Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 1 | // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #include "chrome/browser/net/sqlite_server_bound_cert_store.h" |
| 6 | |
| 7 | #include <list> |
| 8 | #include <set> |
| 9 | |
| 10 | #include "base/basictypes.h" |
| 11 | #include "base/bind.h" |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 12 | #include "base/file_util.h" |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 13 | #include "base/files/file_path.h" |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 14 | #include "base/logging.h" |
| 15 | #include "base/memory/scoped_ptr.h" |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 16 | #include "base/metrics/histogram.h" |
Torne (Richard Coles) | 868fa2f | 2013-06-11 10:57:03 +0100 | [diff] [blame] | 17 | #include "base/strings/string_util.h" |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 18 | #include "base/threading/thread.h" |
| 19 | #include "base/threading/thread_restrictions.h" |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 20 | #include "content/public/browser/browser_thread.h" |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 21 | #include "net/cert/x509_certificate.h" |
| 22 | #include "net/cookies/cookie_util.h" |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 23 | #include "net/ssl/ssl_client_cert_type.h" |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 24 | #include "sql/error_delegate_util.h" |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 25 | #include "sql/meta_table.h" |
| 26 | #include "sql/statement.h" |
| 27 | #include "sql/transaction.h" |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 28 | #include "third_party/sqlite/sqlite3.h" |
Ben Murdoch | eb525c5 | 2013-07-10 11:40:50 +0100 | [diff] [blame] | 29 | #include "url/gurl.h" |
Torne (Richard Coles) | 868fa2f | 2013-06-11 10:57:03 +0100 | [diff] [blame] | 30 | #include "webkit/browser/quota/special_storage_policy.h" |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 31 | |
| 32 | using content::BrowserThread; |
| 33 | |
| 34 | // This class is designed to be shared between any calling threads and the |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 35 | // database thread. It batches operations and commits them on a timer. |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 36 | class SQLiteServerBoundCertStore::Backend |
| 37 | : public base::RefCountedThreadSafe<SQLiteServerBoundCertStore::Backend> { |
| 38 | public: |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 39 | Backend(const base::FilePath& path, |
| 40 | quota::SpecialStoragePolicy* special_storage_policy) |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 41 | : path_(path), |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 42 | num_pending_(0), |
| 43 | force_keep_session_state_(false), |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 44 | special_storage_policy_(special_storage_policy), |
Torne (Richard Coles) | 7d4cd47 | 2013-06-19 11:58:07 +0100 | [diff] [blame] | 45 | corruption_detected_(false) {} |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 46 | |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 47 | // Creates or loads the SQLite database. |
| 48 | void Load(const LoadedCallback& loaded_callback); |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 49 | |
| 50 | // Batch a server bound cert addition. |
| 51 | void AddServerBoundCert( |
| 52 | const net::DefaultServerBoundCertStore::ServerBoundCert& cert); |
| 53 | |
| 54 | // Batch a server bound cert deletion. |
| 55 | void DeleteServerBoundCert( |
| 56 | const net::DefaultServerBoundCertStore::ServerBoundCert& cert); |
| 57 | |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 58 | // Commit any pending operations and close the database. This must be called |
