| Index: chrome/browser/net/sqlite_origin_bound_cert_store.cc
|
| diff --git a/chrome/browser/net/sqlite_origin_bound_cert_store.cc b/chrome/browser/net/sqlite_origin_bound_cert_store.cc
|
| index 24e9f54ee60d6e2d7013e3dc4374080c54509989..f5350e5d5eaf745168c2539c1d261f27ced09d28 100644
|
| --- a/chrome/browser/net/sqlite_origin_bound_cert_store.cc
|
| +++ b/chrome/browser/net/sqlite_origin_bound_cert_store.cc
|
| @@ -27,8 +27,8 @@ using content::BrowserThread;
|
|
|
| // This class is designed to be shared between any calling threads and the
|
| // database thread. It batches operations and commits them on a timer.
|
| -class SQLiteOriginBoundCertStore::Backend
|
| - : public base::RefCountedThreadSafe<SQLiteOriginBoundCertStore::Backend> {
|
| +class SQLiteServerBoundCertStore::Backend
|
| + : public base::RefCountedThreadSafe<SQLiteServerBoundCertStore::Backend> {
|
| public:
|
| explicit Backend(const FilePath& path)
|
| : path_(path),
|
| @@ -39,15 +39,15 @@ class SQLiteOriginBoundCertStore::Backend
|
|
|
| // Creates or load the SQLite database.
|
| bool Load(
|
| - std::vector<net::DefaultOriginBoundCertStore::OriginBoundCert*>* certs);
|
| + std::vector<net::DefaultServerBoundCertStore::ServerBoundCert*>* certs);
|
|
|
| - // Batch an origin bound cert addition.
|
| - void AddOriginBoundCert(
|
| - const net::DefaultOriginBoundCertStore::OriginBoundCert& cert);
|
| + // Batch a server bound cert addition.
|
| + void AddServerBoundCert(
|
| + const net::DefaultServerBoundCertStore::ServerBoundCert& cert);
|
|
|
| - // Batch an origin bound cert deletion.
|
| - void DeleteOriginBoundCert(
|
| - const net::DefaultOriginBoundCertStore::OriginBoundCert& cert);
|
| + // Batch a server bound cert deletion.
|
| + void DeleteServerBoundCert(
|
| + const net::DefaultServerBoundCertStore::ServerBoundCert& cert);
|
|
|
| // Commit pending operations as soon as possible.
|
| void Flush(const base::Closure& completion_task);
|
| @@ -59,7 +59,7 @@ class SQLiteOriginBoundCertStore::Backend
|
| void SetClearLocalStateOnExit(bool clear_local_state);
|
|
|
| private:
|
| - friend class base::RefCountedThreadSafe<SQLiteOriginBoundCertStore::Backend>;
|
| + friend class base::RefCountedThreadSafe<SQLiteServerBoundCertStore::Backend>;
|
|
|
| // You should call Close() before destructing this object.
|
| ~Backend() {
|
| @@ -79,24 +79,24 @@ class SQLiteOriginBoundCertStore::Backend
|
|
|
| PendingOperation(
|
| OperationType op,
|
| - const net::DefaultOriginBoundCertStore::OriginBoundCert& cert)
|
| + const net::DefaultServerBoundCertStore::ServerBoundCert& cert)
|
| : op_(op), cert_(cert) {}
|
|
|
| OperationType op() const { return op_; }
|
| - const net::DefaultOriginBoundCertStore::OriginBoundCert& cert() const {
|
| + const net::DefaultServerBoundCertStore::ServerBoundCert& cert() const {
|
| return cert_;
|
| }
|
|
|
| private:
|
| OperationType op_;
|
| - net::DefaultOriginBoundCertStore::OriginBoundCert cert_;
|
| + net::DefaultServerBoundCertStore::ServerBoundCert cert_;
|
| };
|
|
|
| private:
|
| - // Batch an origin bound cert operation (add or delete)
|
| + // Batch a server bound cert operation (add or delete)
|
| void BatchOperation(
|
| PendingOperation::OperationType op,
|
| - const net::DefaultOriginBoundCertStore::OriginBoundCert& cert);
|
| + const net::DefaultServerBoundCertStore::ServerBoundCert& cert);
|
| // Commit our pending operations to the database.
