1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/net/sqlite_channel_id_store.h"
10 #include "base/basictypes.h"
11 #include "base/bind.h"
12 #include "base/file_util.h"
13 #include "base/files/file_path.h"
14 #include "base/logging.h"
15 #include "base/memory/scoped_ptr.h"
16 #include "base/metrics/histogram.h"
17 #include "base/strings/string_util.h"
18 #include "base/threading/thread.h"
19 #include "base/threading/thread_restrictions.h"
20 #include "net/cert/x509_certificate.h"
21 #include "net/cookies/cookie_util.h"
22 #include "net/ssl/ssl_client_cert_type.h"
23 #include "sql/error_delegate_util.h"
24 #include "sql/meta_table.h"
25 #include "sql/statement.h"
26 #include "sql/transaction.h"
27 #include "third_party/sqlite/sqlite3.h"
29 #include "webkit/browser/quota/special_storage_policy.h"
31 // This class is designed to be shared between any calling threads and the
32 // background task runner. It batches operations and commits them on a timer.
33 class SQLiteChannelIDStore::Backend
34 : public base::RefCountedThreadSafe<SQLiteChannelIDStore::Backend> {
37 const base::FilePath& path,
38 const scoped_refptr<base::SequencedTaskRunner>& background_task_runner,
39 quota::SpecialStoragePolicy* special_storage_policy)
42 force_keep_session_state_(false),
43 background_task_runner_(background_task_runner),
44 special_storage_policy_(special_storage_policy),
45 corruption_detected_(false) {}
47 // Creates or loads the SQLite database.
48 void Load(const LoadedCallback& loaded_callback);
50 // Batch a channel ID addition.
52 const net::DefaultChannelIDStore::ChannelID& channel_id);
54 // Batch a channel ID deletion.
56 const net::DefaultChannelIDStore::ChannelID& channel_id);
58 // Commit any pending operations and close the database. This must be called
59 // before the object is destructed.
62 void SetForceKeepSessionState();
66 ScopedVector<net::DefaultChannelIDStore::ChannelID>* channel_ids);
68 friend class base::RefCountedThreadSafe<SQLiteChannelIDStore::Backend>;
70 // You should call Close() before destructing this object.
72 DCHECK(!db_.get()) << "Close should have already been called.";
73 DCHECK(num_pending_ == 0 && pending_.empty());
76 // Database upgrade statements.
77 bool EnsureDatabaseVersion();
79 class PendingOperation {
88 const net::DefaultChannelIDStore::ChannelID& channel_id)
89 : op_(op), channel_id_(channel_id) {}
91 OperationType op() const { return op_; }
92 const net::DefaultChannelIDStore::ChannelID& channel_id() const {
98 net::DefaultChannelIDStore::ChannelID channel_id_;
102 // Batch a channel id operation (add or delete).
104 PendingOperation::OperationType op,
105 const net::DefaultChannelIDStore::ChannelID& channel_id);
106 // Commit our pending operations to the database.
108 // Close() executed on the background thread.
109 void InternalBackgroundClose();
111 void DeleteCertificatesOnShutdown();
113 void DatabaseErrorCallback(int error, sql::Statement* stmt);
116 base::FilePath path_;
117 scoped_ptr<sql::Connection> db_;
118 sql::MetaTable meta_table_;
120 typedef std::list<PendingOperation*> PendingOperationsList;
121 PendingOperationsList pending_;
122 PendingOperationsList::size_type num_pending_;
123 // True if the persistent store should skip clear on exit rules.
124 bool force_keep_session_state_;
125 // Guard |pending_|, |num_pending_| and |force_keep_session_state_|.
128 // Cache of origins we have channel IDs stored for.
129 std::set<std::string> channel_id_origins_;
131 scoped_refptr<base::SequencedTaskRunner> background_task_runner_;
133 scoped_refptr<quota::SpecialStoragePolicy> special_storage_policy_;
135 // Indicates if the kill-database callback has been scheduled.
136 bool corruption_detected_;
138 DISALLOW_COPY_AND_ASSIGN(Backend);
141 // Version number of the database.
142 static const int kCurrentVersionNumber = 4;
143 static const int kCompatibleVersionNumber = 1;
147 // Initializes the certs table, returning true on success.
