diff options
| author | Kristian Monsen <kristianm@google.com> | 2011-05-24 16:24:13 +0100 |
|---|---|---|
| committer | Kristian Monsen <kristianm@google.com> | 2011-05-25 14:13:32 +0100 |
| commit | 3f50c38dc070f4bb515c1b64450dae14f316474e (patch) | |
| tree | 29f309f9534e05c47244eedb438fc612578d133b /net/base | |
| parent | e23bef148f7be2bdf9c3cb2cd3aa5ceebf1190fb (diff) | |
| download | external_chromium-3f50c38dc070f4bb515c1b64450dae14f316474e.zip external_chromium-3f50c38dc070f4bb515c1b64450dae14f316474e.tar.gz external_chromium-3f50c38dc070f4bb515c1b64450dae14f316474e.tar.bz2 | |
Merge Chromium at r10.0.634.0: Initial merge by git.
Change-Id: Iac2af492818d119bcc2562eb5fdabf5ab0b6df9c
Diffstat (limited to 'net/base')
40 files changed, 486 insertions, 378 deletions
diff --git a/net/base/capturing_net_log.cc b/net/base/capturing_net_log.cc index fccd5ae..c6d3424 100644 --- a/net/base/capturing_net_log.cc +++ b/net/base/capturing_net_log.cc @@ -18,7 +18,9 @@ CapturingNetLog::Entry::Entry(EventType type, CapturingNetLog::Entry::~Entry() {} CapturingNetLog::CapturingNetLog(size_t max_num_entries) - : last_id_(-1), max_num_entries_(max_num_entries) { + : last_id_(-1), + max_num_entries_(max_num_entries), + log_level_(LOG_ALL_BUT_BYTES) { } CapturingNetLog::~CapturingNetLog() {} @@ -39,7 +41,8 @@ uint32 CapturingNetLog::NextID() { } NetLog::LogLevel CapturingNetLog::GetLogLevel() const { - return LOG_ALL_BUT_BYTES; + AutoLock lock(lock_); + return log_level_; } void CapturingNetLog::GetEntries(EntryList* entry_list) const { @@ -52,6 +55,11 @@ void CapturingNetLog::Clear() { entries_.clear(); } +void CapturingNetLog::SetLogLevel(NetLog::LogLevel log_level) { + AutoLock lock(lock_); + log_level_ = log_level; +} + CapturingBoundNetLog::CapturingBoundNetLog(const NetLog::Source& source, CapturingNetLog* net_log) : source_(source), capturing_net_log_(net_log) { @@ -71,4 +79,8 @@ void CapturingBoundNetLog::Clear() { capturing_net_log_->Clear(); } +void CapturingBoundNetLog::SetLogLevel(NetLog::LogLevel log_level) { + capturing_net_log_->SetLogLevel(log_level); +} + } // namespace net diff --git a/net/base/capturing_net_log.h b/net/base/capturing_net_log.h index 9254725..193d641 100644 --- a/net/base/capturing_net_log.h +++ b/net/base/capturing_net_log.h @@ -61,6 +61,8 @@ class CapturingNetLog : public NetLog { void Clear(); + void SetLogLevel(NetLog::LogLevel log_level); + private: // Needs to be "mutable" so can use it in GetEntries(). mutable Lock lock_; @@ -71,6 +73,8 @@ class CapturingNetLog : public NetLog { size_t max_num_entries_; EntryList entries_; + NetLog::LogLevel log_level_; + DISALLOW_COPY_AND_ASSIGN(CapturingNetLog); }; @@ -97,6 +101,9 @@ class CapturingBoundNetLog { void Clear(); + // Sets the log level of the underlying CapturingNetLog. + void SetLogLevel(NetLog::LogLevel log_level); + private: NetLog::Source source_; scoped_ptr<CapturingNetLog> capturing_net_log_; diff --git a/net/base/cert_database.h b/net/base/cert_database.h index 7915cc6..5ffb6a2 100644 --- a/net/base/cert_database.h +++ b/net/base/cert_database.h @@ -29,6 +29,17 @@ typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; class CertDatabase { public: + // Stores per-certificate error codes for import failures. + struct ImportCertFailure { + public: + ImportCertFailure(X509Certificate* cert, int err); + ~ImportCertFailure(); + + scoped_refptr<X509Certificate> certificate; + int net_error; + }; + typedef std::vector<ImportCertFailure> ImportCertFailureList; + // Constants that define which usages a certificate is trusted for. // They are used in combination with CertType to specify trust for each type // of certificate. @@ -45,17 +56,6 @@ class CertDatabase { TRUSTED_OBJ_SIGN = 1 << 2, }; - // Stores per-certificate error codes for import failures. - struct ImportCertFailure { - public: - ImportCertFailure(X509Certificate* cert, int err); - ~ImportCertFailure(); - - scoped_refptr<X509Certificate> certificate; - int net_error; - }; - typedef std::vector<ImportCertFailure> ImportCertFailureList; - CertDatabase(); // Check whether this is a valid user cert that we have the private key for. diff --git a/net/base/cert_verifier.cc b/net/base/cert_verifier.cc index 4b3d904..3d22dec 100644 --- a/net/base/cert_verifier.cc +++ b/net/base/cert_verifier.cc @@ -8,7 +8,7 @@ #include "base/lock.h" #include "base/message_loop.h" #include "base/stl_util-inl.h" -#include "base/worker_pool.h" +#include "base/threading/worker_pool.h" #include "net/base/net_errors.h" #include "net/base/x509_certificate.h" @@ -136,9 +136,9 @@ class CertVerifierWorker { bool Start() { DCHECK_EQ(MessageLoop::current(), origin_loop_); - return WorkerPool::PostTask( - FROM_HERE, NewRunnableMethod(this, &CertVerifierWorker::Run), - true /* task is slow */); + return base::WorkerPool::PostTask( + FROM_HERE, NewRunnableMethod(this, &CertVerifierWorker::Run), + true /* task is slow */); } // Cancel is called from the origin loop when the CertVerifier is getting diff --git a/net/base/cert_verifier.h b/net/base/cert_verifier.h index 3d19abb..f0df67a 100644 --- a/net/base/cert_verifier.h +++ b/net/base/cert_verifier.h @@ -10,8 +10,8 @@ #include <string> #include "base/basictypes.h" -#include "base/non_thread_safe.h" #include "base/scoped_ptr.h" +#include "base/threading/non_thread_safe.h" #include "base/time.h" #include "net/base/cert_verify_result.h" #include "net/base/completion_callback.h" @@ -46,7 +46,7 @@ struct CachedCertVerifyResult { // request at a time is to create a SingleRequestCertVerifier wrapper around // CertVerifier (which will automatically cancel the single request when it // goes out of scope). -class CertVerifier : public NonThreadSafe { +class CertVerifier : public base::NonThreadSafe { public: // Opaque type used to cancel a request. typedef void* RequestHandle; diff --git a/net/base/cookie_monster_unittest.cc b/net/base/cookie_monster_unittest.cc index a0c16ea..f431674 100644 --- a/net/base/cookie_monster_unittest.cc +++ b/net/base/cookie_monster_unittest.cc @@ -7,11 +7,11 @@ #include <string> #include "base/basictypes.h" -#include "base/platform_thread.h" #include "base/ref_counted.h" #include "base/scoped_ptr.h" #include "base/string_util.h" #include "base/stringprintf.h" +#include "base/threading/platform_thread.h" #include "base/time.h" #include "googleurl/src/gurl.h" #include "net/base/cookie_monster.h" @@ -1023,7 +1023,7 @@ TEST(CookieMonsterTest, TestLastAccess) { EXPECT_TRUE(last_access_date == GetFirstCookieAccessDate(cm)); // Reading after a short wait should update the access date. - PlatformThread::Sleep(kLastAccessThresholdMilliseconds + 20); + base::PlatformThread::Sleep(kLastAccessThresholdMilliseconds + 20); EXPECT_EQ("A=B", cm->GetCookies(url_google)); EXPECT_FALSE(last_access_date == GetFirstCookieAccessDate(cm)); } @@ -1201,7 +1201,7 @@ TEST(CookieMonsterTest, GetAllCookiesForURL) { const Time last_access_date(GetFirstCookieAccessDate(cm)); - PlatformThread::Sleep(kLastAccessThresholdMilliseconds + 20); + base::PlatformThread::Sleep(kLastAccessThresholdMilliseconds + 20); // Check cookies for url. net::CookieList cookies = cm->GetAllCookiesForURL(url_google); diff --git a/net/base/directory_lister.cc b/net/base/directory_lister.cc index 61a2d65..a0f6317 100644 --- a/net/base/directory_lister.cc +++ b/net/base/directory_lister.cc @@ -10,8 +10,8 @@ #include "base/file_util.h" #include "base/i18n/file_util_icu.h" #include "base/message_loop.h" -#include "base/platform_thread.h" -#include "base/thread_restrictions.h" +#include "base/threading/platform_thread.h" +#include "base/threading/thread_restrictions.h" #include "net/base/net_errors.h" namespace net { @@ -104,7 +104,7 @@ DirectoryLister::DirectoryLister(const FilePath& dir, delegate_(delegate), sort_(ALPHA_DIRS_FIRST), message_loop_(NULL), - thread_(kNullThreadHandle) { + thread_(base::kNullThreadHandle) { DCHECK(!dir.value().empty()); } @@ -117,7 +117,7 @@ DirectoryLister::DirectoryLister(const FilePath& dir, delegate_(delegate), sort_(sort), message_loop_(NULL), - thread_(kNullThreadHandle) { + thread_(base::kNullThreadHandle) { DCHECK(!dir.value().empty()); } @@ -126,7 +126,7 @@ DirectoryLister::~DirectoryLister() { // This is a bug and we should stop joining this thread. // http://crbug.com/65331 base::ThreadRestrictions::ScopedAllowIO allow_io; - PlatformThread::Join(thread_); + base::PlatformThread::Join(thread_); } } @@ -139,7 +139,7 @@ bool DirectoryLister::Start() { AddRef(); // the thread will release us when it is done - if (!PlatformThread::Create(0, this, &thread_)) { + if (!base::PlatformThread::Create(0, this, &thread_)) { Release(); return false; } @@ -154,8 +154,8 @@ void DirectoryLister::Cancel() { // This is a bug and we should stop joining this thread. // http://crbug.com/65331 base::ThreadRestrictions::ScopedAllowIO allow_io; - PlatformThread::Join(thread_); - thread_ = kNullThreadHandle; + base::PlatformThread::Join(thread_); + thread_ = base::kNullThreadHandle; } } diff --git a/net/base/directory_lister.h b/net/base/directory_lister.h index b531880..368c783 100644 --- a/net/base/directory_lister.h +++ b/net/base/directory_lister.h @@ -8,12 +8,12 @@ #include <vector> -#include "base/cancellation_flag.h" #include "base/file_path.h" #include "base/file_util.h" -#include "base/platform_thread.h" #include "base/ref_counted.h" +#include "base/synchronization/cancellation_flag.h" #include "base/task.h" +#include "base/threading/platform_thread.h" class MessageLoop; @@ -27,7 +27,7 @@ namespace net { // is insulated from any of the multi-threading details. // class DirectoryLister : public base::RefCountedThreadSafe<DirectoryLister>, - public PlatformThread::Delegate { + public base::PlatformThread::Delegate { public: // Represents one file found. struct DirectoryListerData { @@ -106,7 +106,7 @@ class DirectoryLister : public base::RefCountedThreadSafe<DirectoryLister>, DirectoryListerDelegate* delegate_; SORT_TYPE sort_; MessageLoop* message_loop_; - PlatformThreadHandle thread_; + base::PlatformThreadHandle thread_; base::CancellationFlag canceled_; }; diff --git a/net/base/dns_reload_timer.cc b/net/base/dns_reload_timer.cc index 1bfe535..89bda59 100644 --- a/net/base/dns_reload_timer.cc +++ b/net/base/dns_reload_timer.cc @@ -6,7 +6,7 @@ #if defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_OPENBSD) #include "base/lazy_instance.h" -#include "base/thread_local_storage.h" +#include "base/threading/thread_local_storage.h" #include "base/time.h" namespace { @@ -72,14 +72,15 @@ class DnsReloadTimer { // We use thread local storage to identify which base::TimeTicks to // interact with. - static ThreadLocalStorage::Slot tls_index_ ; + static base::ThreadLocalStorage::Slot tls_index_ ; DISALLOW_COPY_AND_ASSIGN(DnsReloadTimer); }; // A TLS slot to the TimeTicks for the current thread. // static -ThreadLocalStorage::Slot DnsReloadTimer::tls_index_(base::LINKER_INITIALIZED); +base::ThreadLocalStorage::Slot DnsReloadTimer::tls_index_( + base::LINKER_INITIALIZED); base::LazyInstance<DnsReloadTimer, base::LeakyLazyInstanceTraits<DnsReloadTimer> > diff --git a/net/base/dns_util.h b/net/base/dns_util.h index 60bfc3f..1120140 100644 --- a/net/base/dns_util.h +++ b/net/base/dns_util.h @@ -36,6 +36,7 @@ static const uint16 kDNS_DS = 43; static const uint16 kDNS_RRSIG = 46; static const uint16 kDNS_DNSKEY = 48; static const uint16 kDNS_ANY = 0xff; +static const uint16 kDNS_CAA = 13172; // temporary, not IANA static const uint16 kDNS_TESTING = 0xfffe; // in private use area. // http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml diff --git a/net/base/dnsrr_resolver.cc b/net/base/dnsrr_resolver.cc index ba9b42b..cdb305f 100644 --- a/net/base/dnsrr_resolver.cc +++ b/net/base/dnsrr_resolver.cc @@ -15,7 +15,7 @@ #include "base/stl_util-inl.h" #include "base/string_piece.h" #include "base/task.h" -#include "base/worker_pool.h" +#include "base/threading/worker_pool.h" #include "net/base/dns_reload_timer.h" #include "net/base/dns_util.h" #include "net/base/net_errors.h" @@ -26,10 +26,10 @@ // | (origin loop) (worker loop) // | // Resolve() -// |---->----<creates> -// | // |---->-------------------<creates> // | +// |---->----<creates> +// | // |---->---------------------------------------------------<creates> // | // |---->--------------------Start @@ -58,11 +58,9 @@ // // A cache hit: // -// DnsRRResolver CacheHitCallbackTask Handle +// DnsRRResolver Handle // | // Resolve() -// |---->----<creates> -// | // |---->------------------------<creates> // | // | @@ -70,9 +68,7 @@ // // (MessageLoop cycles) // -// Run -// | -// |----->-----------Post +// Post @@ -139,9 +135,9 @@ class RRResolverWorker { bool Start() { DCHECK_EQ(MessageLoop::current(), origin_loop_); - return WorkerPool::PostTask( - FROM_HERE, NewRunnableMethod(this, &RRResolverWorker::Run), - true /* task is slow */); + return base::WorkerPool::PostTask( + FROM_HERE, NewRunnableMethod(this, &RRResolverWorker::Run), + true /* task is slow */); } // Cancel is called from the origin loop when the DnsRRResolver is getting @@ -559,7 +555,11 @@ class RRResolverJob { } ~RRResolverJob() { - Cancel(ERR_ABORTED); + if (worker_) { + worker_->Cancel(); + worker_ = NULL; + PostAll(ERR_ABORTED, NULL); + } } void AddHandle(RRResolverHandle* handle) { @@ -571,14 +571,6 @@ class RRResolverJob { PostAll(result, &response); } - void Cancel(int error) { - if (worker_) { - worker_->Cancel(); - worker_ = NULL; - PostAll(error, NULL); - } - } - private: void PostAll(int result, const RRResponse* response) { std::vector<RRResolverHandle*> handles; @@ -669,6 +661,7 @@ intptr_t DnsRRResolver::Resolve(const std::string& name, uint16 rrtype, job = new RRResolverJob(worker); inflight_.insert(make_pair(key, job)); if (!worker->Start()) { + inflight_.erase(key); delete job; delete worker; return kInvalidHandle; diff --git a/net/base/dnsrr_resolver.h b/net/base/dnsrr_resolver.h index 30de5fe..9cc5bb8 100644 --- a/net/base/dnsrr_resolver.h +++ b/net/base/dnsrr_resolver.h @@ -12,8 +12,8 @@ #include <vector> #include "base/basictypes.h" -#include "base/non_thread_safe.h" #include "base/ref_counted.h" +#include "base/threading/non_thread_safe.h" #include "base/time.h" #include "build/build_config.h" #include "net/base/completion_callback.h" @@ -66,7 +66,7 @@ class RRResolverJob; // the name is a fully qualified DNS domain. // // A DnsRRResolver must be used from the MessageLoop which created it. -class DnsRRResolver : public NonThreadSafe, +class DnsRRResolver : public base::NonThreadSafe, public NetworkChangeNotifier::Observer { public: enum { diff --git a/net/base/dnsrr_resolver_unittest.cc b/net/base/dnsrr_resolver_unittest.cc index f5b545b..dfa904a 100644 --- a/net/base/dnsrr_resolver_unittest.cc +++ b/net/base/dnsrr_resolver_unittest.cc @@ -5,8 +5,7 @@ #include "net/base/dnsrr_resolver.h" #include "base/callback.h" -#include "base/condition_variable.h" -#include "base/lock.h" +#include "base/synchronization/lock.h" #include "net/base/dns_util.h" #include "net/base/net_errors.h" #include "net/base/net_log.h" diff --git a/net/base/file_stream_posix.cc b/net/base/file_stream_posix.cc index 00af6d4..bdc51ce 100644 --- a/net/base/file_stream_posix.cc +++ b/net/base/file_stream_posix.cc @@ -21,8 +21,8 @@ #include "base/message_loop.h" #include "base/metrics/histogram.h" #include "base/string_util.h" -#include "base/waitable_event.h" -#include "base/worker_pool.h" +#include "base/threading/worker_pool.h" +#include "base/synchronization/waitable_event.h" #include "net/base/net_errors.h" // We cast back and forth, so make sure it's the size we're expecting. @@ -254,11 +254,11 @@ void FileStream::AsyncContext::InitiateAsyncRead( DCHECK(!callback_); callback_ = callback; - WorkerPool::PostTask(FROM_HERE, - new BackgroundReadTask( - file, buf, buf_len, - &background_io_completed_callback_), - true /* task_is_slow */); + base::WorkerPool::PostTask(FROM_HERE, + new BackgroundReadTask( + file, buf, buf_len, + &background_io_completed_callback_), + true /* task_is_slow */); } void FileStream::AsyncContext::InitiateAsyncWrite( @@ -267,11 +267,11 @@ void FileStream::AsyncContext::InitiateAsyncWrite( DCHECK(!callback_); callback_ = callback; - WorkerPool::PostTask(FROM_HERE, - new BackgroundWriteTask( - file, buf, buf_len, - &background_io_completed_callback_), - true /* task_is_slow */); + base::WorkerPool::PostTask(FROM_HERE, + new BackgroundWriteTask( + file, buf, buf_len, + &background_io_completed_callback_), + true /* task_is_slow */); } void FileStream::AsyncContext::OnBackgroundIOCompleted(int result) { diff --git a/net/base/gzip_header.h b/net/base/gzip_header.h index 81f6f19..c245de2 100644 --- a/net/base/gzip_header.h +++ b/net/base/gzip_header.h @@ -20,9 +20,16 @@ class GZipHeader { public: + enum Status { + INCOMPLETE_HEADER, // don't have all the bits yet... + COMPLETE_HEADER, // complete, valid header + INVALID_HEADER, // found something invalid in the header + }; + GZipHeader() { Reset(); } + ~GZipHeader() { } @@ -33,12 +40,6 @@ class GZipHeader { extra_length_ = 0; } - enum Status { - INCOMPLETE_HEADER, // don't have all the bits yet... - COMPLETE_HEADER, // complete, valid header - INVALID_HEADER, // found something invalid in the header - }; - // Attempt to parse the given buffer as the next installment of // bytes from a gzip header. If the bytes we've seen so far do not // yet constitute a complete gzip header, return @@ -49,9 +50,6 @@ class GZipHeader { Status ReadMore(const char* inbuf, int inbuf_len, const char** header_end); private: - - static const uint8 magic[]; // gzip magic header - enum { // flags (see RFC) FLAG_FTEXT = 0x01, // bit 0 set: file probably ascii text FLAG_FHCRC = 0x02, // bit 1 set: header CRC present @@ -88,6 +86,8 @@ class GZipHeader { IN_DONE, }; + static const uint8 magic[]; // gzip magic header + int state_; // our current State in the parsing FSM: an int so we can ++ uint8 flags_; // the flags byte of the header ("FLG" in the RFC) uint16 extra_length_; // how much of the "extra field" we have yet to read diff --git a/net/base/host_cache.h b/net/base/host_cache.h index aedc499..11ab1f3 100644 --- a/net/base/host_cache.h +++ b/net/base/host_cache.h @@ -10,8 +10,8 @@ #include <string> #include "base/gtest_prod_util.h" -#include "base/non_thread_safe.h" #include "base/ref_counted.h" +#include "base/threading/non_thread_safe.h" #include "base/time.h" #include "net/base/address_family.h" #include "net/base/address_list.h" @@ -19,7 +19,7 @@ namespace net { // Cache used by HostResolver to map hostnames to their resolved result. -class HostCache : public NonThreadSafe { +class HostCache : public base::NonThreadSafe { public: // Stores the latest address list that was looked up for a hostname. struct Entry : public base::RefCounted<Entry> { diff --git a/net/base/host_resolver_impl.cc b/net/base/host_resolver_impl.cc index fded5ff..a30f320 100644 --- a/net/base/host_resolver_impl.cc +++ b/net/base/host_resolver_impl.cc @@ -24,10 +24,10 @@ #include "base/metrics/histogram.h" #include "base/stl_util-inl.h" #include "base/string_util.h" +#include "base/threading/worker_pool.h" #include "base/time.h" #include "base/utf_string_conversions.h" #include "base/values.h" -#include "base/worker_pool.h" #include "net/base/address_list.h" #include "net/base/address_list_net_log_param.h" #include "net/base/host_port_pair.h" @@ -385,7 +385,7 @@ class HostResolverImpl::Job start_time_ = base::TimeTicks::Now(); // Dispatch the job to a worker thread. - if (!WorkerPool::PostTask(FROM_HERE, + if (!base::WorkerPool::PostTask(FROM_HERE, NewRunnableMethod(this, &Job::DoLookup), true)) { NOTREACHED(); @@ -653,7 +653,7 @@ class HostResolverImpl::IPv6ProbeJob return; DCHECK(IsOnOriginThread()); const bool kIsSlow = true; - WorkerPool::PostTask( + base::WorkerPool::PostTask( FROM_HERE, NewRunnableMethod(this, &IPv6ProbeJob::DoProbe), kIsSlow); } diff --git a/net/base/host_resolver_impl.h b/net/base/host_resolver_impl.h index 68c8c0b..d6d82d0 100644 --- a/net/base/host_resolver_impl.h +++ b/net/base/host_resolver_impl.h @@ -8,8 +8,8 @@ #include <vector> -#include "base/non_thread_safe.h" #include "base/scoped_ptr.h" +#include "base/threading/non_thread_safe.h" #include "net/base/capturing_net_log.h" #include "net/base/host_cache.h" #include "net/base/host_resolver.h" @@ -50,7 +50,7 @@ namespace net { // Requests are ordered in the queue based on their priority. class HostResolverImpl : public HostResolver, - public NonThreadSafe, + public base::NonThreadSafe, public NetworkChangeNotifier::Observer { public: // The index into |job_pools_| for the various job pools. Pools with a higher diff --git a/net/base/keygen_handler_unittest.cc b/net/base/keygen_handler_unittest.cc index f4251f2..ee60cee 100644 --- a/net/base/keygen_handler_unittest.cc +++ b/net/base/keygen_handler_unittest.cc @@ -11,9 +11,9 @@ #include "base/logging.h" #include "base/nss_util.h" #include "base/task.h" -#include "base/thread_restrictions.h" -#include "base/waitable_event.h" -#include "base/worker_pool.h" +#include "base/threading/worker_pool.h" +#include "base/threading/thread_restrictions.h" +#include "base/synchronization/waitable_event.h" #include "testing/gtest/include/gtest/gtest.h" #if defined(USE_NSS) @@ -124,10 +124,10 @@ TEST_F(KeygenHandlerTest, ConcurrencyTest) { std::string results[NUM_HANDLERS]; for (int i = 0; i < NUM_HANDLERS; i++) { events[i] = new base::WaitableEvent(false, false); - WorkerPool::PostTask(FROM_HERE, - new ConcurrencyTestTask(events[i], "some challenge", - &results[i]), - true); + base::WorkerPool::PostTask( + FROM_HERE, + new ConcurrencyTestTask(events[i], "some challenge", &results[i]), + true); } for (int i = 0; i < NUM_HANDLERS; i++) { diff --git a/net/base/listen_socket.cc b/net/base/listen_socket.cc index c964ec9..445d57d 100644 --- a/net/base/listen_socket.cc +++ b/net/base/listen_socket.