diff options
Diffstat (limited to 'net')
| -rw-r--r-- | net/ocsp/nss_ocsp.cc | 264 | ||||
| -rw-r--r-- | net/ocsp/nss_ocsp.h | 5 | ||||
| -rw-r--r-- | net/proxy/proxy_script_fetcher.cc | 43 | ||||
| -rw-r--r-- | net/proxy/proxy_script_fetcher.h | 2 | ||||
| -rw-r--r-- | net/url_request/url_request_context.cc | 3 | ||||
| -rw-r--r-- | net/url_request/url_request_context.h | 8 |
6 files changed, 93 insertions, 232 deletions
diff --git a/net/ocsp/nss_ocsp.cc b/net/ocsp/nss_ocsp.cc index 3faeb54..dc1851f 100644 --- a/net/ocsp/nss_ocsp.cc +++ b/net/ocsp/nss_ocsp.cc @@ -9,19 +9,16 @@ #include <ocsp.h> #include <nspr.h> #include <nss.h> -#include <pthread.h> #include <secerr.h> #include <string> -#include "base/basictypes.h" #include "base/compiler_specific.h" #include "base/condition_variable.h" #include "base/histogram.h" -#include "base/lazy_instance.h" -#include "base/lock.h" #include "base/logging.h" #include "base/message_loop.h" +#include "base/singleton.h" #include "base/string_util.h" #include "base/stringprintf.h" #include "base/thread.h" @@ -36,93 +33,6 @@ namespace { -// Protects |g_request_context|. -pthread_mutex_t g_request_context_lock = PTHREAD_MUTEX_INITIALIZER; -static URLRequestContext* g_request_context = NULL; - -class OCSPIOLoop : public MessageLoop::DestructionObserver { - public: - // MessageLoop::DestructionObserver: - virtual void WillDestroyCurrentMessageLoop(); - - void StartUsing() { - AutoLock autolock(lock_); - used_ = true; - } - - bool used() const { - AutoLock autolock(lock_); - return used_; - } - - // Called from worker thread. - void PostTaskToIOLoop(const tracked_objects::Location& from_here, Task* task); - - void EnsureIOLoop(); - - private: - friend struct base::DefaultLazyInstanceTraits<OCSPIOLoop>; - - OCSPIOLoop(); - ~OCSPIOLoop(); - - mutable Lock lock_; - bool used_; // Protected by |lock_|. - // This should not be modified after |used_|. - MessageLoopForIO* io_loop_; // Protected by |lock_|. - - DISALLOW_COPY_AND_ASSIGN(OCSPIOLoop); -}; - -OCSPIOLoop::OCSPIOLoop() - : used_(false), - io_loop_(MessageLoopForIO::current()) { - DCHECK(io_loop_); - io_loop_->AddDestructionObserver(this); -} - -OCSPIOLoop::~OCSPIOLoop() { - // IO thread was already deleted before the singleton is deleted - // in AtExitManager. - { - AutoLock autolock(lock_); - DCHECK(!io_loop_); - DCHECK(!used_); - } - - pthread_mutex_lock(&g_request_context_lock); - DCHECK(!g_request_context); - pthread_mutex_unlock(&g_request_context_lock); -} - -void OCSPIOLoop::WillDestroyCurrentMessageLoop() { - // Prevent the worker thread from trying to access |io_loop_|. - { - AutoLock autolock(lock_); - DCHECK_EQ(MessageLoopForIO::current(), io_loop_); - io_loop_ = NULL; - used_ = false; - } - - pthread_mutex_lock(&g_request_context_lock); - g_request_context = NULL; - pthread_mutex_unlock(&g_request_context_lock); -} - -void OCSPIOLoop::PostTaskToIOLoop( - const tracked_objects::Location& from_here, Task* task) { - AutoLock autolock(lock_); - if (io_loop_) - io_loop_->PostTask(from_here, task); -} - -void OCSPIOLoop::EnsureIOLoop() { - AutoLock autolock(lock_); - DCHECK_EQ(MessageLoopForIO::current(), io_loop_); -} - -base::LazyInstance<OCSPIOLoop> g_ocsp_io_loop(base::LINKER_INITIALIZED); - const int kRecvBufferSize = 4096; // All OCSP handlers should be called in the context of @@ -159,58 +69,97 @@ SECStatus OCSPFree(SEC_HTTP_REQUEST_SESSION request); char* GetAlternateOCSPAIAInfo(CERTCertificate *cert); -class OCSPNSSInitialization { - private: - friend struct base::DefaultLazyInstanceTraits<OCSPNSSInitialization>; +class OCSPInitSingleton : public MessageLoop::DestructionObserver { + public: + // Called on IO thread. + virtual void WillDestroyCurrentMessageLoop() { + AutoLock autolock(lock_); + DCHECK_EQ(MessageLoopForIO::current(), io_loop_); + io_loop_ = NULL; + request_context_ = NULL; + }; - OCSPNSSInitialization(); - ~OCSPNSSInitialization(); + // Called from worker thread. + void PostTaskToIOLoop( + const