| 59 | // before the object is destructed. |
| 60 | void Close(); |
| 61 | |
| 62 | void SetForceKeepSessionState(); |
| 63 | |
| 64 | private: |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 65 | void LoadOnDBThreadAndNotify(const LoadedCallback& loaded_callback); |
| 66 | void LoadOnDBThread( |
| 67 | std::vector<net::DefaultServerBoundCertStore::ServerBoundCert*>* certs); |
| 68 | |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 69 | friend class base::RefCountedThreadSafe<SQLiteServerBoundCertStore::Backend>; |
| 70 | |
| 71 | // You should call Close() before destructing this object. |
| 72 | ~Backend() { |
| 73 | DCHECK(!db_.get()) << "Close should have already been called."; |
| 74 | DCHECK(num_pending_ == 0 && pending_.empty()); |
| 75 | } |
| 76 | |
| 77 | // Database upgrade statements. |
| 78 | bool EnsureDatabaseVersion(); |
| 79 | |
| 80 | class PendingOperation { |
| 81 | public: |
| 82 | typedef enum { |
| 83 | CERT_ADD, |
| 84 | CERT_DELETE |
| 85 | } OperationType; |
| 86 | |
| 87 | PendingOperation( |
| 88 | OperationType op, |
| 89 | const net::DefaultServerBoundCertStore::ServerBoundCert& cert) |
| 90 | : op_(op), cert_(cert) {} |
| 91 | |
| 92 | OperationType op() const { return op_; } |
| 93 | const net::DefaultServerBoundCertStore::ServerBoundCert& cert() const { |
| 94 | return cert_; |
| 95 | } |
| 96 | |
| 97 | private: |
| 98 | OperationType op_; |
| 99 | net::DefaultServerBoundCertStore::ServerBoundCert cert_; |
| 100 | }; |
| 101 | |
| 102 | private: |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 103 | // Batch a server bound cert operation (add or delete). |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 104 | void BatchOperation( |
| 105 | PendingOperation::OperationType op, |
| 106 | const net::DefaultServerBoundCertStore::ServerBoundCert& cert); |
| 107 | // Commit our pending operations to the database. |
| 108 | void Commit(); |
| 109 | // Close() executed on the background thread. |
| 110 | void InternalBackgroundClose(); |
| 111 | |
| 112 | void DeleteCertificatesOnShutdown(); |
| 113 | |
Torne (Richard Coles) | 868fa2f | 2013-06-11 10:57:03 +0100 | [diff] [blame] | 114 | void DatabaseErrorCallback(int error, sql::Statement* stmt); |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 115 | void KillDatabase(); |
| 116 | |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 117 | base::FilePath path_; |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 118 | scoped_ptr<sql::Connection> db_; |
| 119 | sql::MetaTable meta_table_; |
| 120 | |
| 121 | typedef std::list<PendingOperation*> PendingOperationsList; |
| 122 | PendingOperationsList pending_; |
| 123 | PendingOperationsList::size_type num_pending_; |
| 124 | // True if the persistent store should skip clear on exit rules. |
| 125 | bool force_keep_session_state_; |
| 126 | // Guard |pending_|, |num_pending_| and |force_keep_session_state_|. |
| 127 | base::Lock lock_; |
| 128 | |
| 129 | // Cache of origins we have certificates stored for. |
| 130 | std::set<std::string> cert_origins_; |
| 131 | |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 132 | scoped_refptr<quota::SpecialStoragePolicy> special_storage_policy_; |
| 133 | |
| 134 | // Indicates if the kill-database callback has been scheduled. |
| 135 | bool corruption_detected_; |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 136 | |
| 137 | DISALLOW_COPY_AND_ASSIGN(Backend); |
| 138 | }; |
| 139 | |
| 140 | // Version number of the database. |
| 141 | static const int kCurrentVersionNumber = 4; |
| 142 | static const int kCompatibleVersionNumber = 1; |
| 143 | |
| 144 | namespace { |
| 145 | |
| 146 | // Initializes the certs table, returning true on success. |
| 147 | bool InitTable(sql::Connection* db) { |
| 148 | // The table is named "origin_bound_certs" for backwards compatability before |
