| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "net/extras/sqlite/sqlite_channel_id_store.h" | |
| 6 | |
| 7 #include <set> | |
| 8 | |
| 9 #include "base/basictypes.h" | |
| 10 #include "base/bind.h" | |
| 11 #include "base/file_util.h" | |
| 12 #include "base/files/file_path.h" | |
| 13 #include "base/location.h" | |
| 14 #include "base/logging.h" | |
| 15 #include "base/memory/scoped_ptr.h" | |
| 16 #include "base/memory/scoped_vector.h" | |
| 17 #include "base/metrics/histogram.h" | |
| 18 #include "base/sequenced_task_runner.h" | |
| 19 #include "base/strings/string_util.h" | |
| 20 #include "net/cert/x509_certificate.h" | |
| 21 #include "net/cookies/cookie_util.h" | |
| 22 #include "net/ssl/ssl_client_cert_type.h" | |
| 23 #include "sql/error_delegate_util.h" | |
| 24 #include "sql/meta_table.h" | |
| 25 #include "sql/statement.h" | |
| 26 #include "sql/transaction.h" | |
| 27 #include "url/gurl.h" | |
| 28 | |
| 29 namespace { | |
| 30 | |
| 31 // Version number of the database. | |
| 32 const int kCurrentVersionNumber = 4; | |
| 33 const int kCompatibleVersionNumber = 1; | |
| 34 | |
| 35 // Initializes the certs table, returning true on success. | |
| 36 bool InitTable(sql::Connection* db) { | |
| 37 // The table is named "origin_bound_certs" for backwards compatability before | |
| 38 // we renamed this class to SQLiteChannelIDStore. Likewise, the primary | |
| 39 // key is "origin", but now can be other things like a plain domain. | |
| 40 if (!db->DoesTableExist("origin_bound_certs")) { | |
| 41 if (!db->Execute( | |
| 42 "CREATE TABLE origin_bound_certs (" | |
| 43 "origin TEXT NOT NULL UNIQUE PRIMARY KEY," | |
| 44 "private_key BLOB NOT NULL," | |
| 45 "cert BLOB NOT NULL," | |
| 46 "cert_type INTEGER," | |
| 47 "expiration_time INTEGER," | |
| 48 "creation_time INTEGER)")) { | |
| 49 return false; | |
| 50 } | |
| 51 } | |
| 52 | |
| 53 return true; | |
| 54 } | |
| 55 | |
| 56 } // namespace | |
| 57 | |
| 58 namespace net { | |
| 59 | |
| 60 // This class is designed to be shared between any calling threads and the | |
| 61 // background task runner. It batches operations and commits them on a timer. | |
| 62 class SQLiteChannelIDStore::Backend | |
| 63 : public base::RefCountedThreadSafe<SQLiteChannelIDStore::Backend> { | |
| 64 public: | |
| 65 Backend( | |
| 66 const base::FilePath& path, | |
| 67 const scoped_refptr<base::SequencedTaskRunner>& background_task_runner) | |
| 68 : path_(path), | |
| 69 num_pending_(0), | |
| 70 force_keep_session_state_(false), | |
| 71 background_task_runner_(background_task_runner), | |
| 72 corruption_detected_(false) {} | |
| 73 | |
| 74 // Creates or loads the SQLite database. | |
| 75 void Load(const LoadedCallback& loaded_callback); | |
| 76 | |
| 77 // Batch a channel ID addition. | |
| 78 void AddChannelID(const DefaultChannelIDStore::ChannelID& channel_id); | |
| 79 | |
| 80 // Batch a channel ID deletion. | |
| 81 void DeleteChannelID(const DefaultChannelIDStore::ChannelID& channel_id); | |
| 82 | |
| 83 // Post background delete of all channel ids for |server_identifiers|. | |
| 84 void DeleteAllInList(const std::list<std::string>& server_identifiers); | |
