Adds encryption on important data

Resolves brave/brave-browser#2555

components/brave_ads/browser/ads_service_impl.cc

@@ -380,8 +380,8 @@ void AdsServiceImpl::OnWalletUpdated() {
     return;
   }
 
-  const std::string json = profile_->GetPrefs()->GetString(
-      brave_rewards::prefs::kWalletBrave);
+  const std::string json = rewards_service_->GetEncryptedStringState(
+      "wallets.brave");
 
   if (json.empty()) {
     return;

components/brave_ads/browser/ads_service_impl_unittest.cc

@@ -233,6 +233,12 @@ class MockRewardsService : public RewardsService {
   MOCK_METHOD1(
       GetEventLogs,
       void(brave_rewards::GetEventLogsCallback callback));
+
+  MOCK_METHOD1(GetEncryptedStringState, std::string(const std::string&));
+
+  MOCK_METHOD2(
+      SetEncryptedStringState,
+      bool(const std::string&, const std::string&));
 };
 
 class AdsServiceTest : public testing::Test {

components/brave_rewards/browser/rewards_service.h

@@ -349,6 +349,12 @@ class RewardsService : public KeyedService {
 
   virtual void GetEventLogs(GetEventLogsCallback callback) = 0;
 
+  virtual std::string GetEncryptedStringState(const std::string& key) = 0;
+
+  virtual bool SetEncryptedStringState(
+      const std::string& key,
+      const std::string& value) = 0;
+
  protected:
   base::ObserverList<RewardsServiceObserver> observers_;
 

components/brave_rewards/browser/rewards_service_impl.cc

@@ -13,6 +13,7 @@
 #include <utility>
 #include <vector>
 
+#include "base/base64.h"
 #include "base/bind.h"
 #include "base/command_line.h"
 #include "base/containers/flat_map.h"
@@ -64,6 +65,7 @@
 #include "components/country_codes/country_codes.h"
 #include "components/favicon/core/favicon_service.h"
 #include "components/favicon_base/favicon_types.h"
+#include "components/os_crypt/os_crypt.h"
 #include "components/prefs/pref_service.h"
 #include "content/public/browser/browser_task_traits.h"
 #include "content/public/browser/service_process_host.h"
@@ -3412,4 +3414,40 @@ void RewardsServiceImpl::OnGetEventLogs(
   std::move(callback).Run(std::move(logs));
 }
 
+bool RewardsServiceImpl::SetEncryptedStringState(
+      const std::string& name,
+      const std::string& value) {
+  std::string encrypted_value;
+  if (!OSCrypt::EncryptString(value, &encrypted_value)) {
+    BLOG(0, "Couldn't encrypt value for " + name);
+    return false;
+  }
+
+  std::string encoded_value;
+  base::Base64Encode(encrypted_value, &encoded_value);
+
+  profile_->GetPrefs()->SetString(GetPrefPath(name), encoded_value);
+  return true;
+}
+
+std::string RewardsServiceImpl::GetEncryptedStringState(
+    const std::string& name) {
+  const std::string encoded_value =
+      profile_->GetPrefs()->GetString(GetPrefPath(name));
+
+  std::string encrypted_value;
+  if (!base::Base64Decode(encoded_value, &encrypted_value)) {
+    BLOG(0, "base64 decode failed for " + name);
+    return "";
+  }
+
+  std::string value;
+  if (!OSCrypt::DecryptString(encrypted_value, &value)) {
+    BLOG(0, "Decrypting failed for " + name);
+    return "";
+  }
+
+  return value;
+}
+
 }  // namespace brave_rewards

components/brave_rewards/browser/rewards_service_impl.h

@@ -328,6 +328,12 @@ class RewardsServiceImpl : public RewardsService,
 
   void StopLedger(StopLedgerCallback callback);
 