tracked_objects::Location& from_here, Task* task) { + AutoLock autolock(lock_); + if (io_loop_) + io_loop_->PostTask(from_here, task); + } - SEC_HttpClientFcn client_fcn_; + // This is static method because it is called before NSS initialization, + // that is, before OCSPInitSingleton is initialized. + static void set_url_request_context(URLRequestContext* request_context) { + request_context_ = request_context; + } + static URLRequestContext* url_request_context() { + return request_context_; + } - DISALLOW_COPY_AND_ASSIGN(OCSPNSSInitialization); -}; + private: + friend struct DefaultSingletonTraits<OCSPInitSingleton>; + + OCSPInitSingleton() + : io_loop_(MessageLoopForIO::current()) { + DCHECK(io_loop_); + io_loop_->AddDestructionObserver(this); + + // NSS calls the functions in the function table to download certificates + // or CRLs or talk to OCSP responders over HTTP. These functions must + // set an NSS/NSPR error code when they fail. Otherwise NSS will get the + // residual error code from an earlier failed function call. + client_fcn_.version = 1; + SEC_HttpClientFcnV1Struct *ft = &client_fcn_.fcnTable.ftable1; + ft->createSessionFcn = OCSPCreateSession; + ft->keepAliveSessionFcn = OCSPKeepAliveSession; + ft->freeSessionFcn = OCSPFreeSession; + ft->createFcn = OCSPCreate; + ft->setPostDataFcn = OCSPSetPostData; + ft->addHeaderFcn = OCSPAddHeader; + ft->trySendAndReceiveFcn = OCSPTrySendAndReceive; + ft->cancelFcn = NULL; + ft->freeFcn = OCSPFree; + SECStatus status = SEC_RegisterDefaultHttpClient(&client_fcn_); + if (status != SECSuccess) { + NOTREACHED() << "Error initializing OCSP: " << PR_GetError(); + } -OCSPNSSInitialization::OCSPNSSInitialization() { - // NSS calls the functions in the function table to download certificates - // or CRLs or talk to OCSP responders over HTTP. These functions must - // set an NSS/NSPR error code when they fail. Otherwise NSS will get the - // residual error code from an earlier failed function call. - client_fcn_.version = 1; - SEC_HttpClientFcnV1Struct *ft = &client_fcn_.fcnTable.ftable1; - ft->createSessionFcn = OCSPCreateSession; - ft->keepAliveSessionFcn = OCSPKeepAliveSession; - ft->freeSessionFcn = OCSPFreeSession; - ft->createFcn = OCSPCreate; - ft->setPostDataFcn = OCSPSetPostData; - ft->addHeaderFcn = OCSPAddHeader; - ft->trySendAndReceiveFcn = OCSPTrySendAndReceive; - ft->cancelFcn = NULL; - ft->freeFcn = OCSPFree; - SECStatus status = SEC_RegisterDefaultHttpClient(&client_fcn_); - if (status != SECSuccess) { - NOTREACHED() << "Error initializing OCSP: " << PR_GetError(); - } - - // Work around NSS bugs 524013 and 564334. NSS incorrectly thinks the - // CRLs for Network Solutions Certificate Authority have bad signatures, - // which causes certificates issued by that CA to be reported as revoked. - // By using OCSP for those certificates, which don't have AIA extensions, - // we can work around these bugs. See http://crbug.com/41730. - CERT_StringFromCertFcn old_callback = NULL; - status = CERT_RegisterAlternateOCSPAIAInfoCallBack( - GetAlternateOCSPAIAInfo, &old_callback); - if (status == SECSuccess) { - DCHECK(!old_callback); - } else { - NOTREACHED() << "Error initializing OCSP: " << PR_GetError(); + // Work around NSS bugs 524013 and 564334. NSS incorrectly thinks the + // CRLs for Network Solutions Certificate Authority have bad signatures, + // which causes certificates issued by that CA to be reported as revoked. + // By using OCSP for those certificates, which don't have AIA extensions, + // we can work around these bugs. See http://crbug.com/41730. + CERT_StringFromCertFcn old_callback = NULL; + status = CERT_RegisterAlternateOCSPAIAInfoCallBack( + GetAlternateOCSPAIAInfo, &old_callback); + if (status == SECSuccess) { + DCHECK(!old_callback); + } else { + NOTREACHED() << "Error initializing OCSP: " << PR_GetError(); + } } -} -OCSPNSSInitialization::~OCSPNSSInitialization() {} + virtual ~OCSPInitSingleton() { + // IO thread was already deleted before the