| 85 | |
| 86 // Commit any pending operations and close the database. This must be called | |
| 87 // before the object is destructed. | |
| 88 void Close(); | |
| 89 | |
| 90 void SetForceKeepSessionState(); | |
| 91 | |
| 92 private: | |
| 93 friend class base::RefCountedThreadSafe<SQLiteChannelIDStore::Backend>; | |
| 94 | |
| 95 // You should call Close() before destructing this object. | |
| 96 virtual ~Backend() { | |
| 97 DCHECK(!db_.get()) << "Close should have already been called."; | |
| 98 DCHECK_EQ(0u, num_pending_); | |
| 99 DCHECK(pending_.empty()); | |
| 100 } | |
| 101 | |
| 102 void LoadInBackground( | |
| 103 ScopedVector<DefaultChannelIDStore::ChannelID>* channel_ids); | |
| 104 | |
| 105 // Database upgrade statements. | |
| 106 bool EnsureDatabaseVersion(); | |
| 107 | |
| 108 class PendingOperation { | |
| 109 public: | |
| 110 enum OperationType { CHANNEL_ID_ADD, CHANNEL_ID_DELETE }; | |
| 111 | |
| 112 PendingOperation(OperationType op, | |
| 113 const DefaultChannelIDStore::ChannelID& channel_id) | |
| 114 : op_(op), channel_id_(channel_id) {} | |
| 115 | |
| 116 OperationType op() const { return op_; } | |
| 117 const DefaultChannelIDStore::ChannelID& channel_id() const { | |
| 118 return channel_id_; | |
| 119 } | |
| 120 | |
| 121 private: | |
| 122 OperationType op_; | |
| 123 DefaultChannelIDStore::ChannelID channel_id_; | |
| 124 }; | |
| 125 | |
| 126 private: | |
| 127 // Batch a channel id operation (add or delete). | |
| 128 void BatchOperation(PendingOperation::OperationType op, | |
| 129 const DefaultChannelIDStore::ChannelID& channel_id); | |
| 130 // Commit our pending operations to the database. | |
| 131 void Commit(); | |
| 132 // Close() executed on the background task runner. | |
| 133 void InternalBackgroundClose(); | |
| 134 | |
| 135 void BackgroundDeleteAllInList( | |
| 136 const std::list<std::string>& server_identifiers); | |
| 137 | |
| 138 void DatabaseErrorCallback(int error, sql::Statement* stmt); | |
| 139 void KillDatabase(); | |
| 140 | |
| 141 const base::FilePath path_; | |
| 142 scoped_ptr<sql::Connection> db_; | |
| 143 sql::MetaTable meta_table_; | |
| 144 | |
| 145 typedef std::list<PendingOperation*> PendingOperationsList; | |
| 146 PendingOperationsList pending_; | |
| 147 PendingOperationsList::size_type num_pending_; | |
| 148 // True if the persistent store should skip clear on exit rules. | |
| 149 bool force_keep_session_state_; | |
| 150 // Guard |pending_|, |num_pending_| and |force_keep_session_state_|. | |
| 151 base::Lock lock_; | |
| 152 | |
| 153 scoped_refptr<base::SequencedTaskRunner> background_task_runner_; | |
| 154 | |
| 155 // Indicates if the kill-database callback has been scheduled. | |
| 156 bool corruption_detected_; | |
| 157 | |
| 158 DISALLOW_COPY_AND_ASSIGN(Backend); | |
| 159 }; | |
| 160 | |
| 161 void SQLiteChannelIDStore::Backend::Load( | |
| 162 const LoadedCallback& loaded_callback) { | |
| 163 // This function should be called only once per instance. | |
| 164 DCHECK(!db_.get()); | |
| 165 scoped_ptr<ScopedVector<DefaultChannelIDStore::ChannelID> > channel_ids( | |
| 166 new ScopedVector<DefaultChannelIDStore::ChannelID>()); | |
