components/password_manager/core/browser/login_database.h

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_LOGIN_DATABASE_H_
   6 #define COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_LOGIN_DATABASE_H_
   7
   8 #include <string>
   9 #include <vector>
  10
  11 #include "base/compiler_specific.h"
  12 #include "base/files/file_path.h"
  13 #include "base/memory/scoped_vector.h"
  14 #include "base/pickle.h"
  15 #include "base/strings/string16.h"
  16 #include "components/password_manager/core/browser/password_store.h"
  17 #include "components/password_manager/core/browser/password_store_change.h"
  18 #include "components/password_manager/core/browser/psl_matching_helper.h"
  19 #include "components/password_manager/core/browser/statistics_table.h"
  20 #include "sql/connection.h"
  21 #include "sql/meta_table.h"
  22
  23 namespace password_manager {
  24
  25 extern const int kCurrentVersionNumber;
  26 extern const int kCompatibleVersionNumber;
  27
  28 // Interface to the database storage of login information, intended as a helper
  29 // for PasswordStore on platforms that need internal storage of some or all of
  30 // the login information.
  31 class LoginDatabase {
  32  public:
  33   LoginDatabase(const base::FilePath& db_path);
  34   virtual ~LoginDatabase();
  35
  36   // Actually creates/opens the database. If false is returned, no other method
  37   // should be called.
  38   virtual bool Init();
  39
  40   // Reports usage metrics to UMA.
  41   void ReportMetrics(const std::string& sync_username,
  42                      bool custom_passphrase_sync_enabled);
  43
  44   // Adds |form| to the list of remembered password forms. Returns the list of
  45   // changes applied ({}, {ADD}, {REMOVE, ADD}). If it returns {REMOVE, ADD}
  46   // then the REMOVE is associated with the form that was added. Thus only the
  47   // primary key columns contain the values associated with the removed form.
  48   PasswordStoreChangeList AddLogin(const autofill::PasswordForm& form)
  49       WARN_UNUSED_RESULT;
  50
  51   // Updates existing password form. Returns the list of applied changes
  52   // ({}, {UPDATE}). The password is looked up by the tuple {origin,
  53   // username_element, username_value, password_element, signon_realm}.
  54   // These columns stay intact.
  55   PasswordStoreChangeList UpdateLogin(const autofill::PasswordForm& form)
  56       WARN_UNUSED_RESULT;
  57
  58   // Removes |form| from the list of remembered password forms. Returns true if
  59   // |form| was successfully removed from the database.
  60   bool RemoveLogin(const autofill::PasswordForm& form) WARN_UNUSED_RESULT;
  61
  62   // Removes all logins created from |delete_begin| onwards (inclusive) and
  63   // before |delete_end|. You may use a null Time value to do an unbounded
  64   // delete in either direction.
  65   bool RemoveLoginsCreatedBetween(base::Time delete_begin,
  66                                   base::Time delete_end);
  67
  68   // Removes all logins synced from |delete_begin| onwards (inclusive) and
  69   // before |delete_end|. You may use a null Time value to do an unbounded
  70   // delete in either direction.
  71   bool RemoveLoginsSyncedBetween(base::Time delete_begin,
  72                                  base::Time delete_end);
  73
  74   // All Get* methods below overwrite |forms| with the returned credentials. On
  75   // success, those methods return true.
  76
  77   // Gets a list of credentials matching |form|, including blacklisted matches.
  78   bool GetLogins(const autofill::PasswordForm& form,
  79                  ScopedVector<autofill::PasswordForm>* forms) const
  80       WARN_UNUSED_RESULT;
  81
  82   // Gets all logins created from |begin| onwards (inclusive) and before |end|.
  83   // You may use a null Time value to do an unbounded search in either
  84   // direction.
  85   bool GetLoginsCreatedBetween(
  86       base::Time begin,
  87       base::Time end,
  88       ScopedVector<autofill::PasswordForm>* forms) const WARN_UNUSED_RESULT;
  89
  90   // Gets all logins synced from |begin| onwards (inclusive) and before |end|.
  91   // You may use a null Time value to do an unbounded search in either
  92   // direction.
  93   bool GetLoginsSyncedBetween(base::Time begin,
  94                               base::Time end,
  95                               ScopedVector<autofill::PasswordForm>* forms) const
  96       WARN_UNUSED_RESULT;
  97
  98   // Gets the complete list of not blacklisted credentials.