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. +// Copyright (c) 2010 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -22,6 +22,7 @@ #endif #include "base/eintr_wrapper.h" +#include "base/threading/platform_thread.h" #include "net/base/net_util.h" #include "net/base/listen_socket.h" @@ -231,7 +232,7 @@ void ListenSocket::SendInternal(const char* bytes, int len) { send_buf += sent; len_left -= sent; } - PlatformThread::YieldCurrentThread(); + base::PlatformThread::YieldCurrentThread(); } } diff --git a/net/base/listen_socket.h b/net/base/listen_socket.h index e730b82..641ae51 100644 --- a/net/base/listen_socket.h +++ b/net/base/listen_socket.h @@ -19,7 +19,7 @@ #endif #include <string> #if defined(OS_WIN) -#include "base/object_watcher.h" +#include "base/win/object_watcher.h" #elif defined(OS_POSIX) #include "base/message_loop.h" #endif @@ -35,7 +35,7 @@ typedef int SOCKET; // Implements a raw socket interface class ListenSocket : public base::RefCountedThreadSafe<ListenSocket>, #if defined(OS_WIN) - public base::ObjectWatcher::Delegate + public base::win::ObjectWatcher::Delegate #elif defined(OS_POSIX) public MessageLoopForIO::Watcher #endif @@ -107,7 +107,7 @@ class ListenSocket : public base::RefCountedThreadSafe<ListenSocket>, #if defined(OS_WIN) // ObjectWatcher delegate virtual void OnObjectSignaled(HANDLE object); - base::ObjectWatcher watcher_; + base::win::ObjectWatcher watcher_; HANDLE socket_event_; #elif defined(OS_POSIX) WaitState wait_state_; diff --git a/net/base/listen_socket_unittest.h b/net/base/listen_socket_unittest.h index 6658d91..f283cb0 100644 --- a/net/base/listen_socket_unittest.h +++ b/net/base/listen_socket_unittest.h @@ -17,12 +17,12 @@ #endif #include "base/basictypes.h" -#include "base/condition_variable.h" -#include "base/lock.h" #include "base/message_loop.h" #include "base/scoped_ptr.h" #include "base/string_util.h" -#include "base/thread.h" +#include "base/synchronization/condition_variable.h" +#include "base/synchronization/lock.h" +#include "base/threading/thread.h" #include "net/base/listen_socket.h" #include "net/base/net_util.h" #include "net/base/winsock_init.h" @@ -116,8 +116,8 @@ class ListenSocketTester : SOCKET test_socket_; static const int kTestPort; - Lock lock_; // protects |queue_| and wraps |cv_| - ConditionVariable cv_; + base::Lock lock_; // protects |queue_| and wraps |cv_| + base::ConditionVariable cv_; std::deque<ListenSocketTestAction> queue_; }; diff --git a/net/base/mock_host_resolver.cc b/net/base/mock_host_resolver.cc index 9ee5c53..a1817a2 100644 --- a/net/base/mock_host_resolver.cc +++ b/net/base/mock_host_resolver.cc @@ -5,8 +5,8 @@ #include "net/base/mock_host_resolver.h" #include "base/string_util.h" -#include "base/platform_thread.h" #include "base/ref_counted.h" +#include "base/threading/platform_thread.h" #include "net/base/net_errors.h" #include "net/base/net_util.h" #include "net/base/sys_addrinfo.h" @@ -231,7 +231,7 @@ int RuleBasedHostResolverProc::Resolve(const std::string& host, if (matches_flags && matches_address_family && MatchPattern(host, r->host_pattern)) { if (r->latency_ms != 0) - PlatformThread::Sleep(r->latency_ms); + base::PlatformThread::Sleep(r->latency_ms); // Remap to a new host. const std::string& effective_host = diff --git a/net/base/mock_host_resolver.h b/net/base/mock_host_resolver.h index e5b8694..3b1e36a 100644 --- a/net/base/mock_host_resolver.h +++ b/net/base/mock_host_resolver.h @@ -8,7 +8,7 @@ #include <list> -#include "base/waitable_event.h" +#include "base/synchronization/waitable_event.h" #include "net/base/host_resolver_impl.h" #include "net/base/host_resolver_proc.h" @@ -41,16 +41,6 @@ class MockHostResolverBase : public HostResolver { public: virtual ~MockHostResolverBase(); - // HostResolver methods: - virtual int Resolve(const RequestInfo& info, - AddressList* addresses, - CompletionCallback* callback, - RequestHandle* out_req, - const BoundNetLog& net_log); - virtual void CancelRequest(RequestHandle req); - virtual void AddObserver(Observer* observer); - virtual void RemoveObserver(Observer* observer); - RuleBasedHostResolverProc* rules() { return rules_; } // Controls whether resolutions complete synchronously or asynchronously. @@ -68,6 +58,16 @@ class MockHostResolverBase : public HostResolver { pool_index, max_outstanding_jobs, max_pending_requests); } + // HostResolver methods: + virtual int Resolve(const RequestInfo& info, + AddressList* addresses, + CompletionCallback* callback, + RequestHandle* out_req, + const BoundNetLog& net_log); + virtual void CancelRequest(RequestHandle req); + virtual void AddObserver(Observer* observer); + virtual void RemoveObserver(Observer* observer); + protected: MockHostResolverBase(bool use_caching); @@ -143,11 +143,11 @@ class RuleBasedHostResolverProc : public HostResolverProc { int* os_error); private: - ~RuleBasedHostResolverProc(); - struct Rule; typedef std::list<Rule> RuleList; + ~RuleBasedHostResolverProc(); + RuleList rules_; }; diff --git a/net/base/net_log.cc b/net/base/net_log.cc index c9e7319..0f1bac4 100644 --- a/net/base/net_log.cc +++ b/net/base/net_log.cc @@ -3,11 +3,13 @@ // found in the LICENSE file. #include "net/base/net_log.h" + #include "base/logging.h" #include "base/string_number_conversions.h" #include "base/time.h" #include "base/utf_string_conversions.h" #include "base/values.h" +#include "net/base/net_errors.h" namespace net { @@ -157,6 +159,18 @@ void BoundNetLog::EndEvent( AddEntry(event_type, NetLog::PHASE_END, params); } +void BoundNetLog::EndEventWithNetErrorCode(NetLog::EventType event_type, + int net_error) const { + DCHECK_NE(net_error, net::ERR_IO_PENDING); + if (net_error >= 0) { + EndEvent(event_type, NULL); + } else { + EndEvent( + event_type, + make_scoped_refptr(new NetLogIntegerParameter("net_error", net_error))); + } +} + // static BoundNetLog BoundNetLog::Make(NetLog* net_log, NetLog::SourceType source_type) { diff --git a/net/base/net_log.h b/net/base/net_log.h index b8f903d..1d37129 100644 --- a/net/base/net_log.h +++ b/net/base/net_log.h @@ -34,6 +34,8 @@ namespace net { // TODO(eroman): Remove the 'const' qualitifer from the BoundNetLog methods. // TODO(eroman): Start a new Source each time net::URLRequest redirects // (simpler to reason about each as a separate entity). +// TODO(mmenke): Replace EndEvent calls with EndEventWithNetErrorCode, where +// appropriate. class NetLog { public: @@ -193,6 +195,13 @@ class BoundNetLog { void EndEvent(NetLog::EventType event_type, const scoped_refptr<NetLog::EventParameters>& params) const; + // Just like EndEvent, except |net_error| is a net error code. If it's + // negative, a parameter called "net_error" with a value of |net_error| is + // associated with the event. Otherwise, the end event has no parameters. + // |net_error| must not be ERR_IO_PENDING, as it's not a true error. + void EndEventWithNetErrorCode(NetLog::EventType event_type, + int net_error) const; + NetLog::LogLevel GetLogLevel() const; // Returns true if the log level is LOG_ALL. diff --git a/net/base/net_log_event_type_list.h b/net/base/net_log_event_type_list.h index f1bc4f8..0f1eecf 100644 --- a/net/base/net_log_event_type_list.h +++ b/net/base/net_log_event_type_list.h @@ -501,22 +501,85 @@ EVENT_TYPE(URL_REQUEST_REDIRECTED) // HttpCache // ------------------------------------------------------------------------ +// Measures the time while getting a reference to the back end. +EVENT_TYPE(HTTP_CACHE_GET_BACKEND) + // Measures the time while opening a disk cache entry. EVENT_TYPE(HTTP_CACHE_OPEN_ENTRY) // Measures the time while creating a disk cache entry. EVENT_TYPE(HTTP_CACHE_CREATE_ENTRY) +// Measures the time it takes to add a HttpCache::Transaction to an http cache +// entry's list of active Transactions. +EVENT_TYPE(HTTP_CACHE_ADD_TO_ENTRY) + // Measures the time while deleting a disk cache entry. EVENT_TYPE(HTTP_CACHE_DOOM_ENTRY) -// Measures the time while reading the response info from a disk cache entry. +// Measures the time while reading/writing a disk cache entry's response headers +// or metadata. EVENT_TYPE(HTTP_CACHE_READ_INFO) +EVENT_TYPE(HTTP_CACHE_WRITE_INFO) + +// Measures the time while reading/writing a disk cache entry's body. +EVENT_TYPE(HTTP_CACHE_READ_DATA) +EVENT_TYPE(HTTP_CACHE_WRITE_DATA) + +// ------------------------------------------------------------------------ +// Disk Cache +// ------------------------------------------------------------------------ + +// The creation/destruction of a disk_cache::EntryImpl object. The "creation" +// is considered to be the point at which an Entry is first considered to be +// good and associated with a key. +// +// For the BEGIN phase, the following parameters are attached: +// { +// "created": <true if the Entry was created, rather than being opened>; +// "key": <The Entry's key>; +// } +EVENT_TYPE(DISK_CACHE_ENTRY) + +// Logs the time required to read/write data from/to a cache entry. +// +// For the BEGIN phase, the following parameters are attached: +// { +// "index": <Index being read/written>; +// "offset": <Offset being read/written>; +// "buf_len": <Length of buffer being read to/written from>; +// "truncate": <If present for a write, the truncate flag is set to true. +// Not present in reads or writes where it is false> +// } +// +// For the END phase, the following parameters are attached: +// { +// "bytes_copied": <Number of bytes copied. Not present on error>; +// "net_error": <Network error code. Only present on error>; +// } +EVENT_TYPE(DISK_CACHE_READ_DATA) +EVENT_TYPE(DISK_CACHE_WRITE_DATA) + +// Logged when SparseControl starts/stops handling IO for an Entry. +EVENT_TYPE(SPARSE_CONTROL) + +// Logged when SparseControl starts/stops reading/writing a child Entry's data +// +// For the BEGIN phase, the following parameters are attached: +// { +// "source_dependency": <Source id of the child entry> +// } +EVENT_TYPE(SPARSE_CONTROL_READ) +EVENT_TYPE(SPARSE_CONTROL_WRITE) + +// Indicates the time taken by a sparse control to get a range. +EVENT_TYPE(SPARSE_CONTROL_GET_RANGE) + +// Logged when an entry is closed. +EVENT_TYPE(DISK_CACHE_CLOSE) -// Measures the time that an HttpCache::Transaction is stalled waiting for -// the cache entry to become available (for example if we are waiting for -// exclusive access to an existing entry). -EVENT_TYPE(HTTP_CACHE_WAITING) +// Logged when an entry is doomed. +EVENT_TYPE(DISK_CACHE_DOOM) // ------------------------------------------------------------------------ // HttpNetworkTransaction diff --git a/net/base/net_log_source_type_list.h b/net/base/net_log_source_type_list.h index 231ecd2..ba34955 100644 --- a/net/base/net_log_source_type_list.h +++ b/net/base/net_log_source_type_list.h @@ -15,5 +15,6 @@ SOURCE_TYPE(SOCKET, 5) SOURCE_TYPE(SPDY_SESSION, 6) SOURCE_TYPE(HOST_RESOLVER_IMPL_REQUEST, 7) SOURCE_TYPE(HOST_RESOLVER_IMPL_JOB, 8) +SOURCE_TYPE(DISK_CACHE_ENTRY, 9) -SOURCE_TYPE(COUNT, 9) // Always keep this as the last entry. +SOURCE_TYPE(COUNT, 10) // Always keep this as the last entry. diff --git a/net/base/network_change_notifier_linux.cc b/net/base/network_change_notifier_linux.cc index 1db4bd1..c19d182 100644 --- a/net/base/network_change_notifier_linux.cc +++ b/net/base/network_change_notifier_linux.cc @@ -10,7 +10,7 @@ #include "base/compiler_specific.h" #include "base/eintr_wrapper.h" #include "base/task.h" -#include "base/thread.h" +#include "base/threading/thread.h" #include "net/base/net_errors.h" #include "net/base/network_change_notifier_netlink_linux.h" @@ -91,7 +91,8 @@ void NetworkChangeNotifierLinux::Thread::OnFileCanReadWithoutBlocking(int fd) { ListenForNotifications(); } -void NetworkChangeNotifierLinux::Thread::OnFileCanWriteWithoutBlocking(int /* fd */) { +void NetworkChangeNotifierLinux::Thread::OnFileCanWriteWithoutBlocking( + int /* fd */) { NOTREACHED(); } diff --git a/net/base/network_change_notifier_win.h b/net/base/network_change_notifier_win.h index 44782c7..c76f7fd 100644 --- a/net/base/network_change_notifier_win.h +++ b/net/base/network_change_notifier_win.h @@ -9,13 +9,13 @@ #include <windows.h> #include "base/basictypes.h" -#include "base/object_watcher.h" +#include "base/win/object_watcher.h" #include "net/base/network_change_notifier.h" namespace net { class NetworkChangeNotifierWin : public NetworkChangeNotifier, - public base::ObjectWatcher::Delegate { + public base::win::ObjectWatcher::Delegate { public: NetworkChangeNotifierWin(); @@ -31,7 +31,7 @@ class NetworkChangeNotifierWin : public NetworkChangeNotifier, // Begins listening for a single subsequent address change. void WatchForAddressChange(); - base::ObjectWatcher addr_watcher_; + base::win::ObjectWatcher addr_watcher_; OVERLAPPED addr_overlapped_; DISALLOW_COPY_AND_ASSIGN(NetworkChangeNotifierWin); diff --git a/net/base/network_config_watcher_mac.cc b/net/base/network_config_watcher_mac.cc index dd93067..afec17d 100644 --- a/net/base/network_config_watcher_mac.cc +++ b/net/base/network_config_watcher_mac.cc @@ -9,7 +9,7 @@ #include <algorithm> #include "base/compiler_specific.h" -#include "base/thread.h" +#include "base/threading/thread.h" #include "base/mac/scoped_cftyperef.h" namespace net { diff --git a/net/base/registry_controlled_domain.h b/net/base/registry_controlled_domain.h index 7586c12..90a1b8f 100644 --- a/net/base/registry_controlled_domain.h +++ b/net/base/registry_controlled_domain.h @@ -204,6 +204,8 @@ class RegistryControlledDomainService { static RegistryControlledDomainService* GetInstance(); protected: + typedef const struct DomainRule* (*FindDomainPtr)(const char *, unsigned int); + // The entire protected API is only for unit testing. I mean it. Don't make // me come over there! RegistryControlledDomainService(); @@ -216,8 +218,6 @@ class RegistryControlledDomainService { static RegistryControlledDomainService* SetInstance( RegistryControlledDomainService* instance); - typedef const struct DomainRule* (*FindDomainPtr)(const char *, unsigned int); - // Used for unit tests, so that a different perfect hash map from the full // list is used. static void UseFindDomainFunction(FindDomainPtr function); diff --git a/net/base/sdch_manager.cc b/net/base/sdch_manager.cc index 5aca923..18976c9 100644 --- a/net/base/sdch_manager.cc +++ b/net/base/sdch_manager.cc @@ -26,41 +26,176 @@ const size_t SdchManager::kMaxDictionaryCount = 20; // static SdchManager* SdchManager::global_; -// static -SdchManager* SdchManager::Global() { - return global_; +//------------------------------------------------------------------------------ +SdchManager::Dictionary::Dictionary(const std::string& dictionary_text, + size_t offset, const std::string& client_hash, const GURL& gurl, + const std::string& domain, const std::string& path, const Time& expiration, + const std::set<int> ports) + : text_(dictionary_text, offset), + client_hash_(client_hash), + url_(gurl), + domain_(domain), + path_(path), + expiration_(expiration), + ports_(ports) { } -// static -void SdchManager::SdchErrorRecovery(ProblemCodes problem) { - UMA_HISTOGRAM_ENUMERATION("Sdch3.ProblemCodes_4", problem, MAX_PROBLEM_CODE); +SdchManager::Dictionary::~Dictionary() { } -// static -void SdchManager::ClearBlacklistings() { - Global()->blacklisted_domains_.clear(); - Global()->exponential_blacklist_count.clear(); +bool SdchManager::Dictionary::CanAdvertise(const GURL& target_url) { + if (!SdchManager::Global()->IsInSupportedDomain(target_url)) + return false; + /* The specific rules of when a dictionary should be advertised in an + Avail-Dictionary header are modeled after the rules for cookie scoping. The + terms "domain-match" and "pathmatch" are defined in RFC 2965 [6]. A + dictionary may be advertised in the Avail-Dictionaries header exactly when + all of the following are true: + 1. The server's effective host name domain-matches the Domain attribute of + the dictionary. + 2. If the dictionary has a Port attribute, the request port is one of the + ports listed in the Port attribute. + 3. The request URI path-matches the path header