| 167 ScopedVector<DefaultChannelIDStore::ChannelID>* channel_ids_ptr = | |
| 168 channel_ids.get(); | |
| 169 | |
| 170 background_task_runner_->PostTaskAndReply( | |
| 171 FROM_HERE, | |
| 172 base::Bind(&Backend::LoadInBackground, this, channel_ids_ptr), | |
| 173 base::Bind(loaded_callback, base::Passed(&channel_ids))); | |
| 174 } | |
| 175 | |
| 176 void SQLiteChannelIDStore::Backend::LoadInBackground( | |
| 177 ScopedVector<DefaultChannelIDStore::ChannelID>* channel_ids) { | |
| 178 DCHECK(background_task_runner_->RunsTasksOnCurrentThread()); | |
| 179 | |
| 180 // This method should be called only once per instance. | |
| 181 DCHECK(!db_.get()); | |
| 182 | |
| 183 base::TimeTicks start = base::TimeTicks::Now(); | |
| 184 | |
| 185 // Ensure the parent directory for storing certs is created before reading | |
| 186 // from it. | |
| 187 const base::FilePath dir = path_.DirName(); | |
| 188 if (!base::PathExists(dir) && !base::CreateDirectory(dir)) | |
| 189 return; | |
| 190 | |
| 191 int64 db_size = 0; | |
| 192 if (base::GetFileSize(path_, &db_size)) | |
| 193 UMA_HISTOGRAM_COUNTS("DomainBoundCerts.DBSizeInKB", db_size / 1024); | |
| 194 | |
| 195 db_.reset(new sql::Connection); | |
| 196 db_->set_histogram_tag("DomainBoundCerts"); | |
| 197 | |
| 198 // Unretained to avoid a ref loop with db_. | |
| 199 db_->set_error_callback( | |
| 200 base::Bind(&SQLiteChannelIDStore::Backend::DatabaseErrorCallback, | |
| 201 base::Unretained(this))); | |
| 202 | |
| 203 if (!db_->Open(path_)) { | |
| 204 NOTREACHED() << "Unable to open cert DB."; | |
| 205 if (corruption_detected_) | |
| 206 KillDatabase(); | |
| 207 db_.reset(); | |
| 208 return; | |
| 209 } | |
| 210 | |
| 211 if (!EnsureDatabaseVersion() || !InitTable(db_.get())) { | |
| 212 NOTREACHED() << "Unable to open cert DB."; | |
| 213 if (corruption_detected_) | |
| 214 KillDatabase(); | |
| 215 meta_table_.Reset(); | |
| 216 db_.reset(); | |
| 217 return; | |
| 218 } | |
| 219 | |
| 220 db_->Preload(); | |
| 221 | |
| 222 // Slurp all the certs into the out-vector. | |
| 223 sql::Statement smt(db_->GetUniqueStatement( | |
| 224 "SELECT origin, private_key, cert, cert_type, expiration_time, " | |
| 225 "creation_time FROM origin_bound_certs")); | |
| 226 if (!smt.is_valid()) { | |
| 227 if (corruption_detected_) | |
| 228 KillDatabase(); | |
| 229 meta_table_.Reset(); | |
| 230 db_.reset(); | |
| 231 return; | |
| 232 } | |
| 233 | |
| 234 while (smt.Step()) { | |
| 235 SSLClientCertType type = static_cast<SSLClientCertType>(smt.ColumnInt(3)); | |
| 236 if (type != CLIENT_CERT_ECDSA_SIGN) | |
| 237 continue; | |
| 238 std::string private_key_from_db, cert_from_db; | |
| 239 smt.ColumnBlobAsString(1, &private_key_from_db); | |
| 240 smt.ColumnBlobAsString(2, &cert_from_db); | |
| 241 scoped_ptr<DefaultChannelIDStore::ChannelID> channel_id( | |
| 242 new DefaultChannelIDStore::ChannelID( | |
| 243 smt.ColumnString(0), // origin | |
| 244 base::Time::FromInternalValue(smt.ColumnInt64(5)), | |
| 245 base::Time::FromInternalValue(smt.ColumnInt64(4)), | |
| 246 private_key_from_db, | |
| 247 cert_from_db)); | |