| 149 | // we renamed this class to SQLiteServerBoundCertStore. Likewise, the primary |
| 150 | // key is "origin", but now can be other things like a plain domain. |
| 151 | if (!db->DoesTableExist("origin_bound_certs")) { |
| 152 | if (!db->Execute("CREATE TABLE origin_bound_certs (" |
| 153 | "origin TEXT NOT NULL UNIQUE PRIMARY KEY," |
| 154 | "private_key BLOB NOT NULL," |
| 155 | "cert BLOB NOT NULL," |
| 156 | "cert_type INTEGER," |
| 157 | "expiration_time INTEGER," |
| 158 | "creation_time INTEGER)")) |
| 159 | return false; |
| 160 | } |
| 161 | |
| 162 | return true; |
| 163 | } |
| 164 | |
| 165 | } // namespace |
| 166 | |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 167 | void SQLiteServerBoundCertStore::Backend::Load( |
| 168 | const LoadedCallback& loaded_callback) { |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 169 | // This function should be called only once per instance. |
| 170 | DCHECK(!db_.get()); |
| 171 | |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 172 | BrowserThread::PostTask( |
| 173 | BrowserThread::DB, FROM_HERE, |
| 174 | base::Bind(&Backend::LoadOnDBThreadAndNotify, this, loaded_callback)); |
| 175 | } |
| 176 | |
| 177 | void SQLiteServerBoundCertStore::Backend::LoadOnDBThreadAndNotify( |
| 178 | const LoadedCallback& loaded_callback) { |
| 179 | DCHECK(BrowserThread::CurrentlyOn(BrowserThread::DB)); |
| 180 | scoped_ptr<ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> > |
| 181 | certs(new ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert>( |
| 182 | )); |
| 183 | |
| 184 | LoadOnDBThread(&certs->get()); |
| 185 | |
| 186 | BrowserThread::PostTask( |
| 187 | BrowserThread::IO, FROM_HERE, |
| 188 | base::Bind(loaded_callback, base::Passed(&certs))); |
| 189 | } |
| 190 | |
| 191 | void SQLiteServerBoundCertStore::Backend::LoadOnDBThread( |
| 192 | std::vector<net::DefaultServerBoundCertStore::ServerBoundCert*>* certs) { |
| 193 | DCHECK(BrowserThread::CurrentlyOn(BrowserThread::DB)); |
| 194 | |
| 195 | // This method should be called only once per instance. |
| 196 | DCHECK(!db_.get()); |
| 197 | |
| 198 | base::TimeTicks start = base::TimeTicks::Now(); |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 199 | |
| 200 | // Ensure the parent directory for storing certs is created before reading |
| 201 | // from it. |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 202 | const base::FilePath dir = path_.DirName(); |
Ben Murdoch | 7dbb3d5 | 2013-07-17 14:55:54 +0100 | [diff] [blame] | 203 | if (!base::PathExists(dir) && !file_util::CreateDirectory(dir)) |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 204 | return; |
| 205 | |
| 206 | int64 db_size = 0; |
| 207 | if (file_util::GetFileSize(path_, &db_size)) |
| 208 | UMA_HISTOGRAM_COUNTS("DomainBoundCerts.DBSizeInKB", db_size / 1024 ); |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 209 | |
| 210 | db_.reset(new sql::Connection); |
Torne (Richard Coles) | 90dce4d | 2013-05-29 14:40:03 +0100 | [diff] [blame] | 211 | db_->set_histogram_tag("DomainBoundCerts"); |
Torne (Richard Coles) | 868fa2f | 2013-06-11 10:57:03 +0100 | [diff] [blame] | 212 | |
| 213 | // Unretained to avoid a ref loop with db_. |
| 214 | db_->set_error_callback( |
| 215 | base::Bind(&SQLiteServerBoundCertStore::Backend::DatabaseErrorCallback, |
| 216 | base::Unretained(this))); |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 217 | |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 218 | if (!db_->Open(path_)) { |
| 219 | NOTREACHED() << "Unable to open cert DB."; |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 220 | if (corruption_detected_) |
| 221 | KillDatabase(); |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 222 | db_.reset(); |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 223 | return; |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 224 | } |
