diff options
Diffstat (limited to 'net')
| -rw-r--r-- | net/base/dns_reloader.cc | 9 | ||||
| -rw-r--r-- | net/base/dnsrr_resolver.cc | 12 | ||||
| -rw-r--r-- | net/base/dnsrr_resolver.h | 2 | ||||
| -rw-r--r-- | net/base/dnsrr_resolver_unittest.cc | 2 | ||||
| -rw-r--r-- | net/base/host_resolver_impl.cc | 2 | ||||
| -rw-r--r-- | net/base/net_util_unittest.cc | 2 | ||||
| -rw-r--r-- | net/base/platform_mime_util_linux.cc | 8 | ||||
| -rw-r--r-- | net/base/x509_certificate_openssl.cc | 66 | ||||
| -rw-r--r-- | net/base/x509_certificate_openssl_android.cc | 64 | ||||
| -rw-r--r-- | net/dns/dns_config_service_posix.cc | 16 | ||||
| -rw-r--r-- | net/net.gyp | 39 | ||||
| -rw-r--r-- | net/socket/ssl_client_socket_openssl.cc | 33 | ||||
| -rw-r--r-- | net/spdy/spdy_protocol_test.cc | 4 |
13 files changed, 165 insertions, 94 deletions
diff --git a/net/base/dns_reloader.cc b/net/base/dns_reloader.cc index 276d1a0..d29ae6ac 100644 --- a/net/base/dns_reloader.cc +++ b/net/base/dns_reloader.cc @@ -4,7 +4,8 @@ #include "net/base/dns_reloader.h" -#if defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_OPENBSD) +#if defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_OPENBSD) && \ + !defined(OS_ANDROID) #include <resolv.h> @@ -34,6 +35,9 @@ namespace { // the same trick there and most *BSD's don't yet have support for // FilePathWatcher (but perhaps the new kqueue mac code just needs to be // ported to *BSD to support that). +// +// Android does not have /etc/resolv.conf. The system takes care of nameserver +// changes, so none of this is needed. class DnsReloader : public net::NetworkChangeNotifier::DNSObserver { public: @@ -119,4 +123,5 @@ void DnsReloaderMaybeReload() { } // namespace net -#endif // defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_OPENBSD) +#endif // defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_OPENBSD) && + // !defined(OS_ANDROID) diff --git a/net/base/dnsrr_resolver.cc b/net/base/dnsrr_resolver.cc index 1d09566..65ea8b6 100644 --- a/net/base/dnsrr_resolver.cc +++ b/net/base/dnsrr_resolver.cc @@ -176,7 +176,13 @@ class RRResolverWorker { private: -#if defined(OS_POSIX) +#if defined(OS_ANDROID) + + void Run() { + NOTIMPLEMENTED(); + } + +#elif defined(OS_POSIX) void Run() { // Runs on a worker thread. @@ -404,9 +410,9 @@ bool RRResponse::HasExpired(const base::Time current_time) const { return current_time >= expiry; } +#if defined(OS_POSIX) && !defined(OS_ANDROID) bool RRResponse::ParseFromResponse(const uint8* p, unsigned len, uint16 rrtype_requested) { -#if defined(OS_POSIX) name.clear(); ttl = 0; dnssec = false; @@ -485,10 +491,10 @@ bool RRResponse::ParseFromResponse(const uint8* p, unsigned len, signatures.push_back(std::string(rrdata.data(), rrdata.size())); } } -#endif // defined(OS_POSIX) return true; } +#endif // defined(OS_POSIX) && !defined(OS_ANDROID) // An RRResolverJob is a one-to-one counterpart of an RRResolverWorker. It diff --git a/net/base/dnsrr_resolver.h b/net/base/dnsrr_resolver.h index b64fe86..297fc43 100644 --- a/net/base/dnsrr_resolver.h +++ b/net/base/dnsrr_resolver.h @@ -31,9 +31,11 @@ struct NET_EXPORT_PRIVATE RRResponse { // |current_time|. bool HasExpired(base::Time current_time) const; +#if defined(OS_POSIX) && !defined(OS_ANDROID) // For testing only bool ParseFromResponse(const uint8* data, unsigned len, uint16 rrtype_requested); +#endif // name contains the canonical name of the resulting domain. If the queried // name was a CNAME then this can differ. diff --git a/net/base/dnsrr_resolver_unittest.cc b/net/base/dnsrr_resolver_unittest.cc index ed5f2c5..cc6e80b 100644 --- a/net/base/dnsrr_resolver_unittest.cc +++ b/net/base/dnsrr_resolver_unittest.cc @@ -119,7 +119,7 @@ TEST(DnsRRResolverTest, Resolve) { ASSERT_EQ(1u, resolver.inflight_joins()); } -#if defined(OS_POSIX) +#if defined(OS_POSIX) && !defined(OS_ANDROID) // This is a DNS packet resulting from querying a recursive resolver for a TXT // record for agl._pka.imperialviolet.org. You should be able to get a // replacement from a packet capture should it ever be needed. diff --git a/net/base/host_resolver_impl.cc b/net/base/host_resolver_impl.cc index d01820b..334695c 100644 --- a/net/base/host_resolver_impl.cc +++ b/net/base/host_resolver_impl.cc @@ -1082,7 +1082,9 @@ HostResolverImpl::HostResolverImpl( #endif NetworkChangeNotifier::AddIPAddressObserver(this); #if defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_OPENBSD) +#if !defined(OS_ANDROID) EnsureDnsReloaderInit(); +#endif NetworkChangeNotifier::AddDNSObserver(this); #endif } diff --git a/net/base/net_util_unittest.cc b/net/base/net_util_unittest.cc index 9138f83..7fe39ed 100644 --- a/net/base/net_util_unittest.cc +++ b/net/base/net_util_unittest.cc @@ -1215,7 +1215,7 @@ TEST(NetUtilTest, GenerateSafeFileName) { } TEST(NetUtilTest, GenerateFileName) { -#if defined(OS_POSIX) && !defined(OS_MACOSX) +#if defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_ANDROID) // This test doesn't run when the locale is not UTF-8 because some of the // string conversions fail. This is OK (we have the default value) but they // don't match our expectations. diff --git a/net/base/platform_mime_util_linux.cc b/net/base/platform_mime_util_linux.cc index 5aba0e3..564dc31 100644 --- a/net/base/platform_mime_util_linux.cc +++ b/net/base/platform_mime_util_linux.cc @@ -20,12 +20,18 @@ namespace net { #if defined(OS_ANDROID) bool PlatformMimeUtil::GetPlatformMimeTypeFromExtension( const FilePath::StringType& ext, std::string* result) const { + // TODO(jingzhao): Recover the original implementation once we support JNI. +#if 0 return android::GetMimeTypeFromExtension(ext, result); +#else + NOTIMPLEMENTED(); + return false; +#endif } #else bool PlatformMimeUtil::GetPlatformMimeTypeFromExtension( const FilePath::StringType& ext, std::string* result) const { - // TODO(thestig) This is a temporary hack until we can fix this + // TODO(thestig): This is a temporary hack until we can fix this // properly in test shell / webkit. // We have to play dumb and not return application/x-perl here // to make the reload-subframe-object layout test happy. diff --git a/net/base/x509_certificate_openssl.cc b/net/base/x509_certificate_openssl.cc index 8b48fc6..e1cbdb1 100644 --- a/net/base/x509_certificate_openssl.cc +++ b/net/base/x509_certificate_openssl.cc @@ -25,6 +25,11 @@ #include "net/base/net_errors.h" #include "net/base/x509_util_openssl.h" +#if defined(OS_ANDROID) +#include "base/logging.h" +#include "net/android/network_library.h" +#endif + namespace net { namespace { @@ -511,8 +516,46 @@ X509_STORE* X509Certificate::cert_store() { return X509InitSingleton::GetInstance()->store(); } -#if !defined(OS_ANDROID) +#if defined(OS_ANDROID) +int X509Certificate::VerifyInternal(const std::string& hostname, + int flags, + CRLSet* crl_set, + CertVerifyResult* verify_result) const { + if (!VerifyNameMatch(hostname)) + verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; + + std::vector<std::string> cert_bytes; + GetChainDEREncodedBytes(&cert_bytes); + // TODO(joth): Fetch the authentication type from SSL rather than hardcode. + // TODO(jingzhao): Recover the original implementation once we support JNI. +#if 0 + android::VerifyResult result = + android::VerifyX509CertChain(cert_bytes, hostname, "RSA"); +#else + android::VerifyResult result = android::VERIFY_INVOCATION_ERROR; + NOTIMPLEMENTED(); +#endif + switch (result) { + case android::VERIFY_OK: + break; + case android::VERIFY_BAD_HOSTNAME: + verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; + break; + case android::VERIFY_NO_TRUSTED_ROOT: + verify_result->cert_status |= CERT_STATUS_AUTHORITY_INVALID; + break; + case android::VERIFY_INVOCATION_ERROR: + default: + verify_result->cert_status |= ERR_CERT_INVALID; + break; + } + if (IsCertStatusError(verify_result->cert_status)) + return MapCertStatusToNetError(verify_result->cert_status); + return OK; +} + +#else int X509Certificate::VerifyInternal(const std::string& hostname, int flags, CRLSet* crl_set, @@ -564,7 +607,7 @@ int X509Certificate::VerifyInternal(const std::string& hostname, return OK; } -#endif // !defined(OS_ANDROID) +#endif // defined(OS_ANDROID) // static bool X509Certificate::GetDEREncoded(X509Certificate::OSCertHandle cert_handle, @@ -619,4 +662,23 @@ bool X509Certificate::WriteOSCertHandleToPickle(OSCertHandle cert_handle, der_cache.data_length); } +#if defined(OS_ANDROID) +void X509Certificate::GetChainDEREncodedBytes( + std::vector<std::string>* chain_bytes) const { + OSCertHandles cert_handles(intermediate_ca_certs_); + // Make sure the peer's own cert is the first in the chain, if it's not + // already there. + if (cert_handles.empty() || cert_handles[0] != cert_handle_) + cert_handles.insert(cert_handles.begin(), cert_handle_); + + chain_bytes->reserve(cert_handles.size()); + for (OSCertHandles::const_iterator it = cert_handles.begin(); + it != cert_handles.end(); ++it) { + std::string cert_bytes; + GetDEREncoded(*it, &cert_bytes); + chain_bytes->push_back(cert_bytes); + } +} +#endif + } // namespace net diff --git a/net/base/x509_certificate_openssl_android.cc b/net/base/x509_certificate_openssl_android.cc deleted file mode 100644 index fa01c57..0000000 --- a/net/base/x509_certificate_openssl_android.cc +++ /dev/null @@ -1,64 +0,0 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/base/x509_certificate.h" - -#include "base/logging.h" -#include "net/android/network_library.h" -#include "net/base/cert_status_flags.h" -#include "net/base/cert_verify_result.h" -#include "net/base/net_errors.h" - -namespace net { - -int X509Certificate::VerifyInternal(const std::string& hostname, - int flags, - CRLSet* crl_set, - CertVerifyResult* verify_result) const { - if (!VerifyNameMatch(hostname)) - verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; - - std::vector<std::string> cert_bytes; - GetChainDEREncodedBytes(&cert_bytes); - - // TODO(joth): Fetch the authentication type from SSL rather than hardcode. - android::VerifyResult result = - android::VerifyX509CertChain(cert_bytes, hostname, "RSA"); - switch (result) { - case android::VERIFY_OK: - return OK; - case android::VERIFY_BAD_HOSTNAME: - verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; - break; - case android::VERIFY_NO_TRUSTED_ROOT: - verify_result->cert_status |= CERT_STATUS_AUTHORITY_INVALID; - break; - case android::VERIFY_INVOCATION_ERROR: - default: - verify_result->cert_status |= ERR_CERT_INVALID; - break; - } - return MapCertStatusToNetError(verify_result->cert_status); -} - -void X509Certificate::GetChainDEREncodedBytes( - std::vector<std::string>* chain_bytes) const { - OSCertHandles cert_handles(intermediate_ca_certs_); - // Make sure the peer's own cert is the first in the chain, if it's not - // already there. - if (cert_handles.empty()) - cert_handles.insert(cert_handles.begin(), cert_handle_); - - chain_bytes->reserve(cert_handles.size()); - for (OSCertHandles::const_iterator it = cert_handles.begin(); - it != cert_handles.end(); ++it) { - DERCache der_cache = {0}; - GetDERAndCacheIfNeeded(*it, &der_cache); - std::string cert_bytes ( - reinterpret_cast<const char*>(der_cache.data), der_cache.data_length); - chain_bytes->push_back(cert_bytes); - } -} - -} // namespace net diff --git a/net/dns/dns_config_service_posix.cc b/net/dns/dns_config_service_posix.cc index 3385c52..f7833bc 100644 --- a/net/dns/dns_config_service_posix.cc +++ b/net/dns/dns_config_service_posix.cc @@ -30,24 +30,28 @@ class DnsConfigServicePosix::ConfigReader : public SerialWorker { success_(false) {} void DoWork() OVERRIDE { + success_ = false; +#if defined(OS_ANDROID) + NOTIMPLEMENTED(); +#else #if defined(OS_OPENBSD) + // Note: res_ninit in glibc always returns 0 and sets RES_INIT. + // res_init behaves the same way. if ((res_init() == 0) && (_res.options & RES_INIT)) { success_ = ConvertResToConfig(_res, &dns_config_); + } #else struct __res_state res; if ((res_ninit(&res) == 0) && (res.options & RES_INIT)) { success_ = ConvertResToConfig(res, &dns_config_); -#endif - } else { - // Note: res_ninit in glibc always returns 0 and sets RES_INIT. - // res_init behaves the same way. - success_ = false; } +#endif #if defined(OS_MACOSX) res_ndestroy(&res); #elif !defined(OS_OPENBSD) res_nclose(&res); #endif +#endif // defined(OS_ANDROID) } void OnWorkFinished() OVERRIDE { @@ -84,6 +88,7 @@ DnsConfigService* DnsConfigService::CreateSystemService() { return new DnsConfigServicePosix(); } +#if !defined(OS_ANDROID) bool ConvertResToConfig(const struct __res_state& res, DnsConfig* dns_config) { CHECK(dns_config != NULL); DCHECK(res.options & RES_INIT); @@ -136,5 +141,6 @@ bool ConvertResToConfig(const struct __res_state& res, DnsConfig* dns_config) { return true; } +#endif // !defined(OS_ANDROID) } // namespace net diff --git a/net/net.gyp b/net/net.gyp index a81d467..432b558 100644 --- a/net/net.gyp +++ b/net/net.gyp @@ -8,8 +8,8 @@ 'linux_link_kerberos%': 0, 'conditions': [ - ['chromeos==1', { - # Disable Kerberos on ChromeOS, at least for now. + ['chromeos==1 or OS=="android"', { + # Disable Kerberos on ChromeOS and Android, at least for now. # It needs configuration (krb5.conf and so on). 'use_kerberos%': 0, }, { # chromeos == 0 @@ -40,6 +40,8 @@ 'ssl_false_start_blacklist_process#host', ], 'sources': [ + 'android/network_library.cc', + 'android/network_library.h', 'base/address_family.h', 'base/address_list.cc', 'base/address_list.h', @@ -185,6 +187,7 @@ 'base/nss_memio.h', 'base/openssl_memory_private_key_store.cc', 'base/openssl_private_key_store.h', + 'base/openssl_private_key_store_android.cc', 'base/origin_bound_cert_service.cc', 'base/origin_bound_cert_service.h', 'base/origin_bound_cert_store.h', @@ -935,6 +938,14 @@ # Android can shut down our app at any time, so we persist session cookies. 'ENABLE_PERSISTENT_SESSION_COOKIES' ], + 'dependencies': [ + '../build/android/system.gyp:ssl', + ], + 'sources/': [ + # TODO(jingzhao): The below files are excluded because of the + # missing JNI, add them back when JNI is ready. + ['exclude', '^android/'], + ], }, { # else OS! = "android" 'defines': [ # These are the features Android doesn't support. @@ -951,6 +962,13 @@ }, ], ], + 'target_conditions': [ + ['OS == "android"', { + 'sources/': [ + ['include', '^base/platform_mime_util_linux\\.cc$'], + ], + }], + ], }, { 'target_name': 'net_unittests', @@ -1179,7 +1197,7 @@ ], }, ], - [ 'os_posix == 1 and OS != "mac"', { + [ 'os_posix == 1 and OS != "mac" and