of the dictionary. + 4. The request is not an HTTPS request. + */ + if (!DomainMatch(target_url, domain_)) + return false; + if (!ports_.empty() && 0 == ports_.count(target_url.EffectiveIntPort())) + return false; + if (path_.size() && !PathMatch(target_url.path(), path_)) + return false; + if (target_url.SchemeIsSecure()) + return false; + if (Time::Now() > expiration_) + return false; + return true; } +//------------------------------------------------------------------------------ +// Security functions restricting loads and use of dictionaries. + // static -void SdchManager::ClearDomainBlacklisting(const std::string& domain) { - Global()->blacklisted_domains_.erase(StringToLowerASCII(domain)); +bool SdchManager::Dictionary::CanSet(const std::string& domain, + const std::string& path, + const std::set<int> ports, + const GURL& dictionary_url) { + if (!SdchManager::Global()->IsInSupportedDomain(dictionary_url)) + return false; + /* + A dictionary is invalid and must not be stored if any of the following are + true: + 1. The dictionary has no Domain attribute. + 2. The effective host name that derives from the referer URL host name does + not domain-match the Domain attribute. + 3. The Domain attribute is a top level domain. + 4. The referer URL host is a host domain name (not IP address) and has the + form HD, where D is the value of the Domain attribute, and H is a string + that contains one or more dots. + 5. If the dictionary has a Port attribute and the referer URL's port was not + in the list. + */ + + // TODO(jar): Redirects in dictionary fetches might plausibly be problematic, + // and hence the conservative approach is to not allow any redirects (if there + // were any... then don't allow the dictionary to be set). + + if (domain.empty()) { + SdchErrorRecovery(DICTIONARY_MISSING_DOMAIN_SPECIFIER); + return false; // Domain is required. + } + if (net::RegistryControlledDomainService::GetDomainAndRegistry(domain).size() + == 0) { + SdchErrorRecovery(DICTIONARY_SPECIFIES_TOP_LEVEL_DOMAIN); + return false; // domain was a TLD. + } + if (!Dictionary::DomainMatch(dictionary_url, domain)) { + SdchErrorRecovery(DICTIONARY_DOMAIN_NOT_MATCHING_SOURCE_URL); + return false; + } + + std::string referrer_url_host = dictionary_url.host(); + size_t postfix_domain_index = referrer_url_host.rfind(domain); + // See if it is indeed a postfix, or just an internal string. + if (referrer_url_host.size() == postfix_domain_index + domain.size()) { + // It is a postfix... so check to see if there's a dot in the prefix. + size_t end_of_host_index = referrer_url_host.find_first_of('.'); + if (referrer_url_host.npos != end_of_host_index && + end_of_host_index < postfix_domain_index) { + SdchErrorRecovery(DICTIONARY_REFERER_URL_HAS_DOT_IN_PREFIX); + return false; + } + } + + if (!ports.empty() + && 0 == ports.count(dictionary_url.EffectiveIntPort())) { + SdchErrorRecovery(DICTIONARY_PORT_NOT_MATCHING_SOURCE_URL); + return false; + } + return true; } // static -int SdchManager::BlackListDomainCount(const std::string& domain) { - if (Global()->blacklisted_domains_.end() == - Global()->blacklisted_domains_.find(domain)) - return 0; - return Global()->blacklisted_domains_[StringToLowerASCII(domain)]; +bool SdchManager::Dictionary::CanUse(const GURL& referring_url) { + if (!SdchManager::Global()->IsInSupportedDomain(referring_url)) + return false; + /* + 1. The request URL's host name domain-matches the Domain attribute of the + dictionary. + 2. If the dictionary has a Port attribute, the request port is one of the + ports listed in the Port attribute. + 3. The request URL path-matches the path attribute of the dictionary. + 4. The request is not an HTTPS request. +*/ + if (!DomainMatch(referring_url, domain_)) { + SdchErrorRecovery(DICTIONARY_FOUND_HAS_WRONG_DOMAIN); + return false; + } + if (!ports_.empty() + && 0 == ports_.count(referring_url.EffectiveIntPort())) { + SdchErrorRecovery(DICTIONARY_FOUND_HAS_WRONG_PORT_LIST); + return false; + } + if (path_.size() && !PathMatch(referring_url.path(), path_)) { + SdchErrorRecovery(DICTIONARY_FOUND_HAS_WRONG_PATH); + return false; + } + if (referring_url.SchemeIsSecure()) { + SdchErrorRecovery(DICTIONARY_FOUND_HAS_WRONG_SCHEME); + return false; + } + + // TODO(jar): Remove overly restrictive failsafe test (added per security + // review) when we have a need to be more general. + if (!referring_url.SchemeIs("http")) { + SdchErrorRecovery(ATTEMPT_TO_DECODE_NON_HTTP_DATA); + return false; + } + + return true; +} + +bool SdchManager::Dictionary::PathMatch(const std::string& path, + const std::string& restriction) { + /* Must be either: + 1. P2 is equal to P1 + 2. P2 is a prefix of P1 and either the final character in P2 is "/" or the + character following P2 in P1 is "/". + */ + if (path == restriction) + return true; + size_t prefix_length = restriction.size(); + if (prefix_length > path.size()) + return false; // Can't be a prefix. + if (0 != path.compare(0, prefix_length, restriction)) + return false; + return restriction[prefix_length - 1] == '/' || path[prefix_length] == '/'; } // static -int SdchManager::BlacklistDomainExponential(const std::string& domain) { - if (Global()->exponential_blacklist_count.end() == - Global()->exponential_blacklist_count.find(domain)) - return 0; - return Global()->exponential_blacklist_count[StringToLowerASCII(domain)]; +bool SdchManager::Dictionary::DomainMatch(const GURL& gurl, + const std::string& restriction) { + // TODO(jar): This is not precisely a domain match definition. + return gurl.DomainIs(restriction.data(), restriction.size()); } //------------------------------------------------------------------------------ @@ -87,6 +222,22 @@ void SdchManager::Shutdown() { } // static +SdchManager* SdchManager::Global() { + return global_; +} + +// static +void SdchManager::SdchErrorRecovery(ProblemCodes problem) { + UMA_HISTOGRAM_ENUMERATION("Sdch3.ProblemCodes_4", problem, MAX_PROBLEM_CODE); +} + +void SdchManager::EnableSdchSupport(const std::string& domain) { + // We presume that there is a SDCH manager instance. + global_->supported_domain_ = domain; + global_->sdch_enabled_ = true; +} + +// static void SdchManager::BlacklistDomain(const GURL& url) { if (!global_ ) return; @@ -117,10 +268,31 @@ void SdchManager::BlacklistDomainForever(const GURL& url) { global_->blacklisted_domains_[domain] = INT_MAX; } -void SdchManager::EnableSdchSupport(const std::string& domain) { - // We presume that there is a SDCH manager instance. - global_->supported_domain_ = domain; - global_->sdch_enabled_ = true; +// static +void SdchManager::ClearBlacklistings() { + Global()->blacklisted_domains_.clear(); + Global()->exponential_blacklist_count.clear(); +} + +// static +void SdchManager::ClearDomainBlacklisting(const std::string& domain) { + Global()->blacklisted_domains_.erase(StringToLowerASCII(domain)); +} + +// static +int SdchManager::BlackListDomainCount(const std::string& domain) { + if (Global()->blacklisted_domains_.end() == + Global()->blacklisted_domains_.find(domain)) + return 0; + return Global()->blacklisted_domains_[StringToLowerASCII(domain)]; +} + +// static +int SdchManager::BlacklistDomainExponential(const std::string& domain) { + if (Global()->exponential_blacklist_count.end() == + Global()->exponential_blacklist_count.find(domain)) + return 0; + return Global()->exponential_blacklist_count[StringToLowerASCII(domain)]; } bool SdchManager::IsInSupportedDomain(const GURL& url) { @@ -147,6 +319,13 @@ bool SdchManager::IsInSupportedDomain(const GURL& url) { return false; } +void