Revert: Revert "net: remove DNS certificate checking code."

Now with ChromeOS fix.

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@114664 0039d316-1c4b-4281-b951-d872f2087c98

12 files changed, 0 insertions, 234 deletions

diff --git a/chrome/browser/chrome_browser_main.cc b/chrome/browser/chrome_browser_main.cc
index 3898f57..802d5bd 100644
--- a/chrome/browser/chrome_browser_main.cc
+++ b/chrome/browser/chrome_browser_main.cc
@@ -53,8 +53,6 @@
 #include "chrome/browser/metrics/thread_watcher.h"
 #include "chrome/browser/metrics/tracking_synchronizer.h"
 #include "chrome/browser/nacl_host/nacl_process_host.h"
-#include "chrome/browser/net/chrome_dns_cert_provenance_checker.h"
-#include "chrome/browser/net/chrome_dns_cert_provenance_checker_factory.h"
 #include "chrome/browser/net/chrome_net_log.h"
 #include "chrome/browser/net/predictor.h"
 #include "chrome/browser/notifications/desktop_notification_service.h"
@@ -283,8 +281,6 @@ void InitializeNetworkOptions(const CommandLine& parsed_command_line) {
     net::SpdySessionPool::set_max_sessions_per_domain(value);
   }
 
-  SetDnsCertProvenanceCheckerFactory(CreateChromeDnsCertProvenanceChecker);
-
   if (parsed_command_line.HasSwitch(switches::kEnableWebSocketOverSpdy)) {
     // Enable WebSocket over SPDY.
     net::WebSocketJob::set_websocket_over_spdy_enabled(true);
diff --git a/chrome/browser/io_thread.cc b/chrome/browser/io_thread.cc
index 8e00a2b..63c7601 100644
--- a/chrome/browser/io_thread.cc
+++ b/chrome/browser/io_thread.cc
@@ -41,7 +41,6 @@
 #include "net/base/cert_verifier.h"
 #include "net/base/cookie_monster.h"
 #include "net/base/default_origin_bound_cert_store.h"
-#include "net/base/dnsrr_resolver.h"
 #include "net/base/host_cache.h"
 #include "net/base/host_resolver.h"
 #include "net/base/host_resolver_impl.h"
@@ -59,7 +58,6 @@
 #include "net/proxy/proxy_config_service.h"
 #include "net/proxy/proxy_script_fetcher_impl.h"
 #include "net/proxy/proxy_service.h"
-#include "net/socket/dns_cert_provenance_checker.h"
 
