search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add histograms for SQLiteServerBoundCertStore loading.
[chromium-blink-merge.git] / chrome / browser / net / sqlite_server_bound_cert_store.cc
blobfb6ab57c3d61c8791ab7fc75de3cd50ec3719f72
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/net/sqlite_server_bound_cert_store.h"
6
7 #include <list>
8 #include <set>
9
10 #include "base/basictypes.h"
11 #include "base/bind.h"
12 #include "base/file_path.h"
13 #include "base/file_util.h"
14 #include "base/logging.h"
15 #include "base/memory/scoped_ptr.h"
16 #include "base/metrics/histogram.h"
17 #include "base/string_util.h"
18 #include "base/threading/thread.h"
19 #include "base/threading/thread_restrictions.h"
20 #include "chrome/browser/diagnostics/sqlite_diagnostics.h"
21 #include "chrome/browser/net/clear_on_exit_policy.h"
22 #include "content/public/browser/browser_thread.h"
23 #include "net/base/ssl_client_cert_type.h"
24 #include "net/base/x509_certificate.h"
25 #include "sql/meta_table.h"
26 #include "sql/statement.h"
27 #include "sql/transaction.h"
28
29 using content::BrowserThread;
30
31 // This class is designed to be shared between any calling threads and the
32 // database thread. It batches operations and commits them on a timer.
33 class SQLiteServerBoundCertStore::Backend
34 : public base::RefCountedThreadSafe<SQLiteServerBoundCertStore::Backend> {
35 public:
36 Backend(const FilePath& path, ClearOnExitPolicy* clear_on_exit_policy)
37 : path_(path),
38 db_(NULL),
39 num_pending_(0),
40 force_keep_session_state_(false),
41 clear_on_exit_policy_(clear_on_exit_policy) {
42 }
43
44 // Creates or load the SQLite database.
45 bool Load(
46 std::vector<net::DefaultServerBoundCertStore::ServerBoundCert*>* certs);
47
48 // Batch a server bound cert addition.
49 void AddServerBoundCert(
50 const net::DefaultServerBoundCertStore::ServerBoundCert& cert);
51
52 // Batch a server bound cert deletion.
53 void DeleteServerBoundCert(
54 const net::DefaultServerBoundCertStore::ServerBoundCert& cert);
55
56 // Commit pending operations as soon as possible.
57 void Flush(const base::Closure& completion_task);
58
59 // Commit any pending operations and close the database. This must be called
60 // before the object is destructed.
61 void Close();
62
63 void SetForceKeepSessionState();
64
65 private:
66 friend class base::RefCountedThreadSafe<SQLiteServerBoundCertStore::Backend>;
67
68 // You should call Close() before destructing this object.
69 ~Backend() {
70 DCHECK(!db_.get()) << "Close should have already been called.";
71 DCHECK(num_pending_ == 0 && pending_.empty());
72 }
73
74 // Database upgrade statements.
75 bool EnsureDatabaseVersion();
76
77 class PendingOperation {
78 public:
79 typedef enum {
80 CERT_ADD,
81 CERT_DELETE
82 } OperationType;
83
84 PendingOperation(
85 OperationType op,
86 const net::DefaultServerBoundCertStore::ServerBoundCert& cert)
87 : op_(op), cert_(cert) {}
88
89 OperationType op() const { return op_; }
90 const net::DefaultServerBoundCertStore::ServerBoundCert& cert() const {
91 return cert_;
92 }
93
94 private:
95 OperationType op_;
96 net::DefaultServerBoundCertStore::ServerBoundCert cert_;
97 };
98
99 private:
100 // Batch a server bound cert operation (add or delete)
101 void BatchOperation(
102 PendingOperation::OperationType op,
103 const net::DefaultServerBoundCertStore::ServerBoundCert& cert);
104 // Commit our pending operations to the database.
105 void Commit();
106 // Close() executed on the background thread.
107 void InternalBackgroundClose();
108
109 void DeleteCertificatesOnShutdown();
110
111 FilePath path_;
112 scoped_ptr<sql::Connection> db_;
113 sql::MetaTable meta_table_;
114
115 typedef std::list<PendingOperation*> PendingOperationsList;
116 PendingOperationsList pending_;
117 PendingOperationsList::size_type num_pending_;
118 // True if the persistent store should skip clear on exit rules.
119 bool force_keep_session_state_;
120 // Guard |pending_|, |num_pending_| and |force_keep_session_state_|.
121 base::Lock lock_;
122
123 // Cache of origins we have certificates stored for.
