| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/extras/sqlite/sqlite_channel_id_store.h" | 5 #include "net/extras/sqlite/sqlite_channel_id_store.h" |
| 6 | 6 |
| 7 #include <set> | 7 #include <set> |
| 8 | 8 |
| 9 #include "base/basictypes.h" | 9 #include "base/basictypes.h" |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| 11 #include "base/files/file_path.h" | 11 #include "base/files/file_path.h" |
| 12 #include "base/files/file_util.h" | 12 #include "base/files/file_util.h" |
| 13 #include "base/location.h" | 13 #include "base/location.h" |
| 14 #include "base/logging.h" | 14 #include "base/logging.h" |
| 15 #include "base/memory/scoped_ptr.h" | 15 #include "base/memory/scoped_ptr.h" |
| 16 #include "base/memory/scoped_vector.h" | 16 #include "base/memory/scoped_vector.h" |
| 17 #include "base/metrics/histogram.h" | 17 #include "base/metrics/histogram.h" |
| 18 #include "base/sequenced_task_runner.h" | 18 #include "base/sequenced_task_runner.h" |
| 19 #include "base/strings/string_util.h" | 19 #include "base/strings/string_util.h" |
| 20 #include "crypto/ec_private_key.h" |
| 21 #include "net/cert/asn1_util.h" |
| 20 #include "net/cert/x509_certificate.h" | 22 #include "net/cert/x509_certificate.h" |
| 21 #include "net/cookies/cookie_util.h" | 23 #include "net/cookies/cookie_util.h" |
| 24 #include "net/ssl/channel_id_service.h" |
| 22 #include "net/ssl/ssl_client_cert_type.h" | 25 #include "net/ssl/ssl_client_cert_type.h" |
| 23 #include "sql/error_delegate_util.h" | 26 #include "sql/error_delegate_util.h" |
| 24 #include "sql/meta_table.h" | 27 #include "sql/meta_table.h" |
| 25 #include "sql/statement.h" | 28 #include "sql/statement.h" |
| 26 #include "sql/transaction.h" | 29 #include "sql/transaction.h" |
| 27 #include "url/gurl.h" | 30 #include "url/gurl.h" |
| 28 | 31 |
| 29 namespace { | 32 namespace { |
| 30 | 33 |
| 31 // Version number of the database. | 34 // Version number of the database. |
| 32 const int kCurrentVersionNumber = 4; | 35 const int kCurrentVersionNumber = 5; |
| 33 const int kCompatibleVersionNumber = 1; | 36 const int kCompatibleVersionNumber = 5; |
| 34 | |
| 35 // Initializes the certs table, returning true on success. | |
| 36 bool InitTable(sql::Connection* db) { | |
| 37 // The table is named "origin_bound_certs" for backwards compatability before | |
| 38 // we renamed this class to SQLiteChannelIDStore. Likewise, the primary | |
| 39 // key is "origin", but now can be other things like a plain domain. | |
| 40 if (!db->DoesTableExist("origin_bound_certs")) { | |
| 41 if (!db->Execute( | |
| 42 "CREATE TABLE origin_bound_certs (" | |
| 43 "origin TEXT NOT NULL UNIQUE PRIMARY KEY," | |
| 44 "private_key BLOB NOT NULL," | |
| 45 "cert BLOB NOT NULL," | |
| 46 "cert_type INTEGER," | |
| 47 "expiration_time INTEGER," | |
| 48 "creation_time INTEGER)")) { | |
| 49 return false; | |
| 50 } | |
| 51 } | |
| 52 | |
| 53 return true; | |
| 54 } | |
| 55 | 37 |
| 56 } // namespace | 38 } // namespace |
| 57 | 39 |
| 58 namespace net { | 40 namespace net { |
| 59 | 41 |
| 60 // This class is designed to be shared between any calling threads and the | 42 // This class is designed to be shared between any calling threads and the |
| 61 // background task runner. It batches operations and commits them on a timer. | 43 // background task runner. It batches operations and commits them on a timer. |