| 225 | |
| 226 | if (!EnsureDatabaseVersion() || !InitTable(db_.get())) { |
| 227 | NOTREACHED() << "Unable to open cert DB."; |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 228 | if (corruption_detected_) |
| 229 | KillDatabase(); |
| 230 | meta_table_.Reset(); |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 231 | db_.reset(); |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 232 | return; |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 233 | } |
| 234 | |
| 235 | db_->Preload(); |
| 236 | |
| 237 | // Slurp all the certs into the out-vector. |
| 238 | sql::Statement smt(db_->GetUniqueStatement( |
| 239 | "SELECT origin, private_key, cert, cert_type, expiration_time, " |
| 240 | "creation_time FROM origin_bound_certs")); |
| 241 | if (!smt.is_valid()) { |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 242 | if (corruption_detected_) |
| 243 | KillDatabase(); |
| 244 | meta_table_.Reset(); |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 245 | db_.reset(); |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 246 | return; |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 247 | } |
| 248 | |
| 249 | while (smt.Step()) { |
| 250 | std::string private_key_from_db, cert_from_db; |
| 251 | smt.ColumnBlobAsString(1, &private_key_from_db); |
| 252 | smt.ColumnBlobAsString(2, &cert_from_db); |
| 253 | scoped_ptr<net::DefaultServerBoundCertStore::ServerBoundCert> cert( |
| 254 | new net::DefaultServerBoundCertStore::ServerBoundCert( |
| 255 | smt.ColumnString(0), // origin |
| 256 | static_cast<net::SSLClientCertType>(smt.ColumnInt(3)), |
| 257 | base::Time::FromInternalValue(smt.ColumnInt64(5)), |
| 258 | base::Time::FromInternalValue(smt.ColumnInt64(4)), |
| 259 | private_key_from_db, |
| 260 | cert_from_db)); |
| 261 | cert_origins_.insert(cert->server_identifier()); |
| 262 | certs->push_back(cert.release()); |
| 263 | } |
| 264 | |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 265 | UMA_HISTOGRAM_COUNTS_10000("DomainBoundCerts.DBLoadedCount", certs->size()); |
| 266 | base::TimeDelta load_time = base::TimeTicks::Now() - start; |
| 267 | UMA_HISTOGRAM_CUSTOM_TIMES("DomainBoundCerts.DBLoadTime", |
| 268 | load_time, |
| 269 | base::TimeDelta::FromMilliseconds(1), |
| 270 | base::TimeDelta::FromMinutes(1), |
| 271 | 50); |
| 272 | DVLOG(1) << "loaded " << certs->size() << " in " << load_time.InMilliseconds() |
| 273 | << " ms"; |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 274 | } |
| 275 | |
| 276 | bool SQLiteServerBoundCertStore::Backend::EnsureDatabaseVersion() { |
| 277 | // Version check. |
| 278 | if (!meta_table_.Init( |
| 279 | db_.get(), kCurrentVersionNumber, kCompatibleVersionNumber)) { |
| 280 | return false; |
| 281 | } |
| 282 | |
| 283 | if (meta_table_.GetCompatibleVersionNumber() > kCurrentVersionNumber) { |
| 284 | LOG(WARNING) << "Server bound cert database is too new."; |
| 285 | return false; |
| 286 | } |
| 287 | |
| 288 | int cur_version = meta_table_.GetVersionNumber(); |
| 289 | if (cur_version == 1) { |
| 290 | sql::Transaction transaction(db_.get()); |
| 291 | if (!transaction.Begin()) |
| 292 | return false; |
| 293 | if (!db_->Execute("ALTER TABLE origin_bound_certs ADD COLUMN cert_type " |
| 294 | "INTEGER")) { |
| 295 | LOG(WARNING) << "Unable to update server bound cert database to " |
| 296 | << "version 2."; |
| 297 | return false; |
| 298 | } |
| 299 | // All certs in version 1 database are rsa_sign, which has a value of 1. |
| 300 | if (!db_->Execute("UPDATE origin_bound_certs SET cert_type = 1")) { |
| 301 | LOG(WARNING) << "Unable to update server bound cert database to " |
| 302 | << "version 2."; |
| 303 | return false; |
| 304 | } |
| 305 | ++cur_version; |
