| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/net/sqlite_server_bound_cert_store.h" | 5 #include "chrome/browser/net/sqlite_channel_id_store.h" |
| 6 | 6 |
| 7 #include <list> | 7 #include <list> |
| 8 #include <set> | 8 #include <set> |
| 9 | 9 |
| 10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
| 11 #include "base/bind.h" | 11 #include "base/bind.h" |
| 12 #include "base/file_util.h" | 12 #include "base/file_util.h" |
| 13 #include "base/files/file_path.h" | 13 #include "base/files/file_path.h" |
| 14 #include "base/logging.h" | 14 #include "base/logging.h" |
| 15 #include "base/memory/scoped_ptr.h" | 15 #include "base/memory/scoped_ptr.h" |
| 16 #include "base/metrics/histogram.h" | 16 #include "base/metrics/histogram.h" |
| 17 #include "base/strings/string_util.h" | 17 #include "base/strings/string_util.h" |
| 18 #include "base/threading/thread.h" | 18 #include "base/threading/thread.h" |
| 19 #include "base/threading/thread_restrictions.h" | 19 #include "base/threading/thread_restrictions.h" |
| 20 #include "net/cert/x509_certificate.h" | 20 #include "net/cert/x509_certificate.h" |
| 21 #include "net/cookies/cookie_util.h" | 21 #include "net/cookies/cookie_util.h" |
| 22 #include "net/ssl/ssl_client_cert_type.h" | 22 #include "net/ssl/ssl_client_cert_type.h" |
| 23 #include "sql/error_delegate_util.h" | 23 #include "sql/error_delegate_util.h" |
| 24 #include "sql/meta_table.h" | 24 #include "sql/meta_table.h" |
| 25 #include "sql/statement.h" | 25 #include "sql/statement.h" |
| 26 #include "sql/transaction.h" | 26 #include "sql/transaction.h" |
| 27 #include "third_party/sqlite/sqlite3.h" | 27 #include "third_party/sqlite/sqlite3.h" |
| 28 #include "url/gurl.h" | 28 #include "url/gurl.h" |
| 29 #include "webkit/browser/quota/special_storage_policy.h" | 29 #include "webkit/browser/quota/special_storage_policy.h" |
| 30 | 30 |
| 31 // This class is designed to be shared between any calling threads and the | 31 // This class is designed to be shared between any calling threads and the |
| 32 // background task runner. It batches operations and commits them on a timer. | 32 // background task runner. It batches operations and commits them on a timer. |
| 33 class SQLiteServerBoundCertStore::Backend | 33 class SQLiteChannelIDStore::Backend |
| 34 : public base::RefCountedThreadSafe<SQLiteServerBoundCertStore::Backend> { | 34 : public base::RefCountedThreadSafe<SQLiteChannelIDStore::Backend> { |
| 35 public: | 35 public: |
| 36 Backend( | 36 Backend( |
| 37 const base::FilePath& path, | 37 const base::FilePath& path, |
| 38 const scoped_refptr<base::SequencedTaskRunner>& background_task_runner, | 38 const scoped_refptr<base::SequencedTaskRunner>& background_task_runner, |
| 39 quota::SpecialStoragePolicy* special_storage_policy) | 39 quota::SpecialStoragePolicy* special_storage_policy) |
| 40 : path_(path), | 40 : path_(path), |
| 41 num_pending_(0), | 41 num_pending_(0), |
| 42 force_keep_session_state_(false), | 42 force_keep_session_state_(false), |
| 43 background_task_runner_(background_task_runner), | 43 background_task_runner_(background_task_runner), |
| 44 special_storage_policy_(special_storage_policy), | 44 special_storage_policy_(special_storage_policy), |
| 45 corruption_detected_(false) {} | 45 corruption_detected_(false) {} |
| 46 | 46 |
| 47 // Creates or loads the SQLite database. | 47 // Creates or loads the SQLite database. |
| 48 void Load(const LoadedCallback& loaded_callback); | 48 void Load(const LoadedCallback& loaded_callback); |
| 49 | 49 |
| 50 // Batch a server bound cert addition. | 50 // Batch a channel ID addition. |
| 51 void AddServerBoundCert( | 51 void AddChannelID( |
| 52 const net::DefaultServerBoundCertStore::ServerBoundCert& cert); | 52 const net::DefaultChannelIDStore::ChannelID& channel_id); |
| 53 | 53 |
| 54 // Batch a server bound cert deletion. | 54 // Batch a channel ID deletion. |
| 55 void DeleteServerBoundCert( | 55 void DeleteChannelID( |
| 56 const net::DefaultServerBoundCertStore::ServerBoundCert& cert); | 56 const net::DefaultChannelIDStore::ChannelID& channel_id); |
| 57 | 57 |
| 58 // Commit any pending operations and close the database. This must be called | 58 // Commit any pending operations and close the database. This must be called |
| 59 // before the object is destructed. | 59 // before the object is destructed. |
| 60 void Close(); | 60 void Close(); |
| 61 | 61 |
| 62 void SetForceKeepSessionState(); | 62 void SetForceKeepSessionState(); |
| 63 | 63 |
| 64 private: | 64 private: |
| 65 void LoadOnDBThread( | 65 void LoadOnDBThread( |
