Bug 1538372 - migrate revocations in single transaction r=keeler
authorMyk Melez <myk@mykzilla.org>
Fri, 22 Mar 2019 23:16:43 +0000
changeset 465785 ca22160618275d1db3d12539a89609a8d7695909
parent 465784 62b9000a17c10b9ba87adc94772a8679491d2514
child 465786 ed5dca04ca54811c2208c708b3c02e9d2cb10f4e
push id35746
push usershindli@mozilla.com
push dateSat, 23 Mar 2019 09:46:24 +0000
treeherdermozilla-central@02b7484f316b [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler
bugs1538372
milestone68.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1538372 - migrate revocations in single transaction r=keeler cert_storage migrates revocations.txt via one transaction per entry, which can be expensive. This change uses a single transaction to migrate all entries. Differential Revision: https://phabricator.services.mozilla.com/D24579
security/manager/ssl/cert_storage/src/lib.rs
--- a/security/manager/ssl/cert_storage/src/lib.rs
+++ b/security/manager/ssl/cert_storage/src/lib.rs
@@ -94,16 +94,18 @@ impl SecurityState {
             remove_file(revocations_path)?;
         }
         Ok(ss)
     }
 
     fn migrate(&mut self, revocations_path: &PathBuf) -> Result<(), SecurityStateError> {
         let f = File::open(revocations_path)?;
         let file = BufReader::new(f);
+        let value = Value::I64(nsICertStorage::STATE_ENFORCE as i64);
+        let mut writer = self.env.write()?;
 
         // Add the data from revocations.txt
         let mut dn: Option<Vec<u8>> = None;
         for line in file.lines() {
             let l = match line.map_err(|_| SecurityStateError::from("io error reading line data")) {
                 Ok(data) => data,
                 Err(e) => return Err(e),
             };
@@ -128,31 +130,33 @@ impl SecurityState {
                 continue;
             }
             let l_sans_prefix = match base64::decode(&l[1..]) {
                 Ok(decoded) => decoded,
                 Err(_) => continue,
             };
             if let Some(name) = &dn {
                 if leading_char == '\t' {
-                    let _ = self.set_revocation_by_subject_and_pub_key(
-                        name,
-                        &l_sans_prefix,
-                        nsICertStorage::STATE_ENFORCE as i16,
+                    let _ = self.store.put(
+                        &mut writer,
+                        &make_key(PREFIX_REV_SPK, name, &l_sans_prefix),
+                        &value,
                     );
                 } else {
-                    let _ = self.set_revocation_by_issuer_and_serial(
-                        name,
-                        &l_sans_prefix,
-                        nsICertStorage::STATE_ENFORCE as i16,
+                    let _ = self.store.put(
+                        &mut writer,
+                        &make_key(PREFIX_REV_IS, name, &l_sans_prefix),
+                        &value,
                     );
                 }
             }
         }
 
+        writer.commit()?;
+
         Ok(())
     }
 
     fn write_entry(&mut self, key: &[u8], value: i16) -> Result<(), SecurityStateError> {
         let mut writer = self.env.write()?;
         self.store
             .put(&mut writer, key, &Value::I64(value as i64))?;
         writer.commit()?;