Fix GN midl template for input/output checking
[chromium-blink-merge.git] / net / extras / sqlite / sqlite_channel_id_store.cc
blobd6828a7c18d8545953039379ce917dbcfd048d70
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/extras/sqlite/sqlite_channel_id_store.h"
7 #include <set>
9 #include "base/basictypes.h"
10 #include "base/bind.h"
11 #include "base/files/file_path.h"
12 #include "base/files/file_util.h"
13 #include "base/location.h"
14 #include "base/logging.h"
15 #include "base/memory/scoped_ptr.h"
16 #include "base/memory/scoped_vector.h"
17 #include "base/metrics/histogram.h"
18 #include "base/sequenced_task_runner.h"
19 #include "base/strings/string_util.h"
20 #include "crypto/ec_private_key.h"
21 #include "net/cert/asn1_util.h"
22 #include "net/cert/x509_certificate.h"
23 #include "net/cookies/cookie_util.h"
24 #include "net/ssl/channel_id_service.h"
25 #include "net/ssl/ssl_client_cert_type.h"
26 #include "sql/error_delegate_util.h"
27 #include "sql/meta_table.h"
28 #include "sql/statement.h"
29 #include "sql/transaction.h"
30 #include "url/gurl.h"
32 namespace {
34 // Version number of the database.
35 const int kCurrentVersionNumber = 5;
36 const int kCompatibleVersionNumber = 5;
38 } // namespace
40 namespace net {
42 // This class is designed to be shared between any calling threads and the
43 // background task runner. It batches operations and commits them on a timer.
44 class SQLiteChannelIDStore::Backend
45 : public base::RefCountedThreadSafe<SQLiteChannelIDStore::Backend> {
46 public:
47 Backend(
48 const base::FilePath& path,
49 const scoped_refptr<base::SequencedTaskRunner>& background_task_runner)
50 : path_(path),
51 num_pending_(0),
52 force_keep_session_state_(false),
53 background_task_runner_(background_task_runner),
54 corruption_detected_(false) {}
56 // Creates or loads the SQLite database.
57 void Load(const LoadedCallback& loaded_callback);
59 // Batch a channel ID addition.
60 void AddChannelID(const DefaultChannelIDStore::ChannelID& channel_id);
62 // Batch a channel ID deletion.
63 void DeleteChannelID(const DefaultChannelIDStore::ChannelID& channel_id);
65 // Post background delete of all channel ids for |server_identifiers|.
66 void DeleteAllInList(const std::list<std::string>& server_identifiers);
68 // Commit any pending operations and close the database. This must be called
69 // before the object is destructed.
70 void Close();
72 void SetForceKeepSessionState();
74 private:
75 friend class base::RefCountedThreadSafe<SQLiteChannelIDStore::Backend>;
77 // You should call Close() before destructing this object.
78 virtual ~Backend() {
79 DCHECK(!db_.get()) << "Close should have already been called.";
80 DCHECK_EQ(0u, num_pending_);
81 DCHECK(pending_.empty());
84 void LoadInBackground(
85 ScopedVector<DefaultChannelIDStore::ChannelID>* channel_ids);
87 // Database upgrade statements.
88 bool EnsureDatabaseVersion();
90 class PendingOperation {
91 public:
92 enum OperationType { CHANNEL_ID_ADD, CHANNEL_ID_DELETE };
94 PendingOperation(OperationType op,
95 const DefaultChannelIDStore::ChannelID& channel_id)
96 : op_(op), channel_id_(channel_id) {}
98 OperationType op() const { return op_; }
99 const DefaultChannelIDStore::ChannelID& channel_id() const {
100 return channel_id_;
103 private:
104 OperationType op_;
105 DefaultChannelIDStore::ChannelID channel_id_;
108 private:
109 // Batch a channel id operation (add or delete).
110 void BatchOperation(PendingOperation::OperationType op,
111 const DefaultChannelIDStore::ChannelID& channel_id);
112 // Prunes the list of pending operations to remove any operations for an
113 // identifier in |server_identifiers|.
114 void PrunePendingOperationsForDeletes(
115 const std::list<std::string>& server_identifiers);
116 // Commit our pending operations to the database.
117 void Commit();
118 // Close() executed on the background task runner.
119 void InternalBackgroundClose();
121 void BackgroundDeleteAllInList(
122 const std::list<std::string>& server_identifiers);
124 void DatabaseErrorCallback(int error, sql::Statement* stmt);
125 void KillDatabase();
127 const base::FilePath path_;
128 scoped_ptr<sql::Connection> db_;
129 sql::MetaTable meta_table_;
131 typedef std::list<PendingOperation*> PendingOperationsList;
132 PendingOperationsList pending_;
133 PendingOperationsList::size_type num_pending_;
134 // True if the persistent store should skip clear on exit rules.