OS != "android"', { 'conditions': [ ['linux_use_tcmalloc==1', { 'dependencies': [ @@ -1245,6 +1263,15 @@ ], }, ], + [ 'OS == "android"', { + 'dependencies': [ + '../build/android/system.gyp:ssl', + ], + 'sources!': [ + 'dns/dns_config_service_posix_unittest.cc', + ], + }, + ], ], }, { @@ -1381,7 +1408,7 @@ '../third_party/protobuf/protobuf.gyp:py_proto', ], }], - ['os_posix == 1 and OS != "mac"', { + ['os_posix == 1 and OS != "mac" and OS != "android"', { 'conditions': [ ['use_openssl==1', { 'dependencies': [ @@ -1394,7 +1421,7 @@ }], ], }], - ['os_posix == 1 and OS != "mac"', { + ['os_posix == 1 and OS != "mac" and OS != "android"', { 'conditions': [ ['linux_use_tcmalloc==1', { 'dependencies': [ @@ -1510,7 +1537,7 @@ }, ], 'conditions': [ - ['os_posix == 1 and OS != "mac"', { + ['os_posix == 1 and OS != "mac" and OS != "android"', { 'targets': [ { 'target_name': 'flip_in_mem_edsm_server', diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc index a2e3a19..14b5790 100644 --- a/net/socket/ssl_client_socket_openssl.cc +++ b/net/socket/ssl_client_socket_openssl.cc @@ -786,6 +786,10 @@ int SSLClientSocketOpenSSL::DoHandshake() { return net_error; } +// SelectNextProtoCallback is called by OpenSSL during the handshake. If the +// server supports NPN, selects a protocol from the list that the server +// provides. According to third_party/openssl/openssl/ssl/ssl_lib.c, the +// callback can assume that |in| is syntactically valid. int SSLClientSocketOpenSSL::SelectNextProtoCallback(unsigned char** out, unsigned char* outlen, const unsigned char* in, @@ -798,16 +802,31 @@ int SSLClientSocketOpenSSL::SelectNextProtoCallback(unsigned char** out, return SSL_TLSEXT_ERR_OK; } - int status = SSL_select_next_proto( - out, outlen, in, inlen, - reinterpret_cast<const unsigned char*>(ssl_config_.next_protos.data()), - ssl_config_.next_protos.size()); + // Assume there's no overlap between our protocols and the server's list. + int status = OPENSSL_NPN_NO_OVERLAP; + *out = const_cast<unsigned char*>(in) + 1; + *outlen = in[0]; + + // For each protocol in server preference order, see if we support it. + for (unsigned int i = 0; i < inlen; i += in[i] + 1) { + for (std::vector<std::string>::const_iterator + j = ssl_config_.next_protos.begin(); + j != ssl_config_.next_protos.end(); ++j) { + if (in[i] == j->size() && + memcmp(&in[i + 1], j->data(), in[i]) == 0) { + // We find a match. + *out = const_cast<unsigned char*>(in) + i + 1; + *outlen = in[i]; + status = OPENSSL_NPN_NEGOTIATED; + break; + } + } + if (status == OPENSSL_NPN_NEGOTIATED) + break; + } npn_proto_.assign(reinterpret_cast<const char*>(*out), *outlen); switch (status) { - case OPENSSL_NPN_UNSUPPORTED: - npn_status_ = SSLClientSocket::kNextProtoUnsupported; - break; case OPENSSL_NPN_NEGOTIATED: npn_status_ = SSLClientSocket::kNextProtoNegotiated; break; diff --git a/net/spdy/spdy_protocol_test.cc b/net/spdy/spdy_protocol_test.cc index e6e378f..dbc00db 100644 --- a/net/spdy/spdy_protocol_test.cc +++ b/net/spdy/spdy_protocol_test.cc @@ -238,7 +238,7 @@ TEST(SpdyProtocolDeathTest, TestDataFrame) { frame.set_stream_id(0); // TODO(mbelshe): implement EXPECT_DEBUG_DEATH on windows. -#ifndef WIN32 +#if !defined(WIN32) && defined(GTEST_HAS_DEATH_TEST) #if !defined(DCHECK_ALWAYS_ON) EXPECT_DEBUG_DEATH(frame.set_stream_id(~0), ""); #else @@ -248,7 +248,7 @@ TEST(SpdyProtocolDeathTest, TestDataFrame) { EXPECT_FALSE(frame.is_control_frame()); frame.set_flags(0); -#ifndef WIN32 +#if !defined(WIN32) && defined(GTEST_HAS_DEATH_TEST) #if !defined(DCHECK_ALWAYS_ON) EXPECT_DEBUG_DEATH(frame.set_length(~0), ""); #else |