| 62 class SQLiteChannelIDStore::Backend | 44 class SQLiteChannelIDStore::Backend |
| 63 : public base::RefCountedThreadSafe<SQLiteChannelIDStore::Backend> { | 45 : public base::RefCountedThreadSafe<SQLiteChannelIDStore::Backend> { |
| 64 public: | 46 public: |
| (...skipping 140 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 205 base::Unretained(this))); | 187 base::Unretained(this))); |
| 206 | 188 |
| 207 if (!db_->Open(path_)) { | 189 if (!db_->Open(path_)) { |
| 208 NOTREACHED() << "Unable to open cert DB."; | 190 NOTREACHED() << "Unable to open cert DB."; |
| 209 if (corruption_detected_) | 191 if (corruption_detected_) |
| 210 KillDatabase(); | 192 KillDatabase(); |
| 211 db_.reset(); | 193 db_.reset(); |
| 212 return; | 194 return; |
| 213 } | 195 } |
| 214 | 196 |
| 215 if (!EnsureDatabaseVersion() || !InitTable(db_.get())) { | 197 if (!EnsureDatabaseVersion()) { |
| 216 NOTREACHED() << "Unable to open cert DB."; | 198 NOTREACHED() << "Unable to open cert DB."; |
| 217 if (corruption_detected_) | 199 if (corruption_detected_) |
| 218 KillDatabase(); | 200 KillDatabase(); |
| 219 meta_table_.Reset(); | 201 meta_table_.Reset(); |
| 220 db_.reset(); | 202 db_.reset(); |
| 221 return; | 203 return; |
| 222 } | 204 } |
| 223 | 205 |
| 224 db_->Preload(); | 206 db_->Preload(); |
| 225 | 207 |
| 226 // Slurp all the certs into the out-vector. | 208 // Slurp all the certs into the out-vector. |
| 227 sql::Statement smt(db_->GetUniqueStatement( | 209 sql::Statement smt(db_->GetUniqueStatement( |
| 228 "SELECT origin, private_key, cert, cert_type, expiration_time, " | 210 "SELECT host, private_key, public_key, creation_time FROM channel_id")); |
| 229 "creation_time FROM origin_bound_certs")); | |
| 230 if (!smt.is_valid()) { | 211 if (!smt.is_valid()) { |
| 231 if (corruption_detected_) | 212 if (corruption_detected_) |
| 232 KillDatabase(); | 213 KillDatabase(); |
| 233 meta_table_.Reset(); | 214 meta_table_.Reset(); |
| 234 db_.reset(); | 215 db_.reset(); |
| 235 return; | 216 return; |
| 236 } | 217 } |
| 237 | 218 |
| 238 while (smt.Step()) { | 219 while (smt.Step()) { |
| 239 SSLClientCertType type = static_cast<SSLClientCertType>(smt.ColumnInt(3)); | 220 std::vector<uint8> private_key_from_db, public_key_from_db; |
| 240 if (type != CLIENT_CERT_ECDSA_SIGN) | 221 smt.ColumnBlobAsVector(1, &private_key_from_db); |
| 222 smt.ColumnBlobAsVector(2, &public_key_from_db); |
| 223 scoped_ptr<crypto::ECPrivateKey> key( |
| 224 crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( |
| 225 ChannelIDService::kEPKIPassword, private_key_from_db, |
| 226 public_key_from_db)); |
| 227 if (!key) |
| 241 continue; | 228 continue; |
| 242 std::string private_key_from_db, cert_from_db; | |
| 243 smt.ColumnBlobAsString(1, &private_key_from_db); | |
| 244 smt.ColumnBlobAsString(2, &cert_from_db); | |
| 245 scoped_ptr<DefaultChannelIDStore::ChannelID> channel_id( | 229 scoped_ptr<DefaultChannelIDStore::ChannelID> channel_id( |
| 246 new DefaultChannelIDStore::ChannelID( | 230 new DefaultChannelIDStore::ChannelID( |
| 247 smt.ColumnString(0), // origin | 231 smt.ColumnString(0), // host |
| 248 base::Time::FromInternalValue(smt.ColumnInt64(5)), | 232 base::Time::FromInternalValue(smt.ColumnInt64(3)), key.Pass())); |
| 249 base::Time::FromInternalValue(smt.ColumnInt64(4)), | |
| 250 private_key_from_db, | |
| 251 cert_from_db)); | |
| 252 channel_ids->push_back(channel_id.release()); | 233 channel_ids->push_back(channel_id.release()); |