| 66 ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert>* certs); | 66 ScopedVector<net::DefaultChannelIDStore::ChannelID>* channel_ids); |
| 67 | 67 |
| 68 friend class base::RefCountedThreadSafe<SQLiteServerBoundCertStore::Backend>; | 68 friend class base::RefCountedThreadSafe<SQLiteChannelIDStore::Backend>; |
| 69 | 69 |
| 70 // You should call Close() before destructing this object. | 70 // You should call Close() before destructing this object. |
| 71 ~Backend() { | 71 ~Backend() { |
| 72 DCHECK(!db_.get()) << "Close should have already been called."; | 72 DCHECK(!db_.get()) << "Close should have already been called."; |
| 73 DCHECK(num_pending_ == 0 && pending_.empty()); | 73 DCHECK(num_pending_ == 0 && pending_.empty()); |
| 74 } | 74 } |
| 75 | 75 |
| 76 // Database upgrade statements. | 76 // Database upgrade statements. |
| 77 bool EnsureDatabaseVersion(); | 77 bool EnsureDatabaseVersion(); |
| 78 | 78 |
| 79 class PendingOperation { | 79 class PendingOperation { |
| 80 public: | 80 public: |
| 81 typedef enum { | 81 typedef enum { |
| 82 CERT_ADD, | 82 CHANNEL_ID_ADD, |
| 83 CERT_DELETE | 83 CHANNEL_ID_DELETE |
| 84 } OperationType; | 84 } OperationType; |
| 85 | 85 |
| 86 PendingOperation( | 86 PendingOperation( |
| 87 OperationType op, | 87 OperationType op, |
| 88 const net::DefaultServerBoundCertStore::ServerBoundCert& cert) | 88 const net::DefaultChannelIDStore::ChannelID& channel_id) |
| 89 : op_(op), cert_(cert) {} | 89 : op_(op), channel_id_(channel_id) {} |
| 90 | 90 |
| 91 OperationType op() const { return op_; } | 91 OperationType op() const { return op_; } |
| 92 const net::DefaultServerBoundCertStore::ServerBoundCert& cert() const { | 92 const net::DefaultChannelIDStore::ChannelID& channel_id() const { |
| 93 return cert_; | 93 return channel_id_; |
| 94 } | 94 } |
| 95 | 95 |
| 96 private: | 96 private: |
| 97 OperationType op_; | 97 OperationType op_; |
| 98 net::DefaultServerBoundCertStore::ServerBoundCert cert_; | 98 net::DefaultChannelIDStore::ChannelID channel_id_; |
| 99 }; | 99 }; |
| 100 | 100 |
| 101 private: | 101 private: |
| 102 // Batch a server bound cert operation (add or delete). | 102 // Batch a channel id operation (add or delete). |
| 103 void BatchOperation( | 103 void BatchOperation( |
| 104 PendingOperation::OperationType op, | 104 PendingOperation::OperationType op, |
| 105 const net::DefaultServerBoundCertStore::ServerBoundCert& cert); | 105 const net::DefaultChannelIDStore::ChannelID& channel_id); |
| 106 // Commit our pending operations to the database. | 106 // Commit our pending operations to the database. |
| 107 void Commit(); | 107 void Commit(); |
| 108 // Close() executed on the background thread. | 108 // Close() executed on the background thread. |
| 109 void InternalBackgroundClose(); | 109 void InternalBackgroundClose(); |
| 110 | 110 |
| 111 void DeleteCertificatesOnShutdown(); | 111 void DeleteCertificatesOnShutdown(); |
| 112 | 112 |
| 113 void DatabaseErrorCallback(int error, sql::Statement* stmt); | 113 void DatabaseErrorCallback(int error, sql::Statement* stmt); |
| 114 void KillDatabase(); | 114 void KillDatabase(); |
| 115 | 115 |
| 116 base::FilePath path_; | 116 base::FilePath path_; |
| 117 scoped_ptr<sql::Connection> db_; | 117 scoped_ptr<sql::Connection> db_; |
| 118 sql::MetaTable meta_table_; | 118 sql::MetaTable meta_table_; |
| 119 | 119 |
| 120 typedef std::list<PendingOperation*> PendingOperationsList; | 120 typedef std::list<PendingOperation*> PendingOperationsList; |
| 121 PendingOperationsList pending_; | 121 PendingOperationsList pending_; |
| 122 PendingOperationsList::size_type num_pending_; | 122 PendingOperationsList::size_type num_pending_; |
| 123 // True if the persistent store should skip clear on exit rules. | 123 // True if the persistent store should skip clear on exit rules. |
| 124 bool force_keep_session_state_; | 124 bool force_keep_session_state_; |
| 125 // Guard |pending_|, |num_pending_| and |force_keep_session_state_|. | 125 // Guard |pending_|, |num_pending_| and |force_keep_session_state_|. |
| 126 base::Lock lock_; | 126 base::Lock lock_; |
| 127 | 127 |
| 128 // Cache of origins we have certificates stored for. | 128 // Cache of origins we have channel IDs stored for. |
| 129 std::set<std::string> cert_origins_; | 129 std::set<std::string> channel_id_origins_; |
| 130 | 130 |
| 131 scoped_refptr<base::SequencedTaskRunner> background_task_runner_; | 131 scoped_refptr<base::SequencedTaskRunner> background_task_runner_; |
| 132 | 132 |
| 133 scoped_refptr<quota::SpecialStoragePolicy> special_storage_policy_; | 133 scoped_refptr<quota::SpecialStoragePolicy> special_storage_policy_; |