+  std::string GetEncryptedStringState(const std::string& name) override;
+
+  bool SetEncryptedStringState(
+      const std::string& name,
+      const std::string& value) override;
+
   // Testing methods
   void SetLedgerEnvForTesting();
   void PrepareLedgerEnvForTesting();

components/brave_rewards/browser/test/common/rewards_browsertest_contribution.cc

@@ -437,8 +437,10 @@ ledger::type::Result RewardsBrowserTestContribution::GetACStatus() {
 }
 
 void RewardsBrowserTestContribution::SetUpUpholdWallet(
+    brave_rewards::RewardsServiceImpl* rewards_service,
     const double balance,
     const ledger::type::WalletStatus status) {
+  DCHECK(rewards_service);
   external_balance_ = balance;
 
   base::Value wallet(base::Value::Type::DICTIONARY);
@@ -451,9 +453,7 @@ void RewardsBrowserTestContribution::SetUpUpholdWallet(
 
   std::string json;
   base::JSONWriter::Write(wallet, &json);
-  browser_->profile()->GetPrefs()->SetString(
-      brave_rewards::prefs::kWalletUphold,
-      json);
+  rewards_service->SetEncryptedStringState("wallets.uphold", json);
 }
 
 double RewardsBrowserTestContribution::GetReconcileTipTotal() {

components/brave_rewards/browser/test/common/rewards_browsertest_contribution.h

@@ -80,8 +80,9 @@ class RewardsBrowserTestContribution
   std::vector<ledger::type::Result> GetMultipleACStatus();
 
   void SetUpUpholdWallet(
-    const double balance,
-    const ledger::type::WalletStatus status =
+      brave_rewards::RewardsServiceImpl* rewards_service,
+      const double balance,
+      const ledger::type::WalletStatus status =
         ledger::type::WalletStatus::VERIFIED);
 
   std::vector<ledger::type::Result> GetMultipleTipStatus();

components/brave_rewards/browser/test/rewards_browsertest.cc

@@ -334,7 +334,7 @@ IN_PROC_BROWSER_TEST_F(RewardsBrowserTest, ShowACPercentInThePanel) {
 IN_PROC_BROWSER_TEST_F(RewardsBrowserTest, ZeroBalanceWalletClaimNotCalled) {
   response_->SetVerifiedWallet(true);
   rewards_browsertest_util::EnableRewardsViaCode(browser(), rewards_service_);
-  contribution_->SetUpUpholdWallet(50.0);
+  contribution_->SetUpUpholdWallet(rewards_service_, 50.0);
 
   response_->ClearRequests();
 

components/brave_rewards/browser/test/rewards_contribution_browsertest.cc

@@ -210,7 +210,7 @@ IN_PROC_BROWSER_TEST_F(
     AutoContributionMultiplePublishersUphold) {
   response_->SetVerifiedWallet(true);
   rewards_browsertest_helper::EnableRewards(browser());
-  contribution_->SetUpUpholdWallet(50.0);
+  contribution_->SetUpUpholdWallet(rewards_service_, 50.0);
 
   ledger::type::SKUOrderItemList items;
   auto item = ledger::type::SKUOrderItem::New();
@@ -449,7 +449,7 @@ IN_PROC_BROWSER_TEST_F(
     TipWithVerifiedWallet) {
   response_->SetVerifiedWallet(true);
   rewards_browsertest_helper::EnableRewards(browser());
-  contribution_->SetUpUpholdWallet(50.0);
+  contribution_->SetUpUpholdWallet(rewards_service_, 50.0);
 
   const double amount = 5.0;
   contribution_->TipViaCode(
@@ -465,7 +465,7 @@ IN_PROC_BROWSER_TEST_F(
     MultipleTipsProduceMultipleFeesWithVerifiedWallet) {
   response_->SetVerifiedWallet(true);
   rewards_browsertest_helper::EnableRewards(browser());
-  contribution_->SetUpUpholdWallet(50.0);
+  contribution_->SetUpUpholdWallet(rewards_service_, 50.0);
 