singleton is deleted + // in AtExitManager. + AutoLock autolock(lock_); + DCHECK(!io_loop_); + DCHECK(!request_context_); + } + + SEC_HttpClientFcn client_fcn_; + + // |lock_| protects |io_loop_|. + Lock lock_; + // I/O thread. + MessageLoop* io_loop_; // I/O thread + // URLRequestContext for OCSP handlers. + static URLRequestContext* request_context_; -base::LazyInstance<OCSPNSSInitialization> g_ocsp_nss_initialization( - base::LINKER_INITIALIZED); + DISALLOW_COPY_AND_ASSIGN(OCSPInitSingleton); +}; + +URLRequestContext* OCSPInitSingleton::request_context_ = NULL; // Concrete class for SEC_HTTP_REQUEST_SESSION. // Public methods except virtual methods of URLRequest::Delegate (On* methods) @@ -251,7 +200,7 @@ class OCSPRequestSession // |io_loop_| was initialized to be NULL in constructor, and // set only in StartURLRequest, so no need to lock |lock_| here. DCHECK(!io_loop_); - g_ocsp_io_loop.Get().PostTaskToIOLoop( + Singleton<OCSPInitSingleton>()->PostTaskToIOLoop( FROM_HERE, NewRunnableMethod(this, &OCSPRequestSession::StartURLRequest)); } @@ -390,14 +339,11 @@ class OCSPRequestSession } } - // Runs on |g_ocsp_io_loop|'s IO loop. void StartURLRequest() { DCHECK(!request_); - pthread_mutex_lock(&g_request_context_lock); - URLRequestContext* url_request_context = g_request_context; - pthread_mutex_unlock(&g_request_context_lock); - + URLRequestContext* url_request_context = + OCSPInitSingleton::url_request_context(); if (url_request_context == NULL) return; @@ -530,10 +476,7 @@ SECStatus OCSPCreateSession(const char* host, PRUint16 portnum, SEC_HTTP_SERVER_SESSION* pSession) { VLOG(1) << "OCSP create session: host=" << host << " port=" << portnum; DCHECK(!MessageLoop::current()); - pthread_mutex_lock(&g_request_context_lock); - URLRequestContext* request_context = g_request_context; - pthread_mutex_unlock(&g_request_context_lock); - if (request_context == NULL) { + if (OCSPInitSingleton::url_request_context() == NULL) { LOG(ERROR) << "No URLRequestContext for OCSP handler."; // The application failed to call SetURLRequestContextForOCSP, so we // can't create and use URLRequest. PR_NOT_IMPLEMENTED_ERROR is not an @@ -840,40 +783,17 @@ char* GetAlternateOCSPAIAInfo(CERTCertificate *cert) { namespace net { -void SetMessageLoopForOCSP() { - // Must have a MessageLoopForIO. - DCHECK(MessageLoopForIO::current()); - - bool used = g_ocsp_io_loop.Get().used(); - - // Should not be called when g_ocsp_io_loop has already been used. - DCHECK(!used); -} - void EnsureOCSPInit() { - g_ocsp_io_loop.Get().StartUsing(); - g_ocsp_nss_initialization.Get(); + Singleton<OCSPInitSingleton>::get(); } // This function would be called before NSS initialization. void SetURLRequestContextForOCSP(URLRequestContext* request_context) { - pthread_mutex_lock(&g_request_context_lock); - if (request_context) { - DCHECK(request_context->is_main()); - DCHECK(!g_request_context); - } else { - DCHECK(g_request_context); - } - g_request_context = request_context; - pthread_mutex_unlock(&g_request_context_lock); + OCSPInitSingleton::set_url_request_context(request_context); } URLRequestContext* GetURLRequestContextForOCSP() { - pthread_mutex_lock(&g_request_context_lock); - URLRequestContext* request_context = g_request_context; - pthread_mutex_unlock(&g_request_context_lock); - DCHECK(request_context->is_main()); - return request_context; + return OCSPInitSingleton::url_request_context(); } } // namespace net diff --git a/net/ocsp/nss_ocsp.h b/net/ocsp/nss_ocsp.h index 97d69b9..a31d025 100644 --- a/net/ocsp/nss_ocsp.h +++ b/net/ocsp/nss_ocsp.h @@ -10,11 +10,6 @@ class URLRequestContext; namespace net { -// Sets the MessageLoop for OCSP to the current message loop. -// This should be called before EnsureOCSPInit() if you want to -// control the message loop for OCSP. -void SetMessageLoopForOCSP(); - // Initializes OCSP handlers for NSS. This must be called before any // certificate verification functions. This function is thread-safe, and OCSP // handlers will