124 std::set<std::string> cert_origins_;
125
126 scoped_refptr<ClearOnExitPolicy> clear_on_exit_policy_;
127
128 DISALLOW_COPY_AND_ASSIGN(Backend);
129 };
130
131 // Version number of the database.
132 static const int kCurrentVersionNumber = 4;
133 static const int kCompatibleVersionNumber = 1;
134
135 namespace {
136
137 // Initializes the certs table, returning true on success.
138 bool InitTable(sql::Connection* db) {
139 // The table is named "origin_bound_certs" for backwards compatability before
140 // we renamed this class to SQLiteServerBoundCertStore. Likewise, the primary
141 // key is "origin", but now can be other things like a plain domain.
142 if (!db->DoesTableExist("origin_bound_certs")) {
143 if (!db->Execute("CREATE TABLE origin_bound_certs ("
144 "origin TEXT NOT NULL UNIQUE PRIMARY KEY,"
145 "private_key BLOB NOT NULL,"
146 "cert BLOB NOT NULL,"
147 "cert_type INTEGER,"
148 "expiration_time INTEGER,"
149 "creation_time INTEGER)"))
150 return false;
151 }
152
153 return true;
154 }
155
156 } // namespace
157
158 bool SQLiteServerBoundCertStore::Backend::Load(
159 std::vector<net::DefaultServerBoundCertStore::ServerBoundCert*>* certs) {
160 // This function should be called only once per instance.
161 DCHECK(!db_.get());
162
163 // TODO(paivanof@gmail.com): We do a lot of disk access in this function,
164 // thus we do an exception to allow IO on the UI thread. This code will be
165 // moved to the DB thread as part of http://crbug.com/89665.
166 base::ThreadRestrictions::ScopedAllowIO allow_io;
167
168 base::TimeTicks start = base::TimeTicks::Now();
169
170 // Ensure the parent directory for storing certs is created before reading
171 // from it.
172 const FilePath dir = path_.DirName();
173 if (!file_util::PathExists(dir) && !file_util::CreateDirectory(dir))
174 return false;
175
176 int64 db_size = 0;
177 if (file_util::GetFileSize(path_, &db_size))
178 UMA_HISTOGRAM_COUNTS("DomainBoundCerts.DBSizeInKB", db_size / 1024 );
179
180 db_.reset(new sql::Connection);
181 if (!db_->Open(path_)) {
182 NOTREACHED() << "Unable to open cert DB.";
183 db_.reset();
184 return false;
185 }
186
187 if (!EnsureDatabaseVersion() || !InitTable(db_.get())) {
188 NOTREACHED() << "Unable to open cert DB.";
189 db_.reset();
190 return false;
191 }
192
193 db_->Preload();
194
195 // Slurp all the certs into the out-vector.
196 sql::Statement smt(db_->GetUniqueStatement(
197 "SELECT origin, private_key, cert, cert_type, expiration_time, "
198 "creation_time FROM origin_bound_certs"));
199 if (!smt.is_valid()) {
200 db_.reset();
201 return false;
202 }
203
204 while (smt.Step()) {
205 std::string private_key_from_db, cert_from_db;
206 smt.ColumnBlobAsString(1, &private_key_from_db);
207 smt.ColumnBlobAsString(2, &cert_from_db);
208 scoped_ptr<net::DefaultServerBoundCertStore::ServerBoundCert> cert(
209 new net::DefaultServerBoundCertStore::ServerBoundCert(
210 smt.ColumnString(0), // origin
211 static_cast<net::SSLClientCertType>(smt.ColumnInt(3)),
212 base::Time::FromInternalValue(smt.ColumnInt64(5)),
213 base::Time::FromInternalValue(smt.ColumnInt64(4)),
214 private_key_from_db,
215 cert_from_db));
216 cert_origins_.insert(cert->server_identifier());
217 certs->push_back(cert.release());
218 }
219
220 UMA_HISTOGRAM_COUNTS_10000("DomainBoundCerts.DBLoadedCount", certs->size());
221 UMA_HISTOGRAM_CUSTOM_TIMES("DomainBoundCerts.DBLoadTime",
222 base::TimeTicks::Now() - start,
223 base::TimeDelta::FromMilliseconds(1),
224 base::TimeDelta::FromMinutes(1),
225 50);
226 return true;
227 }
228
229 bool SQLiteServerBoundCertStore::Backend::EnsureDatabaseVersion() {
230 // Version check.