| 248 channel_ids->push_back(channel_id.release()); | |
| 249 } | |
| 250 | |
| 251 UMA_HISTOGRAM_COUNTS_10000( | |
| 252 "DomainBoundCerts.DBLoadedCount", | |
| 253 static_cast<base::HistogramBase::Sample>(channel_ids->size())); | |
| 254 base::TimeDelta load_time = base::TimeTicks::Now() - start; | |
| 255 UMA_HISTOGRAM_CUSTOM_TIMES("DomainBoundCerts.DBLoadTime", | |
| 256 load_time, | |
| 257 base::TimeDelta::FromMilliseconds(1), | |
| 258 base::TimeDelta::FromMinutes(1), | |
| 259 50); | |
| 260 DVLOG(1) << "loaded " << channel_ids->size() << " in " | |
| 261 << load_time.InMilliseconds() << " ms"; | |
| 262 } | |
| 263 | |
| 264 bool SQLiteChannelIDStore::Backend::EnsureDatabaseVersion() { | |
| 265 // Version check. | |
| 266 if (!meta_table_.Init( | |
| 267 db_.get(), kCurrentVersionNumber, kCompatibleVersionNumber)) { | |
| 268 return false; | |
| 269 } | |
| 270 | |
| 271 if (meta_table_.GetCompatibleVersionNumber() > kCurrentVersionNumber) { | |
| 272 LOG(WARNING) << "Server bound cert database is too new."; | |
| 273 return false; | |
| 274 } | |
| 275 | |
| 276 int cur_version = meta_table_.GetVersionNumber(); | |
| 277 if (cur_version == 1) { | |
| 278 sql::Transaction transaction(db_.get()); | |
| 279 if (!transaction.Begin()) | |
| 280 return false; | |
| 281 if (!db_->Execute( | |
| 282 "ALTER TABLE origin_bound_certs ADD COLUMN cert_type " | |
| 283 "INTEGER")) { | |
| 284 LOG(WARNING) << "Unable to update server bound cert database to " | |
| 285 << "version 2."; | |
| 286 return false; | |
| 287 } | |
| 288 // All certs in version 1 database are rsa_sign, which are unsupported. | |
| 289 // Just discard them all. | |
| 290 if (!db_->Execute("DELETE from origin_bound_certs")) { | |
| 291 LOG(WARNING) << "Unable to update server bound cert database to " | |
| 292 << "version 2."; | |
| 293 return false; | |
| 294 } | |
| 295 ++cur_version; | |
| 296 meta_table_.SetVersionNumber(cur_version); | |
| 297 meta_table_.SetCompatibleVersionNumber( | |
| 298 std::min(cur_version, kCompatibleVersionNumber)); | |
| 299 transaction.Commit(); | |
| 300 } | |
| 301 | |
| 302 if (cur_version <= 3) { | |
| 303 sql::Transaction transaction(db_.get()); | |
| 304 if (!transaction.Begin()) | |
| 305 return false; | |
| 306 | |
| 307 if (cur_version == 2) { | |
| 308 if (!db_->Execute( | |
| 309 "ALTER TABLE origin_bound_certs ADD COLUMN " | |
| 310 "expiration_time INTEGER")) { | |
| 311 LOG(WARNING) << "Unable to update server bound cert database to " | |
| 312 << "version 4."; | |
| 313 return false; | |
| 314 } | |
| 315 } | |
| 316 | |
| 317 if (!db_->Execute( | |
| 318 "ALTER TABLE origin_bound_certs ADD COLUMN " | |
| 319 "creation_time INTEGER")) { | |
| 320 LOG(WARNING) << "Unable to update server bound cert database to " | |
| 321 << "version 4."; | |
| 322 return false; | |
| 323 } | |
| 324 | |
| 325 sql::Statement statement( | |
| 326 db_->GetUniqueStatement("SELECT origin, cert FROM origin_bound_certs")); | |
| 327 sql::Statement update_expires_statement(db_->GetUniqueStatement( | |
| 328 "UPDATE origin_bound_certs SET expiration_time = ? WHERE origin = ?")); | |
| 329 sql::Statement update_creation_statement(db_->GetUniqueStatement( | |