| 306 | meta_table_.SetVersionNumber(cur_version); |
| 307 | meta_table_.SetCompatibleVersionNumber( |
| 308 | std::min(cur_version, kCompatibleVersionNumber)); |
| 309 | transaction.Commit(); |
| 310 | } |
| 311 | |
| 312 | if (cur_version <= 3) { |
| 313 | sql::Transaction transaction(db_.get()); |
| 314 | if (!transaction.Begin()) |
| 315 | return false; |
| 316 | |
| 317 | if (cur_version == 2) { |
| 318 | if (!db_->Execute("ALTER TABLE origin_bound_certs ADD COLUMN " |
| 319 | "expiration_time INTEGER")) { |
| 320 | LOG(WARNING) << "Unable to update server bound cert database to " |
| 321 | << "version 4."; |
| 322 | return false; |
| 323 | } |
| 324 | } |
| 325 | |
| 326 | if (!db_->Execute("ALTER TABLE origin_bound_certs ADD COLUMN " |
| 327 | "creation_time INTEGER")) { |
| 328 | LOG(WARNING) << "Unable to update server bound cert database to " |
| 329 | << "version 4."; |
| 330 | return false; |
| 331 | } |
| 332 | |
| 333 | sql::Statement smt(db_->GetUniqueStatement( |
| 334 | "SELECT origin, cert FROM origin_bound_certs")); |
| 335 | sql::Statement update_expires_smt(db_->GetUniqueStatement( |
| 336 | "UPDATE origin_bound_certs SET expiration_time = ? WHERE origin = ?")); |
| 337 | sql::Statement update_creation_smt(db_->GetUniqueStatement( |
| 338 | "UPDATE origin_bound_certs SET creation_time = ? WHERE origin = ?")); |
| 339 | if (!smt.is_valid() || |
| 340 | !update_expires_smt.is_valid() || |
| 341 | !update_creation_smt.is_valid()) { |
| 342 | LOG(WARNING) << "Unable to update server bound cert database to " |
| 343 | << "version 4."; |
| 344 | return false; |
| 345 | } |
| 346 | |
| 347 | while (smt.Step()) { |
| 348 | std::string origin = smt.ColumnString(0); |
| 349 | std::string cert_from_db; |
| 350 | smt.ColumnBlobAsString(1, &cert_from_db); |
| 351 | // Parse the cert and extract the real value and then update the DB. |
| 352 | scoped_refptr<net::X509Certificate> cert( |
| 353 | net::X509Certificate::CreateFromBytes( |
| 354 | cert_from_db.data(), cert_from_db.size())); |
Torne (Richard Coles) | 868fa2f | 2013-06-11 10:57:03 +0100 | [diff] [blame] | 355 | if (cert.get()) { |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 356 | if (cur_version == 2) { |
| 357 | update_expires_smt.Reset(true); |
| 358 | update_expires_smt.BindInt64(0, |
| 359 | cert->valid_expiry().ToInternalValue()); |
| 360 | update_expires_smt.BindString(1, origin); |
| 361 | if (!update_expires_smt.Run()) { |
| 362 | LOG(WARNING) << "Unable to update server bound cert database to " |
| 363 | << "version 4."; |
| 364 | return false; |
| 365 | } |
| 366 | } |
| 367 | |
| 368 | update_creation_smt.Reset(true); |
| 369 | update_creation_smt.BindInt64(0, cert->valid_start().ToInternalValue()); |
| 370 | update_creation_smt.BindString(1, origin); |
| 371 | if (!update_creation_smt.Run()) { |
| 372 | LOG(WARNING) << "Unable to update server bound cert database to " |
| 373 | << "version 4."; |
| 374 | return false; |
| 375 | } |
| 376 | } else { |
| 377 | // If there's a cert we can't parse, just leave it. It'll get replaced |
| 378 | // with a new one if we ever try to use it. |
| 379 | LOG(WARNING) << "Error parsing cert for database upgrade for origin " |
| 380 | << smt.ColumnString(0); |
| 381 | } |
| 382 | } |
| 383 | |
| 384 | cur_version = 4; |
| 385 | meta_table_.SetVersionNumber(cur_version); |
| 386 | meta_table_.SetCompatibleVersionNumber( |
| 387 | std::min(cur_version, kCompatibleVersionNumber)); |
| 388 | transaction.Commit(); |
| 389 | } |
| 390 | |
| 391 | // Put future migration cases here. |
| 392 | |
| 393 | // When the version is too old, we just try to continue anyway, there should |
| 394 | // not be a released product that makes a database too old for us to handle. |
| 395 | LOG_IF(WARNING, cur_version < kCurrentVersionNumber) << |
