// Copyright 2014 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifndef COMPONENTS_VARIATIONS_VARIATIONS_SEED_STORE_H_ #define COMPONENTS_VARIATIONS_VARIATIONS_SEED_STORE_H_ #include #include #include "base/compiler_specific.h" #include "base/gtest_prod_util.h" #include "base/macros.h" #include "base/time/time.h" #include "build/build_config.h" #include "components/variations/metrics.h" #include "components/variations/seed_response.h" class PrefService; class PrefRegistrySimple; namespace variations { struct ClientFilterableState; class VariationsSeed; // VariationsSeedStore is a helper class for reading and writing the variations // seed from Local State. class VariationsSeedStore { public: explicit VariationsSeedStore(PrefService* local_state); // |initial_seed| may be null. If not null, then it will be stored in this // seed store. This is used by Android Chrome to supply the first run seed, // and by Android WebView to supply the seed on every run. VariationsSeedStore(PrefService* local_state, std::unique_ptr initial_seed); virtual ~VariationsSeedStore(); // Loads the variations seed data from local state into |seed|, as well as the // raw pref values into |seed_data| and |base64_signature|. If there is a // problem with loading, clears the seed pref value and returns false. If // successful, fills the the outparams with the loaded data and returns true. // Virtual for testing. virtual bool LoadSeed(VariationsSeed* seed, std::string* seed_data, std::string* base64_seed_signature) WARN_UNUSED_RESULT; // Stores the given seed |data| (serialized protobuf) to local state, along // with a base64-encoded digital signature for seed and the date when it was // fetched. If |is_gzip_compressed| is true, treats |data| as being gzip // compressed and decompresses it before any other processing. // If |is_delta_compressed| is true, treats |data| as being delta // compressed and attempts to decode it first using the store's seed data. // The actual seed data will be base64 encoded for storage. If the string // is invalid, the existing prefs are untouched and false is returned. // Additionally, stores the |country_code| that was received with the seed in // a separate pref. On success and if |parsed_seed| is not NULL, |parsed_seed| // will be filled with the de-serialized decoded protobuf. bool StoreSeedData(const std::string& data, const std::string& base64_seed_signature, const std::string& country_code, const base::Time& date_fetched, bool is_delta_compressed, bool is_gzip_compressed, bool fetched_insecurely, VariationsSeed* parsed_seed) WARN_UNUSED_RESULT; // Loads the safe variations seed data from local state into |seed| and // updates any relevant fields in |client_state| and stores the // |seed_fetch_time|. Returns true iff the safe seed was read successfully // from prefs. If the safe seed could not be loaded, it is guaranteed that no // fields in |client_state| are modified. // Side-effect: Upon any failure to read or validate the safe seed, clears all // of the safe seed pref values. This occurs iff the method returns false. // Virtual for testing. virtual bool LoadSafeSeed(VariationsSeed* seed, ClientFilterableState* client_state, base::Time* seed_fetch_time) WARN_UNUSED_RESULT; // Stores the given |seed_data| (a serialized protobuf) to local state as a // safe seed, along with a base64-encoded digital signature for seed and any // additional client metadata relevant to the safe seed. Returns true on // success or false on failure; no prefs are updated in case of failure. // Virtual for testing. virtual bool StoreSafeSeed(const std::string& seed_data, const std::string& base64_seed_signature, const ClientFilterableState& client_state, base::Time seed_fetch_time); // Loads the last fetch time (for the latest seed) that was persisted to the // store. base::Time GetLastFetchTime() const; // Records the current time as the last time at which a seed was fetched // successfully. Also updates the safe seed's fetch time if the latest and // safe seeds are identical. void RecordLastFetchTime(); // Updates |kVariationsSeedDate| and logs when previous date was from a // different day. void UpdateSeedDateAndLogDayChange(const base::Time& server_date_fetched); // Reports to UMA that the seed format specified by the server is unsupported. void ReportUnsupportedSeedFormatError(); // Returns the serial number of the most recently received seed, or an empty // string if there is no seed (or if it could not be read). // Side-effect: If there is a failure while attempting to read the