Chromium Code Reviews| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/net/sqlite_origin_bound_cert_store.h" | 5 #include "chrome/browser/net/sqlite_origin_bound_cert_store.h" |
| 6 | 6 |
| 7 #include <list> | 7 #include <list> |
| 8 | 8 |
| 9 #include "base/basictypes.h" | 9 #include "base/basictypes.h" |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| (...skipping 158 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 169 db_.reset(); | 169 db_.reset(); |
| 170 return false; | 170 return false; |
| 171 } | 171 } |
| 172 | 172 |
| 173 db_->Preload(); | 173 db_->Preload(); |
| 174 | 174 |
| 175 // Slurp all the certs into the out-vector. | 175 // Slurp all the certs into the out-vector. |
| 176 sql::Statement smt(db_->GetUniqueStatement( | 176 sql::Statement smt(db_->GetUniqueStatement( |
| 177 "SELECT origin, private_key, cert, cert_type, expiration_time, " | 177 "SELECT origin, private_key, cert, cert_type, expiration_time, " |
| 178 "creation_time FROM origin_bound_certs")); | 178 "creation_time FROM origin_bound_certs")); |
| 179 if (!smt) { | 179 if (!smt.is_valid()) { |
| 180 NOTREACHED() << "select statement prep failed"; | |
| 181 db_.reset(); | 180 db_.reset(); |
| 182 return false; | 181 return false; |
| 183 } | 182 } |
| 184 | 183 |
| 185 while (smt.Step()) { | 184 while (smt.Step()) { |
| 186 std::string private_key_from_db, cert_from_db; | 185 std::string private_key_from_db, cert_from_db; |
| 187 smt.ColumnBlobAsString(1, &private_key_from_db); | 186 smt.ColumnBlobAsString(1, &private_key_from_db); |
| 188 smt.ColumnBlobAsString(2, &cert_from_db); | 187 smt.ColumnBlobAsString(2, &cert_from_db); |
| 189 scoped_ptr<net::DefaultOriginBoundCertStore::OriginBoundCert> cert( | 188 scoped_ptr<net::DefaultOriginBoundCertStore::OriginBoundCert> cert( |
| 190 new net::DefaultOriginBoundCertStore::OriginBoundCert( | 189 new net::DefaultOriginBoundCertStore::OriginBoundCert( |
| (...skipping 22 matching lines...) Expand all Loading... | |
| 213 } | 212 } |
| 214 | 213 |
| 215 int cur_version = meta_table_.GetVersionNumber(); | 214 int cur_version = meta_table_.GetVersionNumber(); |
| 216 if (cur_version == 1) { | 215 if (cur_version == 1) { |
| 217 sql::Transaction transaction(db_.get()); | 216 sql::Transaction transaction(db_.get()); |
| 218 if (!transaction.Begin()) | 217 if (!transaction.Begin()) |
| 219 return false; | 218 return false; |
| 220 if (!db_->Execute("ALTER TABLE origin_bound_certs ADD COLUMN cert_type " | 219 if (!db_->Execute("ALTER TABLE origin_bound_certs ADD COLUMN cert_type " |
| 221 "INTEGER")) { | 220 "INTEGER")) { |
| 222 LOG(WARNING) << "Unable to update origin bound cert database to " | 221 LOG(WARNING) << "Unable to update origin bound cert database to " |
| 223 << "version 2."; | 222 << "version 2."; |
|
Scott Hess - ex-Googler
2012/02/14 00:28:18
This was the one I was mentioning. Now it's right
| |
| 224 return false; | 223 return false; |
| 225 } | 224 } |
| 226 // All certs in version 1 database are rsa_sign, which has a value of 1. | 225 // All certs in version 1 database are rsa_sign, which has a value of 1. |
| 227 if (!db_->Execute("UPDATE origin_bound_certs SET cert_type = 1")) { | 226 if (!db_->Execute("UPDATE origin_bound_certs SET cert_type = 1")) { |
| 228 LOG(WARNING) << "Unable to update origin bound cert database to " | 227 LOG(WARNING) << "Unable to update origin bound cert database to " |
| 229 << "version 2."; | 228 << "version 2."; |
| 230 return false; | 229 return false; |
| 231 } | 230 } |
| 232 ++cur_version; | 231 ++cur_version; |
| 233 meta_table_.SetVersionNumber(cur_version); | 232 meta_table_.SetVersionNumber(cur_version); |
| 234 meta_table_.SetCompatibleVersionNumber( | 233 meta_table_.SetCompatibleVersionNumber( |
| 235 std::min(cur_version, kCompatibleVersionNumber)); | 234 std::min(cur_version, kCompatibleVersionNumber)); |
| 236 transaction.Commit(); | 235 transaction.Commit(); |
| 237 } | 236 } |
| 238 | 237 |
| 239 if (cur_version <= 3) { | 238 if (cur_version <= 3) { |
| 240 sql::Transaction transaction(db_.get()); | 239 sql::Transaction transaction(db_.get()); |
| 241 if (!transaction.Begin()) | 240 if (!transaction.Begin()) |