| 396 | "Server bound cert database version " << cur_version << |
| 397 | " is too old to handle."; |
| 398 | |
| 399 | return true; |
| 400 | } |
| 401 | |
Torne (Richard Coles) | 868fa2f | 2013-06-11 10:57:03 +0100 | [diff] [blame] | 402 | void SQLiteServerBoundCertStore::Backend::DatabaseErrorCallback( |
| 403 | int error, |
| 404 | sql::Statement* stmt) { |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 405 | DCHECK(BrowserThread::CurrentlyOn(BrowserThread::DB)); |
| 406 | |
Torne (Richard Coles) | 868fa2f | 2013-06-11 10:57:03 +0100 | [diff] [blame] | 407 | if (!sql::IsErrorCatastrophic(error)) |
| 408 | return; |
| 409 | |
| 410 | // TODO(shess): Running KillDatabase() multiple times should be |
| 411 | // safe. |
| 412 | if (corruption_detected_) |
| 413 | return; |
| 414 | |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 415 | corruption_detected_ = true; |
| 416 | |
Torne (Richard Coles) | 868fa2f | 2013-06-11 10:57:03 +0100 | [diff] [blame] | 417 | // TODO(shess): Consider just calling RazeAndClose() immediately. |
| 418 | // db_ may not be safe to reset at this point, but RazeAndClose() |
| 419 | // would cause the stack to unwind safely with errors. |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 420 | BrowserThread::PostTask(BrowserThread::DB, FROM_HERE, |
| 421 | base::Bind(&Backend::KillDatabase, this)); |
| 422 | } |
| 423 | |
| 424 | void SQLiteServerBoundCertStore::Backend::KillDatabase() { |
| 425 | DCHECK(BrowserThread::CurrentlyOn(BrowserThread::DB)); |
| 426 | |
| 427 | if (db_) { |
| 428 | // This Backend will now be in-memory only. In a future run the database |
| 429 | // will be recreated. Hopefully things go better then! |
| 430 | bool success = db_->RazeAndClose(); |
| 431 | UMA_HISTOGRAM_BOOLEAN("DomainBoundCerts.KillDatabaseResult", success); |
| 432 | meta_table_.Reset(); |
| 433 | db_.reset(); |
| 434 | } |
| 435 | } |
| 436 | |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 437 | void SQLiteServerBoundCertStore::Backend::AddServerBoundCert( |
| 438 | const net::DefaultServerBoundCertStore::ServerBoundCert& cert) { |
| 439 | BatchOperation(PendingOperation::CERT_ADD, cert); |
| 440 | } |
| 441 | |
| 442 | void SQLiteServerBoundCertStore::Backend::DeleteServerBoundCert( |
| 443 | const net::DefaultServerBoundCertStore::ServerBoundCert& cert) { |
| 444 | BatchOperation(PendingOperation::CERT_DELETE, cert); |
| 445 | } |
| 446 | |
| 447 | void SQLiteServerBoundCertStore::Backend::BatchOperation( |
| 448 | PendingOperation::OperationType op, |
| 449 | const net::DefaultServerBoundCertStore::ServerBoundCert& cert) { |
| 450 | // Commit every 30 seconds. |
| 451 | static const int kCommitIntervalMs = 30 * 1000; |
| 452 | // Commit right away if we have more than 512 outstanding operations. |
| 453 | static const size_t kCommitAfterBatchSize = 512; |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 454 | |
| 455 | // We do a full copy of the cert here, and hopefully just here. |
| 456 | scoped_ptr<PendingOperation> po(new PendingOperation(op, cert)); |
| 457 | |
| 458 | PendingOperationsList::size_type num_pending; |
| 459 | { |
| 460 | base::AutoLock locked(lock_); |
| 461 | pending_.push_back(po.release()); |
| 462 | num_pending = ++num_pending_; |
| 463 | } |
| 464 | |
| 465 | if (num_pending == 1) { |
| 466 | // We've gotten our first entry for this batch, fire off the timer. |
| 467 | BrowserThread::PostDelayedTask( |
| 468 | BrowserThread::DB, FROM_HERE, |
| 469 | base::Bind(&Backend::Commit, this), |
| 470 | base::TimeDelta::FromMilliseconds(kCommitIntervalMs)); |
| 471 | } else if (num_pending == kCommitAfterBatchSize) { |
| 472 | // We've reached a big enough batch, fire off a commit now. |
| 473 | BrowserThread::PostTask( |
| 474 | BrowserThread::DB, FROM_HERE, |
