diff options
Diffstat (limited to 'net')
| -rw-r--r-- | net/base/dns_reload_timer.cc | 16 | ||||
| -rw-r--r-- | net/base/ev_root_ca_metadata.cc | 8 | ||||
| -rw-r--r-- | net/base/ev_root_ca_metadata.h | 6 | ||||
| -rw-r--r-- | net/base/keygen_handler_unittest.cc | 4 | ||||
| -rw-r--r-- | net/base/x509_certificate.cc | 54 | ||||
| -rw-r--r-- | net/base/x509_certificate.h | 2 | ||||
| -rw-r--r-- | net/base/x509_certificate_mac.cc | 19 | ||||
| -rw-r--r-- | net/ocsp/nss_ocsp.cc | 11 |
8 files changed, 66 insertions, 54 deletions
diff --git a/net/base/dns_reload_timer.cc b/net/base/dns_reload_timer.cc index 5931c5b..1bfe535 100644 --- a/net/base/dns_reload_timer.cc +++ b/net/base/dns_reload_timer.cc @@ -5,11 +5,11 @@ #include "net/base/dns_reload_timer.h" #if defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_OPENBSD) -#include "base/singleton.h" +#include "base/lazy_instance.h" #include "base/thread_local_storage.h" #include "base/time.h" -namespace net { +namespace { // On Linux/BSD, changes to /etc/resolv.conf can go unnoticed thus resulting // in DNS queries failing either because nameservers are unknown on startup @@ -58,7 +58,7 @@ class DnsReloadTimer { } private: - friend struct DefaultSingletonTraits<DnsReloadTimer>; + friend struct base::DefaultLazyInstanceTraits<DnsReloadTimer>; DnsReloadTimer() { // During testing the DnsReloadTimer Singleton may be created and destroyed @@ -81,8 +81,16 @@ class DnsReloadTimer { // static ThreadLocalStorage::Slot DnsReloadTimer::tls_index_(base::LINKER_INITIALIZED); +base::LazyInstance<DnsReloadTimer, + base::LeakyLazyInstanceTraits<DnsReloadTimer> > + g_dns_reload_timer(base::LINKER_INITIALIZED); + +} // namespace + +namespace net { + bool DnsReloadTimerHasExpired() { - DnsReloadTimer* dns_timer = Singleton<DnsReloadTimer>::get(); + DnsReloadTimer* dns_timer = g_dns_reload_timer.Pointer(); return dns_timer->Expired(); } diff --git a/net/base/ev_root_ca_metadata.cc b/net/base/ev_root_ca_metadata.cc index 661b652..a721357 100644 --- a/net/base/ev_root_ca_metadata.cc +++ b/net/base/ev_root_ca_metadata.cc @@ -13,8 +13,8 @@ #include <stdlib.h> #endif +#include "base/lazy_instance.h" #include "base/logging.h" -#include "base/singleton.h" namespace net { @@ -283,9 +283,13 @@ const EVRootCAMetadata::PolicyOID EVRootCAMetadata::policy_oids_[] = { }; #endif +static base::LazyInstance<EVRootCAMetadata, + base::LeakyLazyInstanceTraits<EVRootCAMetadata> > + g_ev_root_ca_metadata(base::LINKER_INITIALIZED); + // static EVRootCAMetadata* EVRootCAMetadata::GetInstance() { - return Singleton<EVRootCAMetadata>::get(); + return g_ev_root_ca_metadata.Pointer(); } bool EVRootCAMetadata::GetPolicyOID( diff --git a/net/base/ev_root_ca_metadata.h b/net/base/ev_root_ca_metadata.h index e0961f3..832ebe2 100644 --- a/net/base/ev_root_ca_metadata.h +++ b/net/base/ev_root_ca_metadata.h @@ -17,8 +17,10 @@ #include "net/base/x509_certificate.h" +namespace base { template <typename T> -struct DefaultSingletonTraits; +struct DefaultLazyInstanceTraits; +} // namespace base namespace net { @@ -55,7 +57,7 @@ class EVRootCAMetadata { PolicyOID policy_oid) const; private: - friend struct DefaultSingletonTraits<EVRootCAMetadata>; + friend struct base::DefaultLazyInstanceTraits<EVRootCAMetadata>; typedef std::map<SHA1Fingerprint, PolicyOID, SHA1FingerprintLessThan> PolicyOidMap; diff --git a/net/base/keygen_handler_unittest.cc b/net/base/keygen_handler_unittest.cc index 62c5191..d3bf4f5 100644 --- a/net/base/keygen_handler_unittest.cc +++ b/net/base/keygen_handler_unittest.cc @@ -16,6 +16,7 @@ #include "base/logging.h" #include "base/nss_util.h" #include "base/task.h" +#include "base/thread_restrictions.h" #include "base/waitable_event.h" #include "base/worker_pool.h" #include "testing/gtest/include/gtest/gtest.h" @@ -90,6 +91,9 @@ class ConcurrencyTestTask : public Task { } virtual void Run() { + // We allow Singleton use on the worker thread here since we use a + // WaitableEvent to synchronize, so it's safe. + base::ThreadRestrictions::ScopedAllowSingleton scoped_allow_singleton; KeygenHandler handler(768, "some challenge", GURL("http://www.example.com")); handler.set_stores_key(false); // Don't leave the key-pair behind. diff --git a/net/base/x509_certificate.cc b/net/base/x509_certificate.cc index d93d270..310defb 100644 --- a/net/base/x509_certificate.cc +++ b/net/base/x509_certificate.cc @@ -6,9 +6,9 @@ #include <map> +#include "base/lazy_instance.h" #include "base/logging.h" #include "base/metrics/histogram.h" -#include "base/singleton.h" #include "base/string_piece.h" #include "base/time.h" #include "net/base/pem_tokenizer.h" @@ -39,17 +39,6 @@ const char kCertificateHeader[] = "CERTIFICATE"; // The PEM block header used for PKCS#7 data const char kPKCS7Header[] = "PKCS7"; -} // namespace - -bool X509Certificate::LessThan::operator()(X509Certificate* lhs, - X509Certificate* rhs) const { - if (lhs == rhs) - return false; - - SHA1FingerprintLessThan fingerprint_functor; - return fingerprint_functor(lhs->fingerprint_, rhs->fingerprint_); -} - // A thread-safe cache for X509Certificate objects. // // The cache does not hold a reference to the certificate objects. The objects @@ -57,9 +46,8 @@ bool X509Certificate::LessThan::operator()(X509Certificate* lhs, // will be holding dead pointers to the objects). // TODO(rsleevi): There exists a chance of a use-after-free, due to a race // between Find() and Remove(). See http://crbug.com/49377 -class X509Certificate::Cache { +class X509CertificateCache { public: - static Cache* GetInstance(); void Insert(X509Certificate* cert); void Remove(X509Certificate* cert); X509Certificate* Find(const SHA1Fingerprint& fingerprint); @@ -68,9 +56,10 @@ class X509Certificate::Cache { typedef std::map<SHA1Fingerprint, X509Certificate*, SHA1FingerprintLessThan> CertMap; - // Obtain an instance of X509Certificate::Cache via GetInstance(). - Cache() {} - friend struct DefaultSingletonTraits<Cache>; + // Obtain an instance of X509CertificateCache via a LazyInstance. + X509CertificateCache() {} + ~X509CertificateCache() {} + friend struct base::DefaultLazyInstanceTraits<X509CertificateCache>; // You must acquire this lock before using any private data of this object. // You must not block while holding this lock. @@ -79,18 +68,16 @@ class X509Certificate::Cache { // The certificate cache. You must acquire |lock_| before using |cache_|. CertMap cache_; - DISALLOW_COPY_AND_ASSIGN(Cache); + DISALLOW_COPY_AND_ASSIGN(X509CertificateCache); }; -// Get the singleton object for the cache. -// static -X509Certificate::Cache* X509Certificate::Cache::GetInstance() { - return Singleton<X509Certificate::Cache>::get(); -} +base::LazyInstance<X509CertificateCache, + base::LeakyLazyInstanceTraits<X509CertificateCache> > + g_x509_certificate_cache(base::LINKER_INITIALIZED); // Insert |cert| into the cache. The cache does NOT AddRef |cert|. // Any existing certificate with the same fingerprint will be replaced. -void X509Certificate::Cache::Insert(X509Certificate* cert) { +void X509CertificateCache::Insert(X509Certificate* cert) { AutoLock lock(lock_); DCHECK(!IsNullFingerprint(cert->fingerprint())) << @@ -100,7 +87,7 @@ void X509Certificate::Cache::Insert(X509Certificate* cert) { // Remove |cert| from the cache. The cache does not assume that |cert| is // already in the cache. -void X509Certificate::Cache::Remove(X509Certificate* cert) { +void X509CertificateCache::Remove(X509Certificate* cert) { AutoLock lock(lock_); CertMap::iterator