|
| void Commit();
|
| // Close() executed on the background thread.
|
| @@ -125,6 +125,9 @@ namespace {
|
|
|
| // Initializes the certs table, returning true on success.
|
| bool InitTable(sql::Connection* db) {
|
| + // The table is named "origin_bound_certs" for backwards compatability before
|
| + // we renamed this class to SQLiteServerBoundCertStore. Likewise, the primary
|
| + // key is "origin", but now can be other things like a plain domain.
|
| if (!db->DoesTableExist("origin_bound_certs")) {
|
| if (!db->Execute("CREATE TABLE origin_bound_certs ("
|
| "origin TEXT NOT NULL UNIQUE PRIMARY KEY,"
|
| @@ -141,8 +144,8 @@ bool InitTable(sql::Connection* db) {
|
|
|
| } // namespace
|
|
|
| -bool SQLiteOriginBoundCertStore::Backend::Load(
|
| - std::vector<net::DefaultOriginBoundCertStore::OriginBoundCert*>* certs) {
|
| +bool SQLiteServerBoundCertStore::Backend::Load(
|
| + std::vector<net::DefaultServerBoundCertStore::ServerBoundCert*>* certs) {
|
| // This function should be called only once per instance.
|
| DCHECK(!db_.get());
|
|
|
| @@ -185,8 +188,8 @@ bool SQLiteOriginBoundCertStore::Backend::Load(
|
| std::string private_key_from_db, cert_from_db;
|
| smt.ColumnBlobAsString(1, &private_key_from_db);
|
| smt.ColumnBlobAsString(2, &cert_from_db);
|
| - scoped_ptr<net::DefaultOriginBoundCertStore::OriginBoundCert> cert(
|
| - new net::DefaultOriginBoundCertStore::OriginBoundCert(
|
| + scoped_ptr<net::DefaultServerBoundCertStore::ServerBoundCert> cert(
|
| + new net::DefaultServerBoundCertStore::ServerBoundCert(
|
| smt.ColumnString(0), // origin
|
| static_cast<net::SSLClientCertType>(smt.ColumnInt(3)),
|
| base::Time::FromInternalValue(smt.ColumnInt64(5)),
|
| @@ -199,7 +202,7 @@ bool SQLiteOriginBoundCertStore::Backend::Load(
|
| return true;
|
| }
|
|
|
| -bool SQLiteOriginBoundCertStore::Backend::EnsureDatabaseVersion() {
|
| +bool SQLiteServerBoundCertStore::Backend::EnsureDatabaseVersion() {
|
| // Version check.
|
| if (!meta_table_.Init(
|
| db_.get(), kCurrentVersionNumber, kCompatibleVersionNumber)) {
|
| @@ -207,7 +210,7 @@ bool SQLiteOriginBoundCertStore::Backend::EnsureDatabaseVersion() {
|
| }
|
|
|
| if (meta_table_.GetCompatibleVersionNumber() > kCurrentVersionNumber) {
|
| - LOG(WARNING) << "Origin bound cert database is too new.";
|
| + LOG(WARNING) << "Server bound cert database is too new.";
|
| return false;
|
| }
|
|
|
| @@ -218,13 +221,13 @@ bool SQLiteOriginBoundCertStore::Backend::EnsureDatabaseVersion() {
|
| return false;
|
| if (!db_->Execute("ALTER TABLE origin_bound_certs ADD COLUMN cert_type "
|
| "INTEGER")) {
|
| - LOG(WARNING) << "Unable to update origin bound cert database to "
|
| + LOG(WARNING) << "Unable to update server bound cert database to "
|
| << "version 2.";
|
| return false;
|
| }
|
| // All certs in version 1 database are rsa_sign, which has a value of 1.