231 if (!meta_table_.Init(
232 db_.get(), kCurrentVersionNumber, kCompatibleVersionNumber)) {
233 return false;
234 }
235
236 if (meta_table_.GetCompatibleVersionNumber() > kCurrentVersionNumber) {
237 LOG(WARNING) << "Server bound cert database is too new.";
238 return false;
239 }
240
241 int cur_version = meta_table_.GetVersionNumber();
242 if (cur_version == 1) {
243 sql::Transaction transaction(db_.get());
244 if (!transaction.Begin())
245 return false;
246 if (!db_->Execute("ALTER TABLE origin_bound_certs ADD COLUMN cert_type "
247 "INTEGER")) {
248 LOG(WARNING) << "Unable to update server bound cert database to "
249 << "version 2.";
250 return false;
251 }
252 // All certs in version 1 database are rsa_sign, which has a value of 1.
253 if (!db_->Execute("UPDATE origin_bound_certs SET cert_type = 1")) {
254 LOG(WARNING) << "Unable to update server bound cert database to "
255 << "version 2.";
256 return false;
257 }
258 ++cur_version;
259 meta_table_.SetVersionNumber(cur_version);
260 meta_table_.SetCompatibleVersionNumber(
261 std::min(cur_version, kCompatibleVersionNumber));
262 transaction.Commit();
263 }
264
265 if (cur_version <= 3) {
266 sql::Transaction transaction(db_.get());
267 if (!transaction.Begin())
268 return false;
269
270 if (cur_version == 2) {
271 if (!db_->Execute("ALTER TABLE origin_bound_certs ADD COLUMN "
272 "expiration_time INTEGER")) {
273 LOG(WARNING) << "Unable to update server bound cert database to "
274 << "version 4.";
275 return false;
276 }
277 }
278
279 if (!db_->Execute("ALTER TABLE origin_bound_certs ADD COLUMN "
280 "creation_time INTEGER")) {
281 LOG(WARNING) << "Unable to update server bound cert database to "
282 << "version 4.";
283 return false;
284 }
285
286 sql::Statement smt(db_->GetUniqueStatement(
287 "SELECT origin, cert FROM origin_bound_certs"));
288 sql::Statement update_expires_smt(db_->GetUniqueStatement(
289 "UPDATE origin_bound_certs SET expiration_time = ? WHERE origin = ?"));
290 sql::Statement update_creation_smt(db_->GetUniqueStatement(
291 "UPDATE origin_bound_certs SET creation_time = ? WHERE origin = ?"));
292 if (!smt.is_valid() ||
293 !update_expires_smt.is_valid() ||
294 !update_creation_smt.is_valid()) {
295 LOG(WARNING) << "Unable to update server bound cert database to "
296 << "version 4.";
297 return false;
298 }
299
300 while (smt.Step()) {
301 std::string origin = smt.ColumnString(0);
302 std::string cert_from_db;
303 smt.ColumnBlobAsString(1, &cert_from_db);
304 // Parse the cert and extract the real value and then update the DB.
305 scoped_refptr<net::X509Certificate> cert(
306 net::X509Certificate::CreateFromBytes(
307 cert_from_db.data(), cert_from_db.size()));
308 if (cert) {
309 if (cur_version == 2) {
310 update_expires_smt.Reset(true);
311 update_expires_smt.BindInt64(0,
312 cert->valid_expiry().ToInternalValue());
313 update_expires_smt.BindString(1, origin);
314 if (!update_expires_smt.Run()) {
315 LOG(WARNING) << "Unable to update server bound cert database to "
316 << "version 4.";
317 return false;
318 }
319 }
320
321 update_creation_smt.Reset(true);
322 update_creation_smt.BindInt64(0, cert->valid_start().ToInternalValue());
323 update_creation_smt.BindString(1, origin);
324 if (!update_creation_smt.Run()) {
325 LOG(WARNING) << "Unable to update server bound cert database to "
326 << "version 4.";
327 return false;
328 }
329 } else {
330 // If there's a cert we can't parse, just leave it. It'll get replaced
331 // with a new one if we ever try to use it.
332 LOG(WARNING) << "Error parsing cert for database upgrade for origin "
333 << smt.ColumnString(0);
334 }
335 }
336
337 cur_version = 4;
338 meta_table_.SetVersionNumber(cur_version);
339 meta_table_.SetCompatibleVersionNumber(
340 std::min(cur_version, kCompatibleVersionNumber));
341 transaction.Commit();
342 }
343
344 // Put future migration cases here.
345
346 // When the version is too old, we just try to continue anyway, there should
347 // not be a released product that makes a database too old for us to handle.