| 475 | base::Bind(&Backend::Commit, this)); |
| 476 | } |
| 477 | } |
| 478 | |
| 479 | void SQLiteServerBoundCertStore::Backend::Commit() { |
| 480 | DCHECK(BrowserThread::CurrentlyOn(BrowserThread::DB)); |
| 481 | |
| 482 | PendingOperationsList ops; |
| 483 | { |
| 484 | base::AutoLock locked(lock_); |
| 485 | pending_.swap(ops); |
| 486 | num_pending_ = 0; |
| 487 | } |
| 488 | |
| 489 | // Maybe an old timer fired or we are already Close()'ed. |
| 490 | if (!db_.get() || ops.empty()) |
| 491 | return; |
| 492 | |
| 493 | sql::Statement add_smt(db_->GetCachedStatement(SQL_FROM_HERE, |
| 494 | "INSERT INTO origin_bound_certs (origin, private_key, cert, cert_type, " |
| 495 | "expiration_time, creation_time) VALUES (?,?,?,?,?,?)")); |
| 496 | if (!add_smt.is_valid()) |
| 497 | return; |
| 498 | |
| 499 | sql::Statement del_smt(db_->GetCachedStatement(SQL_FROM_HERE, |
| 500 | "DELETE FROM origin_bound_certs WHERE origin=?")); |
| 501 | if (!del_smt.is_valid()) |
| 502 | return; |
| 503 | |
| 504 | sql::Transaction transaction(db_.get()); |
| 505 | if (!transaction.Begin()) |
| 506 | return; |
| 507 | |
| 508 | for (PendingOperationsList::iterator it = ops.begin(); |
| 509 | it != ops.end(); ++it) { |
| 510 | // Free the certs as we commit them to the database. |
| 511 | scoped_ptr<PendingOperation> po(*it); |
| 512 | switch (po->op()) { |
| 513 | case PendingOperation::CERT_ADD: { |
| 514 | cert_origins_.insert(po->cert().server_identifier()); |
| 515 | add_smt.Reset(true); |
| 516 | add_smt.BindString(0, po->cert().server_identifier()); |
| 517 | const std::string& private_key = po->cert().private_key(); |
| 518 | add_smt.BindBlob(1, private_key.data(), private_key.size()); |
| 519 | const std::string& cert = po->cert().cert(); |
| 520 | add_smt.BindBlob(2, cert.data(), cert.size()); |
| 521 | add_smt.BindInt(3, po->cert().type()); |
| 522 | add_smt.BindInt64(4, po->cert().expiration_time().ToInternalValue()); |
| 523 | add_smt.BindInt64(5, po->cert().creation_time().ToInternalValue()); |
| 524 | if (!add_smt.Run()) |
| 525 | NOTREACHED() << "Could not add a server bound cert to the DB."; |
| 526 | break; |
| 527 | } |
| 528 | case PendingOperation::CERT_DELETE: |
| 529 | cert_origins_.erase(po->cert().server_identifier()); |
| 530 | del_smt.Reset(true); |
| 531 | del_smt.BindString(0, po->cert().server_identifier()); |
| 532 | if (!del_smt.Run()) |
| 533 | NOTREACHED() << "Could not delete a server bound cert from the DB."; |
| 534 | break; |
| 535 | |
| 536 | default: |
| 537 | NOTREACHED(); |
| 538 | break; |
| 539 | } |
| 540 | } |
| 541 | transaction.Commit(); |
| 542 | } |
| 543 | |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 544 | // Fire off a close message to the background thread. We could still have a |
| 545 | // pending commit timer that will be holding a reference on us, but if/when |
| 546 | // this fires we will already have been cleaned up and it will be ignored. |
| 547 | void SQLiteServerBoundCertStore::Backend::Close() { |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 548 | // Must close the backend on the background thread. |
| 549 | BrowserThread::PostTask( |
| 550 | BrowserThread::DB, FROM_HERE, |
| 551 | base::Bind(&Backend::InternalBackgroundClose, this)); |
| 552 | } |
| 553 | |
| 554 | void SQLiteServerBoundCertStore::Backend::InternalBackgroundClose() { |
| 555 | DCHECK(BrowserThread::CurrentlyOn(BrowserThread::DB)); |
| 556 | // Commit any pending operations |
| 557 | Commit(); |
| 558 | |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 559 | if (!force_keep_session_state_ && |
| 560 | special_storage_policy_.get() && |
| 561 | special_storage_policy_->HasSessionOnlyOrigins()) { |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 562 | DeleteCertificatesOnShutdown(); |
| 563 | } |
| 564 | |