|
| if (!db_->Execute("UPDATE origin_bound_certs SET cert_type = 1")) {
|
| - LOG(WARNING) << "Unable to update origin bound cert database to "
|
| + LOG(WARNING) << "Unable to update server bound cert database to "
|
| << "version 2.";
|
| return false;
|
| }
|
| @@ -243,7 +246,7 @@ bool SQLiteOriginBoundCertStore::Backend::EnsureDatabaseVersion() {
|
| if (cur_version == 2) {
|
| if (!db_->Execute("ALTER TABLE origin_bound_certs ADD COLUMN "
|
| "expiration_time INTEGER")) {
|
| - LOG(WARNING) << "Unable to update origin bound cert database to "
|
| + LOG(WARNING) << "Unable to update server bound cert database to "
|
| << "version 4.";
|
| return false;
|
| }
|
| @@ -251,7 +254,7 @@ bool SQLiteOriginBoundCertStore::Backend::EnsureDatabaseVersion() {
|
|
|
| if (!db_->Execute("ALTER TABLE origin_bound_certs ADD COLUMN "
|
| "creation_time INTEGER")) {
|
| - LOG(WARNING) << "Unable to update origin bound cert database to "
|
| + LOG(WARNING) << "Unable to update server bound cert database to "
|
| << "version 4.";
|
| return false;
|
| }
|
| @@ -265,7 +268,7 @@ bool SQLiteOriginBoundCertStore::Backend::EnsureDatabaseVersion() {
|
| if (!smt.is_valid() ||
|
| !update_expires_smt.is_valid() ||
|
| !update_creation_smt.is_valid()) {
|
| - LOG(WARNING) << "Unable to update origin bound cert database to "
|
| + LOG(WARNING) << "Unable to update server bound cert database to "
|
| << "version 4.";
|
| return false;
|
| }
|
| @@ -285,7 +288,7 @@ bool SQLiteOriginBoundCertStore::Backend::EnsureDatabaseVersion() {
|
| cert->valid_expiry().ToInternalValue());
|
| update_expires_smt.BindString(1, origin);
|
| if (!update_expires_smt.Run()) {
|
| - LOG(WARNING) << "Unable to update origin bound cert database to "
|
| + LOG(WARNING) << "Unable to update server bound cert database to "
|
| << "version 4.";
|
| return false;
|
| }
|
| @@ -295,7 +298,7 @@ bool SQLiteOriginBoundCertStore::Backend::EnsureDatabaseVersion() {
|
| update_creation_smt.BindInt64(0, cert->valid_start().ToInternalValue());
|
| update_creation_smt.BindString(1, origin);
|
| if (!update_creation_smt.Run()) {
|
| - LOG(WARNING) << "Unable to update origin bound cert database to "
|
| + LOG(WARNING) << "Unable to update server bound cert database to "
|
| << "version 4.";
|
| return false;
|
| }
|
| @@ -319,25 +322,25 @@ bool SQLiteOriginBoundCertStore::Backend::EnsureDatabaseVersion() {
|
| // When the version is too old, we just try to continue anyway, there should
|
| // not be a released product that makes a database too old for us to handle.
|
| LOG_IF(WARNING, cur_version < kCurrentVersionNumber) <<
|
| - "Origin bound cert database version " << cur_version <<
|
| + "Server bound cert database version " << cur_version <<
|
| " is too old to handle.";
|
|
|
| return true;
|
| }
|
|
|
| -void SQLiteOriginBoundCertStore::Backend::AddOriginBoundCert(
|
| - const net::DefaultOriginBoundCertStore::OriginBoundCert& cert) {
|
| +void SQLiteServerBoundCertStore::Backend::AddServerBoundCert(
|
| + const net::DefaultServerBoundCertStore::ServerBoundCert& cert) {
|
| BatchOperation(PendingOperation::CERT_ADD, cert);
|
| }
|
|
|
| -void SQLiteOriginBoundCertStore::Backend::DeleteOriginBoundCert(
|
| - const net::DefaultOriginBoundCertStore::OriginBoundCert& cert) {
|
| +void SQLiteServerBoundCertStore::Backend::DeleteServerBoundCert(
|
| + const net::DefaultServerBoundCertStore::ServerBoundCert& cert) {
|
| BatchOperation(PendingOperation::CERT_DELETE, cert);
|
| }
|
|
|
| -void SQLiteOriginBoundCertStore::Backend::BatchOperation(
|
| +void SQLiteServerBoundCertStore::Backend::BatchOperation(
|
| PendingOperation::OperationType op,
|
| - const net::DefaultOriginBoundCertStore::OriginBoundCert& cert) {
|
| + const net::DefaultServerBoundCertStore::ServerBoundCert& cert) {
|
| // Commit every 30 seconds.