348 LOG_IF(WARNING, cur_version < kCurrentVersionNumber) <<
349 "Server bound cert database version " << cur_version <<
350 " is too old to handle.";
351
352 return true;
353 }
354
355 void SQLiteServerBoundCertStore::Backend::AddServerBoundCert(
356 const net::DefaultServerBoundCertStore::ServerBoundCert& cert) {
357 BatchOperation(PendingOperation::CERT_ADD, cert);
358 }
359
360 void SQLiteServerBoundCertStore::Backend::DeleteServerBoundCert(
361 const net::DefaultServerBoundCertStore::ServerBoundCert& cert) {
362 BatchOperation(PendingOperation::CERT_DELETE, cert);
363 }
364
365 void SQLiteServerBoundCertStore::Backend::BatchOperation(
366 PendingOperation::OperationType op,
367 const net::DefaultServerBoundCertStore::ServerBoundCert& cert) {
368 // Commit every 30 seconds.
369 static const int kCommitIntervalMs = 30 * 1000;
370 // Commit right away if we have more than 512 outstanding operations.
371 static const size_t kCommitAfterBatchSize = 512;
372 DCHECK(!BrowserThread::CurrentlyOn(BrowserThread::DB));
373
374 // We do a full copy of the cert here, and hopefully just here.
375 scoped_ptr<PendingOperation> po(new PendingOperation(op, cert));
376
377 PendingOperationsList::size_type num_pending;
378 {
379 base::AutoLock locked(lock_);
380 pending_.push_back(po.release());
381 num_pending = ++num_pending_;
382 }
383
384 if (num_pending == 1) {
385 // We've gotten our first entry for this batch, fire off the timer.
386 BrowserThread::PostDelayedTask(
387 BrowserThread::DB, FROM_HERE,
388 base::Bind(&Backend::Commit, this),
389 base::TimeDelta::FromMilliseconds(kCommitIntervalMs));
390 } else if (num_pending == kCommitAfterBatchSize) {
391 // We've reached a big enough batch, fire off a commit now.
392 BrowserThread::PostTask(
393 BrowserThread::DB, FROM_HERE,
394 base::Bind(&Backend::Commit, this));
395 }
396 }
397
398 void SQLiteServerBoundCertStore::Backend::Commit() {
399 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::DB));
400
401 PendingOperationsList ops;
402 {
403 base::AutoLock locked(lock_);
404 pending_.swap(ops);
405 num_pending_ = 0;
406 }
407
408 // Maybe an old timer fired or we are already Close()'ed.
409 if (!db_.get() || ops.empty())
410 return;
411
412 sql::Statement add_smt(db_->GetCachedStatement(SQL_FROM_HERE,
413 "INSERT INTO origin_bound_certs (origin, private_key, cert, cert_type, "
414 "expiration_time, creation_time) VALUES (?,?,?,?,?,?)"));
415 if (!add_smt.is_valid())
416 return;
417
418 sql::Statement del_smt(db_->GetCachedStatement(SQL_FROM_HERE,
419 "DELETE FROM origin_bound_certs WHERE origin=?"));
420 if (!del_smt.is_valid())
421 return;
422
423 sql::Transaction transaction(db_.get());
424 if (!transaction.Begin())
425 return;
426
427 for (PendingOperationsList::iterator it = ops.begin();
428 it != ops.end(); ++it) {
429 // Free the certs as we commit them to the database.
430 scoped_ptr<PendingOperation> po(*it);
431 switch (po->op()) {
432 case PendingOperation::CERT_ADD: {
433 cert_origins_.insert(po->cert().server_identifier());
434 add_smt.Reset(true);
435 add_smt.BindString(0, po->cert().server_identifier());
436 const std::string& private_key = po->cert().private_key();
437 add_smt.BindBlob(1, private_key.data(), private_key.size());
438 const std::string& cert = po->cert().cert();
439 add_smt.BindBlob(2, cert.data(), cert.size());
440 add_smt.BindInt(3, po->cert().type());
441 add_smt.BindInt64(4, po->cert().expiration_time().ToInternalValue());
442 add_smt.BindInt64(5, po->cert().creation_time().ToInternalValue());
443 if (!add_smt.Run())
444 NOTREACHED() << "Could not add a server bound cert to the DB.";
445 break;
446 }
447 case PendingOperation::CERT_DELETE:
448 cert_origins_.erase(po->cert().server_identifier());
449 del_smt.Reset(true);
450 del_smt.BindString(0, po->cert().server_identifier());
451 if (!del_smt.Run())
452 NOTREACHED() << "Could not delete a server bound cert from the DB.";
453 break;
454
455 default:
456 NOTREACHED();
457 break;
458 }
459 }
460 transaction.Commit();
461 }
462
463 void SQLiteServerBoundCertStore::Backend::Flush(
464 const base::Closure& completion_task) {
465 DCHECK(!BrowserThread::CurrentlyOn(BrowserThread::DB));
466 BrowserThread::PostTask(
467 BrowserThread::DB, FROM_HERE, base::Bind(&Backend::Commit, this));
468 if (!completion_task.is_null()) {
469 // We want the completion task to run immediately after Commit() returns.