| 134 | 134 |
| 135 // Indicates if the kill-database callback has been scheduled. | 135 // Indicates if the kill-database callback has been scheduled. |
| 136 bool corruption_detected_; | 136 bool corruption_detected_; |
| 137 | 137 |
| 138 DISALLOW_COPY_AND_ASSIGN(Backend); | 138 DISALLOW_COPY_AND_ASSIGN(Backend); |
| 139 }; | 139 }; |
| 140 | 140 |
| 141 // Version number of the database. | 141 // Version number of the database. |
| 142 static const int kCurrentVersionNumber = 4; | 142 static const int kCurrentVersionNumber = 4; |
| 143 static const int kCompatibleVersionNumber = 1; | 143 static const int kCompatibleVersionNumber = 1; |
| 144 | 144 |
| 145 namespace { | 145 namespace { |
| 146 | 146 |
| 147 // Initializes the certs table, returning true on success. | 147 // Initializes the certs table, returning true on success. |
| 148 bool InitTable(sql::Connection* db) { | 148 bool InitTable(sql::Connection* db) { |
| 149 // The table is named "origin_bound_certs" for backwards compatability before | 149 // The table is named "origin_bound_certs" for backwards compatability before |
| 150 // we renamed this class to SQLiteServerBoundCertStore. Likewise, the primary | 150 // we renamed this class to SQLiteChannelIDStore. Likewise, the primary |
| 151 // key is "origin", but now can be other things like a plain domain. | 151 // key is "origin", but now can be other things like a plain domain. |
| 152 if (!db->DoesTableExist("origin_bound_certs")) { | 152 if (!db->DoesTableExist("origin_bound_certs")) { |
| 153 if (!db->Execute("CREATE TABLE origin_bound_certs (" | 153 if (!db->Execute("CREATE TABLE origin_bound_certs (" |
| 154 "origin TEXT NOT NULL UNIQUE PRIMARY KEY," | 154 "origin TEXT NOT NULL UNIQUE PRIMARY KEY," |
| 155 "private_key BLOB NOT NULL," | 155 "private_key BLOB NOT NULL," |
| 156 "cert BLOB NOT NULL," | 156 "cert BLOB NOT NULL," |
| 157 "cert_type INTEGER," | 157 "cert_type INTEGER," |
| 158 "expiration_time INTEGER," | 158 "expiration_time INTEGER," |
| 159 "creation_time INTEGER)")) | 159 "creation_time INTEGER)")) |
| 160 return false; | 160 return false; |
| 161 } | 161 } |
| 162 | 162 |
| 163 return true; | 163 return true; |
| 164 } | 164 } |
| 165 | 165 |
| 166 } // namespace | 166 } // namespace |
| 167 | 167 |
| 168 void SQLiteServerBoundCertStore::Backend::Load( | 168 void SQLiteChannelIDStore::Backend::Load( |
| 169 const LoadedCallback& loaded_callback) { | 169 const LoadedCallback& loaded_callback) { |
| 170 // This function should be called only once per instance. | 170 // This function should be called only once per instance. |
| 171 DCHECK(!db_.get()); | 171 DCHECK(!db_.get()); |
| 172 scoped_ptr<ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> > | 172 scoped_ptr<ScopedVector<net::DefaultChannelIDStore::ChannelID> > |
| 173 certs(new ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert>( | 173 channel_ids(new ScopedVector<net::DefaultChannelIDStore::ChannelID>()); |
| 174 )); | 174 ScopedVector<net::DefaultChannelIDStore::ChannelID>* channel_ids_ptr = |
| 175 ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert>* certs_ptr = | 175 channel_ids.get(); |
| 176 certs.get(); | |
| 177 | 176 |
| 178 background_task_runner_->PostTaskAndReply( | 177 background_task_runner_->PostTaskAndReply( |
| 179 FROM_HERE, | 178 FROM_HERE, |
| 180 base::Bind(&Backend::LoadOnDBThread, this, certs_ptr), | 179 base::Bind(&Backend::LoadOnDBThread, this, channel_ids_ptr), |
| 181 base::Bind(loaded_callback, base::Passed(&certs))); | 180 base::Bind(loaded_callback, base::Passed(&channel_ids))); |
| 182 } | 181 } |
| 183 | 182 |
| 184 void SQLiteServerBoundCertStore::Backend::LoadOnDBThread( | 183 void SQLiteChannelIDStore::Backend::LoadOnDBThread( |
| 185 ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert>* certs) { | 184 ScopedVector<net::DefaultChannelIDStore::ChannelID>* channel_ids) { |
| 186 DCHECK(background_task_runner_->RunsTasksOnCurrentThread()); | 185 DCHECK(background_task_runner_->RunsTasksOnCurrentThread()); |
| 187 | 186 |
| 188 // This method should be called only once per instance. | 187 // This method should be called only once per instance. |
| 189 DCHECK(!db_.get()); | 188 DCHECK(!db_.get()); |
| 190 | 189 |
| 191 base::TimeTicks start = base::TimeTicks::Now(); | 190 base::TimeTicks start = base::TimeTicks::Now(); |
| 192 | 191 |
| 193 // Ensure the parent directory for storing certs is created before reading | 192 // Ensure the parent directory for storing certs is created before reading |
| 194 // from it. | 193 // from it. |
| 195 const base::FilePath dir = path_.DirName(); | 194 const base::FilePath dir = path_.DirName(); |