|
| static const int kCommitIntervalMs = 30 * 1000;
|
| // Commit right away if we have more than 512 outstanding operations.
|
| @@ -368,7 +371,7 @@ void SQLiteOriginBoundCertStore::Backend::BatchOperation(
|
| }
|
| }
|
|
|
| -void SQLiteOriginBoundCertStore::Backend::Commit() {
|
| +void SQLiteServerBoundCertStore::Backend::Commit() {
|
| DCHECK(BrowserThread::CurrentlyOn(BrowserThread::DB));
|
|
|
| PendingOperationsList ops;
|
| @@ -404,7 +407,7 @@ void SQLiteOriginBoundCertStore::Backend::Commit() {
|
| switch (po->op()) {
|
| case PendingOperation::CERT_ADD: {
|
| add_smt.Reset();
|
| - add_smt.BindString(0, po->cert().origin());
|
| + add_smt.BindString(0, po->cert().server_identifier());
|
| const std::string& private_key = po->cert().private_key();
|
| add_smt.BindBlob(1, private_key.data(), private_key.size());
|
| const std::string& cert = po->cert().cert();
|
| @@ -413,14 +416,14 @@ void SQLiteOriginBoundCertStore::Backend::Commit() {
|
| add_smt.BindInt64(4, po->cert().expiration_time().ToInternalValue());
|
| add_smt.BindInt64(5, po->cert().creation_time().ToInternalValue());
|
| if (!add_smt.Run())
|
| - NOTREACHED() << "Could not add an origin bound cert to the DB.";
|
| + NOTREACHED() << "Could not add a server bound cert to the DB.";
|
| break;
|
| }
|
| case PendingOperation::CERT_DELETE:
|
| del_smt.Reset();
|
| - del_smt.BindString(0, po->cert().origin());
|
| + del_smt.BindString(0, po->cert().server_identifier());
|
| if (!del_smt.Run())
|
| - NOTREACHED() << "Could not delete an origin bound cert from the DB.";
|
| + NOTREACHED() << "Could not delete a server bound cert from the DB.";
|
| break;
|
|
|
| default:
|
| @@ -431,7 +434,7 @@ void SQLiteOriginBoundCertStore::Backend::Commit() {
|
| transaction.Commit();
|
| }
|
|
|
| -void SQLiteOriginBoundCertStore::Backend::Flush(
|
| +void SQLiteServerBoundCertStore::Backend::Flush(
|
| const base::Closure& completion_task) {
|
| DCHECK(!BrowserThread::CurrentlyOn(BrowserThread::DB));
|
| BrowserThread::PostTask(
|
| @@ -447,7 +450,7 @@ void SQLiteOriginBoundCertStore::Backend::Flush(
|
| // Fire off a close message to the background thread. We could still have a
|
| // pending commit timer that will be holding a reference on us, but if/when
|
| // this fires we will already have been cleaned up and it will be ignored.
|
| -void SQLiteOriginBoundCertStore::Backend::Close() {
|
| +void SQLiteServerBoundCertStore::Backend::Close() {
|
| DCHECK(!BrowserThread::CurrentlyOn(BrowserThread::DB));
|
| // Must close the backend on the background thread.