135 bool force_keep_session_state_;
136 // Guard |pending_|, |num_pending_| and |force_keep_session_state_|.
137 base::Lock lock_;
139 scoped_refptr<base::SequencedTaskRunner> background_task_runner_;
141 // Indicates if the kill-database callback has been scheduled.
142 bool corruption_detected_;
144 DISALLOW_COPY_AND_ASSIGN(Backend);
147 void SQLiteChannelIDStore::Backend::Load(
148 const LoadedCallback& loaded_callback) {
149 // This function should be called only once per instance.
150 DCHECK(!db_.get());
151 scoped_ptr<ScopedVector<DefaultChannelIDStore::ChannelID> > channel_ids(
152 new ScopedVector<DefaultChannelIDStore::ChannelID>());
153 ScopedVector<DefaultChannelIDStore::ChannelID>* channel_ids_ptr =
154 channel_ids.get();
156 background_task_runner_->PostTaskAndReply(
157 FROM_HERE,
158 base::Bind(&Backend::LoadInBackground, this, channel_ids_ptr),
159 base::Bind(loaded_callback, base::Passed(&channel_ids)));
162 void SQLiteChannelIDStore::Backend::LoadInBackground(
163 ScopedVector<DefaultChannelIDStore::ChannelID>* channel_ids) {
164 DCHECK(background_task_runner_->RunsTasksOnCurrentThread());
166 // This method should be called only once per instance.
167 DCHECK(!db_.get());
169 base::TimeTicks start = base::TimeTicks::Now();
171 // Ensure the parent directory for storing certs is created before reading
172 // from it.
173 const base::FilePath dir = path_.DirName();
174 if (!base::PathExists(dir) && !base::CreateDirectory(dir))
175 return;
177 int64 db_size = 0;
178 if (base::GetFileSize(path_, &db_size))
179 UMA_HISTOGRAM_COUNTS("DomainBoundCerts.DBSizeInKB", db_size / 1024);
181 db_.reset(new sql::Connection);
182 db_->set_histogram_tag("DomainBoundCerts");
184 // Unretained to avoid a ref loop with db_.
185 db_->set_error_callback(
186 base::Bind(&SQLiteChannelIDStore::Backend::DatabaseErrorCallback,
187 base::Unretained(this)));
189 if (!db_->Open(path_)) {
190 NOTREACHED() << "Unable to open cert DB.";
191 if (corruption_detected_)
192 KillDatabase();
193 db_.reset();
194 return;
197 if (!EnsureDatabaseVersion()) {
198 NOTREACHED() << "Unable to open cert DB.";
199 if (corruption_detected_)
200 KillDatabase();
201 meta_table_.Reset();
202 db_.reset();
203 return;
206 db_->Preload();
208 // Slurp all the certs into the out-vector.
209 sql::Statement smt(db_->GetUniqueStatement(
210 "SELECT host, private_key, public_key, creation_time FROM channel_id"));
211 if (!smt.is_valid()) {
212 if (corruption_detected_)
213 KillDatabase();
214 meta_table_.Reset();
215 db_.reset();
216 return;
219 while (smt.Step()) {
220 std::vector<uint8> private_key_from_db, public_key_from_db;
221 smt.ColumnBlobAsVector(1, &private_key_from_db);
222 smt.ColumnBlobAsVector(2, &public_key_from_db);
223 scoped_ptr<crypto::ECPrivateKey> key(
224 crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo(
225 ChannelIDService::kEPKIPassword, private_key_from_db,
226 public_key_from_db));
227 if (!key)
228 continue;
229 scoped_ptr<DefaultChannelIDStore::ChannelID> channel_id(
230 new DefaultChannelIDStore::ChannelID(
231 smt.ColumnString(0), // host
232 base::Time::FromInternalValue(smt.ColumnInt64(3)), key.Pass()));
233 channel_ids->push_back(channel_id.release());
236 UMA_HISTOGRAM_COUNTS_10000(
237 "DomainBoundCerts.DBLoadedCount",
238 static_cast<base::HistogramBase::Sample>(channel_ids->size()));
239 base::TimeDelta load_time = base::TimeTicks::Now() - start;
240 UMA_HISTOGRAM_CUSTOM_TIMES("DomainBoundCerts.DBLoadTime",
241 load_time,
242 base::TimeDelta::FromMilliseconds(1),
243 base::TimeDelta::FromMinutes(1),
244 50);
245 DVLOG(1) << "loaded " << channel_ids->size() << " in "
246 << load_time.InMilliseconds() << " ms";
249 bool SQLiteChannelIDStore::Backend::EnsureDatabaseVersion() {
250 // Version check.