| 253 } | 234 } |
| 254 | 235 |
| 255 UMA_HISTOGRAM_COUNTS_10000( | 236 UMA_HISTOGRAM_COUNTS_10000( |
| 256 "DomainBoundCerts.DBLoadedCount", | 237 "DomainBoundCerts.DBLoadedCount", |
| 257 static_cast<base::HistogramBase::Sample>(channel_ids->size())); | 238 static_cast<base::HistogramBase::Sample>(channel_ids->size())); |
| 258 base::TimeDelta load_time = base::TimeTicks::Now() - start; | 239 base::TimeDelta load_time = base::TimeTicks::Now() - start; |
| 259 UMA_HISTOGRAM_CUSTOM_TIMES("DomainBoundCerts.DBLoadTime", | 240 UMA_HISTOGRAM_CUSTOM_TIMES("DomainBoundCerts.DBLoadTime", |
| 260 load_time, | 241 load_time, |
| 261 base::TimeDelta::FromMilliseconds(1), | 242 base::TimeDelta::FromMilliseconds(1), |
| 262 base::TimeDelta::FromMinutes(1), | 243 base::TimeDelta::FromMinutes(1), |
| 263 50); | 244 50); |
| 264 DVLOG(1) << "loaded " << channel_ids->size() << " in " | 245 DVLOG(1) << "loaded " << channel_ids->size() << " in " |
| 265 << load_time.InMilliseconds() << " ms"; | 246 << load_time.InMilliseconds() << " ms"; |
| 266 } | 247 } |
| 267 | 248 |
| 268 bool SQLiteChannelIDStore::Backend::EnsureDatabaseVersion() { | 249 bool SQLiteChannelIDStore::Backend::EnsureDatabaseVersion() { |
| 269 // Version check. | 250 // Version check. |
| 270 if (!meta_table_.Init( | 251 if (!meta_table_.Init( |
| 271 db_.get(), kCurrentVersionNumber, kCompatibleVersionNumber)) { | 252 db_.get(), kCurrentVersionNumber, kCompatibleVersionNumber)) { |
| 272 return false; | 253 return false; |
| 273 } | 254 } |
| 274 | 255 |
| 275 if (meta_table_.GetCompatibleVersionNumber() > kCurrentVersionNumber) { | 256 if (meta_table_.GetCompatibleVersionNumber() > kCurrentVersionNumber) { |
| 276 LOG(WARNING) << "Server bound cert database is too new."; | 257 LOG(WARNING) << "Server bound cert database is too new."; |
| 277 return false; | 258 return false; |
| 278 } | 259 } |
| 279 | 260 |
| 280 int cur_version = meta_table_.GetVersionNumber(); | 261 int cur_version = meta_table_.GetVersionNumber(); |
| 281 if (cur_version == 1) { | 262 |
| 282 sql::Transaction transaction(db_.get()); | 263 sql::Transaction transaction(db_.get()); |
| 283 if (!transaction.Begin()) | 264 if (!transaction.Begin()) |
| 284 return false; | 265 return false; |
| 266 |
| 267 // Create new table if it doesn't already exist |
| 268 if (!db_->DoesTableExist("channel_id")) { |
| 285 if (!db_->Execute( | 269 if (!db_->Execute( |
| 286 "ALTER TABLE origin_bound_certs ADD COLUMN cert_type " | 270 "CREATE TABLE channel_id (" |
| 287 "INTEGER")) { | 271 "host TEXT NOT NULL UNIQUE PRIMARY KEY," |
| 288 LOG(WARNING) << "Unable to update server bound cert database to " | 272 "private_key BLOB NOT NULL," |
| 289 << "version 2."; | 273 "public_key BLOB NOT NULL," |
| 274 "creation_time INTEGER)")) { |
| 290 return false; | 275 return false; |
| 291 } | 276 } |
| 292 // All certs in version 1 database are rsa_sign, which are unsupported. | |
| 293 // Just discard them all. | |
| 294 if (!db_->Execute("DELETE from origin_bound_certs")) { | |
| 295 LOG(WARNING) << "Unable to update server bound cert database to " | |
| 296 << "version 2."; | |
| 297 return false; | |
| 298 } | |
| 299 ++cur_version; | |
| 300 meta_table_.SetVersionNumber(cur_version); | |
| 301 meta_table_.SetCompatibleVersionNumber( | |
| 302 std::min(cur_version, kCompatibleVersionNumber)); | |