| 196 if (!base::PathExists(dir) && !base::CreateDirectory(dir)) | 195 if (!base::PathExists(dir) && !base::CreateDirectory(dir)) |
| 197 return; | 196 return; |
| 198 | 197 |
| 199 int64 db_size = 0; | 198 int64 db_size = 0; |
| 200 if (base::GetFileSize(path_, &db_size)) | 199 if (base::GetFileSize(path_, &db_size)) |
| 201 UMA_HISTOGRAM_COUNTS("DomainBoundCerts.DBSizeInKB", db_size / 1024 ); | 200 UMA_HISTOGRAM_COUNTS("DomainBoundCerts.DBSizeInKB", db_size / 1024 ); |
| 202 | 201 |
| 203 db_.reset(new sql::Connection); | 202 db_.reset(new sql::Connection); |
| 204 db_->set_histogram_tag("DomainBoundCerts"); | 203 db_->set_histogram_tag("DomainBoundCerts"); |
| 205 | 204 |
| 206 // Unretained to avoid a ref loop with db_. | 205 // Unretained to avoid a ref loop with db_. |
| 207 db_->set_error_callback( | 206 db_->set_error_callback( |
| 208 base::Bind(&SQLiteServerBoundCertStore::Backend::DatabaseErrorCallback, | 207 base::Bind(&SQLiteChannelIDStore::Backend::DatabaseErrorCallback, |
| 209 base::Unretained(this))); | 208 base::Unretained(this))); |
| 210 | 209 |
| 211 if (!db_->Open(path_)) { | 210 if (!db_->Open(path_)) { |
| 212 NOTREACHED() << "Unable to open cert DB."; | 211 NOTREACHED() << "Unable to open cert DB."; |
| 213 if (corruption_detected_) | 212 if (corruption_detected_) |
| 214 KillDatabase(); | 213 KillDatabase(); |
| 215 db_.reset(); | 214 db_.reset(); |
| 216 return; | 215 return; |
| 217 } | 216 } |
| 218 | 217 |
| (...skipping 21 matching lines...) Expand all Loading... |
| 240 } | 239 } |
| 241 | 240 |
| 242 while (smt.Step()) { | 241 while (smt.Step()) { |
| 243 net::SSLClientCertType type = | 242 net::SSLClientCertType type = |
| 244 static_cast<net::SSLClientCertType>(smt.ColumnInt(3)); | 243 static_cast<net::SSLClientCertType>(smt.ColumnInt(3)); |
| 245 if (type != net::CLIENT_CERT_ECDSA_SIGN) | 244 if (type != net::CLIENT_CERT_ECDSA_SIGN) |
| 246 continue; | 245 continue; |
| 247 std::string private_key_from_db, cert_from_db; | 246 std::string private_key_from_db, cert_from_db; |
| 248 smt.ColumnBlobAsString(1, &private_key_from_db); | 247 smt.ColumnBlobAsString(1, &private_key_from_db); |
| 249 smt.ColumnBlobAsString(2, &cert_from_db); | 248 smt.ColumnBlobAsString(2, &cert_from_db); |
| 250 scoped_ptr<net::DefaultServerBoundCertStore::ServerBoundCert> cert( | 249 scoped_ptr<net::DefaultChannelIDStore::ChannelID> channel_id( |
| 251 new net::DefaultServerBoundCertStore::ServerBoundCert( | 250 new net::DefaultChannelIDStore::ChannelID( |
| 252 smt.ColumnString(0), // origin | 251 smt.ColumnString(0), // origin |
| 253 base::Time::FromInternalValue(smt.ColumnInt64(5)), | 252 base::Time::FromInternalValue(smt.ColumnInt64(5)), |
| 254 base::Time::FromInternalValue(smt.ColumnInt64(4)), | 253 base::Time::FromInternalValue(smt.ColumnInt64(4)), |
| 255 private_key_from_db, | 254 private_key_from_db, |
| 256 cert_from_db)); | 255 cert_from_db)); |
| 257 cert_origins_.insert(cert->server_identifier()); | 256 channel_id_origins_.insert(channel_id->server_identifier()); |
| 258 certs->push_back(cert.release()); | 257 channel_ids->push_back(channel_id.release()); |
| 259 } | 258 } |
| 260 | 259 |
| 261 UMA_HISTOGRAM_COUNTS_10000("DomainBoundCerts.DBLoadedCount", certs->size()); | 260 UMA_HISTOGRAM_COUNTS_10000("DomainBoundCerts.DBLoadedCount", |
| 261 channel_ids->size()); |
| 262 base::TimeDelta load_time = base::TimeTicks::Now() - start; | 262 base::TimeDelta load_time = base::TimeTicks::Now() - start; |
| 263 UMA_HISTOGRAM_CUSTOM_TIMES("DomainBoundCerts.DBLoadTime", | 263 UMA_HISTOGRAM_CUSTOM_TIMES("DomainBoundCerts.DBLoadTime", |
| 264 load_time, | 264 load_time, |
| 265 base::TimeDelta::FromMilliseconds(1), | 265 base::TimeDelta::FromMilliseconds(1), |
| 266 base::TimeDelta::FromMinutes(1), | 266 base::TimeDelta::FromMinutes(1), |
| 267 50); | 267 50); |
| 268 DVLOG(1) << "loaded " << certs->size() << " in " << load_time.InMilliseconds() | 268 DVLOG(1) << "loaded " << channel_ids->size() << " in " |
| 269 << " ms"; | 269 << load_time.InMilliseconds() << " ms"; |
| 270 } | 270 } |
| 271 | 271 |
| 272 bool SQLiteServerBoundCertStore::Backend::EnsureDatabaseVersion() { | 272 bool SQLiteChannelIDStore::Backend::EnsureDatabaseVersion() { |
| 273 // Version check. | 273 // Version check. |
| 274 if (!meta_table_.Init( | 274 if (!meta_table_.Init( |
| 275 db_.get(), kCurrentVersionNumber, kCompatibleVersionNumber)) { | 275 db_.get(), kCurrentVersionNumber, kCompatibleVersionNumber)) { |
| 276 return false; | 276 return false; |
| 277 } | 277 } |
| 278 | 278 |