470 // Posting it from here means there is less chance of another task getting
471 // onto the message queue first, than if we posted it from Commit() itself.
472 BrowserThread::PostTask(BrowserThread::DB, FROM_HERE, completion_task);
473 }
474 }
475
476 // Fire off a close message to the background thread. We could still have a
477 // pending commit timer that will be holding a reference on us, but if/when
478 // this fires we will already have been cleaned up and it will be ignored.
479 void SQLiteServerBoundCertStore::Backend::Close() {
480 DCHECK(!BrowserThread::CurrentlyOn(BrowserThread::DB));
481 // Must close the backend on the background thread.
482 BrowserThread::PostTask(
483 BrowserThread::DB, FROM_HERE,
484 base::Bind(&Backend::InternalBackgroundClose, this));
485 }
486
487 void SQLiteServerBoundCertStore::Backend::InternalBackgroundClose() {
488 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::DB));
489 // Commit any pending operations
490 Commit();
491
492 if (!force_keep_session_state_ && clear_on_exit_policy_.get() &&
493 clear_on_exit_policy_->HasClearOnExitOrigins()) {
494 DeleteCertificatesOnShutdown();
495 }
496
497 db_.reset();
498 }
499
500 void SQLiteServerBoundCertStore::Backend::DeleteCertificatesOnShutdown() {
501 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::DB));
502
503 if (!db_.get())
504 return;
505
506 if (cert_origins_.empty())
507 return;
508
509 sql::Statement del_smt(db_->GetCachedStatement(
510 SQL_FROM_HERE, "DELETE FROM origin_bound_certs WHERE origin=?"));
511 if (!del_smt.is_valid()) {
512 LOG(WARNING) << "Unable to delete certificates on shutdown.";
513 return;
514 }
515
516 sql::Transaction transaction(db_.get());
517 if (!transaction.Begin()) {
518 LOG(WARNING) << "Unable to delete certificates on shutdown.";
519 return;
520 }
521
522 for (std::set<std::string>::iterator it = cert_origins_.begin();
523 it != cert_origins_.end(); ++it) {
524 if (!clear_on_exit_policy_->ShouldClearOriginOnExit(*it, true))
525 continue;
526 del_smt.Reset(true);
527 del_smt.BindString(0, *it);
528 if (!del_smt.Run())
529 NOTREACHED() << "Could not delete a certificate from the DB.";
530 }
531
532 if (!transaction.Commit())
533 LOG(WARNING) << "Unable to delete certificates on shutdown.";
534 }
535
536 void SQLiteServerBoundCertStore::Backend::SetForceKeepSessionState() {
537 base::AutoLock locked(lock_);
538 force_keep_session_state_ = true;
539 }
540
541 SQLiteServerBoundCertStore::SQLiteServerBoundCertStore(
542 const FilePath& path,
543 ClearOnExitPolicy* clear_on_exit_policy)
544 : backend_(new Backend(path, clear_on_exit_policy)) {
545 }
546
547 bool SQLiteServerBoundCertStore::Load(
548 std::vector<net::DefaultServerBoundCertStore::ServerBoundCert*>* certs) {
549 return backend_->Load(certs);
550 }
551
552 void SQLiteServerBoundCertStore::AddServerBoundCert(
553 const net::DefaultServerBoundCertStore::ServerBoundCert& cert) {
554 if (backend_.get())
555 backend_->AddServerBoundCert(cert);
556 }
557
558 void SQLiteServerBoundCertStore::DeleteServerBoundCert(
559 const net::DefaultServerBoundCertStore::ServerBoundCert& cert) {
560 if (backend_.get())
561 backend_->DeleteServerBoundCert(cert);
562 }
563
564 void SQLiteServerBoundCertStore::SetForceKeepSessionState() {
565 if (backend_.get())
566 backend_->SetForceKeepSessionState();
567 }
568
569 void SQLiteServerBoundCertStore::Flush(const base::Closure& completion_task) {
570 if (backend_.get())
571 backend_->Flush(completion_task);
572 else if (!completion_task.is_null())
573 MessageLoop::current()->PostTask(FROM_HERE, completion_task);
574 }
575
576 SQLiteServerBoundCertStore::~SQLiteServerBoundCertStore() {
577 if (backend_.get()) {
578 backend_->Close();
579 // Release our reference, it will probably still have a reference if the
580 // background thread has not run Close() yet.
581 backend_ = NULL;
582 }
583 }