| 242 return false; | 241 return false; |
| 243 | 242 |
| 244 if (cur_version == 2) { | 243 if (cur_version == 2) { |
| 245 if (!db_->Execute("ALTER TABLE origin_bound_certs ADD COLUMN " | 244 if (!db_->Execute("ALTER TABLE origin_bound_certs ADD COLUMN " |
| 246 "expiration_time INTEGER")) { | 245 "expiration_time INTEGER")) { |
| 247 LOG(WARNING) << "Unable to update origin bound cert database to " | 246 LOG(WARNING) << "Unable to update origin bound cert database to " |
| 248 << "version 4."; | 247 << "version 3."; |
|
Scott Hess - ex-Googler
2012/02/14 00:28:18
But now this is back to wtc's earlier comment that
Greg Billock
2012/02/14 01:13:44
My head hurts on this -- it looks like we're upgra
Scott Hess - ex-Googler
2012/02/14 01:28:36
My theory is that at some point someone added the
| |
| 249 return false; | 248 return false; |
| 250 } | 249 } |
| 251 } | 250 } |
| 252 | 251 |
| 253 if (!db_->Execute("ALTER TABLE origin_bound_certs ADD COLUMN " | 252 if (!db_->Execute("ALTER TABLE origin_bound_certs ADD COLUMN " |
| 254 "creation_time INTEGER")) { | 253 "creation_time INTEGER")) { |
| 255 LOG(WARNING) << "Unable to update origin bound cert database to " | 254 LOG(WARNING) << "Unable to update origin bound cert database to " |
| 256 << "version 4."; | 255 << "version 4."; |
| 257 return false; | 256 return false; |
| 258 } | 257 } |
| 259 | 258 |
| 260 sql::Statement smt(db_->GetUniqueStatement( | 259 sql::Statement smt(db_->GetUniqueStatement( |
| 261 "SELECT origin, cert FROM origin_bound_certs")); | 260 "SELECT origin, cert FROM origin_bound_certs")); |
| 262 sql::Statement update_expires_smt(db_->GetUniqueStatement( | 261 sql::Statement update_expires_smt(db_->GetUniqueStatement( |
| 263 "UPDATE origin_bound_certs SET expiration_time = ? WHERE origin = ?")); | 262 "UPDATE origin_bound_certs SET expiration_time = ? WHERE origin = ?")); |
| 264 sql::Statement update_creation_smt(db_->GetUniqueStatement( | 263 sql::Statement update_creation_smt(db_->GetUniqueStatement( |
| 265 "UPDATE origin_bound_certs SET creation_time = ? WHERE origin = ?")); | 264 "UPDATE origin_bound_certs SET creation_time = ? WHERE origin = ?")); |
| 266 if (!smt || !update_expires_smt || !update_creation_smt) { | 265 if (!smt.is_valid() || |
| 266 !update_expires_smt.is_valid() || | |
| 267 !update_creation_smt.is_valid()) { | |
| 267 LOG(WARNING) << "Unable to update origin bound cert database to " | 268 LOG(WARNING) << "Unable to update origin bound cert database to " |
| 268 << "version 4."; | 269 << "version 4."; |
| 269 return false; | 270 return false; |
| 270 } | 271 } |
| 272 | |
| 273 | |
| 271 while (smt.Step()) { | 274 while (smt.Step()) { |
| 272 std::string origin = smt.ColumnString(0); | 275 std::string origin = smt.ColumnString(0); |
| 273 std::string cert_from_db; | 276 std::string cert_from_db; |
| 274 smt.ColumnBlobAsString(1, &cert_from_db); | 277 smt.ColumnBlobAsString(1, &cert_from_db); |
| 275 // Parse the cert and extract the real value and then update the DB. | 278 // Parse the cert and extract the real value and then update the DB. |
| 276 scoped_refptr<net::X509Certificate> cert( | 279 scoped_refptr<net::X509Certificate> cert( |
| 277 net::X509Certificate::CreateFromBytes( | 280 net::X509Certificate::CreateFromBytes( |
| 278 cert_from_db.data(), cert_from_db.size())); | 281 cert_from_db.data(), cert_from_db.size())); |
| 279 if (cert) { | 282 if (cert) { |
| 280 if (cur_version == 2) { | 283 if (cur_version == 2) { |
| 281 update_expires_smt.Reset(); | 284 update_expires_smt.Reset(); |
| 282 update_expires_smt.BindInt64(0, | 285 update_expires_smt.BindInt64(0, |
| 283 cert->valid_expiry().ToInternalValue()); | 286 cert->valid_expiry().ToInternalValue()); |
| 284 update_expires_smt.BindString(1, origin); | 287 update_expires_smt.BindString(1, origin); |
| 285 if (!update_expires_smt.Run()) { | 288 if (!update_expires_smt.Run()) { |
| 286 LOG(WARNING) << "Unable to update origin bound cert database to " | 289 LOG(WARNING) << "Unable to update origin bound cert database to " |
| 287 << "version 4."; | 290 << "version 3."; |
|
Scott Hess - ex-Googler
2012/02/14 00:28:18
And this one to version 4.