251 if (!meta_table_.Init(
252 db_.get(), kCurrentVersionNumber, kCompatibleVersionNumber)) {
253 return false;
256 if (meta_table_.GetCompatibleVersionNumber() > kCurrentVersionNumber) {
257 LOG(WARNING) << "Server bound cert database is too new.";
258 return false;
261 int cur_version = meta_table_.GetVersionNumber();
263 sql::Transaction transaction(db_.get());
264 if (!transaction.Begin())
265 return false;
267 // Create new table if it doesn't already exist
268 if (!db_->DoesTableExist("channel_id")) {
269 if (!db_->Execute(
270 "CREATE TABLE channel_id ("
271 "host TEXT NOT NULL UNIQUE PRIMARY KEY,"
272 "private_key BLOB NOT NULL,"
273 "public_key BLOB NOT NULL,"
274 "creation_time INTEGER)")) {
275 return false;
279 // Migrate from previous versions to new version if possible
280 if (cur_version >= 2 && cur_version <= 4) {
281 sql::Statement statement(db_->GetUniqueStatement(
282 "SELECT origin, cert, private_key, cert_type FROM origin_bound_certs"));
283 sql::Statement insert_statement(db_->GetUniqueStatement(
284 "INSERT INTO channel_id (host, private_key, public_key, creation_time) "
285 "VALUES (?, ?, ?, ?)"));
286 if (!statement.is_valid() || !insert_statement.is_valid()) {
287 LOG(WARNING) << "Unable to update server bound cert database to "
288 << "version 5.";
289 return false;
292 while (statement.Step()) {
293 if (statement.ColumnInt64(3) != CLIENT_CERT_ECDSA_SIGN)
294 continue;
295 std::string origin = statement.ColumnString(0);
296 std::string cert_from_db;
297 statement.ColumnBlobAsString(1, &cert_from_db);
298 std::string private_key;
299 statement.ColumnBlobAsString(2, &private_key);
300 // Parse the cert and extract the real value and then update the DB.
301 scoped_refptr<X509Certificate> cert(X509Certificate::CreateFromBytes(
302 cert_from_db.data(), static_cast<int>(cert_from_db.size())));
303 if (cert.get()) {
304 insert_statement.Reset(true);
305 insert_statement.BindString(0, origin);
306 insert_statement.BindBlob(1, private_key.data(),
307 static_cast<int>(private_key.size()));
308 base::StringPiece spki;
309 if (!asn1::ExtractSPKIFromDERCert(cert_from_db, &spki)) {
310 LOG(WARNING) << "Unable to extract SPKI from cert when migrating "
311 "channel id database to version 5.";
312 return false;
314 insert_statement.BindBlob(2, spki.data(),
315 static_cast<int>(spki.size()));
316 insert_statement.BindInt64(3, cert->valid_start().ToInternalValue());
317 if (!insert_statement.Run()) {
318 LOG(WARNING) << "Unable to update channel id database to "
319 << "version 5.";
320 return false;
322 } else {
323 // If there's a cert we can't parse, just leave it. It'll get replaced
324 // with a new one if we ever try to use it.
325 LOG(WARNING) << "Error parsing cert for database upgrade for origin "
326 << statement.ColumnString(0);
331 if (cur_version < kCurrentVersionNumber) {
332 sql::Statement statement(
333 db_->GetUniqueStatement("DROP TABLE origin_bound_certs"));
334 if (!statement.Run()) {
335 LOG(WARNING) << "Error dropping old origin_bound_certs table";
336 return false;
338 meta_table_.SetVersionNumber(kCurrentVersionNumber);
339 meta_table_.SetCompatibleVersionNumber(kCompatibleVersionNumber);
341 transaction.Commit();
343 // Put future migration cases here.
345 return true;
348 void SQLiteChannelIDStore::Backend::DatabaseErrorCallback(
349 int error,
350 sql::Statement* stmt) {
351 DCHECK(background_task_runner_->RunsTasksOnCurrentThread());
353 if (!sql::IsErrorCatastrophic(error))
354 return;
356 // TODO(shess): Running KillDatabase() multiple times should be
357 // safe.
358 if (corruption_detected_)
359 return;
361 corruption_detected_ = true;
363 // TODO(shess): Consider just calling RazeAndClose() immediately.
364 // db_ may not be safe to reset at this point, but RazeAndClose()
365 // would cause the stack to unwind safely with errors.