 #if defined(USE_NSS)
 #include "net/ocsp/nss_ocsp.h"
@@ -447,7 +445,6 @@ void IOThread::Init() {
   globals_->host_resolver.reset(
       CreateGlobalHostResolver(net_log_));
   globals_->cert_verifier.reset(new net::CertVerifier);
-  globals_->dnsrr_resolver.reset(new net::DnsRRResolver);
   globals_->transport_security_state.reset(new net::TransportSecurityState(""));
   globals_->ssl_config_service = GetSSLConfigService();
   globals_->http_auth_handler_factory.reset(CreateDefaultAuthHandlerFactory(
@@ -663,7 +660,6 @@ void IOThread::InitSystemRequestContextOnIOThread() {
       globals_->system_origin_bound_cert_service.get();
   system_params.transport_security_state =
       globals_->transport_security_state.get();
-  system_params.dns_cert_checker = NULL;
   system_params.ssl_host_info_factory = NULL;
   system_params.proxy_service = globals_->system_proxy_service.get();
   system_params.ssl_config_service = globals_->ssl_config_service.get();
diff --git a/chrome/browser/io_thread.h b/chrome/browser/io_thread.h
index 6a1f9f5..277c3ad 100644
--- a/chrome/browser/io_thread.h
+++ b/chrome/browser/io_thread.h
@@ -29,7 +29,6 @@ class SystemURLRequestContextGetter;
 namespace net {
 class CertVerifier;
 class CookieStore;
-class DnsRRResolver;
 class FtpTransactionFactory;
 class HostResolver;
 class HttpAuthHandlerFactory;
@@ -74,7 +73,6 @@ class IOThread : public content::BrowserThreadDelegate {
     // used to enforce pinning for system requests and will only use built-in
     // pins.
     scoped_ptr<net::TransportSecurityState> transport_security_state;
-    scoped_ptr<net::DnsRRResolver> dnsrr_resolver;
     scoped_refptr<net::SSLConfigService> ssl_config_service;
     scoped_ptr<net::HttpAuthHandlerFactory> http_auth_handler_factory;
     scoped_ptr<net::HttpServerProperties> http_server_properties;
diff --git a/chrome/browser/net/chrome_dns_cert_provenance_checker.cc b/chrome/browser/net/chrome_dns_cert_provenance_checker.cc
deleted file mode 100644
index 77233ae..0000000
--- a/chrome/browser/net/chrome_dns_cert_provenance_checker.cc
+++ /dev/null
@@ -1,115 +0,0 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "chrome/browser/net/chrome_dns_cert_provenance_checker.h"
-
-#include "base/memory/scoped_ptr.h"
-#include "base/stl_util.h"
-#include "chrome/browser/net/chrome_url_request_context.h"
-#include "net/url_request/url_request.h"
-
-namespace {
-
-class ChromeDnsCertProvenanceChecker
-    : public net::DnsCertProvenanceChecker,
-      public net::DnsCertProvenanceChecker::Delegate {
- public:
-  ChromeDnsCertProvenanceChecker(
-      net::DnsRRResolver* dnsrr_resolver,
-      ChromeURLRequestContext* url_req_context)
-      : dnsrr_resolver_(dnsrr_resolver),
-        url_req_context_(url_req_context),
-        upload_url_("http://chromecertcheck.appspot.com/upload"),
-        delegate_(ALLOW_THIS_IN_INITIALIZER_LIST(this)) {
-  }
-
-  ~ChromeDnsCertProvenanceChecker() {
-    DCHECK(inflight_requests_.empty());
-  }
-
-  // DnsCertProvenanceChecker interface
-  virtual void DoAsyncVerification(
-      const std::string& hostname,
-      const std::vector<base::StringPiece>& der_certs) {
-    net::DnsCertProvenanceChecker::DoAsyncLookup(hostname, der_certs,
-                                                 dnsrr_resolver_, this);
-  }
-
-  virtual void Shutdown() {
-    STLDeleteContainerPointers(inflight_requests_.begin(),
-                               inflight_requests_.end());
-    inflight_requests_.clear();
-  }
-
-  // DnsCertProvenanceChecker::Delegate interface
-  virtual void OnDnsCertLookupFailed(
-      const std::string& hostname,
-      const std::vector<std::string>& der_certs) {
-    const std::string report = BuildEncryptedReport(hostname, der_certs);
-
-    net::URLRequest* url_request(new net::URLRequest(upload_url_, &delegate_));
-    url_request->set_context(url_req_context_);
-    url_request->set_method("POST");
-    url_request->AppendBytesToUpload(report.data(), report.size());
-    net::HttpRequestHeaders headers;
-    headers.SetHeader(net::HttpRequestHeaders::kContentType,
-                      "x-application/chrome-cert-provenance-report");
-    url_request->SetExtraRequestHeaders(headers);
-    inflight_requests_.insert(url_request);
-    url_request->Start();
-  }
-
- private:
-  void RequestComplete(net::URLRequest* request) {
-    std::set<net::URLRequest*>::iterator i = inflight_requests_.find(request);
-    DCHECK(i != inflight_requests_.end());
-    delete *i;
-    inflight_requests_.erase(i);
-  }
-
-  // URLRequestDelegate is the delegate for the upload. Since this is a
-  // fire-and-forget operation, we don't care if there are any errors in the
-  // upload.
-  class URLRequestDelegate : public net::URLRequest::Delegate {
-   public:
-    explicit URLRequestDelegate(ChromeDnsCertProvenanceChecker* checker)
-        : checker_(checker) {
-    }
-
-    // Delegate implementation
-    void OnResponseStarted(net::URLRequest* request) {
-      const net::URLRequestStatus& status(request->status());
-      if (!status.is_success()) {
-        LOG(WARNING) << "Certificate upload failed"
-                     << " status:" << status.status()
-                     << " error:" << status.error();
-      } else if (request->GetResponseCode() != 200) {
-        LOG(WARNING) << "Certificate upload HTTP status: "
-                     << request->GetResponseCode();
-      }
-      checker_->RequestComplete(request);
-    }
-
-    void OnReadCompleted(net::URLRequest* request, int bytes_read) {
-      NOTREACHED();
-    }
-
-   private:
-    ChromeDnsCertProvenanceChecker* const checker_;
-  };
-
-  net::DnsRRResolver* const dnsrr_resolver_;
-  ChromeURLRequestContext* const url_req_context_;
-  const GURL upload_url_;
-  URLRequestDelegate delegate_;
-  std::set<net::URLRequest*> inflight_requests_;
-};
-
-}  // namespace