pos(cache_.find(cert->fingerprint())); @@ -111,7 +98,7 @@ void X509Certificate::Cache::Remove(X509Certificate* cert) { // Find a certificate in the cache with the given fingerprint. If one does // not exist, this method returns NULL. -X509Certificate* X509Certificate::Cache::Find( +X509Certificate* X509CertificateCache::Find( const SHA1Fingerprint& fingerprint) { AutoLock lock(lock_); @@ -122,6 +109,17 @@ X509Certificate* X509Certificate::Cache::Find( return pos->second; }; +} // namespace + +bool X509Certificate::LessThan::operator()(X509Certificate* lhs, + X509Certificate* rhs) const { + if (lhs == rhs) + return false; + + SHA1FingerprintLessThan fingerprint_functor; + return fingerprint_functor(lhs->fingerprint_, rhs->fingerprint_); +} + // static X509Certificate* X509Certificate::CreateFromHandle( OSCertHandle cert_handle, @@ -131,7 +129,7 @@ X509Certificate* X509Certificate::CreateFromHandle( DCHECK(source != SOURCE_UNUSED); // Check if we already have this certificate in memory. - X509Certificate::Cache* cache = X509Certificate::Cache::GetInstance(); + X509CertificateCache* cache = g_x509_certificate_cache.Pointer(); X509Certificate* cached_cert = cache->Find(CalculateFingerprint(cert_handle)); if (cached_cert) { @@ -311,7 +309,7 @@ X509Certificate::X509Certificate(const std::string& subject, X509Certificate::~X509Certificate() { // We might not be in the cache, but it is safe to remove ourselves anyway. - X509Certificate::Cache::GetInstance()->Remove(this); + g_x509_certificate_cache.Get().Remove(this); if (cert_handle_) FreeOSCertHandle(cert_handle_); for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) diff --git a/net/base/x509_certificate.h b/net/base/x509_certificate.h index 1866a17..9f44952 100644 --- a/net/base/x509_certificate.h +++ b/net/base/x509_certificate.h @@ -284,8 +284,6 @@ class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> { FRIEND_TEST_ALL_PREFIXES(X509CertificateTest, Cache); FRIEND_TEST_ALL_PREFIXES(X509CertificateTest, IntermediateCertificates); - class Cache; - // Construct an X509Certificate from a handle to the certificate object // in the underlying crypto library. X509Certificate(OSCertHandle cert_handle, Source source, diff --git a/net/base/x509_certificate_mac.cc b/net/base/x509_certificate_mac.cc index a2a0eea..2a604ee 100644 --- a/net/base/x509_certificate_mac.cc +++ b/net/base/x509_certificate_mac.cc @@ -8,6 +8,7 @@ #include <Security/Security.h> #include <time.h> +#include "base/lazy_instance.h" #include "base/logging.h" #include "base/pickle.h" #include "base/mac/scoped_cftyperef.h" @@ -21,6 +22,8 @@ using base::Time; namespace net { +namespace { + class MacTrustedCertificates { public: // Sets the trusted root certificate used by tests. Call with |cert| set @@ -57,7 +60,7 @@ class MacTrustedCertificates { return merged_array; } private: - friend struct DefaultSingletonTraits<MacTrustedCertificates>; + friend struct base::DefaultLazyInstanceTraits<MacTrustedCertificates>; // Obtain an instance of MacTrustedCertificates via the singleton // interface. @@ -73,11 +76,9 @@ class MacTrustedCertificates { DISALLOW_COPY_AND_ASSIGN(MacTrustedCertificates); }; -void SetMacTestCertificate(X509Certificate* cert) { - Singleton<MacTrustedCertificates>::get()->SetTestCertificate(cert); -} - -namespace { +base::LazyInstance<MacTrustedCertificates, + base::LeakyLazyInstanceTraits<MacTrustedCertificates> > + g_mac_trusted_certificates(base::LINKER_INITIALIZED); typedef OSStatus (*SecTrustCopyExtendedResultFuncPtr)(SecTrustRef, CFDictionaryRef*); @@ -443,6 +444,10 @@ void AddCertificatesFromBytes(const char* data, size_t length, } // namespace +void SetMacTestCertificate(X509Certificate* cert) { + g_mac_trusted_certificates.Get().SetTestCertificate(cert); +} + void