366 background_task_runner_->PostTask(FROM_HERE,
367 base::Bind(&Backend::KillDatabase, this));
370 void SQLiteChannelIDStore::Backend::KillDatabase() {
371 DCHECK(background_task_runner_->RunsTasksOnCurrentThread());
373 if (db_) {
374 // This Backend will now be in-memory only. In a future run the database
375 // will be recreated. Hopefully things go better then!
376 bool success = db_->RazeAndClose();
377 UMA_HISTOGRAM_BOOLEAN("DomainBoundCerts.KillDatabaseResult", success);
378 meta_table_.Reset();
379 db_.reset();
383 void SQLiteChannelIDStore::Backend::AddChannelID(
384 const DefaultChannelIDStore::ChannelID& channel_id) {
385 BatchOperation(PendingOperation::CHANNEL_ID_ADD, channel_id);
388 void SQLiteChannelIDStore::Backend::DeleteChannelID(
389 const DefaultChannelIDStore::ChannelID& channel_id) {
390 BatchOperation(PendingOperation::CHANNEL_ID_DELETE, channel_id);
393 void SQLiteChannelIDStore::Backend::DeleteAllInList(
394 const std::list<std::string>& server_identifiers) {
395 if (server_identifiers.empty())
396 return;
397 // Perform deletion on background task runner.
398 background_task_runner_->PostTask(
399 FROM_HERE,
400 base::Bind(
401 &Backend::BackgroundDeleteAllInList, this, server_identifiers));
404 void SQLiteChannelIDStore::Backend::BatchOperation(
405 PendingOperation::OperationType op,
406 const DefaultChannelIDStore::ChannelID& channel_id) {
407 // Commit every 30 seconds.
408 static const int kCommitIntervalMs = 30 * 1000;
409 // Commit right away if we have more than 512 outstanding operations.
410 static const size_t kCommitAfterBatchSize = 512;
412 // We do a full copy of the cert here, and hopefully just here.
413 scoped_ptr<PendingOperation> po(new PendingOperation(op, channel_id));
415 PendingOperationsList::size_type num_pending;
417 base::AutoLock locked(lock_);
418 pending_.push_back(po.release());
419 num_pending = ++num_pending_;
422 if (num_pending == 1) {
423 // We've gotten our first entry for this batch, fire off the timer.
424 background_task_runner_->PostDelayedTask(
425 FROM_HERE,
426 base::Bind(&Backend::Commit, this),
427 base::TimeDelta::FromMilliseconds(kCommitIntervalMs));
428 } else if (num_pending == kCommitAfterBatchSize) {
429 // We've reached a big enough batch, fire off a commit now.
430 background_task_runner_->PostTask(FROM_HERE,
431 base::Bind(&Backend::Commit, this));
435 void SQLiteChannelIDStore::Backend::PrunePendingOperationsForDeletes(
436 const std::list<std::string>& server_identifiers) {
437 DCHECK(background_task_runner_->RunsTasksOnCurrentThread());
438 base::AutoLock locked(lock_);
440 for (PendingOperationsList::iterator it = pending_.begin();
441 it != pending_.end();) {
442 bool remove =
443 std::find(server_identifiers.begin(), server_identifiers.end(),
444 (*it)->channel_id().server_identifier()) !=
445 server_identifiers.end();
447 if (remove) {
448 scoped_ptr<PendingOperation> po(*it);
449 it = pending_.erase(it);
450 --num_pending_;
451 } else {
452 ++it;
457 void SQLiteChannelIDStore::Backend::Commit() {
458 DCHECK(background_task_runner_->RunsTasksOnCurrentThread());
460 PendingOperationsList ops;
462 base::AutoLock locked(lock_);
463 pending_.swap(ops);
464 num_pending_ = 0;
467 // Maybe an old timer fired or we are already Close()'ed.
468 if (!db_.get() || ops.empty())
469 return;
471 sql::Statement add_statement(db_->GetCachedStatement(
472 SQL_FROM_HERE,
473 "INSERT INTO channel_id (host, private_key, public_key, "
474 "creation_time) VALUES (?,?,?,?)"));
475 if (!add_statement.is_valid())
476 return;
478 sql::Statement del_statement(db_->GetCachedStatement(
479 SQL_FROM_HERE, "DELETE FROM channel_id WHERE host=?"));
480 if (!del_statement.is_valid())
481 return;
483 sql::Transaction transaction(db_.get());
484 if (!transaction.Begin())
485 return;
487 for (PendingOperationsList::iterator it = ops.begin(); it != ops.end();
488 ++it) {
489 // Free the certs as we commit them to the database.