| 303 transaction.Commit(); | |
| 304 } | 277 } |
| 305 | 278 |
| 306 if (cur_version <= 3) { | 279 // Migrate from previous versions to new version if possible |
| 307 sql::Transaction transaction(db_.get()); | 280 if (cur_version >= 2 && cur_version <= 4) { |
| 308 if (!transaction.Begin()) | 281 sql::Statement statement(db_->GetUniqueStatement( |
| 309 return false; | 282 "SELECT origin, cert, private_key, cert_type FROM origin_bound_certs")); |
| 310 | 283 sql::Statement insert_statement(db_->GetUniqueStatement( |
| 311 if (cur_version == 2) { | 284 "INSERT INTO channel_id (host, private_key, public_key, creation_time) " |
| 312 if (!db_->Execute( | 285 "VALUES (?, ?, ?, ?)")); |
| 313 "ALTER TABLE origin_bound_certs ADD COLUMN " | 286 if (!statement.is_valid() || !insert_statement.is_valid()) { |
| 314 "expiration_time INTEGER")) { | |
| 315 LOG(WARNING) << "Unable to update server bound cert database to " | |
| 316 << "version 4."; | |
| 317 return false; | |
| 318 } | |
| 319 } | |
| 320 | |
| 321 if (!db_->Execute( | |
| 322 "ALTER TABLE origin_bound_certs ADD COLUMN " | |
| 323 "creation_time INTEGER")) { | |
| 324 LOG(WARNING) << "Unable to update server bound cert database to " | 287 LOG(WARNING) << "Unable to update server bound cert database to " |
| 325 << "version 4."; | 288 << "version 5."; |
| 326 return false; | |
| 327 } | |
| 328 | |
| 329 sql::Statement statement( | |
| 330 db_->GetUniqueStatement("SELECT origin, cert FROM origin_bound_certs")); | |
| 331 sql::Statement update_expires_statement(db_->GetUniqueStatement( | |
| 332 "UPDATE origin_bound_certs SET expiration_time = ? WHERE origin = ?")); | |
| 333 sql::Statement update_creation_statement(db_->GetUniqueStatement( | |
| 334 "UPDATE origin_bound_certs SET creation_time = ? WHERE origin = ?")); | |
| 335 if (!statement.is_valid() || !update_expires_statement.is_valid() || | |
| 336 !update_creation_statement.is_valid()) { | |
| 337 LOG(WARNING) << "Unable to update server bound cert database to " | |
| 338 << "version 4."; | |
| 339 return false; | 289 return false; |
| 340 } | 290 } |
| 341 | 291 |
| 342 while (statement.Step()) { | 292 while (statement.Step()) { |
| 293 if (statement.ColumnInt64(3) != CLIENT_CERT_ECDSA_SIGN) |
| 294 continue; |
| 343 std::string origin = statement.ColumnString(0); | 295 std::string origin = statement.ColumnString(0); |
| 344 std::string cert_from_db; | 296 std::string cert_from_db; |
| 345 statement.ColumnBlobAsString(1, &cert_from_db); | 297 statement.ColumnBlobAsString(1, &cert_from_db); |
| 298 std::string private_key; |
| 299 statement.ColumnBlobAsString(2, &private_key); |
| 346 // Parse the cert and extract the real value and then update the DB. | 300 // Parse the cert and extract the real value and then update the DB. |
| 347 scoped_refptr<X509Certificate> cert(X509Certificate::CreateFromBytes( | 301 scoped_refptr<X509Certificate> cert(X509Certificate::CreateFromBytes( |
| 348 cert_from_db.data(), static_cast<int>(cert_from_db.size()))); | 302 cert_from_db.data(), static_cast<int>(cert_from_db.size()))); |
| 349 if (cert.get()) { | 303 if (cert.get()) { |
| 350 if (cur_version == 2) { | 304 insert_statement.Reset(true); |
| 351 update_expires_statement.Reset(true); | 305 insert_statement.BindString(0, origin); |
| 352 update_expires_statement.BindInt64( | 306 insert_statement.BindBlob(1, private_key.data(), |