|
| BrowserThread::PostTask(
|
| @@ -455,7 +458,7 @@ void SQLiteOriginBoundCertStore::Backend::Close() {
|
| base::Bind(&Backend::InternalBackgroundClose, this));
|
| }
|
|
|
| -void SQLiteOriginBoundCertStore::Backend::InternalBackgroundClose() {
|
| +void SQLiteServerBoundCertStore::Backend::InternalBackgroundClose() {
|
| DCHECK(BrowserThread::CurrentlyOn(BrowserThread::DB));
|
| // Commit any pending operations
|
| Commit();
|
| @@ -466,17 +469,17 @@ void SQLiteOriginBoundCertStore::Backend::InternalBackgroundClose() {
|
| file_util::Delete(path_, false);
|
| }
|
|
|
| -void SQLiteOriginBoundCertStore::Backend::SetClearLocalStateOnExit(
|
| +void SQLiteServerBoundCertStore::Backend::SetClearLocalStateOnExit(
|
| bool clear_local_state) {
|
| base::AutoLock locked(lock_);
|
| clear_local_state_on_exit_ = clear_local_state;
|
| }
|
|
|
| -SQLiteOriginBoundCertStore::SQLiteOriginBoundCertStore(const FilePath& path)
|
| +SQLiteServerBoundCertStore::SQLiteServerBoundCertStore(const FilePath& path)
|
| : backend_(new Backend(path)) {
|
| }
|
|
|
| -SQLiteOriginBoundCertStore::~SQLiteOriginBoundCertStore() {
|
| +SQLiteServerBoundCertStore::~SQLiteServerBoundCertStore() {
|
| if (backend_.get()) {
|
| backend_->Close();
|
| // Release our reference, it will probably still have a reference if the
|
| @@ -485,30 +488,30 @@ SQLiteOriginBoundCertStore::~SQLiteOriginBoundCertStore() {
|
| }
|
| }
|
|
|
| -bool SQLiteOriginBoundCertStore::Load(
|
| - std::vector<net::DefaultOriginBoundCertStore::OriginBoundCert*>* certs) {
|
| +bool SQLiteServerBoundCertStore::Load(
|
| + std::vector<net::DefaultServerBoundCertStore::ServerBoundCert*>* certs) {
|
| return backend_->Load(certs);
|
| }
|
|
|
| -void SQLiteOriginBoundCertStore::AddOriginBoundCert(
|
| - const net::DefaultOriginBoundCertStore::OriginBoundCert& cert) {
|
| +void SQLiteServerBoundCertStore::AddServerBoundCert(
|
| + const net::DefaultServerBoundCertStore::ServerBoundCert& cert) {
|
| if (backend_.get())
|
| - backend_->AddOriginBoundCert(cert);
|
| + backend_->AddServerBoundCert(cert);
|
| }
|
|
|
| -void SQLiteOriginBoundCertStore::DeleteOriginBoundCert(
|
| - const net::DefaultOriginBoundCertStore::OriginBoundCert& cert) {
|
| +void SQLiteServerBoundCertStore::DeleteServerBoundCert(
|
| + const net::DefaultServerBoundCertStore::ServerBoundCert& cert) {
|
| if (backend_.get())
|
| - backend_->DeleteOriginBoundCert(cert);
|
| + backend_->DeleteServerBoundCert(cert);
|
| }
|
|
|
| -void SQLiteOriginBoundCertStore::SetClearLocalStateOnExit(
|
| +void SQLiteServerBoundCertStore::SetClearLocalStateOnExit(
|
| bool clear_local_state) {
|
| if (backend_.get())
|
| backend_->SetClearLocalStateOnExit(clear_local_state);
|
| }
|
|
|
| -void SQLiteOriginBoundCertStore::Flush(const base::Closure& completion_task) {
|
| +void SQLiteServerBoundCertStore::Flush(const base::Closure& completion_task) {
|
| if (backend_.get())
|
| backend_->Flush(completion_task);
|
| else if (!completion_task.is_null())
|
|
|
Chromium Code Reviews
Issue 9617039:
Change Origin bound certs -> Domain bound certs. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src