| 279 if (meta_table_.GetCompatibleVersionNumber() > kCurrentVersionNumber) { | 279 if (meta_table_.GetCompatibleVersionNumber() > kCurrentVersionNumber) { |
| 280 LOG(WARNING) << "Server bound cert database is too new."; | 280 LOG(WARNING) << "Server bound cert database is too new."; |
| 281 return false; | 281 return false; |
| 282 } | 282 } |
| (...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 389 | 389 |
| 390 // When the version is too old, we just try to continue anyway, there should | 390 // When the version is too old, we just try to continue anyway, there should |
| 391 // not be a released product that makes a database too old for us to handle. | 391 // not be a released product that makes a database too old for us to handle. |
| 392 LOG_IF(WARNING, cur_version < kCurrentVersionNumber) << | 392 LOG_IF(WARNING, cur_version < kCurrentVersionNumber) << |
| 393 "Server bound cert database version " << cur_version << | 393 "Server bound cert database version " << cur_version << |
| 394 " is too old to handle."; | 394 " is too old to handle."; |
| 395 | 395 |
| 396 return true; | 396 return true; |
| 397 } | 397 } |
| 398 | 398 |
| 399 void SQLiteServerBoundCertStore::Backend::DatabaseErrorCallback( | 399 void SQLiteChannelIDStore::Backend::DatabaseErrorCallback( |
| 400 int error, | 400 int error, |
| 401 sql::Statement* stmt) { | 401 sql::Statement* stmt) { |
| 402 DCHECK(background_task_runner_->RunsTasksOnCurrentThread()); | 402 DCHECK(background_task_runner_->RunsTasksOnCurrentThread()); |
| 403 | 403 |
| 404 if (!sql::IsErrorCatastrophic(error)) | 404 if (!sql::IsErrorCatastrophic(error)) |
| 405 return; | 405 return; |
| 406 | 406 |
| 407 // TODO(shess): Running KillDatabase() multiple times should be | 407 // TODO(shess): Running KillDatabase() multiple times should be |
| 408 // safe. | 408 // safe. |
| 409 if (corruption_detected_) | 409 if (corruption_detected_) |
| 410 return; | 410 return; |
| 411 | 411 |
| 412 corruption_detected_ = true; | 412 corruption_detected_ = true; |
| 413 | 413 |
| 414 // TODO(shess): Consider just calling RazeAndClose() immediately. | 414 // TODO(shess): Consider just calling RazeAndClose() immediately. |
| 415 // db_ may not be safe to reset at this point, but RazeAndClose() | 415 // db_ may not be safe to reset at this point, but RazeAndClose() |
| 416 // would cause the stack to unwind safely with errors. | 416 // would cause the stack to unwind safely with errors. |
| 417 background_task_runner_->PostTask(FROM_HERE, | 417 background_task_runner_->PostTask(FROM_HERE, |
| 418 base::Bind(&Backend::KillDatabase, this)); | 418 base::Bind(&Backend::KillDatabase, this)); |
| 419 } | 419 } |
| 420 | 420 |
| 421 void SQLiteServerBoundCertStore::Backend::KillDatabase() { | 421 void SQLiteChannelIDStore::Backend::KillDatabase() { |
| 422 DCHECK(background_task_runner_->RunsTasksOnCurrentThread()); | 422 DCHECK(background_task_runner_->RunsTasksOnCurrentThread()); |
| 423 | 423 |
| 424 if (db_) { | 424 if (db_) { |
| 425 // This Backend will now be in-memory only. In a future run the database | 425 // This Backend will now be in-memory only. In a future run the database |
| 426 // will be recreated. Hopefully things go better then! | 426 // will be recreated. Hopefully things go better then! |
| 427 bool success = db_->RazeAndClose(); | 427 bool success = db_->RazeAndClose(); |
| 428 UMA_HISTOGRAM_BOOLEAN("DomainBoundCerts.KillDatabaseResult", success); | 428 UMA_HISTOGRAM_BOOLEAN("DomainBoundCerts.KillDatabaseResult", success); |
| 429 meta_table_.Reset(); | 429 meta_table_.Reset(); |
| 430 db_.reset(); | 430 db_.reset(); |
| 431 } | 431 } |
| 432 } | 432 } |
| 433 | 433 |
| 434 void SQLiteServerBoundCertStore::Backend::AddServerBoundCert( | 434 void SQLiteChannelIDStore::Backend::AddChannelID( |
| 435 const net::DefaultServerBoundCertStore::ServerBoundCert& cert) { | 435 const net::DefaultChannelIDStore::ChannelID& channel_id) { |
| 436 BatchOperation(PendingOperation::CERT_ADD, cert); | 436 BatchOperation(PendingOperation::CHANNEL_ID_ADD, channel_id); |
| 437 } | 437 } |
| 438 | 438 |
| 439 void SQLiteServerBoundCertStore::Backend::DeleteServerBoundCert( | 439 void SQLiteChannelIDStore::Backend::DeleteChannelID( |
| 440 const net::DefaultServerBoundCertStore::ServerBoundCert& cert) { | 440 const net::DefaultChannelIDStore::ChannelID& channel_id) { |
| 441 BatchOperation(PendingOperation::CERT_DELETE, cert); | 441 BatchOperation(PendingOperation::CHANNEL_ID_DELETE, channel_id); |
| 442 } | 442 } |
| 443 | 443 |
| 444 void SQLiteServerBoundCertStore::Backend::BatchOperation( | 444 void SQLiteChannelIDStore::Backend::BatchOperation( |