only ever be initialized once. diff --git a/net/proxy/proxy_script_fetcher.cc b/net/proxy/proxy_script_fetcher.cc index 1858370..719c380 100644 --- a/net/proxy/proxy_script_fetcher.cc +++ b/net/proxy/proxy_script_fetcher.cc @@ -4,15 +4,11 @@ #include "net/proxy/proxy_script_fetcher.h" -#include <set> - #include "base/compiler_specific.h" #include "base/i18n/icu_string_conversions.h" -#include "base/lazy_instance.h" #include "base/logging.h" #include "base/message_loop.h" #include "base/ref_counted.h" -#include "base/stl_util-inl.h" #include "base/string_util.h" #include "base/utf_string_conversions.h" #include "net/base/io_buffer.h" @@ -73,44 +69,8 @@ void ConvertResponseToUTF16(const std::string& charset, utf16); } -class ProxyScriptFetcherTracker { - public: - ProxyScriptFetcherTracker(); - ~ProxyScriptFetcherTracker(); - - void AddFetcher(ProxyScriptFetcher* fetcher) { - DCHECK(!ContainsKey(fetchers_, fetcher)); - fetchers_.insert(fetcher); - } - - void RemoveFetcher(ProxyScriptFetcher* fetcher) { - DCHECK(ContainsKey(fetchers_, fetcher)); - fetchers_.erase(fetcher); - } - - void CancelAllFetches() { - for (std::set<ProxyScriptFetcher*>::const_iterator it = fetchers_.begin(); - it != fetchers_.end(); ++it) { - (*it)->Cancel(); - } - } - - private: - std::set<ProxyScriptFetcher*> fetchers_; -}; - -ProxyScriptFetcherTracker::ProxyScriptFetcherTracker() {} -ProxyScriptFetcherTracker::~ProxyScriptFetcherTracker() {} - -base::LazyInstance<ProxyScriptFetcherTracker> - g_fetcher_tracker(base::LINKER_INITIALIZED); - } // namespace -void EnsureNoProxyScriptFetches() { - g_fetcher_tracker.Get().CancelAllFetches(); -} - class ProxyScriptFetcherImpl : public ProxyScriptFetcher, public URLRequest::Delegate { public: @@ -200,11 +160,9 @@ ProxyScriptFetcherImpl::ProxyScriptFetcherImpl( result_code_(OK), result_text_(NULL) { DCHECK(url_request_context); - g_fetcher_tracker.Get().AddFetcher(this); } ProxyScriptFetcherImpl::~ProxyScriptFetcherImpl() { - g_fetcher_tracker.Get().RemoveFetcher(this); // The URLRequest's destructor will cancel the outstanding request, and // ensure that the delegate (this) is not called again. } @@ -408,5 +366,4 @@ size_t ProxyScriptFetcher::SetSizeConstraintForUnittest(size_t size_bytes) { return prev; } - } // namespace net diff --git a/net/proxy/proxy_script_fetcher.h b/net/proxy/proxy_script_fetcher.h index 1b1a827..f6c1795 100644 --- a/net/proxy/proxy_script_fetcher.h +++ b/net/proxy/proxy_script_fetcher.h @@ -68,8 +68,6 @@ class ProxyScriptFetcher { static size_t SetSizeConstraintForUnittest(size_t size_bytes); }; -void EnsureNoProxyScriptFetches(); - } // namespace net #endif // NET_PROXY_PROXY_SCRIPT_FETCHER_H_ diff --git a/net/url_request/url_request_context.cc b/net/url_request/url_request_context.cc index 518d43a..329f83f 100644 --- a/net/url_request/url_request_context.cc +++ b/net/url_request/url_request_context.cc @@ -16,8 +16,7 @@ URLRequestContext::URLRequestContext() http_auth_handler_factory_(NULL), network_delegate_(NULL), cookie_policy_(NULL), - transport_security_state_(NULL), - is_main_(false) { + transport_security_state_(NULL) { } const std::string& URLRequestContext::GetUserAgent(const GURL& url) const { diff --git a/net/url_request/url_request_context.h b/net/url_request/url_request_context.h index bbbae67..96de77d 100644 --- a/net/url_request/url_request_context.h +++ b/net/url_request/url_request_context.h @@ -109,11 +109,6 @@ class URLRequestContext referrer_charset_ = charset; } - // Controls whether or not the URLRequestContext considers itself to be the - // "main" URLRequestContext. - bool is_main() const { return is_main_; } - void set_is_main(bool is_main) { is_main_ = is_main; } - protected: friend class base::RefCountedThreadSafe<URLRequestContext>; @@ -142,9 +137,6 @@ class URLRequestContext std::string referrer_charset_; private: - // Indicates whether or not this is the main URLRequestContext. - bool is_main_; - DISALLOW_COPY_AND_ASSIGN(URLRequestContext); }; |