-
-net::DnsCertProvenanceChecker* CreateChromeDnsCertProvenanceChecker(
-    net::DnsRRResolver* dnsrr_resolver,
-    ChromeURLRequestContext* url_req_context) {
-  return new ChromeDnsCertProvenanceChecker(dnsrr_resolver, url_req_context);
-}
diff --git a/chrome/browser/net/chrome_dns_cert_provenance_checker.h b/chrome/browser/net/chrome_dns_cert_provenance_checker.h
deleted file mode 100644
index 304a5ef..0000000
--- a/chrome/browser/net/chrome_dns_cert_provenance_checker.h
+++ /dev/null
@@ -1,33 +0,0 @@
-// Copyright (c) 2010 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef CHROME_BROWSER_NET_CHROME_DNS_CERT_PROVENANCE_CHECKER
-#define CHROME_BROWSER_NET_CHROME_DNS_CERT_PROVENANCE_CHECKER
-#pragma once
-
-#include "net/socket/dns_cert_provenance_checker.h"
-
-#include <string>
-#include <vector>
-
-#include "base/string_piece.h"
-
-namespace net {
-class DnsRRResolver;
-}
-
-class ChromeURLRequestContext;
-
-// Factory function which creates ChromeDnsCertProvenanceChecker objects.
-//
-// WARNING: do not use this with anything other than the main
-// ChromeURLRequestContext. Eventually we'll want to have the other contexts
-// point to the main ChromeURLRequestContext, which then causes lifetime
-// ordering issues wrt ChromeURLRequestContexts, since we're using a raw
-// pointer, and we'll get shutdown ordering problems.
-net::DnsCertProvenanceChecker* CreateChromeDnsCertProvenanceChecker(
-    net::DnsRRResolver* dnsrr_resolver,
-    ChromeURLRequestContext* url_req_context);
-
-#endif  // CHROME_BROWSER_NET_CHROME_DNS_CERT_PROVENANCE_CHECKER
diff --git a/chrome/browser/net/chrome_dns_cert_provenance_checker_factory.cc b/chrome/browser/net/chrome_dns_cert_provenance_checker_factory.cc
deleted file mode 100644
index 5206a24..0000000
--- a/chrome/browser/net/chrome_dns_cert_provenance_checker_factory.cc
+++ /dev/null
@@ -1,20 +0,0 @@
-// Copyright (c) 2010 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "chrome/browser/net/chrome_dns_cert_provenance_checker_factory.h"
-
-static DnsCertProvenanceCheckerFactory g_factory;
-
-net::DnsCertProvenanceChecker* CreateDnsCertProvenanceChecker(
-    net::DnsRRResolver* dnsrr_resolver,
-    ChromeURLRequestContext* url_req_context) {
-  if (!g_factory)
-    return NULL;
-
-  return g_factory(dnsrr_resolver, url_req_context);
-}
-
-void SetDnsCertProvenanceCheckerFactory(DnsCertProvenanceCheckerFactory f) {
-  g_factory = f;
-}
diff --git a/chrome/browser/net/chrome_dns_cert_provenance_checker_factory.h b/chrome/browser/net/chrome_dns_cert_provenance_checker_factory.h
deleted file mode 100644
index 36cdc59..0000000
--- a/chrome/browser/net/chrome_dns_cert_provenance_checker_factory.h
+++ /dev/null
@@ -1,38 +0,0 @@
-// Copyright (c) 2010 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef CHROME_BROWSER_NET_CHROME_DNS_CERT_PROVENANCE_CHECKER_FACTORY
-#define CHROME_BROWSER_NET_CHROME_DNS_CERT_PROVENANCE_CHECKER_FACTORY
-#pragma once
-
-#include "net/socket/dns_cert_provenance_checker.h"
-
-// WARNING: This factory abstraction is needed because we cannot link NSS code
-// into a .cc file which is included by both Chrome and Chrome Frame. This
-// factory exists so that common code links only against the factory code.
-// Chrome specific code will link against the NSS using code in
-// chrome_dns_cert_provenance_checker.cc and hand a function pointer to this
-// code.
-
-namespace net {
-class DnsRRResolver;
-}
-
-class ChromeURLRequestContext;
-
-// A DnsCertProvenanceCheckerFactory is a function pointer to a factory
-// function for DnsCertProvenanceCheckerFactory objects.
-typedef net::DnsCertProvenanceChecker* (*DnsCertProvenanceCheckerFactory) (
-    net::DnsRRResolver* dnsrr_resolver,
-    ChromeURLRequestContext* url_req_context);
-
-// Return a new DnsCertProvenanceChecker. Caller takes ownership. May return
-// NULL if no factory function has been set.
-net::DnsCertProvenanceChecker* CreateDnsCertProvenanceChecker(
-    net::DnsRRResolver* dnsrr_resolver,
-    ChromeURLRequestContext* url_req_context);
-
-void SetDnsCertProvenanceCheckerFactory(DnsCertProvenanceCheckerFactory);
-
-#endif  // CHROME_BROWSER_NET_CHROME_DNS_CERT_PROVENANCE_CHECKER_FACTORY
diff --git a/chrome/browser/profiles/off_the_record_profile_io_data.cc b/chrome/browser/profiles/off_the_record_profile_io_data.cc
index bdf0845..b6eb8eb 100644
--- a/chrome/browser/profiles/off_the_record_profile_io_data.cc
+++ b/chrome/browser/profiles/off_the_record_profile_io_data.cc
@@ -168,7 +168,6 @@ void OffTheRecordProfileIOData::LazyInitializeInternal(
       io_thread_globals->cert_verifier.get());
   main_context->set_http_auth_handler_factory(
       io_thread_globals->http_auth_handler_factory.get());
-  main_context->set_dns_cert_checker(dns_cert_checker());
   main_context->set_fraudulent_certificate_reporter(
       fraudulent_certificate_reporter());
   main_context->set_proxy_service(proxy_service());
@@ -204,7 +203,6 @@ void OffTheRecordProfileIOData::LazyInitializeInternal(
                          main_context->cert_verifier(),
                          main_context->origin_bound_cert_service(),
                          main_context->transport_security_state(),
-                         main_context->dns_cert_checker(),
                          main_context->proxy_service(),
                          kIncognitoSSLCacheShard,
                          main_context->ssl_config_service(),
diff --git a/chrome/browser/profiles/profile_impl_io_data.cc b/chrome/browser/profiles/profile_impl_io_data.cc
index 4ac9eb4..5d56035 100644
--- a/chrome/browser/profiles/profile_impl_io_data.cc
+++ b/chrome/browser/profiles/profile_impl_io_data.cc
@@ -290,10 +290,8 @@ void ProfileImplIOData::LazyInitializeInternal(
   media_request_context_->set_http_auth_handler_factory(
       io_thread_globals->http_auth_handler_factory.get());
 