| 565 | db_.reset(); |
| 566 | } |
| 567 | |
| 568 | void SQLiteServerBoundCertStore::Backend::DeleteCertificatesOnShutdown() { |
| 569 | DCHECK(BrowserThread::CurrentlyOn(BrowserThread::DB)); |
| 570 | |
| 571 | if (!db_.get()) |
| 572 | return; |
| 573 | |
| 574 | if (cert_origins_.empty()) |
| 575 | return; |
| 576 | |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 577 | if (!special_storage_policy_.get()) |
| 578 | return; |
| 579 | |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 580 | sql::Statement del_smt(db_->GetCachedStatement( |
| 581 | SQL_FROM_HERE, "DELETE FROM origin_bound_certs WHERE origin=?")); |
| 582 | if (!del_smt.is_valid()) { |
| 583 | LOG(WARNING) << "Unable to delete certificates on shutdown."; |
| 584 | return; |
| 585 | } |
| 586 | |
| 587 | sql::Transaction transaction(db_.get()); |
| 588 | if (!transaction.Begin()) { |
| 589 | LOG(WARNING) << "Unable to delete certificates on shutdown."; |
| 590 | return; |
| 591 | } |
| 592 | |
| 593 | for (std::set<std::string>::iterator it = cert_origins_.begin(); |
| 594 | it != cert_origins_.end(); ++it) { |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 595 | const GURL url(net::cookie_util::CookieOriginToURL(*it, true)); |
| 596 | if (!url.is_valid() || !special_storage_policy_->IsStorageSessionOnly(url)) |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 597 | continue; |
| 598 | del_smt.Reset(true); |
| 599 | del_smt.BindString(0, *it); |
| 600 | if (!del_smt.Run()) |
| 601 | NOTREACHED() << "Could not delete a certificate from the DB."; |
| 602 | } |
| 603 | |
| 604 | if (!transaction.Commit()) |
| 605 | LOG(WARNING) << "Unable to delete certificates on shutdown."; |
| 606 | } |
| 607 | |
| 608 | void SQLiteServerBoundCertStore::Backend::SetForceKeepSessionState() { |
| 609 | base::AutoLock locked(lock_); |
| 610 | force_keep_session_state_ = true; |
| 611 | } |
| 612 | |
| 613 | SQLiteServerBoundCertStore::SQLiteServerBoundCertStore( |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 614 | const base::FilePath& path, |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 615 | quota::SpecialStoragePolicy* special_storage_policy) |
| 616 | : backend_(new Backend(path, special_storage_policy)) { |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 617 | } |
| 618 | |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 619 | void SQLiteServerBoundCertStore::Load( |
| 620 | const LoadedCallback& loaded_callback) { |
| 621 | backend_->Load(loaded_callback); |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 622 | } |
| 623 | |
| 624 | void SQLiteServerBoundCertStore::AddServerBoundCert( |
| 625 | const net::DefaultServerBoundCertStore::ServerBoundCert& cert) { |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 626 | backend_->AddServerBoundCert(cert); |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 627 | } |
| 628 | |
| 629 | void SQLiteServerBoundCertStore::DeleteServerBoundCert( |
| 630 | const net::DefaultServerBoundCertStore::ServerBoundCert& cert) { |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 631 | backend_->DeleteServerBoundCert(cert); |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 632 | } |
| 633 | |
| 634 | void SQLiteServerBoundCertStore::SetForceKeepSessionState() { |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 635 | backend_->SetForceKeepSessionState(); |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 636 | } |
| 637 | |
| 638 | SQLiteServerBoundCertStore::~SQLiteServerBoundCertStore() { |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 639 | backend_->Close(); |
| 640 | // We release our reference to the Backend, though it will probably still have |
| 641 | // a reference if the background thread has not run Close() yet. |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 642 | } |