| 353 0, cert->valid_expiry().ToInternalValue()); | 307 static_cast<int>(private_key.size())); |
| 354 update_expires_statement.BindString(1, origin); | 308 base::StringPiece spki; |
| 355 if (!update_expires_statement.Run()) { | 309 if (!asn1::ExtractSPKIFromDERCert(cert_from_db, &spki)) { |
| 356 LOG(WARNING) << "Unable to update server bound cert database to " | 310 LOG(WARNING) << "Unable to extract SPKI from cert when migrating " |
| 357 << "version 4."; | 311 "channel id database to version 5."; |
| 358 return false; | 312 return false; |
| 359 } | |
| 360 } | 313 } |
| 361 | 314 insert_statement.BindBlob(2, spki.data(), |
| 362 update_creation_statement.Reset(true); | 315 static_cast<int>(spki.size())); |
| 363 update_creation_statement.BindInt64( | 316 insert_statement.BindInt64(3, cert->valid_start().ToInternalValue()); |
| 364 0, cert->valid_start().ToInternalValue()); | 317 if (!insert_statement.Run()) { |
| 365 update_creation_statement.BindString(1, origin); | 318 LOG(WARNING) << "Unable to update channel id database to " |
| 366 if (!update_creation_statement.Run()) { | 319 << "version 5."; |
| 367 LOG(WARNING) << "Unable to update server bound cert database to " | |
| 368 << "version 4."; | |
| 369 return false; | 320 return false; |
| 370 } | 321 } |
| 371 } else { | 322 } else { |
| 372 // If there's a cert we can't parse, just leave it. It'll get replaced | 323 // If there's a cert we can't parse, just leave it. It'll get replaced |
| 373 // with a new one if we ever try to use it. | 324 // with a new one if we ever try to use it. |
| 374 LOG(WARNING) << "Error parsing cert for database upgrade for origin " | 325 LOG(WARNING) << "Error parsing cert for database upgrade for origin " |
| 375 << statement.ColumnString(0); | 326 << statement.ColumnString(0); |
| 376 } | 327 } |
| 377 } | 328 } |
| 378 | |
| 379 cur_version = 4; | |
| 380 meta_table_.SetVersionNumber(cur_version); | |
| 381 meta_table_.SetCompatibleVersionNumber( | |
| 382 std::min(cur_version, kCompatibleVersionNumber)); | |
| 383 transaction.Commit(); | |
| 384 } | 329 } |
| 385 | 330 |
| 331 if (cur_version < kCurrentVersionNumber) { |
| 332 sql::Statement statement( |
| 333 db_->GetUniqueStatement("DROP TABLE origin_bound_certs")); |
| 334 if (!statement.Run()) { |
| 335 LOG(WARNING) << "Error dropping old origin_bound_certs table"; |
| 336 return false; |
| 337 } |
| 338 meta_table_.SetVersionNumber(kCurrentVersionNumber); |
| 339 meta_table_.SetCompatibleVersionNumber(kCompatibleVersionNumber); |
| 340 } |
| 341 transaction.Commit(); |
| 342 |
| 386 // Put future migration cases here. | 343 // Put future migration cases here. |
| 387 | 344 |
| 388 // When the version is too old, we just try to continue anyway, there should | |
| 389 // not be a released product that makes a database too old for us to handle. | |
| 390 LOG_IF(WARNING, cur_version < kCurrentVersionNumber) | |
| 391 << "Server bound cert database version " << cur_version | |
| 392 << " is too old to handle."; | |
| 393 | |
| 394 return true; | 345 return true; |
| 395 } | 346 } |
| 396 | 347 |
| 397 void SQLiteChannelIDStore::Backend::DatabaseErrorCallback( | 348 void SQLiteChannelIDStore::Backend::DatabaseErrorCallback( |
| 398 int error, | 349 int error, |
| 399 sql::Statement* stmt) { | 350 sql::Statement* stmt) { |
| 400 DCHECK(background_task_runner_->RunsTasksOnCurrentThread()); | 351 DCHECK(background_task_runner_->RunsTasksOnCurrentThread()); |