148 bool InitTable(sql::Connection* db) {
149 // The table is named "origin_bound_certs" for backwards compatability before
150 // we renamed this class to SQLiteChannelIDStore. Likewise, the primary
151 // key is "origin", but now can be other things like a plain domain.
152 if (!db->DoesTableExist("origin_bound_certs")) {
153 if (!db->Execute("CREATE TABLE origin_bound_certs ("
154 "origin TEXT NOT NULL UNIQUE PRIMARY KEY,"
155 "private_key BLOB NOT NULL,"
156 "cert BLOB NOT NULL,"
158 "expiration_time INTEGER,"
159 "creation_time INTEGER)"))
168 void SQLiteChannelIDStore::Backend::Load(
169 const LoadedCallback& loaded_callback) {
170 // This function should be called only once per instance.
172 scoped_ptr<ScopedVector<net::DefaultChannelIDStore::ChannelID> >
173 channel_ids(new ScopedVector<net::DefaultChannelIDStore::ChannelID>());
174 ScopedVector<net::DefaultChannelIDStore::ChannelID>* channel_ids_ptr =
177 background_task_runner_->PostTaskAndReply(
179 base::Bind(&Backend::LoadOnDBThread, this, channel_ids_ptr),
180 base::Bind(loaded_callback, base::Passed(&channel_ids)));
183 void SQLiteChannelIDStore::Backend::LoadOnDBThread(
184 ScopedVector<net::DefaultChannelIDStore::ChannelID>* channel_ids) {
185 DCHECK(background_task_runner_->RunsTasksOnCurrentThread());
187 // This method should be called only once per instance.
190 base::TimeTicks start = base::TimeTicks::Now();
192 // Ensure the parent directory for storing certs is created before reading
194 const base::FilePath dir = path_.DirName();
195 if (!base::PathExists(dir) && !base::CreateDirectory(dir))
199 if (base::GetFileSize(path_, &db_size))
200 UMA_HISTOGRAM_COUNTS("DomainBoundCerts.DBSizeInKB", db_size / 1024 );
202 db_.reset(new sql::Connection);
203 db_->set_histogram_tag("DomainBoundCerts");
205 // Unretained to avoid a ref loop with db_.
206 db_->set_error_callback(
207 base::Bind(&SQLiteChannelIDStore::Backend::DatabaseErrorCallback,
208 base::Unretained(this)));
210 if (!db_->Open(path_)) {
211 NOTREACHED() << "Unable to open cert DB.";
212 if (corruption_detected_)
218 if (!EnsureDatabaseVersion() || !InitTable(db_.get())) {
219 NOTREACHED() << "Unable to open cert DB.";
220 if (corruption_detected_)
229 // Slurp all the certs into the out-vector.
230 sql::Statement smt(db_->GetUniqueStatement(
231 "SELECT origin, private_key, cert, cert_type, expiration_time, "
232 "creation_time FROM origin_bound_certs"));
233 if (!smt.is_valid()) {
234 if (corruption_detected_)
242 net::SSLClientCertType type =
243 static_cast<net::SSLClientCertType>(smt.ColumnInt(3));
244 if (type != net::CLIENT_CERT_ECDSA_SIGN)
246 std::string private_key_from_db, cert_from_db;
247 smt.ColumnBlobAsString(1, &private_key_from_db);
248 smt.ColumnBlobAsString(2, &cert_from_db);
249 scoped_ptr<net::DefaultChannelIDStore::ChannelID> channel_id(
250 new net::DefaultChannelIDStore::ChannelID(
251 smt.ColumnString(0), // origin
252 base::Time::FromInternalValue(smt.ColumnInt64(5)),
253 base::Time::FromInternalValue(smt.ColumnInt64(4)),
256 channel_id_origins_.insert(channel_id->server_identifier());
257 channel_ids->push_back(channel_id.release());
260 UMA_HISTOGRAM_COUNTS_10000("DomainBoundCerts.DBLoadedCount",
261 channel_ids->size());
262 base::TimeDelta load_time = base::TimeTicks::Now() - start;
263 UMA_HISTOGRAM_CUSTOM_TIMES("DomainBoundCerts.DBLoadTime",
265 base::TimeDelta::FromMilliseconds(1),
266 base::TimeDelta::FromMinutes(1),
268 DVLOG(1) << "loaded " << channel_ids->size() << " in "
269 << load_time.InMilliseconds() << " ms";
272 bool SQLiteChannelIDStore::Backend::EnsureDatabaseVersion() {
274 if (!meta_table_.Init(
275 db_.get(), kCurrentVersionNumber, kCompatibleVersionNumber)) {
279 if (meta_table_.GetCompatibleVersionNumber() > kCurrentVersionNumber) {
280 LOG(WARNING) << "Server bound cert database is too new.";
284 int cur_version = meta_table_.GetVersionNumber();
285 if (cur_version == 1) {
286 sql::Transaction transaction(db_.get());
287 if (!transaction.Begin())
289 if (!db_->Execute("ALTER TABLE origin_bound_certs ADD COLUMN cert_type "
291 LOG(WARNING) << "Unable to update server bound cert database to "
295 // All certs in version 1 database are rsa_sign, which are unsupported.