| 445 PendingOperation::OperationType op, | 445 PendingOperation::OperationType op, |
| 446 const net::DefaultServerBoundCertStore::ServerBoundCert& cert) { | 446 const net::DefaultChannelIDStore::ChannelID& channel_id) { |
| 447 // Commit every 30 seconds. | 447 // Commit every 30 seconds. |
| 448 static const int kCommitIntervalMs = 30 * 1000; | 448 static const int kCommitIntervalMs = 30 * 1000; |
| 449 // Commit right away if we have more than 512 outstanding operations. | 449 // Commit right away if we have more than 512 outstanding operations. |
| 450 static const size_t kCommitAfterBatchSize = 512; | 450 static const size_t kCommitAfterBatchSize = 512; |
| 451 | 451 |
| 452 // We do a full copy of the cert here, and hopefully just here. | 452 // We do a full copy of the cert here, and hopefully just here. |
| 453 scoped_ptr<PendingOperation> po(new PendingOperation(op, cert)); | 453 scoped_ptr<PendingOperation> po(new PendingOperation(op, channel_id)); |
| 454 | 454 |
| 455 PendingOperationsList::size_type num_pending; | 455 PendingOperationsList::size_type num_pending; |
| 456 { | 456 { |
| 457 base::AutoLock locked(lock_); | 457 base::AutoLock locked(lock_); |
| 458 pending_.push_back(po.release()); | 458 pending_.push_back(po.release()); |
| 459 num_pending = ++num_pending_; | 459 num_pending = ++num_pending_; |
| 460 } | 460 } |
| 461 | 461 |
| 462 if (num_pending == 1) { | 462 if (num_pending == 1) { |
| 463 // We've gotten our first entry for this batch, fire off the timer. | 463 // We've gotten our first entry for this batch, fire off the timer. |
| 464 background_task_runner_->PostDelayedTask( | 464 background_task_runner_->PostDelayedTask( |
| 465 FROM_HERE, | 465 FROM_HERE, |
| 466 base::Bind(&Backend::Commit, this), | 466 base::Bind(&Backend::Commit, this), |
| 467 base::TimeDelta::FromMilliseconds(kCommitIntervalMs)); | 467 base::TimeDelta::FromMilliseconds(kCommitIntervalMs)); |
| 468 } else if (num_pending == kCommitAfterBatchSize) { | 468 } else if (num_pending == kCommitAfterBatchSize) { |
| 469 // We've reached a big enough batch, fire off a commit now. | 469 // We've reached a big enough batch, fire off a commit now. |
| 470 background_task_runner_->PostTask(FROM_HERE, | 470 background_task_runner_->PostTask(FROM_HERE, |
| 471 base::Bind(&Backend::Commit, this)); | 471 base::Bind(&Backend::Commit, this)); |
| 472 } | 472 } |
| 473 } | 473 } |
| 474 | 474 |
| 475 void SQLiteServerBoundCertStore::Backend::Commit() { | 475 void SQLiteChannelIDStore::Backend::Commit() { |
| 476 DCHECK(background_task_runner_->RunsTasksOnCurrentThread()); | 476 DCHECK(background_task_runner_->RunsTasksOnCurrentThread()); |
| 477 | 477 |
| 478 PendingOperationsList ops; | 478 PendingOperationsList ops; |
| 479 { | 479 { |
| 480 base::AutoLock locked(lock_); | 480 base::AutoLock locked(lock_); |
| 481 pending_.swap(ops); | 481 pending_.swap(ops); |
| 482 num_pending_ = 0; | 482 num_pending_ = 0; |
| 483 } | 483 } |
| 484 | 484 |
| 485 // Maybe an old timer fired or we are already Close()'ed. | 485 // Maybe an old timer fired or we are already Close()'ed. |
| (...skipping 13 matching lines...) Expand all Loading... |
| 499 | 499 |
| 500 sql::Transaction transaction(db_.get()); | 500 sql::Transaction transaction(db_.get()); |
| 501 if (!transaction.Begin()) | 501 if (!transaction.Begin()) |
| 502 return; | 502 return; |
| 503 | 503 |
| 504 for (PendingOperationsList::iterator it = ops.begin(); | 504 for (PendingOperationsList::iterator it = ops.begin(); |
| 505 it != ops.end(); ++it) { | 505 it != ops.end(); ++it) { |
| 506 // Free the certs as we commit them to the database. | 506 // Free the certs as we commit them to the database. |
| 507 scoped_ptr<PendingOperation> po(*it); | 507 scoped_ptr<PendingOperation> po(*it); |
| 508 switch (po->op()) { | 508 switch (po->op()) { |
| 509 case PendingOperation::CERT_ADD: { | 509 case PendingOperation::CHANNEL_ID_ADD: { |
| 510 cert_origins_.insert(po->cert().server_identifier()); | 510 channel_id_origins_.insert(po->channel_id().server_identifier()); |
| 511 add_smt.Reset(true); | 511 add_smt.Reset(true); |
| 512 add_smt.BindString(0, po->cert().server_identifier()); | 512 add_smt.BindString(0, po->channel_id().server_identifier()); |
| 513 const std::string& private_key = po->cert().private_key(); | 513 const std::string& private_key = po->channel_id().private_key(); |
| 514 add_smt.BindBlob(1, private_key.data(), private_key.size()); | 514 add_smt.BindBlob(1, private_key.data(), private_key.size()); |
| 515 const std::string& cert = po->cert().cert(); | 515 const std::string& cert = po->channel_id().cert(); |