   double total_amount = 0.0;
   const double amount = 5.0;
@@ -520,7 +520,7 @@ IN_PROC_BROWSER_TEST_F(
     TipConnectedPublisherAnonAndConnected) {
   response_->SetVerifiedWallet(true);
   rewards_browsertest_helper::EnableRewards(browser());
-  contribution_->SetUpUpholdWallet(50.0);
+  contribution_->SetUpUpholdWallet(rewards_service_, 50.0);
   contribution_->AddBalance(promotion_->ClaimPromotionViaCode());
 
   const double amount = 5.0;
@@ -537,7 +537,10 @@ IN_PROC_BROWSER_TEST_F(
     TipConnectedPublisherConnected) {
   response_->SetVerifiedWallet(true);
   rewards_browsertest_helper::EnableRewards(browser());
-  contribution_->SetUpUpholdWallet(50.0, ledger::type::WalletStatus::CONNECTED);
+  contribution_->SetUpUpholdWallet(
+      rewards_service_,
+      50.0,
+      ledger::type::WalletStatus::CONNECTED);
   rewards_browsertest_helper::ReloadCurrentSite(browser());
 
   const double amount = 5.0;
@@ -561,7 +564,7 @@ IN_PROC_BROWSER_TEST_F(
     TipConnectedPublisherVerified) {
   response_->SetVerifiedWallet(true);
   rewards_browsertest_helper::EnableRewards(browser());
-  contribution_->SetUpUpholdWallet(50.0);
+  contribution_->SetUpUpholdWallet(rewards_service_, 50.0);
   rewards_browsertest_helper::ReloadCurrentSite(browser());
 
   const double amount = 5.0;
@@ -725,7 +728,7 @@ IN_PROC_BROWSER_TEST_F(
     SplitProcessorAutoContribution) {
   response_->SetVerifiedWallet(true);
   rewards_browsertest_helper::EnableRewards(browser());
-  contribution_->SetUpUpholdWallet(50.0);
+  contribution_->SetUpUpholdWallet(rewards_service_, 50.0);
   contribution_->AddBalance(promotion_->ClaimPromotionViaCode());
 
   rewards_browsertest_helper::VisitPublisher(
@@ -857,7 +860,7 @@ IN_PROC_BROWSER_TEST_F(
     SplitProcessOneTimeTip) {
   response_->SetVerifiedWallet(true);
   rewards_browsertest_helper::EnableRewards(browser());
-  contribution_->SetUpUpholdWallet(50.0);
+  contribution_->SetUpUpholdWallet(rewards_service_, 50.0);
   contribution_->AddBalance(promotion_->ClaimPromotionViaCode());
 
   contribution_->TipPublisher(

components/brave_rewards/browser/test/rewards_state_browsertest.cc

@@ -224,7 +224,7 @@ IN_PROC_BROWSER_TEST_F(RewardsStateBrowserTest, State_2) {
   rewards_browsertest_util::EnableRewardsViaCode(browser(), rewards_service_);
   const std::string wallet = R"({"payment_id":"eea767c4-cd27-4411-afd4-78a9c6b54dbc","recovery_seed":"PgFfhazUJuf8dX+8ckTjrtK1KMLyrfXmKJFDiS1Ad3I="})";  // NOLINT
   EXPECT_EQ(
-      profile_->GetPrefs()->GetString("brave.rewards.wallets.brave"),
+      rewards_service_->GetEncryptedStringState("wallets.brave"),
       wallet);
   EXPECT_EQ(
       profile_->GetPrefs()->GetUint64("brave.rewards.creation_stamp"),

components/services/bat_ledger/bat_ledger_client_mojo_bridge.cc

@@ -371,4 +371,19 @@ void BatLedgerClientMojoBridge::DeleteLog(
       base::BindOnce(&OnDeleteLog, std::move(callback)));
 }
 