296 // Just discard them all.
297 if (!db_->Execute("DELETE from origin_bound_certs")) {
298 LOG(WARNING) << "Unable to update server bound cert database to "
303 meta_table_.SetVersionNumber(cur_version);
304 meta_table_.SetCompatibleVersionNumber(
305 std::min(cur_version, kCompatibleVersionNumber));
306 transaction.Commit();
309 if (cur_version <= 3) {
310 sql::Transaction transaction(db_.get());
311 if (!transaction.Begin())
314 if (cur_version == 2) {
315 if (!db_->Execute("ALTER TABLE origin_bound_certs ADD COLUMN "
316 "expiration_time INTEGER")) {
317 LOG(WARNING) << "Unable to update server bound cert database to "
323 if (!db_->Execute("ALTER TABLE origin_bound_certs ADD COLUMN "
324 "creation_time INTEGER")) {
325 LOG(WARNING) << "Unable to update server bound cert database to "
330 sql::Statement smt(db_->GetUniqueStatement(
331 "SELECT origin, cert FROM origin_bound_certs"));
332 sql::Statement update_expires_smt(db_->GetUniqueStatement(
333 "UPDATE origin_bound_certs SET expiration_time = ? WHERE origin = ?"));
334 sql::Statement update_creation_smt(db_->GetUniqueStatement(
335 "UPDATE origin_bound_certs SET creation_time = ? WHERE origin = ?"));
336 if (!smt.is_valid() ||
337 !update_expires_smt.is_valid() ||
338 !update_creation_smt.is_valid()) {
339 LOG(WARNING) << "Unable to update server bound cert database to "
345 std::string origin = smt.ColumnString(0);
346 std::string cert_from_db;
347 smt.ColumnBlobAsString(1, &cert_from_db);
348 // Parse the cert and extract the real value and then update the DB.
349 scoped_refptr<net::X509Certificate> cert(
350 net::X509Certificate::CreateFromBytes(
351 cert_from_db.data(), cert_from_db.size()));
353 if (cur_version == 2) {
354 update_expires_smt.Reset(true);
355 update_expires_smt.BindInt64(0,
356 cert->valid_expiry().ToInternalValue());
357 update_expires_smt.BindString(1, origin);
358 if (!update_expires_smt.Run()) {
359 LOG(WARNING) << "Unable to update server bound cert database to "
365 update_creation_smt.Reset(true);
366 update_creation_smt.BindInt64(0, cert->valid_start().ToInternalValue());
367 update_creation_smt.BindString(1, origin);
368 if (!update_creation_smt.Run()) {
369 LOG(WARNING) << "Unable to update server bound cert database to "
374 // If there's a cert we can't parse, just leave it. It'll get replaced
375 // with a new one if we ever try to use it.
376 LOG(WARNING) << "Error parsing cert for database upgrade for origin "
377 << smt.ColumnString(0);
382 meta_table_.SetVersionNumber(cur_version);
383 meta_table_.SetCompatibleVersionNumber(
384 std::min(cur_version, kCompatibleVersionNumber));
385 transaction.Commit();
388 // Put future migration cases here.
390 // When the version is too old, we just try to continue anyway, there should
391 // not be a released product that makes a database too old for us to handle.