X509Certificate::Initialize() { const CSSM_X509_NAME* name; OSStatus status = SecCertificateGetSubject(cert_handle_, &name); @@ -545,7 +550,7 @@ int X509Certificate::Verify(const std::string& hostname, int flags, // Set the trusted anchor certificates for the SecTrustRef by merging the // system trust anchors and the test root certificate. CFArrayRef anchor_array = - Singleton<MacTrustedCertificates>::get()->CopyTrustedCertificateArray(); + g_mac_trusted_certificates.Get().CopyTrustedCertificateArray(); ScopedCFTypeRef<CFArrayRef> scoped_anchor_array(anchor_array); if (anchor_array) { status = SecTrustSetAnchorCertificates(trust_ref, anchor_array); diff --git a/net/ocsp/nss_ocsp.cc b/net/ocsp/nss_ocsp.cc index fafaa68..7618f9e 100644 --- a/net/ocsp/nss_ocsp.cc +++ b/net/ocsp/nss_ocsp.cc @@ -85,7 +85,8 @@ class OCSPIOLoop { DISALLOW_COPY_AND_ASSIGN(OCSPIOLoop); }; -base::LazyInstance<OCSPIOLoop> g_ocsp_io_loop(base::LINKER_INITIALIZED); +base::LazyInstance<OCSPIOLoop, base::LeakyLazyInstanceTraits<OCSPIOLoop> > + g_ocsp_io_loop(base::LINKER_INITIALIZED); const int kRecvBufferSize = 4096; @@ -560,7 +561,6 @@ OCSPNSSInitialization::~OCSPNSSInitialization() {} SECStatus OCSPCreateSession(const char* host, PRUint16 portnum, SEC_HTTP_SERVER_SESSION* pSession) { VLOG(1) << "OCSP create session: host=" << host << " port=" << portnum; - DCHECK(!MessageLoop::current()); pthread_mutex_lock(&g_request_context_lock); URLRequestContext* request_context = g_request_context; pthread_mutex_unlock(&g_request_context_lock); @@ -579,7 +579,6 @@ SECStatus OCSPCreateSession(const char* host, PRUint16 portnum, SECStatus OCSPKeepAliveSession(SEC_HTTP_SERVER_SESSION session, PRPollDesc **pPollDesc) { VLOG(1) << "OCSP keep alive"; - DCHECK(!MessageLoop::current()); if (pPollDesc) *pPollDesc = NULL; return SECSuccess; @@ -587,7 +586,6 @@ SECStatus OCSPKeepAliveSession(SEC_HTTP_SERVER_SESSION session, SECStatus OCSPFreeSession(SEC_HTTP_SERVER_SESSION session) { VLOG(1) << "OCSP free session"; - DCHECK(!MessageLoop::current()); delete reinterpret_cast<OCSPServerSession*>(session); return SECSuccess; } @@ -602,7 +600,6 @@ SECStatus OCSPCreate(SEC_HTTP_SERVER_SESSION session, << " path_and_query=" << path_and_query_string << " http_request_method=" << http_request_method << " timeout=" << timeout; - DCHECK(!MessageLoop::current()); OCSPServerSession* ocsp_session = reinterpret_cast<OCSPServerSession*>(session); @@ -624,7 +621,6 @@ SECStatus OCSPSetPostData(SEC_HTTP_REQUEST_SESSION request, const PRUint32 http_data_len, const char* http_content_type) { VLOG(1) << "OCSP set post data len=" << http_data_len; - DCHECK(!MessageLoop::current()); OCSPRequestSession* req = reinterpret_cast<OCSPRequestSession*>(request); req->SetPostData(http_data, http_data_len, http_content_type); @@ -636,7 +632,6 @@ SECStatus OCSPAddHeader(SEC_HTTP_REQUEST_SESSION request, const char* http_header_value) { VLOG(1) << "OCSP add header name=" << http_header_name << " value=" << http_header_value; - DCHECK(!MessageLoop::current()); OCSPRequestSession* req = reinterpret_cast<OCSPRequestSession*>(request); req->AddHeader(http_header_name, http_header_value); @@ -696,7 +691,6 @@ SECStatus OCSPTrySendAndReceive(SEC_HTTP_REQUEST_SESSION request, } VLOG(1) << "OCSP try send and receive"; - DCHECK(!MessageLoop::current()); OCSPRequestSession* req = reinterpret_cast<OCSPRequestSession*>(request); // We support blocking mode only. if (pPollDesc) @@ -774,7 +768,6 @@ SECStatus OCSPTrySendAndReceive(SEC_HTTP_REQUEST_SESSION request, SECStatus OCSPFree(SEC_HTTP_REQUEST_SESSION request) { VLOG(1) << "OCSP free"; - DCHECK(!MessageLoop::current()); OCSPRequestSession* req = reinterpret_cast<OCSPRequestSession*>(request); req->Cancel(); req->Release(); |