  99   bool GetAutofillableLogins(ScopedVector<autofill::PasswordForm>* forms) const
 100       WARN_UNUSED_RESULT;
 101
 102   // Gets the complete list of blacklisted credentials.
 103   bool GetBlacklistLogins(ScopedVector<autofill::PasswordForm>* forms) const
 104       WARN_UNUSED_RESULT;
 105
 106   // Deletes the login database file on disk, and creates a new, empty database.
 107   // This can be used after migrating passwords to some other store, to ensure
 108   // that SQLite doesn't leave fragments of passwords in the database file.
 109   // Returns true on success; otherwise, whether the file was deleted and
 110   // whether further use of this login database will succeed is unspecified.
 111   bool DeleteAndRecreateDatabaseFile();
 112
 113   StatisticsTable& stats_table() { return stats_table_; }
 114
 115   void set_clear_password_values(bool val) { clear_password_values_ = val; }
 116
 117  private:
 118   // Result values for encryption/decryption actions.
 119   enum EncryptionResult {
 120     // Success.
 121     ENCRYPTION_RESULT_SUCCESS,
 122     // Failure for a specific item (e.g., the encrypted value was manually
 123     // moved from another machine, and can't be decrypted on this machine).
 124     // This is presumed to be a permanent failure.
 125     ENCRYPTION_RESULT_ITEM_FAILURE,
 126     // A service-level failure (e.g., on a platform using a keyring, the keyring
 127     // is temporarily unavailable).
 128     // This is presumed to be a temporary failure.
 129     ENCRYPTION_RESULT_SERVICE_FAILURE,
 130   };
 131
 132   // Encrypts plain_text, setting the value of cipher_text and returning true if
 133   // successful, or returning false and leaving cipher_text unchanged if
 134   // encryption fails (e.g., if the underlying OS encryption system is
 135   // temporarily unavailable).
 136   static EncryptionResult EncryptedString(const base::string16& plain_text,
 137                                           std::string* cipher_text);
 138
 139   // Decrypts cipher_text, setting the value of plain_text and returning true if
 140   // successful, or returning false and leaving plain_text unchanged if
 141   // decryption fails (e.g., if the underlying OS encryption system is
 142   // temporarily unavailable).
 143   static EncryptionResult DecryptedString(const std::string& cipher_text,
 144                                           base::string16* plain_text);
 145
 146   bool InitLoginsTable();
 147   bool MigrateOldVersionsAsNeeded();
 148
 149   // Fills |form| from the values in the given statement (which is assumed to
 150   // be of the form used by the Get*Logins methods).
 151   // Returns the EncryptionResult from decrypting the password in |s|; if not
 152   // ENCRYPTION_RESULT_SUCCESS, |form| is not filled.
 153   static EncryptionResult InitPasswordFormFromStatement(
 154       autofill::PasswordForm* form,
 155       sql::Statement& s);
 156
 157   // Gets all blacklisted or all non-blacklisted (depending on |blacklisted|)
 158   // credentials. On success returns true and overwrites |forms| with the
 159   // result.
 160   bool GetAllLoginsWithBlacklistSetting(
 161       bool blacklisted,
 162       ScopedVector<autofill::PasswordForm>* forms) const;
 163
 164   // Overwrites |forms| with credentials retrieved from |statement|. If
 165   // |psl_match| is not null, filters out all results but thos PSL-matching
 166   // |*psl_match|. On success returns true.
 167   static bool StatementToForms(sql::Statement* statement,
 168                                const autofill::PasswordForm* psl_match,
 169                                ScopedVector<autofill::PasswordForm>* forms);
 170
 171   base::FilePath db_path_;
 172   mutable sql::Connection db_;
 173   sql::MetaTable meta_table_;
 174   StatisticsTable stats_table_;
 175
 176   // If set to 'true', then the password values are cleared before encrypting
 177   // and storing in the database. At the same time AddLogin/UpdateLogin return
 178   // PasswordStoreChangeList containing the real password.
 179   // This is a temporary measure for migration the Keychain on Mac.
 180   // crbug.com/466638
 181   bool clear_password_values_;
 182
 183   DISALLOW_COPY_AND_ASSIGN(LoginDatabase);
 184 };
 185
 186 }  // namespace password_manager
 187
 188 #endif  // COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_LOGIN_DATABASE_H_