latest seed // from prefs, clears the prefs associated with the seed. // Efficiency note: If code will eventually need to load the latest seed, it's // more efficient to call LoadSeed() prior to calling this method. const std::string& GetLatestSerialNumber(); // Registers Local State prefs used by this class. static void RegisterPrefs(PrefRegistrySimple* registry); PrefService* local_state() { return local_state_; } const PrefService* local_state() const { return local_state_; } protected: // Whether signature verification is enabled. Overridable for tests. virtual bool SignatureVerificationEnabled(); private: FRIEND_TEST_ALL_PREFIXES(VariationsSeedStoreTest, VerifySeedSignature); FRIEND_TEST_ALL_PREFIXES(VariationsSeedStoreTest, ApplyDeltaPatch); // The seed store contains two distinct seeds: // (1) The most recently fetched, or "latest", seed; and // (2) A "safe" seed, which has been observed to keep Chrome in a basically // functional state. In particular, a safe seed is one that allows // Chrome to receive new seed updates from the server. // Note that it's possible for both seeds to be empty, and it's possible for // the two seeds to be identical in their contents. enum class SeedType { LATEST, SAFE, }; // Clears all prefs related to variations seed storage for the specified seed // type. void ClearPrefs(SeedType seed_type); #if defined(OS_ANDROID) // Imports the variations seed from the Java side. Logs UMA on failure. // Android Chrome uses this on first run; WebView uses this on every startup. // In Chrome's case, it's important to set the first run seed as soon as // possible, because some clients query the seed store prefs directly rather // than accessing them via the seed store API: https://crbug.com/829527 void ImportInitialSeed(std::unique_ptr initial_seed); #endif // OS_ANDROID // Loads the variations seed data from local state into |seed|, as well as the // raw pref values into |seed_data| and |base64_signature|. Loads either the // safe seed or the latest seed, according to the |seed_type|. Returns whether // loading the seed was successful. // Side-effect: Upon any failure to read or validate the safe seed, clears all // of the pref values for the seed. This occurs iff the method returns false. LoadSeedResult LoadSeedImpl(SeedType seed_type, VariationsSeed* seed, std::string* seed_data, std::string* base64_seed_signature) WARN_UNUSED_RESULT; // Reads the variations seed data from prefs into |seed_data|, and returns the // result of the load. The value stored into |seed_data| should only be used // if the result is SUCCESS. Reads either the latest or the safe seed, // according to the specified |seed_type|. // Side-effect: If the read fails, clears the prefs associated with the seed. LoadSeedResult ReadSeedData(SeedType seed_type, std::string* seed_data) WARN_UNUSED_RESULT; // Internal version of |StoreSeedData()| that assumes |seed_data| is not delta // compressed. bool StoreSeedDataNoDelta(const std::string& seed_data, const std::string& base64_seed_signature, const std::string& country_code, const base::Time& date_fetched, bool fetched_insecurely, VariationsSeed* parsed_seed) WARN_UNUSED_RESULT; // Validates the |seed_data|, comparing it (if enabled) against the provided // cryptographic signature. Returns the result of the operation. On success, // fills |base64_seed_data| with the compressed and base64-encoded seed data; // and if |parsed_seed| is non-null, fills it with the parsed seed data. // |fetched_insecurely| indicates whether |seed_data| was just fetched from // the server over an insecure channel (i.e. over HTTP rathern than HTTPS). // |seed_type| specifies whether |seed_data| is for the safe seed (vs. the // regular/normal seed). StoreSeedResult VerifyAndCompressSeedData( const std::string& seed_data, const std::string& base64_seed_signature, bool fetched_insecurely, SeedType seed_type, std::string* base64_seed_data, VariationsSeed* parsed_seed) WARN_UNUSED_RESULT; // Applies a delta-compressed |patch| to |existing_data|, producing the result // in |output|. Returns whether the operation was successful. static bool ApplyDeltaPatch(const std::string& existing_data, const std::string& patch, std::string* output) WARN_UNUSED_RESULT; // The pref service used to persist the variations seed. PrefService* local_state_; // Cached serial number from the most recently fetched variations seed. std::string latest_serial_number_; DISALLOW_COPY_AND_ASSIGN(VariationsSeedStore); }; } // namespace variations #endif // COMPONENTS_VARIATIONS_VARIATIONS_SEED_STORE_H_