392 LOG_IF(WARNING, cur_version < kCurrentVersionNumber) <<
393 "Server bound cert database version " << cur_version <<
394 " is too old to handle.";
399 void SQLiteChannelIDStore::Backend::DatabaseErrorCallback(
401 sql::Statement* stmt) {
402 DCHECK(background_task_runner_->RunsTasksOnCurrentThread());
404 if (!sql::IsErrorCatastrophic(error))
407 // TODO(shess): Running KillDatabase() multiple times should be
409 if (corruption_detected_)
412 corruption_detected_ = true;
414 // TODO(shess): Consider just calling RazeAndClose() immediately.
415 // db_ may not be safe to reset at this point, but RazeAndClose()
416 // would cause the stack to unwind safely with errors.
417 background_task_runner_->PostTask(FROM_HERE,
418 base::Bind(&Backend::KillDatabase, this));
421 void SQLiteChannelIDStore::Backend::KillDatabase() {
422 DCHECK(background_task_runner_->RunsTasksOnCurrentThread());
425 // This Backend will now be in-memory only. In a future run the database
426 // will be recreated. Hopefully things go better then!
427 bool success = db_->RazeAndClose();
428 UMA_HISTOGRAM_BOOLEAN("DomainBoundCerts.KillDatabaseResult", success);
434 void SQLiteChannelIDStore::Backend::AddChannelID(
435 const net::DefaultChannelIDStore::ChannelID& channel_id) {
436 BatchOperation(PendingOperation::CHANNEL_ID_ADD, channel_id);
439 void SQLiteChannelIDStore::Backend::DeleteChannelID(
440 const net::DefaultChannelIDStore::ChannelID& channel_id) {
441 BatchOperation(PendingOperation::CHANNEL_ID_DELETE, channel_id);
444 void SQLiteChannelIDStore::Backend::BatchOperation(
445 PendingOperation::OperationType op,
446 const net::DefaultChannelIDStore::ChannelID& channel_id) {
447 // Commit every 30 seconds.
448 static const int kCommitIntervalMs = 30 * 1000;
449 // Commit right away if we have more than 512 outstanding operations.
450 static const size_t kCommitAfterBatchSize = 512;
452 // We do a full copy of the cert here, and hopefully just here.
453 scoped_ptr<PendingOperation> po(new PendingOperation(op, channel_id));
455 PendingOperationsList::size_type num_pending;
457 base::AutoLock locked(lock_);
458 pending_.push_back(po.release());
459 num_pending = ++num_pending_;
462 if (num_pending == 1) {
463 // We've gotten our first entry for this batch, fire off the timer.
464 background_task_runner_->PostDelayedTask(
466 base::Bind(&Backend::Commit, this),
467 base::TimeDelta::FromMilliseconds(kCommitIntervalMs));
468 } else if (num_pending == kCommitAfterBatchSize) {
469 // We've reached a big enough batch, fire off a commit now.
470 background_task_runner_->PostTask(FROM_HERE,
471 base::Bind(&Backend::Commit, this));
475 void SQLiteChannelIDStore::Backend::Commit() {
476 DCHECK(background_task_runner_->RunsTasksOnCurrentThread());
478 PendingOperationsList ops;
480 base::AutoLock locked(lock_);
485 // Maybe an old timer fired or we are already Close()'ed.
486 if (!db_.get() || ops.empty())
489 sql::Statement add_smt(db_->GetCachedStatement(SQL_FROM_HERE,
490 "INSERT INTO origin_bound_certs (origin, private_key, cert, cert_type, "
491 "expiration_time, creation_time) VALUES (?,?,?,?,?,?)"));
492 if (!add_smt.is_valid())
495 sql::Statement del_smt(db_->GetCachedStatement(SQL_FROM_HERE,
496 "DELETE FROM origin_bound_certs WHERE origin=?"));
497 if (!del_smt.is_valid())
500 sql::Transaction transaction(db_.get());
501 if (!transaction.Begin())
504 for (PendingOperationsList::iterator it = ops.begin();
505 it != ops.end(); ++it) {
506 // Free the certs as we commit them to the database.
