bug 1546361 - recreate cert_storage data as necessary r=jcj,myk

It turns out that an rkv database created on a 32-bit platform cannot be used on a 64-bit platform and vice-versa. To work around this for now, we delete and recreate the DB backing cert_storage and set flags to let our consumers know to re-load all known data. Differential Revision: https://phabricator.services.mozilla.com/D29591
mozilla-spidermonkey · May 3, 2019 · 640268c · 640268c
1 parent a129461
commit 640268c
Show file tree

Hide file tree

Showing 12 changed files with 290 additions and 299 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/security/manager/ssl/RemoteSecuritySettings.jsm b/security/manager/ssl/RemoteSecuritySettings.jsm
@@ -115,16 +115,39 @@ this.RemoteSecuritySettings = class RemoteSecuritySettings {
         // Bug 1519256: Move this to a separate method that's on a separate timer
         // with a higher frequency (so we can attempt to download outstanding
         // certs more than once daily)
+
+        // See if we have prior cert data (this can happen when we can't open the database and we
+        // have to re-create it (see bug 1546361)).
+        const certStorage = Cc["@mozilla.org/security/certstorage;1"].getService(Ci.nsICertStorage);
+        let hasPriorCertData = await new Promise((resolve) => {
+          certStorage.hasPriorData(Ci.nsICertStorage.DATA_TYPE_CERTIFICATE, (rv, hasPriorData) => {
+            if (rv == Cr.NS_OK) {
+              resolve(hasPriorData);
+            } else {
+              // If calling hasPriorData failed, assume we need to reload everything (even though
+              // it's unlikely doing so will succeed).
+              resolve(false);
+            }
+          });
+        });
+        const col = await this.client.openCollection();
+        // If we don't have prior data, make it so we re-load everything.
+        if (!hasPriorCertData) {
+          let toUpdate = await this.client.get();
+          let promises = [];
+          toUpdate.forEach((record) => {
+            record.cert_import_complete = false;
+            promises.push(col.update(record));
+          });
+          await Promise.all(promises);
+        }
         const current = await this.client.get();
         const waiting = current.filter(record => !record.cert_import_complete);
 
         log.debug(`There are ${waiting.length} intermediates awaiting download.`);
 
         TelemetryStopwatch.start(INTERMEDIATES_UPDATE_MS_TELEMETRY);
 
-        const certStorage = Cc["@mozilla.org/security/certstorage;1"].getService(Ci.nsICertStorage);
-        const col = await this.client.openCollection();
-
         Promise.all(waiting.slice(0, maxDownloadsPerRun)
           .map(record => this.maybeDownloadAttachment(record, col, certStorage))
         ).then(async () => {

diff --git a/security/manager/ssl/cert_storage/Cargo.toml b/security/manager/ssl/cert_storage/Cargo.toml
@@ -15,6 +15,7 @@ nsstring = { path = "../../../../xpcom/rust/nsstring" }
 rkv = "^0.9"
 rust_cascade = "0.3.4"
 sha2 = "^0.8"
+storage_variant = { path = "../../../../storage/variant" }
 style = { path = "../../../../servo/components/style" }
 thin-vec = { version = "0.1.0", features = ["gecko-ffi"] }
 time = "0.1"