+bool BatLedgerClientMojoBridge::SetEncryptedStringState(
+    const std::string& name,
+    const std::string& value) {
+  bool success;
+  bat_ledger_client_->SetEncryptedStringState(name, value, &success);
+  return success;
+}
+
+std::string BatLedgerClientMojoBridge::GetEncryptedStringState(
+    const std::string& name) {
+  std::string value;
+  bat_ledger_client_->GetEncryptedStringState(name, &value);
+  return value;
+}
+
 }  // namespace bat_ledger

components/services/bat_ledger/bat_ledger_client_mojo_bridge.h

@@ -118,6 +118,12 @@ class BatLedgerClientMojoBridge :
 
   void DeleteLog(ledger::client::ResultCallback callback) override;
 
+  bool SetEncryptedStringState(
+      const std::string& name,
+      const std::string& value) override;
+
+  std::string GetEncryptedStringState(const std::string& name) override;
+
  private:
   bool Connected() const;
 

components/services/bat_ledger/public/cpp/ledger_client_mojo_bridge.cc

@@ -377,4 +377,17 @@ void LedgerClientMojoBridge::DeleteLog(DeleteLogCallback callback) {
                 _1));
 }
 
+void LedgerClientMojoBridge::SetEncryptedStringState(
+    const std::string& name,
+    const std::string& value,
+    SetEncryptedStringStateCallback callback) {
+  std::move(callback).Run(ledger_client_->SetEncryptedStringState(name, value));
+}
+
+void LedgerClientMojoBridge::GetEncryptedStringState(
+    const std::string& name,
+    GetEncryptedStringStateCallback callback) {
+  std::move(callback).Run(ledger_client_->GetEncryptedStringState(name));
+}
+
 }  // namespace bat_ledger

components/services/bat_ledger/public/cpp/ledger_client_mojo_bridge.h

@@ -133,6 +133,15 @@ class LedgerClientMojoBridge :
 
   void DeleteLog(DeleteLogCallback callback) override;
 
+  void SetEncryptedStringState(
+      const std::string& name,
+      const std::string& value,
+      SetEncryptedStringStateCallback callback) override;
+
+  void GetEncryptedStringState(
+      const std::string& name,
+      GetEncryptedStringStateCallback callback) override;
+
  private:
   // workaround to pass base::OnceCallback into std::bind
   template <typename Callback>

components/services/bat_ledger/public/interfaces/bat_ledger.mojom

@@ -241,4 +241,10 @@ interface BatLedgerClient {
   WalletDisconnected(string wallet_type);
 
   DeleteLog() => (ledger.mojom.Result result);
+
+  [Sync]
+  SetEncryptedStringState(string name, string value) => (bool success);
+
+  [Sync]
+  GetEncryptedStringState(string name) => (string value);
 };

vendor/bat-native-ledger/BUILD.gn

@@ -451,6 +451,8 @@ source_set("ledger") {
     "src/bat/ledger/internal/state/state_migration_v5.h",
     "src/bat/ledger/internal/state/state_migration_v6.cc",
     "src/bat/ledger/internal/state/state_migration_v6.h",
+    "src/bat/ledger/internal/state/state_migration_v7.cc",
+    "src/bat/ledger/internal/state/state_migration_v7.h",
     "src/bat/ledger/internal/uphold/uphold.h",
     "src/bat/ledger/internal/uphold/uphold.cc",
     "src/bat/ledger/internal/uphold/uphold_authorization.h",

vendor/bat-native-ledger/include/bat/ledger/ledger_client.h

@@ -152,6 +152,12 @@ class LEDGER_EXPORT LedgerClient {
   virtual void WalletDisconnected(const std::string& wallet_type) = 0;
 
   virtual void DeleteLog(client::ResultCallback callback) = 0;
+
+  virtual bool SetEncryptedStringState(
+      const std::string& name,
+      const std::string& value) = 0;
+
+  virtual std::string GetEncryptedStringState(const std::string& name) = 0;
 };
 
 }  // namespace ledger

vendor/bat-native-ledger/src/bat/ledger/internal/endpoint/payment/post_transaction_anon/post_transaction_anon_unittest.cc