| 401 | 352 |
| 402 if (!sql::IsErrorCatastrophic(error)) | 353 if (!sql::IsErrorCatastrophic(error)) |
| 403 return; | 354 return; |
| (...skipping 108 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 512 pending_.swap(ops); | 463 pending_.swap(ops); |
| 513 num_pending_ = 0; | 464 num_pending_ = 0; |
| 514 } | 465 } |
| 515 | 466 |
| 516 // Maybe an old timer fired or we are already Close()'ed. | 467 // Maybe an old timer fired or we are already Close()'ed. |
| 517 if (!db_.get() || ops.empty()) | 468 if (!db_.get() || ops.empty()) |
| 518 return; | 469 return; |
| 519 | 470 |
| 520 sql::Statement add_statement(db_->GetCachedStatement( | 471 sql::Statement add_statement(db_->GetCachedStatement( |
| 521 SQL_FROM_HERE, | 472 SQL_FROM_HERE, |
| 522 "INSERT INTO origin_bound_certs (origin, private_key, cert, cert_type, " | 473 "INSERT INTO channel_id (host, private_key, public_key, " |
| 523 "expiration_time, creation_time) VALUES (?,?,?,?,?,?)")); | 474 "creation_time) VALUES (?,?,?,?)")); |
| 524 if (!add_statement.is_valid()) | 475 if (!add_statement.is_valid()) |
| 525 return; | 476 return; |
| 526 | 477 |
| 527 sql::Statement del_statement(db_->GetCachedStatement( | 478 sql::Statement del_statement(db_->GetCachedStatement( |
| 528 SQL_FROM_HERE, "DELETE FROM origin_bound_certs WHERE origin=?")); | 479 SQL_FROM_HERE, "DELETE FROM channel_id WHERE host=?")); |
| 529 if (!del_statement.is_valid()) | 480 if (!del_statement.is_valid()) |
| 530 return; | 481 return; |
| 531 | 482 |
| 532 sql::Transaction transaction(db_.get()); | 483 sql::Transaction transaction(db_.get()); |
| 533 if (!transaction.Begin()) | 484 if (!transaction.Begin()) |
| 534 return; | 485 return; |
| 535 | 486 |
| 536 for (PendingOperationsList::iterator it = ops.begin(); it != ops.end(); | 487 for (PendingOperationsList::iterator it = ops.begin(); it != ops.end(); |
| 537 ++it) { | 488 ++it) { |
| 538 // Free the certs as we commit them to the database. | 489 // Free the certs as we commit them to the database. |
| 539 scoped_ptr<PendingOperation> po(*it); | 490 scoped_ptr<PendingOperation> po(*it); |
| 540 switch (po->op()) { | 491 switch (po->op()) { |
| 541 case PendingOperation::CHANNEL_ID_ADD: { | 492 case PendingOperation::CHANNEL_ID_ADD: { |
| 542 add_statement.Reset(true); | 493 add_statement.Reset(true); |
| 543 add_statement.BindString(0, po->channel_id().server_identifier()); | 494 add_statement.BindString(0, po->channel_id().server_identifier()); |
| 544 const std::string& private_key = po->channel_id().private_key(); | 495 std::vector<uint8> private_key, public_key; |
| 496 if (!po->channel_id().key()->ExportEncryptedPrivateKey( |
| 497 ChannelIDService::kEPKIPassword, 1, &private_key)) |
| 498 continue; |
| 499 if (!po->channel_id().key()->ExportPublicKey(&public_key)) |
| 500 continue; |
| 545 add_statement.BindBlob( | 501 add_statement.BindBlob( |
| 546 1, private_key.data(), static_cast<int>(private_key.size())); | 502 1, private_key.data(), static_cast<int>(private_key.size())); |
| 547 const std::string& cert = po->channel_id().cert(); | 503 add_statement.BindBlob(2, public_key.data(), |
| 548 add_statement.BindBlob(2, cert.data(), static_cast<int>(cert.size())); | 504 static_cast<int>(public_key.size())); |
| 549 add_statement.BindInt(3, CLIENT_CERT_ECDSA_SIGN); | |
| 550 add_statement.BindInt64( | 505 add_statement.BindInt64( |