-  main_context->set_dns_cert_checker(dns_cert_checker());
   main_context->set_fraudulent_certificate_reporter(
       fraudulent_certificate_reporter());
-  media_request_context_->set_dns_cert_checker(dns_cert_checker());
   media_request_context_->set_fraudulent_certificate_reporter(
       fraudulent_certificate_reporter());
 
@@ -370,7 +368,6 @@ void ProfileImplIOData::LazyInitializeInternal(
       main_context->cert_verifier(),
       main_context->origin_bound_cert_service(),
       main_context->transport_security_state(),
-      main_context->dns_cert_checker(),
       main_context->proxy_service(),
       "", // pass empty ssl_session_cache_shard to share the SSL session cache
           // with everything that doesn't explicitly want a different one.
diff --git a/chrome/browser/profiles/profile_io_data.cc b/chrome/browser/profiles/profile_io_data.cc
index d92f4ce..297cee0 100644
--- a/chrome/browser/profiles/profile_io_data.cc
+++ b/chrome/browser/profiles/profile_io_data.cc
@@ -26,7 +26,6 @@
 #include "chrome/browser/io_thread.h"
 #include "chrome/browser/media/media_internals.h"
 #include "chrome/browser/net/chrome_cookie_notification_details.h"
-#include "chrome/browser/net/chrome_dns_cert_provenance_checker_factory.h"
 #include "chrome/browser/net/chrome_fraudulent_certificate_reporter.h"
 #include "chrome/browser/net/chrome_net_log.h"
 #include "chrome/browser/net/chrome_network_delegate.h"
@@ -433,9 +432,6 @@ void ProfileIOData::LazyInitialize() const {
         profile_params_->profile,
         &enable_referrers_));
 