| 330 "UPDATE origin_bound_certs SET creation_time = ? WHERE origin = ?")); | |
| 331 if (!statement.is_valid() || !update_expires_statement.is_valid() || | |
| 332 !update_creation_statement.is_valid()) { | |
| 333 LOG(WARNING) << "Unable to update server bound cert database to " | |
| 334 << "version 4."; | |
| 335 return false; | |
| 336 } | |
| 337 | |
| 338 while (statement.Step()) { | |
| 339 std::string origin = statement.ColumnString(0); | |
| 340 std::string cert_from_db; | |
| 341 statement.ColumnBlobAsString(1, &cert_from_db); | |
| 342 // Parse the cert and extract the real value and then update the DB. | |
| 343 scoped_refptr<X509Certificate> cert(X509Certificate::CreateFromBytes( | |
| 344 cert_from_db.data(), static_cast<int>(cert_from_db.size()))); | |
| 345 if (cert.get()) { | |
| 346 if (cur_version == 2) { | |
| 347 update_expires_statement.Reset(true); | |
| 348 update_expires_statement.BindInt64( | |
| 349 0, cert->valid_expiry().ToInternalValue()); | |
| 350 update_expires_statement.BindString(1, origin); | |
| 351 if (!update_expires_statement.Run()) { | |
| 352 LOG(WARNING) << "Unable to update server bound cert database to " | |
| 353 << "version 4."; | |
| 354 return false; | |
| 355 } | |
| 356 } | |
| 357 | |
| 358 update_creation_statement.Reset(true); | |
| 359 update_creation_statement.BindInt64( | |
| 360 0, cert->valid_start().ToInternalValue()); | |
| 361 update_creation_statement.BindString(1, origin); | |
| 362 if (!update_creation_statement.Run()) { | |
| 363 LOG(WARNING) << "Unable to update server bound cert database to " | |
| 364 << "version 4."; | |
| 365 return false; | |
| 366 } | |
| 367 } else { | |
| 368 // If there's a cert we can't parse, just leave it. It'll get replaced | |
| 369 // with a new one if we ever try to use it. | |
| 370 LOG(WARNING) << "Error parsing cert for database upgrade for origin " | |
| 371 << statement.ColumnString(0); | |
| 372 } | |
| 373 } | |
| 374 | |
| 375 cur_version = 4; | |
| 376 meta_table_.SetVersionNumber(cur_version); | |
| 377 meta_table_.SetCompatibleVersionNumber( | |
| 378 std::min(cur_version, kCompatibleVersionNumber)); | |
| 379 transaction.Commit(); | |
| 380 } | |
| 381 | |
| 382 // Put future migration cases here. | |
| 383 | |
| 384 // When the version is too old, we just try to continue anyway, there should | |
| 385 // not be a released product that makes a database too old for us to handle. | |
| 386 LOG_IF(WARNING, cur_version < kCurrentVersionNumber) | |
| 387 << "Server bound cert database version " << cur_version | |
| 388 << " is too old to handle."; | |
| 389 | |
| 390 return true; | |
| 391 } | |
| 392 | |
| 393 void SQLiteChannelIDStore::Backend::DatabaseErrorCallback( | |
| 394 int error, | |
| 395 sql::Statement* stmt) { | |
| 396 DCHECK(background_task_runner_->RunsTasksOnCurrentThread()); | |
| 397 | |
| 398 if (!sql::IsErrorCatastrophic(error)) | |
| 399 return; | |
| 400 | |
| 401 // TODO(shess): Running KillDatabase() multiple times should be | |
| 402 // safe. | |
| 403 if (corruption_detected_) | |
| 404 return; | |
| 405 | |
| 406 corruption_detected_ = true; | |
| 407 | |