@@ -48,7 +48,7 @@ class PostTransactionAnonTest : public testing::Test {
       "payment_id":"fa5dea51-6af4-44ca-801b-07b6df3dcfe4",
       "recovery_seed":"AN6DLuI2iZzzDxpzywf+IKmK1nzFRarNswbaIDI3pQg="
     })";
-    ON_CALL(*mock_ledger_client_, GetStringState(state::kWalletBrave))
+    ON_CALL(*mock_ledger_client_, GetEncryptedStringState(state::kWalletBrave))
       .WillByDefault(testing::Return(wallet));
   }
 };

vendor/bat-native-ledger/src/bat/ledger/internal/endpoint/promotion/post_bat_loss/post_bat_loss_unittest.cc

@@ -46,7 +46,7 @@ class PostBatLossTest : public testing::Test {
       "payment_id":"fa5dea51-6af4-44ca-801b-07b6df3dcfe4",
       "recovery_seed":"AN6DLuI2iZzzDxpzywf+IKmK1nzFRarNswbaIDI3pQg="
     })";
-    ON_CALL(*mock_ledger_client_, GetStringState(state::kWalletBrave))
+    ON_CALL(*mock_ledger_client_, GetEncryptedStringState(state::kWalletBrave))
       .WillByDefault(testing::Return(wallet));
   }
 };

vendor/bat-native-ledger/src/bat/ledger/internal/endpoint/promotion/post_creds/post_creds_unittest.cc

@@ -47,7 +47,7 @@ class PostCredsTest : public testing::Test {
       "payment_id":"fa5dea51-6af4-44ca-801b-07b6df3dcfe4",
       "recovery_seed":"AN6DLuI2iZzzDxpzywf+IKmK1nzFRarNswbaIDI3pQg="
     })";
-    ON_CALL(*mock_ledger_client_, GetStringState(state::kWalletBrave))
+    ON_CALL(*mock_ledger_client_, GetEncryptedStringState(state::kWalletBrave))
       .WillByDefault(testing::Return(wallet));
   }
 };

vendor/bat-native-ledger/src/bat/ledger/internal/endpoint/promotion/post_suggestions_claim/post_suggestions_claim_unittest.cc

@@ -46,7 +46,7 @@ class PostSuggestionsClaimTest : public testing::Test {
       "payment_id":"fa5dea51-6af4-44ca-801b-07b6df3dcfe4",
       "recovery_seed":"AN6DLuI2iZzzDxpzywf+IKmK1nzFRarNswbaIDI3pQg="
     })";
-    ON_CALL(*mock_ledger_client_, GetStringState(state::kWalletBrave))
+    ON_CALL(*mock_ledger_client_, GetEncryptedStringState(state::kWalletBrave))
       .WillByDefault(testing::Return(wallet));
   }
 };

vendor/bat-native-ledger/src/bat/ledger/internal/endpoint/promotion/post_wallet_brave/post_wallet_brave_unittest.cc

@@ -46,7 +46,7 @@ class PostWalletBraveTest : public testing::Test {
       "payment_id":"fa5dea51-6af4-44ca-801b-07b6df3dcfe4",
       "recovery_seed":"AN6DLuI2iZzzDxpzywf+IKmK1nzFRarNswbaIDI3pQg="
     })";
-    ON_CALL(*mock_ledger_client_, GetStringState(state::kWalletBrave))
+    ON_CALL(*mock_ledger_client_, GetEncryptedStringState(state::kWalletBrave))
       .WillByDefault(testing::Return(wallet));
   }
 };

vendor/bat-native-ledger/src/bat/ledger/internal/ledger_client_mock.h

@@ -156,6 +156,12 @@ class MockLedgerClient : public LedgerClient {
   MOCK_METHOD1(DeleteLog, void(const client::ResultCallback callback));
 
   MOCK_METHOD0(GetLegacyWallet, std::string());
+
+  MOCK_METHOD2(
+      SetEncryptedStringState,
+      bool(const std::string&, const std::string&));
+
+  MOCK_METHOD1(GetEncryptedStringState, std::string(const std::string&));
 };
 
 }  // namespace ledger