| 551 4, po->channel_id().expiration_time().ToInternalValue()); | 506 3, po->channel_id().creation_time().ToInternalValue()); |
| 552 add_statement.BindInt64( | |
| 553 5, po->channel_id().creation_time().ToInternalValue()); | |
| 554 if (!add_statement.Run()) | 507 if (!add_statement.Run()) |
| 555 NOTREACHED() << "Could not add a server bound cert to the DB."; | 508 NOTREACHED() << "Could not add a server bound cert to the DB."; |
| 556 break; | 509 break; |
| 557 } | 510 } |
| 558 case PendingOperation::CHANNEL_ID_DELETE: | 511 case PendingOperation::CHANNEL_ID_DELETE: |
| 559 del_statement.Reset(true); | 512 del_statement.Reset(true); |
| 560 del_statement.BindString(0, po->channel_id().server_identifier()); | 513 del_statement.BindString(0, po->channel_id().server_identifier()); |
| 561 if (!del_statement.Run()) | 514 if (!del_statement.Run()) |
| 562 NOTREACHED() << "Could not delete a server bound cert from the DB."; | 515 NOTREACHED() << "Could not delete a server bound cert from the DB."; |
| 563 break; | 516 break; |
| (...skipping 25 matching lines...) Expand all Loading... |
| 589 void SQLiteChannelIDStore::Backend::BackgroundDeleteAllInList( | 542 void SQLiteChannelIDStore::Backend::BackgroundDeleteAllInList( |
| 590 const std::list<std::string>& server_identifiers) { | 543 const std::list<std::string>& server_identifiers) { |
| 591 DCHECK(background_task_runner_->RunsTasksOnCurrentThread()); | 544 DCHECK(background_task_runner_->RunsTasksOnCurrentThread()); |
| 592 | 545 |
| 593 if (!db_.get()) | 546 if (!db_.get()) |
| 594 return; | 547 return; |
| 595 | 548 |
| 596 PrunePendingOperationsForDeletes(server_identifiers); | 549 PrunePendingOperationsForDeletes(server_identifiers); |
| 597 | 550 |
| 598 sql::Statement del_smt(db_->GetCachedStatement( | 551 sql::Statement del_smt(db_->GetCachedStatement( |
| 599 SQL_FROM_HERE, "DELETE FROM origin_bound_certs WHERE origin=?")); | 552 SQL_FROM_HERE, "DELETE FROM channel_id WHERE host=?")); |
| 600 if (!del_smt.is_valid()) { | 553 if (!del_smt.is_valid()) { |
| 601 LOG(WARNING) << "Unable to delete channel ids."; | 554 LOG(WARNING) << "Unable to delete channel ids."; |
| 602 return; | 555 return; |
| 603 } | 556 } |
| 604 | 557 |
| 605 sql::Transaction transaction(db_.get()); | 558 sql::Transaction transaction(db_.get()); |
| 606 if (!transaction.Begin()) { | 559 if (!transaction.Begin()) { |
| 607 LOG(WARNING) << "Unable to delete channel ids."; | 560 LOG(WARNING) << "Unable to delete channel ids."; |
| 608 return; | 561 return; |
| 609 } | 562 } |
| (...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 655 backend_->SetForceKeepSessionState(); | 608 backend_->SetForceKeepSessionState(); |
| 656 } | 609 } |
| 657 | 610 |
| 658 SQLiteChannelIDStore::~SQLiteChannelIDStore() { | 611 SQLiteChannelIDStore::~SQLiteChannelIDStore() { |
| 659 backend_->Close(); | 612 backend_->Close(); |
| 660 // We release our reference to the Backend, though it will probably still have | 613 // We release our reference to the Backend, though it will probably still have |
| 661 // a reference if the background task runner has not run Close() yet. | 614 // a reference if the background task runner has not run Close() yet. |
| 662 } | 615 } |
| 663 | 616 |
| 664 } // namespace net | 617 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1076063002:
Remove certificates from Channel ID (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master