| 408 // TODO(shess): Consider just calling RazeAndClose() immediately. | |
| 409 // db_ may not be safe to reset at this point, but RazeAndClose() | |
| 410 // would cause the stack to unwind safely with errors. | |
| 411 background_task_runner_->PostTask(FROM_HERE, | |
| 412 base::Bind(&Backend::KillDatabase, this)); | |
| 413 } | |
| 414 | |
| 415 void SQLiteChannelIDStore::Backend::KillDatabase() { | |
| 416 DCHECK(background_task_runner_->RunsTasksOnCurrentThread()); | |
| 417 | |
| 418 if (db_) { | |
| 419 // This Backend will now be in-memory only. In a future run the database | |
| 420 // will be recreated. Hopefully things go better then! | |
| 421 bool success = db_->RazeAndClose(); | |
| 422 UMA_HISTOGRAM_BOOLEAN("DomainBoundCerts.KillDatabaseResult", success); | |
| 423 meta_table_.Reset(); | |
| 424 db_.reset(); | |
| 425 } | |
| 426 } | |
| 427 | |
| 428 void SQLiteChannelIDStore::Backend::AddChannelID( | |
| 429 const DefaultChannelIDStore::ChannelID& channel_id) { | |
| 430 BatchOperation(PendingOperation::CHANNEL_ID_ADD, channel_id); | |
| 431 } | |
| 432 | |
| 433 void SQLiteChannelIDStore::Backend::DeleteChannelID( | |
| 434 const DefaultChannelIDStore::ChannelID& channel_id) { | |
| 435 BatchOperation(PendingOperation::CHANNEL_ID_DELETE, channel_id); | |
| 436 } | |
| 437 | |
| 438 void SQLiteChannelIDStore::Backend::DeleteAllInList( | |
| 439 const std::list<std::string>& server_identifiers) { | |
| 440 if (server_identifiers.empty()) | |
| 441 return; | |
| 442 // Perform deletion on background task runner. | |
| 443 background_task_runner_->PostTask( | |
| 444 FROM_HERE, | |
| 445 base::Bind( | |
| 446 &Backend::BackgroundDeleteAllInList, this, server_identifiers)); | |
| 447 } | |
| 448 | |
| 449 void SQLiteChannelIDStore::Backend::BatchOperation( | |
| 450 PendingOperation::OperationType op, | |
| 451 const DefaultChannelIDStore::ChannelID& channel_id) { | |
| 452 // Commit every 30 seconds. | |
| 453 static const int kCommitIntervalMs = 30 * 1000; | |
| 454 // Commit right away if we have more than 512 outstanding operations. | |
| 455 static const size_t kCommitAfterBatchSize = 512; | |
| 456 | |
| 457 // We do a full copy of the cert here, and hopefully just here. | |
| 458 scoped_ptr<PendingOperation> po(new PendingOperation(op, channel_id)); | |
| 459 | |
| 460 PendingOperationsList::size_type num_pending; | |
| 461 { | |
| 462 base::AutoLock locked(lock_); | |
| 463 pending_.push_back(po.release()); | |
| 464 num_pending = ++num_pending_; | |
| 465 } | |
| 466 | |
| 467 if (num_pending == 1) { | |
| 468 // We've gotten our first entry for this batch, fire off the timer. | |
| 469 background_task_runner_->PostDelayedTask( | |
| 470 FROM_HERE, | |
| 471 base::Bind(&Backend::Commit, this), | |
| 472 base::TimeDelta::FromMilliseconds(kCommitIntervalMs)); | |
| 473 } else if (num_pending == kCommitAfterBatchSize) { | |
| 474 // We've reached a big enough batch, fire off a commit now. | |
| 475 background_task_runner_->PostTask(FROM_HERE, | |
| 476 base::Bind(&Backend::Commit, this)); | |
| 477 } | |
| 478 } | |
| 479 | |
| 480 void SQLiteChannelIDStore::Backend::Commit() { | |