490 scoped_ptr<PendingOperation> po(*it);
491 switch (po->op()) {
492 case PendingOperation::CHANNEL_ID_ADD: {
493 add_statement.Reset(true);
494 add_statement.BindString(0, po->channel_id().server_identifier());
495 std::vector<uint8> private_key, public_key;
496 if (!po->channel_id().key()->ExportEncryptedPrivateKey(
497 ChannelIDService::kEPKIPassword, 1, &private_key))
498 continue;
499 if (!po->channel_id().key()->ExportPublicKey(&public_key))
500 continue;
501 add_statement.BindBlob(
502 1, private_key.data(), static_cast<int>(private_key.size()));
503 add_statement.BindBlob(2, public_key.data(),
504 static_cast<int>(public_key.size()));
505 add_statement.BindInt64(
506 3, po->channel_id().creation_time().ToInternalValue());
507 if (!add_statement.Run())
508 NOTREACHED() << "Could not add a server bound cert to the DB.";
509 break;
511 case PendingOperation::CHANNEL_ID_DELETE:
512 del_statement.Reset(true);
513 del_statement.BindString(0, po->channel_id().server_identifier());
514 if (!del_statement.Run())
515 NOTREACHED() << "Could not delete a server bound cert from the DB.";
516 break;
518 default:
519 NOTREACHED();
520 break;
523 transaction.Commit();
526 // Fire off a close message to the background task runner. We could still have a
527 // pending commit timer that will be holding a reference on us, but if/when
528 // this fires we will already have been cleaned up and it will be ignored.
529 void SQLiteChannelIDStore::Backend::Close() {
530 // Must close the backend on the background task runner.
531 background_task_runner_->PostTask(
532 FROM_HERE, base::Bind(&Backend::InternalBackgroundClose, this));
535 void SQLiteChannelIDStore::Backend::InternalBackgroundClose() {
536 DCHECK(background_task_runner_->RunsTasksOnCurrentThread());
537 // Commit any pending operations
538 Commit();
539 db_.reset();
542 void SQLiteChannelIDStore::Backend::BackgroundDeleteAllInList(
543 const std::list<std::string>& server_identifiers) {
544 DCHECK(background_task_runner_->RunsTasksOnCurrentThread());
546 if (!db_.get())
547 return;
549 PrunePendingOperationsForDeletes(server_identifiers);
551 sql::Statement del_smt(db_->GetCachedStatement(
552 SQL_FROM_HERE, "DELETE FROM channel_id WHERE host=?"));
553 if (!del_smt.is_valid()) {
554 LOG(WARNING) << "Unable to delete channel ids.";
555 return;
558 sql::Transaction transaction(db_.get());
559 if (!transaction.Begin()) {
560 LOG(WARNING) << "Unable to delete channel ids.";
561 return;
564 for (std::list<std::string>::const_iterator it = server_identifiers.begin();
565 it != server_identifiers.end();
566 ++it) {
567 del_smt.Reset(true);
568 del_smt.BindString(0, *it);
569 if (!del_smt.Run())
570 NOTREACHED() << "Could not delete a channel id from the DB.";
573 if (!transaction.Commit())
574 LOG(WARNING) << "Unable to delete channel ids.";
577 void SQLiteChannelIDStore::Backend::SetForceKeepSessionState() {
578 base::AutoLock locked(lock_);
579 force_keep_session_state_ = true;
582 SQLiteChannelIDStore::SQLiteChannelIDStore(
583 const base::FilePath& path,
584 const scoped_refptr<base::SequencedTaskRunner>& background_task_runner)
585 : backend_(new Backend(path, background_task_runner)) {
588 void SQLiteChannelIDStore::Load(const LoadedCallback& loaded_callback) {
589 backend_->Load(loaded_callback);
592 void SQLiteChannelIDStore::AddChannelID(
593 const DefaultChannelIDStore::ChannelID& channel_id) {
594 backend_->AddChannelID(channel_id);
597 void SQLiteChannelIDStore::DeleteChannelID(
598 const DefaultChannelIDStore::ChannelID& channel_id) {
599 backend_->DeleteChannelID(channel_id);
602 void SQLiteChannelIDStore::DeleteAllInList(
603 const std::list<std::string>& server_identifiers) {
604 backend_->DeleteAllInList(server_identifiers);
607 void SQLiteChannelIDStore::SetForceKeepSessionState() {
608 backend_->SetForceKeepSessionState();
611 SQLiteChannelIDStore::~SQLiteChannelIDStore() {
612 backend_->Close();
613 // We release our reference to the Backend, though it will probably still have
614 // a reference if the background task runner has not run Close() yet.
617 } // namespace net