components/password_manager/core/browser/login_database.h

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_LOGIN_DATABASE_H_
   6 #define COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_LOGIN_DATABASE_H_
   7
   8 #include <string>
   9 #include <vector>
  10
  11 #include "base/compiler_specific.h"
  12 #include "base/files/file_path.h"
  13 #include "base/memory/scoped_vector.h"
  14 #include "base/pickle.h"
  15 #include "base/strings/string16.h"
  16 #include "components/password_manager/core/browser/password_store.h"
  17 #include "components/password_manager/core/browser/password_store_change.h"
  18 #include "components/password_manager/core/browser/psl_matching_helper.h"
  19 #include "components/password_manager/core/browser/statistics_table.h"
  20 #include "sql/connection.h"
  21 #include "sql/meta_table.h"
  22
  23 namespace password_manager {
  24
  25 extern const int kCurrentVersionNumber;
  26
  27 // Interface to the database storage of login information, intended as a helper
  28 // for PasswordStore on platforms that need internal storage of some or all of
  29 // the login information.
  30 class LoginDatabase {
  31  public:
  32   LoginDatabase(const base::FilePath& db_path);
  33   virtual ~LoginDatabase();
  34
  35   // Actually creates/opens the database. If false is returned, no other method
  36   // should be called.
  37   virtual bool Init();
  38
  39   // Reports usage metrics to UMA.
  40   void ReportMetrics(const std::string& sync_username,
  41                      bool custom_passphrase_sync_enabled);
  42
  43   // Adds |form| to the list of remembered password forms. Returns the list of
  44   // changes applied ({}, {ADD}, {REMOVE, ADD}). If it returns {REMOVE, ADD}
  45   // then the REMOVE is associated with the form that was added. Thus only the
  46   // primary key columns contain the values associated with the removed form.
  47   PasswordStoreChangeList AddLogin(const autofill::PasswordForm& form)
  48       WARN_UNUSED_RESULT;
  49
  50   // Updates existing password form. Returns the list of applied changes
  51   // ({}, {UPDATE}). The password is looked up by the tuple {origin,
  52   // username_element, username_value, password_element, signon_realm}.
  53   // These columns stay intact.
  54   PasswordStoreChangeList UpdateLogin(const autofill::PasswordForm& form)
  55       WARN_UNUSED_RESULT;
  56
  57   // Removes |form| from the list of remembered password forms. Returns true if
  58   // |form| was successfully removed from the database.
  59   bool RemoveLogin(const autofill::PasswordForm& form) WARN_UNUSED_RESULT;
  60
  61   // Removes all logins created from |delete_begin| onwards (inclusive) and
  62   // before |delete_end|. You may use a null Time value to do an unbounded
  63   // delete in either direction.
  64   bool RemoveLoginsCreatedBetween(base::Time delete_begin,
  65                                   base::Time delete_end);
  66
  67   // Removes all logins synced from |delete_begin| onwards (inclusive) and
  68   // before |delete_end|. You may use a null Time value to do an unbounded
  69   // delete in either direction.
  70   bool RemoveLoginsSyncedBetween(base::Time delete_begin,
  71                                  base::Time delete_end);
  72
  73   // All Get* methods below overwrite |forms| with the returned credentials. On
  74   // success, those methods return true.
  75
  76   // Gets a list of credentials matching |form|, including blacklisted matches.
  77   bool GetLogins(const autofill::PasswordForm& form,
  78                  ScopedVector<autofill::PasswordForm>* forms) const
  79       WARN_UNUSED_RESULT;
  80
  81   // Gets all logins created from |begin| onwards (inclusive) and before |end|.
  82   // You may use a null Time value to do an unbounded search in either
  83   // direction.
  84   bool GetLoginsCreatedBetween(
  85       base::Time begin,
  86       base::Time end,
  87       ScopedVector<autofill::PasswordForm>* forms) const WARN_UNUSED_RESULT;
  88
  89   // Gets all logins synced from |begin| onwards (inclusive) and before |end|.
  90   // You may use a null Time value to do an unbounded search in either
  91   // direction.
  92   bool GetLoginsSyncedBetween(base::Time begin,
  93                               base::Time end,
  94                               ScopedVector<autofill::PasswordForm>* forms) const
  95       WARN_UNUSED_RESULT;
  96
  97   // Gets the complete list of not blacklisted credentials.