| 481 DCHECK(background_task_runner_->RunsTasksOnCurrentThread()); | |
| 482 | |
| 483 PendingOperationsList ops; | |
| 484 { | |
| 485 base::AutoLock locked(lock_); | |
| 486 pending_.swap(ops); | |
| 487 num_pending_ = 0; | |
| 488 } | |
| 489 | |
| 490 // Maybe an old timer fired or we are already Close()'ed. | |
| 491 if (!db_.get() || ops.empty()) | |
| 492 return; | |
| 493 | |
| 494 sql::Statement add_statement(db_->GetCachedStatement( | |
| 495 SQL_FROM_HERE, | |
| 496 "INSERT INTO origin_bound_certs (origin, private_key, cert, cert_type, " | |
| 497 "expiration_time, creation_time) VALUES (?,?,?,?,?,?)")); | |
| 498 if (!add_statement.is_valid()) | |
| 499 return; | |
| 500 | |
| 501 sql::Statement del_statement(db_->GetCachedStatement( | |
| 502 SQL_FROM_HERE, "DELETE FROM origin_bound_certs WHERE origin=?")); | |
| 503 if (!del_statement.is_valid()) | |
| 504 return; | |
| 505 | |
| 506 sql::Transaction transaction(db_.get()); | |
| 507 if (!transaction.Begin()) | |
| 508 return; | |
| 509 | |
| 510 for (PendingOperationsList::iterator it = ops.begin(); it != ops.end(); | |
| 511 ++it) { | |
| 512 // Free the certs as we commit them to the database. | |
| 513 scoped_ptr<PendingOperation> po(*it); | |
| 514 switch (po->op()) { | |
| 515 case PendingOperation::CHANNEL_ID_ADD: { | |
| 516 add_statement.Reset(true); | |
| 517 add_statement.BindString(0, po->channel_id().server_identifier()); | |
| 518 const std::string& private_key = po->channel_id().private_key(); | |
| 519 add_statement.BindBlob( | |
| 520 1, private_key.data(), static_cast<int>(private_key.size())); | |
| 521 const std::string& cert = po->channel_id().cert(); | |
| 522 add_statement.BindBlob(2, cert.data(), static_cast<int>(cert.size())); | |
| 523 add_statement.BindInt(3, CLIENT_CERT_ECDSA_SIGN); | |
| 524 add_statement.BindInt64( | |
| 525 4, po->channel_id().expiration_time().ToInternalValue()); | |
| 526 add_statement.BindInt64( | |
| 527 5, po->channel_id().creation_time().ToInternalValue()); | |
| 528 if (!add_statement.Run()) | |
| 529 NOTREACHED() << "Could not add a server bound cert to the DB."; | |
| 530 break; | |
| 531 } | |
| 532 case PendingOperation::CHANNEL_ID_DELETE: | |
| 533 del_statement.Reset(true); | |
| 534 del_statement.BindString(0, po->channel_id().server_identifier()); | |
| 535 if (!del_statement.Run()) | |
| 536 NOTREACHED() << "Could not delete a server bound cert from the DB."; | |
| 537 break; | |
| 538 | |
| 539 default: | |
| 540 NOTREACHED(); | |
| 541 break; | |
| 542 } | |
| 543 } | |
| 544 transaction.Commit(); | |
| 545 } | |
| 546 | |
| 547 // Fire off a close message to the background task runner. We could still have a | |
| 548 // pending commit timer that will be holding a reference on us, but if/when | |
| 549 // this fires we will already have been cleaned up and it will be ignored. | |
| 550 void SQLiteChannelIDStore::Backend::Close() { | |
| 551 // Must close the backend on the background task runner. | |
| 552 background_task_runner_->PostTask( | |
| 553 FROM_HERE, base::Bind(&Backend::InternalBackgroundClose, this)); | |
| 554 } | |
| 555 | |
| 556 void SQLiteChannelIDStore::Backend::InternalBackgroundClose() { | |