Greg Billock
2012/02/14 01:13:44
Done.
| |
| 288 return false; | 291 return false; |
| 289 } | 292 } |
| 290 } | 293 } |
| 291 | 294 |
| 292 update_creation_smt.Reset(); | 295 update_creation_smt.Reset(); |
| 293 update_creation_smt.BindInt64(0, cert->valid_start().ToInternalValue()); | 296 update_creation_smt.BindInt64(0, cert->valid_start().ToInternalValue()); |
| 294 update_creation_smt.BindString(1, origin); | 297 update_creation_smt.BindString(1, origin); |
| 295 if (!update_creation_smt.Run()) { | 298 if (!update_creation_smt.Run()) { |
| 296 LOG(WARNING) << "Unable to update origin bound cert database to " | 299 LOG(WARNING) << "Unable to update origin bound cert database to " |
| 297 << "version 4."; | 300 << "version 4."; |
| (...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 375 num_pending_ = 0; | 378 num_pending_ = 0; |
| 376 } | 379 } |
| 377 | 380 |
| 378 // Maybe an old timer fired or we are already Close()'ed. | 381 // Maybe an old timer fired or we are already Close()'ed. |
| 379 if (!db_.get() || ops.empty()) | 382 if (!db_.get() || ops.empty()) |
| 380 return; | 383 return; |
| 381 | 384 |
| 382 sql::Statement add_smt(db_->GetCachedStatement(SQL_FROM_HERE, | 385 sql::Statement add_smt(db_->GetCachedStatement(SQL_FROM_HERE, |
| 383 "INSERT INTO origin_bound_certs (origin, private_key, cert, cert_type, " | 386 "INSERT INTO origin_bound_certs (origin, private_key, cert, cert_type, " |
| 384 "expiration_time) VALUES (?,?,?,?,?)")); | 387 "expiration_time) VALUES (?,?,?,?,?)")); |
| 385 if (!add_smt) { | 388 if (!add_smt.is_valid()) |
| 386 NOTREACHED(); | |
| 387 return; | 389 return; |
| 388 } | |
| 389 | 390 |
| 390 sql::Statement del_smt(db_->GetCachedStatement(SQL_FROM_HERE, | 391 sql::Statement del_smt(db_->GetCachedStatement(SQL_FROM_HERE, |
| 391 "DELETE FROM origin_bound_certs WHERE origin=?")); | 392 "DELETE FROM origin_bound_certs WHERE origin=?")); |
| 392 if (!del_smt) { | 393 if (!del_smt.is_valid()) |
| 393 NOTREACHED(); | |
| 394 return; | 394 return; |
| 395 } | |
| 396 | 395 |
| 397 sql::Transaction transaction(db_.get()); | 396 sql::Transaction transaction(db_.get()); |
| 398 if (!transaction.Begin()) { | 397 if (!transaction.Begin()) |
| 399 NOTREACHED(); | |
| 400 return; | 398 return; |
| 401 } | 399 |
| 402 for (PendingOperationsList::iterator it = ops.begin(); | 400 for (PendingOperationsList::iterator it = ops.begin(); |
| 403 it != ops.end(); ++it) { | 401 it != ops.end(); ++it) { |
| 404 // Free the certs as we commit them to the database. | 402 // Free the certs as we commit them to the database. |
| 405 scoped_ptr<PendingOperation> po(*it); | 403 scoped_ptr<PendingOperation> po(*it); |
| 406 switch (po->op()) { | 404 switch (po->op()) { |
| 407 case PendingOperation::CERT_ADD: { | 405 case PendingOperation::CERT_ADD: { |
| 408 add_smt.Reset(); | 406 add_smt.Reset(); |
| 409 add_smt.BindString(0, po->cert().origin()); | 407 add_smt.BindString(0, po->cert().origin()); |
| 410 const std::string& private_key = po->cert().private_key(); | 408 const std::string& private_key = po->cert().private_key(); |
| 411 add_smt.BindBlob(1, private_key.data(), private_key.size()); | 409 add_smt.BindBlob(1, private_key.data(), private_key.size()); |
| (...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 508 if (backend_.get()) | 506 if (backend_.get()) |
| 509 backend_->SetClearLocalStateOnExit(clear_local_state); | 507 backend_->SetClearLocalStateOnExit(clear_local_state); |
| 510 } | 508 } |
| 511 | 509 |
| 512 void SQLiteOriginBoundCertStore::Flush(const base::Closure& completion_task) { | 510 void SQLiteOriginBoundCertStore::Flush(const base::Closure& completion_task) { |
| 513 if (backend_.get()) | 511 if (backend_.get()) |
| 514 backend_->Flush(completion_task); | 512 backend_->Flush(completion_task); |
| 515 else if (!completion_task.is_null()) | 513 else if (!completion_task.is_null()) |
| 516 MessageLoop::current()->PostTask(FROM_HERE, completion_task); | 514 MessageLoop::current()->PostTask(FROM_HERE, completion_task); |
| 517 } | 515 } |
| OLD | NEW |