| 516 add_smt.BindBlob(2, cert.data(), cert.size()); | 516 add_smt.BindBlob(2, cert.data(), cert.size()); |
| 517 add_smt.BindInt(3, net::CLIENT_CERT_ECDSA_SIGN); | 517 add_smt.BindInt(3, net::CLIENT_CERT_ECDSA_SIGN); |
| 518 add_smt.BindInt64(4, po->cert().expiration_time().ToInternalValue()); | 518 add_smt.BindInt64(4, |
| 519 add_smt.BindInt64(5, po->cert().creation_time().ToInternalValue()); | 519 po->channel_id().expiration_time().ToInternalValue()); |
| 520 add_smt.BindInt64(5, |
| 521 po->channel_id().creation_time().ToInternalValue()); |
| 520 if (!add_smt.Run()) | 522 if (!add_smt.Run()) |
| 521 NOTREACHED() << "Could not add a server bound cert to the DB."; | 523 NOTREACHED() << "Could not add a server bound cert to the DB."; |
| 522 break; | 524 break; |
| 523 } | 525 } |
| 524 case PendingOperation::CERT_DELETE: | 526 case PendingOperation::CHANNEL_ID_DELETE: |
| 525 cert_origins_.erase(po->cert().server_identifier()); | 527 channel_id_origins_.erase(po->channel_id().server_identifier()); |
| 526 del_smt.Reset(true); | 528 del_smt.Reset(true); |
| 527 del_smt.BindString(0, po->cert().server_identifier()); | 529 del_smt.BindString(0, po->channel_id().server_identifier()); |
| 528 if (!del_smt.Run()) | 530 if (!del_smt.Run()) |
| 529 NOTREACHED() << "Could not delete a server bound cert from the DB."; | 531 NOTREACHED() << "Could not delete a server bound cert from the DB."; |
| 530 break; | 532 break; |
| 531 | 533 |
| 532 default: | 534 default: |
| 533 NOTREACHED(); | 535 NOTREACHED(); |
| 534 break; | 536 break; |
| 535 } | 537 } |
| 536 } | 538 } |
| 537 transaction.Commit(); | 539 transaction.Commit(); |
| 538 } | 540 } |
| 539 | 541 |
| 540 // Fire off a close message to the background thread. We could still have a | 542 // Fire off a close message to the background thread. We could still have a |
| 541 // pending commit timer that will be holding a reference on us, but if/when | 543 // pending commit timer that will be holding a reference on us, but if/when |
| 542 // this fires we will already have been cleaned up and it will be ignored. | 544 // this fires we will already have been cleaned up and it will be ignored. |
| 543 void SQLiteServerBoundCertStore::Backend::Close() { | 545 void SQLiteChannelIDStore::Backend::Close() { |
| 544 // Must close the backend on the background thread. | 546 // Must close the backend on the background thread. |
| 545 background_task_runner_->PostTask( | 547 background_task_runner_->PostTask( |
| 546 FROM_HERE, base::Bind(&Backend::InternalBackgroundClose, this)); | 548 FROM_HERE, base::Bind(&Backend::InternalBackgroundClose, this)); |
| 547 } | 549 } |
| 548 | 550 |
| 549 void SQLiteServerBoundCertStore::Backend::InternalBackgroundClose() { | 551 void SQLiteChannelIDStore::Backend::InternalBackgroundClose() { |
| 550 DCHECK(background_task_runner_->RunsTasksOnCurrentThread()); | 552 DCHECK(background_task_runner_->RunsTasksOnCurrentThread()); |
| 551 // Commit any pending operations | 553 // Commit any pending operations |
| 552 Commit(); | 554 Commit(); |
| 553 | 555 |
| 554 if (!force_keep_session_state_ && | 556 if (!force_keep_session_state_ && |
| 555 special_storage_policy_.get() && | 557 special_storage_policy_.get() && |
| 556 special_storage_policy_->HasSessionOnlyOrigins()) { | 558 special_storage_policy_->HasSessionOnlyOrigins()) { |
| 557 DeleteCertificatesOnShutdown(); | 559 DeleteCertificatesOnShutdown(); |
| 558 } | 560 } |
| 559 | 561 |
| 560 db_.reset(); | 562 db_.reset(); |
| 561 } | 563 } |
| 562 | 564 |
| 563 void SQLiteServerBoundCertStore::Backend::DeleteCertificatesOnShutdown() { | 565 void SQLiteChannelIDStore::Backend::DeleteCertificatesOnShutdown() { |
| 564 DCHECK(background_task_runner_->RunsTasksOnCurrentThread()); | 566 DCHECK(background_task_runner_->RunsTasksOnCurrentThread()); |
| 565 | 567 |
| 566 if (!db_.get()) | 568 if (!db_.get()) |
| 567 return; | 569 return; |
| 568 | 570 |
| 569 if (cert_origins_.empty()) | 571 if (channel_id_origins_.empty()) |
| 570 return; | 572 return; |
| 571 | 573 |
| 572 if (!special_storage_policy_.get()) | 574 if (!special_storage_policy_.get()) |
| 573 return; | 575 return; |
| 574 | 576 |
| 575 sql::Statement del_smt(db_->GetCachedStatement( | 577 sql::Statement del_smt(db_->GetCachedStatement( |
| 576 SQL_FROM_HERE, "DELETE FROM origin_bound_certs WHERE origin=?")); | 578 SQL_FROM_HERE, "DELETE FROM origin_bound_certs WHERE origin=?")); |
| 577 if (!del_smt.is_valid()) { | 579 if (!del_smt.is_valid()) { |
| 578 LOG(WARNING) << "Unable to delete certificates on shutdown."; | 580 LOG(WARNING) << "Unable to delete certificates on shutdown."; |