  98   bool GetAutofillableLogins(ScopedVector<autofill::PasswordForm>* forms) const
  99       WARN_UNUSED_RESULT;
 100
 101   // Gets the complete list of blacklisted credentials.
 102   bool GetBlacklistLogins(ScopedVector<autofill::PasswordForm>* forms) const
 103       WARN_UNUSED_RESULT;
 104
 105   // Deletes the login database file on disk, and creates a new, empty database.
 106   // This can be used after migrating passwords to some other store, to ensure
 107   // that SQLite doesn't leave fragments of passwords in the database file.
 108   // Returns true on success; otherwise, whether the file was deleted and
 109   // whether further use of this login database will succeed is unspecified.
 110   bool DeleteAndRecreateDatabaseFile();
 111
 112   StatisticsTable& stats_table() { return stats_table_; }
 113
 114   void set_clear_password_values(bool val) { clear_password_values_ = val; }
 115
 116  private:
 117   // Result values for encryption/decryption actions.
 118   enum EncryptionResult {
 119     // Success.
 120     ENCRYPTION_RESULT_SUCCESS,
 121     // Failure for a specific item (e.g., the encrypted value was manually
 122     // moved from another machine, and can't be decrypted on this machine).
 123     // This is presumed to be a permanent failure.
 124     ENCRYPTION_RESULT_ITEM_FAILURE,
 125     // A service-level failure (e.g., on a platform using a keyring, the keyring
 126     // is temporarily unavailable).
 127     // This is presumed to be a temporary failure.
 128     ENCRYPTION_RESULT_SERVICE_FAILURE,
 129   };
 130
 131   // Encrypts plain_text, setting the value of cipher_text and returning true if
 132   // successful, or returning false and leaving cipher_text unchanged if
 133   // encryption fails (e.g., if the underlying OS encryption system is
 134   // temporarily unavailable).
 135   static EncryptionResult EncryptedString(const base::string16& plain_text,
 136                                           std::string* cipher_text);
 137
 138   // Decrypts cipher_text, setting the value of plain_text and returning true if
 139   // successful, or returning false and leaving plain_text unchanged if
 140   // decryption fails (e.g., if the underlying OS encryption system is
 141   // temporarily unavailable).
 142   static EncryptionResult DecryptedString(const std::string& cipher_text,
 143                                           base::string16* plain_text);
 144
 145   bool InitLoginsTable();
 146   bool MigrateOldVersionsAsNeeded();
 147
 148   // Fills |form| from the values in the given statement (which is assumed to
 149   // be of the form used by the Get*Logins methods).
 150   // Returns the EncryptionResult from decrypting the password in |s|; if not
 151   // ENCRYPTION_RESULT_SUCCESS, |form| is not filled.
 152   static EncryptionResult InitPasswordFormFromStatement(
 153       autofill::PasswordForm* form,
 154       sql::Statement& s);
 155
 156   // Gets all blacklisted or all non-blacklisted (depending on |blacklisted|)
 157   // credentials. On success returns true and overwrites |forms| with the
 158   // result.
 159   bool GetAllLoginsWithBlacklistSetting(
 160       bool blacklisted,
 161       ScopedVector<autofill::PasswordForm>* forms) const;
 162
 163   // Overwrites |forms| with credentials retrieved from |statement|. If
 164   // |psl_match| is not null, filters out all results but thos PSL-matching
 165   // |*psl_match|. On success returns true.
 166   static bool StatementToForms(sql::Statement* statement,
 167                                const autofill::PasswordForm* psl_match,
 168                                ScopedVector<autofill::PasswordForm>* forms);
 169
 170   base::FilePath db_path_;
 171   mutable sql::Connection db_;
 172   sql::MetaTable meta_table_;
 173   StatisticsTable stats_table_;
 174
 175   // If set to 'true', then the password values are cleared before encrypting
 176   // and storing in the database. At the same time AddLogin/UpdateLogin return
 177   // PasswordStoreChangeList containing the real password.
 178   // This is a temporary measure for migration the Keychain on Mac.
 179   // crbug.com/466638
 180   bool clear_password_values_;
 181
 182   DISALLOW_COPY_AND_ASSIGN(LoginDatabase);
 183 };
 184
 185 }  // namespace password_manager
 186
 187 #endif  // COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_LOGIN_DATABASE_H_