| 557 DCHECK(background_task_runner_->RunsTasksOnCurrentThread()); | |
| 558 // Commit any pending operations | |
| 559 Commit(); | |
| 560 db_.reset(); | |
| 561 } | |
| 562 | |
| 563 void SQLiteChannelIDStore::Backend::BackgroundDeleteAllInList( | |
| 564 const std::list<std::string>& server_identifiers) { | |
| 565 DCHECK(background_task_runner_->RunsTasksOnCurrentThread()); | |
| 566 | |
| 567 if (!db_.get()) | |
| 568 return; | |
| 569 | |
| 570 sql::Statement del_smt(db_->GetCachedStatement( | |
| 571 SQL_FROM_HERE, "DELETE FROM origin_bound_certs WHERE origin=?")); | |
| 572 if (!del_smt.is_valid()) { | |
| 573 LOG(WARNING) << "Unable to delete channel ids."; | |
| 574 return; | |
| 575 } | |
| 576 | |
| 577 sql::Transaction transaction(db_.get()); | |
| 578 if (!transaction.Begin()) { | |
| 579 LOG(WARNING) << "Unable to delete channel ids."; | |
| 580 return; | |
| 581 } | |
| 582 | |
| 583 for (std::list<std::string>::const_iterator it = server_identifiers.begin(); | |
| 584 it != server_identifiers.end(); | |
| 585 ++it) { | |
| 586 del_smt.Reset(true); | |
| 587 del_smt.BindString(0, *it); | |
| 588 if (!del_smt.Run()) | |
| 589 NOTREACHED() << "Could not delete a channel id from the DB."; | |
| 590 } | |
| 591 | |
| 592 if (!transaction.Commit()) | |
| 593 LOG(WARNING) << "Unable to delete channel ids."; | |
| 594 } | |
| 595 | |
| 596 void SQLiteChannelIDStore::Backend::SetForceKeepSessionState() { | |
| 597 base::AutoLock locked(lock_); | |
| 598 force_keep_session_state_ = true; | |
| 599 } | |
| 600 | |
| 601 SQLiteChannelIDStore::SQLiteChannelIDStore( | |
| 602 const base::FilePath& path, | |
| 603 const scoped_refptr<base::SequencedTaskRunner>& background_task_runner) | |
| 604 : backend_(new Backend(path, background_task_runner)) { | |
| 605 } | |
| 606 | |
| 607 void SQLiteChannelIDStore::Load(const LoadedCallback& loaded_callback) { | |
| 608 backend_->Load(loaded_callback); | |
| 609 } | |
| 610 | |
| 611 void SQLiteChannelIDStore::AddChannelID( | |
| 612 const DefaultChannelIDStore::ChannelID& channel_id) { | |
| 613 backend_->AddChannelID(channel_id); | |
| 614 } | |
| 615 | |
| 616 void SQLiteChannelIDStore::DeleteChannelID( | |
| 617 const DefaultChannelIDStore::ChannelID& channel_id) { | |
| 618 backend_->DeleteChannelID(channel_id); | |
| 619 } | |
| 620 | |
| 621 void SQLiteChannelIDStore::DeleteAllInList( | |
| 622 const std::list<std::string>& server_identifiers) { | |
| 623 backend_->DeleteAllInList(server_identifiers); | |
| 624 } | |
| 625 | |
| 626 void SQLiteChannelIDStore::SetForceKeepSessionState() { | |
| 627 backend_->SetForceKeepSessionState(); | |
| 628 } | |
| 629 | |
| 630 SQLiteChannelIDStore::~SQLiteChannelIDStore() { | |
| 631 backend_->Close(); | |
| 632 // We release our reference to the Backend, though it will probably still have | |
| 633 // a reference if the background task runner has not run Close() yet. | |
| 634 } | |
| 635 | |
| 636 } // namespace net | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 477253002:
Revert of Move sqlite_channel_id_store from chrome/browser/net to net/extras. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master