| 579 return; | 581 return; |
| 580 } | 582 } |
| 581 | 583 |
| 582 sql::Transaction transaction(db_.get()); | 584 sql::Transaction transaction(db_.get()); |
| 583 if (!transaction.Begin()) { | 585 if (!transaction.Begin()) { |
| 584 LOG(WARNING) << "Unable to delete certificates on shutdown."; | 586 LOG(WARNING) << "Unable to delete certificates on shutdown."; |
| 585 return; | 587 return; |
| 586 } | 588 } |
| 587 | 589 |
| 588 for (std::set<std::string>::iterator it = cert_origins_.begin(); | 590 for (std::set<std::string>::iterator it = channel_id_origins_.begin(); |
| 589 it != cert_origins_.end(); ++it) { | 591 it != channel_id_origins_.end(); ++it) { |
| 590 const GURL url(net::cookie_util::CookieOriginToURL(*it, true)); | 592 const GURL url(net::cookie_util::CookieOriginToURL(*it, true)); |
| 591 if (!url.is_valid() || !special_storage_policy_->IsStorageSessionOnly(url)) | 593 if (!url.is_valid() || !special_storage_policy_->IsStorageSessionOnly(url)) |
| 592 continue; | 594 continue; |
| 593 del_smt.Reset(true); | 595 del_smt.Reset(true); |
| 594 del_smt.BindString(0, *it); | 596 del_smt.BindString(0, *it); |
| 595 if (!del_smt.Run()) | 597 if (!del_smt.Run()) |
| 596 NOTREACHED() << "Could not delete a certificate from the DB."; | 598 NOTREACHED() << "Could not delete a certificate from the DB."; |
| 597 } | 599 } |
| 598 | 600 |
| 599 if (!transaction.Commit()) | 601 if (!transaction.Commit()) |
| 600 LOG(WARNING) << "Unable to delete certificates on shutdown."; | 602 LOG(WARNING) << "Unable to delete certificates on shutdown."; |
| 601 } | 603 } |
| 602 | 604 |
| 603 void SQLiteServerBoundCertStore::Backend::SetForceKeepSessionState() { | 605 void SQLiteChannelIDStore::Backend::SetForceKeepSessionState() { |
| 604 base::AutoLock locked(lock_); | 606 base::AutoLock locked(lock_); |
| 605 force_keep_session_state_ = true; | 607 force_keep_session_state_ = true; |
| 606 } | 608 } |
| 607 | 609 |
| 608 SQLiteServerBoundCertStore::SQLiteServerBoundCertStore( | 610 SQLiteChannelIDStore::SQLiteChannelIDStore( |
| 609 const base::FilePath& path, | 611 const base::FilePath& path, |
| 610 const scoped_refptr<base::SequencedTaskRunner>& background_task_runner, | 612 const scoped_refptr<base::SequencedTaskRunner>& background_task_runner, |
| 611 quota::SpecialStoragePolicy* special_storage_policy) | 613 quota::SpecialStoragePolicy* special_storage_policy) |
| 612 : backend_(new Backend(path, | 614 : backend_(new Backend(path, |
| 613 background_task_runner, | 615 background_task_runner, |
| 614 special_storage_policy)) {} | 616 special_storage_policy)) {} |
| 615 | 617 |
| 616 void SQLiteServerBoundCertStore::Load( | 618 void SQLiteChannelIDStore::Load( |
| 617 const LoadedCallback& loaded_callback) { | 619 const LoadedCallback& loaded_callback) { |
| 618 backend_->Load(loaded_callback); | 620 backend_->Load(loaded_callback); |
| 619 } | 621 } |
| 620 | 622 |
| 621 void SQLiteServerBoundCertStore::AddServerBoundCert( | 623 void SQLiteChannelIDStore::AddChannelID( |
| 622 const net::DefaultServerBoundCertStore::ServerBoundCert& cert) { | 624 const net::DefaultChannelIDStore::ChannelID& channel_id) { |
| 623 backend_->AddServerBoundCert(cert); | 625 backend_->AddChannelID(channel_id); |
| 624 } | 626 } |
| 625 | 627 |
| 626 void SQLiteServerBoundCertStore::DeleteServerBoundCert( | 628 void SQLiteChannelIDStore::DeleteChannelID( |
| 627 const net::DefaultServerBoundCertStore::ServerBoundCert& cert) { | 629 const net::DefaultChannelIDStore::ChannelID& channel_id) { |
| 628 backend_->DeleteServerBoundCert(cert); | 630 backend_->DeleteChannelID(channel_id); |
| 629 } | 631 } |
| 630 | 632 |
| 631 void SQLiteServerBoundCertStore::SetForceKeepSessionState() { | 633 void SQLiteChannelIDStore::SetForceKeepSessionState() { |
| 632 backend_->SetForceKeepSessionState(); | 634 backend_->SetForceKeepSessionState(); |
| 633 } | 635 } |
| 634 | 636 |
| 635 SQLiteServerBoundCertStore::~SQLiteServerBoundCertStore() { | 637 SQLiteChannelIDStore::~SQLiteChannelIDStore() { |
| 636 backend_->Close(); | 638 backend_->Close(); |
| 637 // We release our reference to the Backend, though it will probably still have | 639 // We release our reference to the Backend, though it will probably still have |
| 638 // a reference if the background thread has not run Close() yet. | 640 // a reference if the background thread has not run Close() yet. |
| 639 } | 641 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 356713005:
Rename ServerBoundCert => ChannelID to reflect the current name (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src