SdchManager::FetchDictionary(const GURL& request_url, + const GURL& dictionary_url) { + if (SdchManager::Global()->CanFetchDictionary(request_url, dictionary_url) && + fetcher_.get()) + fetcher_->Schedule(dictionary_url); +} + bool SdchManager::CanFetchDictionary(const GURL& referring_url, const GURL& dictionary_url) const { /* The user agent may retrieve a dictionary from the dictionary URL if all of @@ -179,13 +358,6 @@ bool SdchManager::CanFetchDictionary(const GURL& referring_url, return true; } -void SdchManager::FetchDictionary(const GURL& request_url, - const GURL& dictionary_url) { - if (SdchManager::Global()->CanFetchDictionary(request_url, dictionary_url) && - fetcher_.get()) - fetcher_->Schedule(dictionary_url); -} - bool SdchManager::AddSdchDictionary(const std::string& dictionary_text, const GURL& dictionary_url) { std::string client_hash; @@ -317,22 +489,6 @@ void SdchManager::GetAvailDictionaryList(const GURL& target_url, UMA_HISTOGRAM_COUNTS("Sdch3.Advertisement_Count", count); } -SdchManager::Dictionary::Dictionary(const std::string& dictionary_text, - size_t offset, const std::string& client_hash, const GURL& gurl, - const std::string& domain, const std::string& path, const Time& expiration, - const std::set<int> ports) - : text_(dictionary_text, offset), - client_hash_(client_hash), - url_(gurl), - domain_(domain), - path_(path), - expiration_(expiration), - ports_(ports) { -} - -SdchManager::Dictionary::~Dictionary() { -} - // static void SdchManager::GenerateHash(const std::string& dictionary_text, std::string* client_hash, std::string* server_hash) { @@ -348,181 +504,6 @@ void SdchManager::GenerateHash(const std::string& dictionary_text, DCHECK_EQ(client_hash->length(), 8u); } -// static -void SdchManager::UrlSafeBase64Encode(const std::string& input, - std::string* output) { - // Since this is only done during a dictionary load, and hashes are only 8 - // characters, we just do the simple fixup, rather than rewriting the encoder. - base::Base64Encode(input, output); - for (size_t i = 0; i < output->size(); ++i) { - switch (output->data()[i]) { - case '+': - (*output)[i] = '-'; - continue; - case '/': - (*output)[i] = '_'; - continue; - default: - continue; - } - } -} - -//------------------------------------------------------------------------------ -// Security functions restricting loads and use of dictionaries. - -// static -bool SdchManager::Dictionary::CanSet(const std::string& domain, - const std::string& path, - const std::set<int> ports, - const GURL& dictionary_url) { - if (!SdchManager::Global()->IsInSupportedDomain(dictionary_url)) - return false; - /* - A dictionary is invalid and must not be stored if any of the following are - true: - 1. The dictionary has no Domain attribute. - 2. The effective host name that derives from the referer URL host name does - not domain-match the Domain attribute. - 3. The Domain attribute is a top level domain. - 4. The referer URL host is a host domain name (not IP address) and has the - form HD, where D is the value of the Domain attribute, and H is a string - that contains one or more dots. - 5. If the dictionary has a Port attribute and the referer URL's port was not - in the list. - */ - - // TODO(jar): Redirects in dictionary fetches might plausibly be problematic, - // and hence the conservative approach is to not allow any redirects (if there - // were any... then don't allow the dictionary to be set). - - if (domain.empty()) { - SdchErrorRecovery(DICTIONARY_MISSING_DOMAIN_SPECIFIER); - return false; // Domain is required. - } - if (net::RegistryControlledDomainService::GetDomainAndRegistry(domain).size() - == 0) { - SdchErrorRecovery(DICTIONARY_SPECIFIES_TOP_LEVEL_DOMAIN); - return false; // domain was a TLD. - } - if (!Dictionary::DomainMatch(dictionary_url, domain)) { - SdchErrorRecovery(DICTIONARY_DOMAIN_NOT_MATCHING_SOURCE_URL); - return false; - } - - std::string referrer_url_host = dictionary_url.host(); - size_t postfix_domain_index = referrer_url_host.rfind(domain); - // See if it is indeed a postfix, or just an internal string. - if (referrer_url_host.size() == postfix_domain_index + domain.size()) { - // It is a postfix... so check to see if there's a dot in the prefix. - size_t end_of_host_index = referrer_url_host.find_first_of('.'); - if (referrer_url_host.npos != end_of_host_index && - end_of_host_index < postfix_domain_index) { - SdchErrorRecovery(DICTIONARY_REFERER_URL_HAS_DOT_IN_PREFIX); - return false; - } - } - - if (!ports.empty() - && 0 == ports.count(dictionary_url.EffectiveIntPort())) { - SdchErrorRecovery(DICTIONARY_PORT_NOT_MATCHING_SOURCE_URL); - return false; - } - return true; -} - -// static -bool SdchManager::Dictionary::CanUse(const GURL& referring_url) { - if (!SdchManager::Global()->IsInSupportedDomain(referring_url)) - return false; - /* - 1. The request URL's host name domain-matches the Domain attribute of the - dictionary. - 2. If the dictionary has a Port attribute, the request port is one of the - ports listed in the Port attribute. - 3. The request URL path-matches the path attribute of the dictionary. - 4. The request is not an HTTPS request. -*/ - if (!DomainMatch(referring_url, domain_)) { - SdchErrorRecovery(DICTIONARY_FOUND_HAS_WRONG_DOMAIN); - return false; - } - if (!ports_.empty() - && 0 == ports_.count(referring_url.EffectiveIntPort())) { - SdchErrorRecovery(DICTIONARY_FOUND_HAS_WRONG_PORT_LIST); - return false; - } - if (path_.size() && !PathMatch(referring_url.path(), path_)) { - SdchErrorRecovery(DICTIONARY_FOUND_HAS_WRONG_PATH); - return false; - } - if (referring_url.SchemeIsSecure()) { - SdchErrorRecovery(DICTIONARY_FOUND_HAS_WRONG_SCHEME); - return false; - } - - // TODO(jar): Remove overly restrictive failsafe test (added per security - // review) when we have a need to be more general. - if (!referring_url.SchemeIs("http")) { - SdchErrorRecovery(ATTEMPT_TO_DECODE_NON_HTTP_DATA); - return false; - } - - return true; -} - -bool SdchManager::Dictionary::CanAdvertise(const GURL& target_url) { - if (!SdchManager::Global()->IsInSupportedDomain(target_url)) - return false; - /* The specific rules of when a dictionary should be advertised in an - Avail-Dictionary header are modeled after the rules for cookie scoping. The - terms "domain-match" and "pathmatch" are defined in RFC 2965 [6]. A - dictionary may be advertised in the Avail-Dictionaries header exactly when - all of the following are true: - 1. The server's effective host name domain-matches the Domain attribute of - the dictionary. - 2. If the dictionary has a Port attribute, the request port is one of the - ports listed in the Port attribute. - 3. The request URI path-matches the path header of the dictionary. - 4. The request is not an HTTPS request. - */ - if (!DomainMatch(target_url, domain_)) - return false; - if (!ports_.empty() && 0 == ports_.count(target_url.EffectiveIntPort())) - return false; - if (path_.size() && !PathMatch(target_url.path(), path_)) - return false; - if (target_url.SchemeIsSecure()) - return false; - if (Time::Now() > expiration_) - return false; - return true; -} - -bool SdchManager::Dictionary::PathMatch(const std::string& path, - const std::string& restriction) { - /* Must be either: - 1. P2 is equal to P1 - 2. P2 is a prefix of P1 and either the final character in P2 is "/" or the - character following P2 in P1 is "/". - */ - if (path == restriction) - return true; - size_t prefix_length = restriction.size(); - if (prefix_length > path.size()) - return false; // Can't be a prefix. - if (0 != path.compare(0, prefix_length, restriction)) - return