-  dns_cert_checker_.reset(
-      CreateDnsCertProvenanceChecker(io_thread_globals->dnsrr_resolver.get(),
-                                     main_request_context_));
   fraudulent_certificate_reporter_.reset(
       new chrome_browser_net::ChromeFraudulentCertificateReporter(
           main_request_context_));
diff --git a/chrome/browser/profiles/profile_io_data.h b/chrome/browser/profiles/profile_io_data.h
index 2bed053..33ec9bb 100644
--- a/chrome/browser/profiles/profile_io_data.h
+++ b/chrome/browser/profiles/profile_io_data.h
@@ -44,7 +44,6 @@ class MediaStreamManager;
 
 namespace net {
 class CookieStore;
-class DnsCertProvenanceChecker;
 class FraudulentCertificateReporter;
 class HttpTransactionFactory;
 class OriginBoundCertService;
@@ -205,10 +204,6 @@ class ProfileIOData {
     return network_delegate_.get();
   }
 
-  net::DnsCertProvenanceChecker* dns_cert_checker() const {
-    return dns_cert_checker_.get();
-  }
-
   net::FraudulentCertificateReporter* fraudulent_certificate_reporter() const {
     return fraudulent_certificate_reporter_.get();
   }
@@ -283,7 +278,6 @@ class ProfileIOData {
       chrome_url_data_manager_backend_;
   mutable scoped_ptr<net::OriginBoundCertService> origin_bound_cert_service_;
   mutable scoped_ptr<net::NetworkDelegate> network_delegate_;
-  mutable scoped_ptr<net::DnsCertProvenanceChecker> dns_cert_checker_;
   mutable scoped_ptr<net::FraudulentCertificateReporter>
       fraudulent_certificate_reporter_;
   mutable scoped_ptr<net::ProxyService> proxy_service_;
diff --git a/chrome/browser/ui/webui/chromeos/login/signin_screen_handler.cc b/chrome/browser/ui/webui/chromeos/login/signin_screen_handler.cc
index 4b1e419..13047d3 100644
--- a/chrome/browser/ui/webui/chromeos/login/signin_screen_handler.cc
+++ b/chrome/browser/ui/webui/chromeos/login/signin_screen_handler.cc
@@ -34,7 +34,6 @@
 #include "content/public/browser/notification_registrar.h"
 #include "content/public/browser/notification_service.h"
 #include "grit/generated_resources.h"
-#include "net/base/dnsrr_resolver.h"
 #include "ui/base/l10n/l10n_util.h"
 
 using content::BrowserThread;
@@ -83,8 +82,6 @@ void ClearDnsCache(IOThread* io_thread) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
   if (browser_shutdown::IsTryingToQuit())
     return;
-
-  io_thread->globals()->dnsrr_resolver.get()->OnIPAddressChanged();
 }
 
 }  // namespace