507 scoped_ptr<PendingOperation> po(*it);
509 case PendingOperation::CHANNEL_ID_ADD: {
510 channel_id_origins_.insert(po->channel_id().server_identifier());
512 add_smt.BindString(0, po->channel_id().server_identifier());
513 const std::string& private_key = po->channel_id().private_key();
514 add_smt.BindBlob(1, private_key.data(), private_key.size());
515 const std::string& cert = po->channel_id().cert();
516 add_smt.BindBlob(2, cert.data(), cert.size());
517 add_smt.BindInt(3, net::CLIENT_CERT_ECDSA_SIGN);
519 po->channel_id().expiration_time().ToInternalValue());
521 po->channel_id().creation_time().ToInternalValue());
523 NOTREACHED() << "Could not add a server bound cert to the DB.";
526 case PendingOperation::CHANNEL_ID_DELETE:
527 channel_id_origins_.erase(po->channel_id().server_identifier());
529 del_smt.BindString(0, po->channel_id().server_identifier());
531 NOTREACHED() << "Could not delete a server bound cert from the DB.";
539 transaction.Commit();
542 // Fire off a close message to the background thread. We could still have a
543 // pending commit timer that will be holding a reference on us, but if/when
544 // this fires we will already have been cleaned up and it will be ignored.
545 void SQLiteChannelIDStore::Backend::Close() {
546 // Must close the backend on the background thread.
547 background_task_runner_->PostTask(
548 FROM_HERE, base::Bind(&Backend::InternalBackgroundClose, this));
551 void SQLiteChannelIDStore::Backend::InternalBackgroundClose() {
552 DCHECK(background_task_runner_->RunsTasksOnCurrentThread());
553 // Commit any pending operations
556 if (!force_keep_session_state_ &&
557 special_storage_policy_.get() &&
558 special_storage_policy_->HasSessionOnlyOrigins()) {
559 DeleteCertificatesOnShutdown();
565 void SQLiteChannelIDStore::Backend::DeleteCertificatesOnShutdown() {
566 DCHECK(background_task_runner_->RunsTasksOnCurrentThread());
571 if (channel_id_origins_.empty())
574 if (!special_storage_policy_.get())
577 sql::Statement del_smt(db_->GetCachedStatement(
578 SQL_FROM_HERE, "DELETE FROM origin_bound_certs WHERE origin=?"));
579 if (!del_smt.is_valid()) {
580 LOG(WARNING) << "Unable to delete certificates on shutdown.";
584 sql::Transaction transaction(db_.get());
585 if (!transaction.Begin()) {
586 LOG(WARNING) << "Unable to delete certificates on shutdown.";
590 for (std::set<std::string>::iterator it = channel_id_origins_.begin();
591 it != channel_id_origins_.end(); ++it) {
592 const GURL url(net::cookie_util::CookieOriginToURL(*it, true));
593 if (!url.is_valid() || !special_storage_policy_->IsStorageSessionOnly(url))
596 del_smt.BindString(0, *it);
598 NOTREACHED() << "Could not delete a certificate from the DB.";
601 if (!transaction.Commit())
602 LOG(WARNING) << "Unable to delete certificates on shutdown.";
605 void SQLiteChannelIDStore::Backend::SetForceKeepSessionState() {
606 base::AutoLock locked(lock_);
607 force_keep_session_state_ = true;
610 SQLiteChannelIDStore::SQLiteChannelIDStore(
611 const base::FilePath& path,
612 const scoped_refptr<base::SequencedTaskRunner>& background_task_runner,
613 quota::SpecialStoragePolicy* special_storage_policy)
614 : backend_(new Backend(path,
615 background_task_runner,
616 special_storage_policy)) {}
618 void SQLiteChannelIDStore::Load(
619 const LoadedCallback& loaded_callback) {
620 backend_->Load(loaded_callback);
623 void SQLiteChannelIDStore::AddChannelID(
624 const net::DefaultChannelIDStore::ChannelID& channel_id) {
625 backend_->AddChannelID(channel_id);
628 void SQLiteChannelIDStore::DeleteChannelID(
629 const net::DefaultChannelIDStore::ChannelID& channel_id) {
630 backend_->DeleteChannelID(channel_id);
633 void SQLiteChannelIDStore::SetForceKeepSessionState() {
634 backend_->SetForceKeepSessionState();
637 SQLiteChannelIDStore::~SQLiteChannelIDStore() {
639 // We release our reference to the Backend, though it will probably still have
640 // a reference if the background thread has not run Close() yet.