false; - return restriction[prefix_length - 1] == '/' || path[prefix_length] == '/'; -} - -// static -bool SdchManager::Dictionary::DomainMatch(const GURL& gurl, - const std::string& restriction) { - // TODO(jar): This is not precisely a domain match definition. - return gurl.DomainIs(restriction.data(), restriction.size()); -} - //------------------------------------------------------------------------------ // Methods for supporting latency experiments. @@ -542,3 +523,23 @@ void SdchManager::SetAllowLatencyExperiment(const GURL& url, bool enable) { SdchErrorRecovery(LATENCY_TEST_DISALLOWED); allow_latency_experiment_.erase(it); } + +// static +void SdchManager::UrlSafeBase64Encode(const std::string& input, + std::string* output) { + // Since this is only done during a dictionary load, and hashes are only 8 + // characters, we just do the simple fixup, rather than rewriting the encoder. + base::Base64Encode(input, output); + for (size_t i = 0; i < output->size(); ++i) { + switch (output->data()[i]) { + case '+': + (*output)[i] = '-'; + continue; + case '/': + (*output)[i] = '_'; + continue; + default: + continue; + } + } +} diff --git a/net/base/ssl_config_service.h b/net/base/ssl_config_service.h index de2ebef..0a9d569 100644 --- a/net/base/ssl_config_service.h +++ b/net/base/ssl_config_service.h @@ -22,6 +22,9 @@ struct SSLConfig { SSLConfig(); ~SSLConfig(); + // Returns true if |cert| is one of the certs in |allowed_bad_certs|. + bool IsAllowedBadCert(X509Certificate* cert) const; + bool rev_checking_enabled; // True if server certificate revocation // checking is enabled. // SSL 2.0 is not supported. @@ -79,9 +82,6 @@ struct SSLConfig { int cert_status; }; - // Returns true if |cert| is one of the certs in |allowed_bad_certs|. - bool IsAllowedBadCert(X509Certificate* cert) const; - // Add any known-bad SSL certificate (with its cert status) to // |allowed_bad_certs| that should not trigger an ERR_CERT_* error when // calling SSLClientSocket::Connect. This would normally be done in diff --git a/net/base/ssl_config_service_win.cc b/net/base/ssl_config_service_win.cc index aca0626..ca20e79 100644 --- a/net/base/ssl_config_service_win.cc +++ b/net/base/ssl_config_service_win.cc @@ -4,7 +4,7 @@ #include "net/base/ssl_config_service_win.h" -#include "base/thread_restrictions.h" +#include "base/threading/thread_restrictions.h" #include "base/win/registry.h" using base::TimeDelta; diff --git a/net/base/test_completion_callback_unittest.cc b/net/base/test_completion_callback_unittest.cc index c19aae0..a0ae9bf 100644 --- a/net/base/test_completion_callback_unittest.cc +++ b/net/base/test_completion_callback_unittest.cc @@ -1,13 +1,13 @@ -// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. +// Copyright (c) 2010 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. // Illustrates how to use worker threads that issue completion callbacks -#include "testing/gtest/include/gtest/gtest.h" +#include "base/threading/worker_pool.h" #include "net/base/completion_callback.h" #include "net/base/test_completion_callback.h" -#include "base/worker_pool.h" +#include "testing/gtest/include/gtest/gtest.h" #include "testing/platform_test.h" typedef PlatformTest TestCompletionCallbackTest; @@ -102,7 +102,7 @@ bool ExampleEmployer::DoSomething(CompletionCallback* callback) { request_ = new ExampleWorker(this, callback); // Dispatch to worker thread... - if (!WorkerPool::PostTask(FROM_HERE, + if (!base::WorkerPool::PostTask(FROM_HERE, NewRunnableMethod(request_.get(), &ExampleWorker::DoWork), true)) { NOTREACHED(); request_ = NULL; diff --git a/net/base/transport_security_state.cc b/net/base/transport_security_state.cc index 258d59f..32b7566 100644 --- a/net/base/transport_security_state.cc +++ b/net/base/transport_security_state.cc @@ -435,6 +435,7 @@ bool TransportSecurityState::IsPreloadedSTS( {22, false, "\007support\010mayfirst\003org"}, {17, false, "\002id\010mayfirst\003org"}, {20, false, "\005lists\010mayfirst\003org"}, + {19, true, "\015splendidbacon\003com"}, }; static const size_t kNumPreloadedSTS = ARRAYSIZE_UNSAFE(kPreloadedSTS); diff --git a/net/base/transport_security_state.h b/net/base/transport_security_state.h index fcd4e79..768ccbb 100644 --- a/net/base/transport_security_state.h +++ b/net/base/transport_security_state.h @@ -43,13 +43,13 @@ class TransportSecurityState : // * Certificate issues are fatal. MODE_SPDY_ONLY = 2, }; - Mode mode; DomainState() : mode(MODE_STRICT), created(base::Time::Now()), include_subdomains(false) { } + Mode mode; base::Time created; // when this host entry was first created base::Time expiry; // the absolute time (UTC) when this record expires bool include_subdomains; // subdomains included? @@ -101,6 +101,10 @@ class TransportSecurityState : // our state is dirty. void DirtyNotify(); + static std::string CanonicaliseHost(const std::string& host); + static bool IsPreloadedSTS(const std::string& canonicalised_host, + bool* out_include_subdomains); + // The set of hosts that have enabled TransportSecurity. The keys here // are SHA256(DNSForm(domain)) where DNSForm converts from dotted form // ('www.google.com') to the form used in DNS: "\x03www\x06google\x03com" @@ -109,10 +113,6 @@ class TransportSecurityState : // Our delegate who gets notified when we are dirtied, or NULL. Delegate* delegate_; - static std::string CanonicaliseHost(const std::string& host); - static bool IsPreloadedSTS(const std::string& canonicalised_host, - bool* out_include_subdomains); - DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); }; diff --git a/net/base/transport_security_state_unittest.cc b/net/base/transport_security_state_unittest.cc index 3364bf1..3c81c69 100644 --- a/net/base/transport_security_state_unittest.cc +++ b/net/base/transport_security_state_unittest.cc @@ -366,6 +366,10 @@ TEST_F(TransportSecurityStateTest, Preloaded) { EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "id.mayfirst.org")); EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "lists.mayfirst.org")); EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www.mayfirst.org")); + + EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "splendidbacon.com")); + EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.splendidbacon.com")); + EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "foo.splendidbacon.com")); } TEST_F(TransportSecurityStateTest, LongNames) { diff --git a/net/base/x509_certificate.h b/net/base/x509_certificate.h index 98375db..b3fa006 100644 --- a/net/base/x509_certificate.h +++ b/net/base/x509_certificate.h @@ -109,6 +109,11 @@ class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> { FORMAT_PKCS7, }; + // Creates a X509Certificate from the ground up. Used by tests that simulate + // SSL connections. + X509Certificate(const std::string& subject, const std::string& issuer, + base::Time start_date, base::Time expiration_date); + // Create an X509Certificate from a handle to the certificate object in the // underlying crypto library. |source| specifies where |cert_handle| comes // from. Given two certificate handles for the same certificate, our @@ -175,11 +180,6 @@ class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> { uint32 serial_number, base::TimeDelta valid_duration); - // Creates a X509Certificate from the ground up. Used by tests that simulate - // SSL connections. - X509Certificate(const std::string& subject, const std::string& issuer, - base::Time start_date, base::Time expiration_date); - // Appends a representation of this object to the given pickle. void Persist(Pickle* pickle); |