defined(OS_WIN) || defined(OS_MACOSX) || defined(OS_LINUX)
namespace {
// Use the operating system's mechanisms to encrypt cookies before writing
// them to persistent store. Currently this only is done with desktop OS's
// because ChromeOS and Android already protect the entire profile contents.
class CookieOSCryptoDelegate : public net::CookieCryptoDelegate {
bool ShouldEncrypt() override;
bool EncryptString(const std::string& plaintext,
std::string* ciphertext) override;
bool DecryptString(const std::string& ciphertext,
std::string* plaintext) override;
bool CookieOSCryptoDelegate::ShouldEncrypt() {
#if defined(OS_IOS)
// Cookie encryption is not necessary on iOS, due to OS-protected storage.
// However, due to, cookies were
// accidentally encrypted. In order to allow these cookies to still be used,a
// a CookieCryptoDelegate is provided that can decrypt existing cookies.
// However, new cookies will not be encrypted. The alternatives considered
// were not supplying a delegate at all (thus invalidating all existing
// encrypted cookies) or in migrating all cookies at once, which may impose
// startup costs. Eventually, all cookies will get migrated as they are
// rewritten.
return false;
return true;
bool CookieOSCryptoDelegate::EncryptString(const std::string& plaintext,
std::string* ciphertext) {
return OSCrypt::EncryptString(plaintext, ciphertext);
bool CookieOSCryptoDelegate::DecryptString(const std::string& ciphertext,
std::string* plaintext) {
return OSCrypt::DecryptString(ciphertext, plaintext);
// Using a LazyInstance is safe here because this class is stateless and
// requires 0 initialization.
g_cookie_crypto_delegate = LAZY_INSTANCE_INITIALIZER;
} // namespace
net::CookieCryptoDelegate* GetCookieCryptoDelegate() {
return g_cookie_crypto_delegate.Pointer();
#else // defined(OS_WIN) || defined(OS_MACOSX) || defined(OS_LINUX)
net::CookieCryptoDelegate* GetCookieCryptoDelegate() {
return NULL;
#endif // defined(OS_WIN) || defined(OS_MACOSX) || defined(OS_LINUX)
} // namespace cookie_config