Merge Chromium at r10.0.634.0: Initial merge by git.

Change-Id: Iac2af492818d119bcc2562eb5fdabf5ab0b6df9c

16 files changed, 189 insertions, 41 deletions

diff --git a/net/socket/client_socket_pool_base_unittest.cc b/net/socket/client_socket_pool_base_unittest.cc
index 7c0e2e1..c6092d7 100644
--- a/net/socket/client_socket_pool_base_unittest.cc
+++ b/net/socket/client_socket_pool_base_unittest.cc
@@ -7,11 +7,11 @@
 #include "base/callback.h"
 #include "base/compiler_specific.h"
 #include "base/message_loop.h"
-#include "base/platform_thread.h"
 #include "base/ref_counted.h"
 #include "base/scoped_vector.h"
 #include "base/string_number_conversions.h"
 #include "base/string_util.h"
+#include "base/threading/platform_thread.h"
 #include "net/base/net_errors.h"
 #include "net/base/net_log.h"
 #include "net/base/net_log_unittest.h"
@@ -618,7 +618,7 @@ TEST_F(ClientSocketPoolBaseTest, ConnectJob_TimedOut) {
                          &client_socket_factory_,
                          &log);
   ASSERT_EQ(ERR_IO_PENDING, job->Connect());
-  PlatformThread::Sleep(1);
+  base::PlatformThread::Sleep(1);
   EXPECT_EQ(ERR_TIMED_OUT, delegate.WaitForResult());
 
   net::CapturingNetLog::EntryList entries;
@@ -872,7 +872,7 @@ TEST_F(ClientSocketPoolBaseTest, TotalLimitCountsConnectingSockets) {
   // actually become pending until 2ms after they have been created. In order
   // to flush all tasks, we need to wait so that we know there are no
   // soon-to-be-pending tasks waiting.
-  PlatformThread::Sleep(10);
+  base::PlatformThread::Sleep(10);
   MessageLoop::current()->RunAllPending();
 
   // The next synchronous request should wait for its turn.
@@ -1315,7 +1315,7 @@ class RequestSocketCallback : public CallbackRunner< Tuple1<int> > {
           {
             MessageLoop::ScopedNestableTaskAllower nestable(
                 MessageLoop::current());
-            PlatformThread::Sleep(10);
+            base::PlatformThread::Sleep(10);
             EXPECT_EQ(OK, next_job_callback.WaitForResult());
           }
           break;
@@ -1890,7 +1890,7 @@ TEST_F(ClientSocketPoolBaseTest, CleanupTimedOutIdleSockets) {
   // actually become pending until 2ms after they have been created. In order
   // to flush all tasks, we need to wait so that we know there are no
   // soon-to-be-pending tasks waiting.
-  PlatformThread::Sleep(10);
+  base::PlatformThread::Sleep(10);
   MessageLoop::current()->RunAllPending();
 
   ASSERT_EQ(2, pool_->IdleSocketCount());
@@ -2313,7 +2313,8 @@ TEST_F(ClientSocketPoolBaseTest, BackupSocketCancelAtMaxSockets) {
   handle.Reset();
 
   // Wait for the backup timer to fire (add some slop to ensure it fires)
-  PlatformThread::Sleep(ClientSocketPool::kMaxConnectRetryIntervalMs / 2 * 3);
+  base::PlatformThread::Sleep(
+      ClientSocketPool::kMaxConnectRetryIntervalMs / 2 * 3);
 
   MessageLoop::current()->RunAllPending();
   EXPECT_EQ(kDefaultMaxSockets, client_socket_factory_.allocation_count());
@@ -2341,7 +2342,8 @@ TEST_F(ClientSocketPoolBaseTest, CancelBackupSocketAfterCancelingAllRequests) {
   // the backup time to see if it indeed got canceled.
   handle.Reset();
   // Wait for the backup timer to fire (add some slop to ensure it fires)
-  PlatformThread::Sleep(ClientSocketPool::kMaxConnectRetryIntervalMs / 2 * 3);
+  base::PlatformThread::Sleep(
+      ClientSocketPool::kMaxConnectRetryIntervalMs / 2 * 3);
   MessageLoop::current()->RunAllPending();
   ASSERT_TRUE(pool_->HasGroup("bar"));
   EXPECT_EQ(1, pool_->NumConnectJobsInGroup("bar"));
@@ -2379,7 +2381,8 @@ TEST_F(ClientSocketPoolBaseTest, CancelBackupSocketAfterFinishingAllRequests) {
   handle.Reset();
   EXPECT_EQ(OK, callback2.WaitForResult());
   // Wait for the backup timer to fire (add some slop to ensure it fires)
-  PlatformThread::Sleep(ClientSocketPool::kMaxConnectRetryIntervalMs / 2 * 3);
+  base::PlatformThread::Sleep(
+      ClientSocketPool::kMaxConnectRetryIntervalMs / 2 * 3);
   MessageLoop::current()->RunAllPending();
 }
 
diff --git a/net/socket/client_socket_pool_manager.h b/net/socket/client_socket_pool_manager.h
index cfcb465..d6d09e9 100644
--- a/net/socket/client_socket_pool_manager.h
+++ b/net/socket/client_socket_pool_manager.h
@@ -12,11 +12,11 @@
 
 #include <map>
 #include "base/basictypes.h"
-#include "base/non_thread_safe.h"
 #include "base/ref_counted.h"
 #include "base/scoped_ptr.h"
-#include "base/template_util.h"
 #include "base/stl_util-inl.h"
+#include "base/template_util.h"
+#include "base/threading/non_thread_safe.h"
 #include "net/socket/client_socket_pool_histograms.h"
 
 class Value;
@@ -57,7 +57,7 @@ class OwnedPoolMap : public std::map<Key, Value> {
 
 }  // namespace internal
 
-class ClientSocketPoolManager : public NonThreadSafe {
+class ClientSocketPoolManager : public base::NonThreadSafe {
  public:
   ClientSocketPoolManager(NetLog* net_log,
                           ClientSocketFactory* socket_factory,
diff --git a/net/socket/dns_cert_provenance_checker.cc b/net/socket/dns_cert_provenance_checker.cc
index 51a9750..665a16a 100644
--- a/net/socket/dns_cert_provenance_checker.cc
+++ b/net/socket/dns_cert_provenance_checker.cc
@@ -21,9 +21,9 @@
 #include "base/crypto/encryptor.h"
 #include "base/crypto/symmetric_key.h"
 #include "base/lazy_instance.h"
-#include "base/non_thread_safe.h"
 #include "base/pickle.h"
 #include "base/scoped_ptr.h"
+#include "base/threading/non_thread_safe.h"
 #include "net/base/completion_callback.h"
 #include "net/base/dns_util.h"
 #include "net/base/dnsrr_resolver.h"
@@ -85,7 +85,7 @@ static base::LazyInstance<DnsCertLimits> g_dns_cert_limits(
 
 // DnsCertProvenanceCheck performs the DNS lookup of the certificate. This
 // class is self-deleting.
-class DnsCertProvenanceCheck : public NonThreadSafe {
+class DnsCertProvenanceCheck : public base::NonThreadSafe {
  public:
   DnsCertProvenanceCheck(
       const std::string& hostname,
diff --git a/net/socket/dns_cert_provenance_checker.h b/net/socket/dns_cert_provenance_checker.h
index 810e272..74e8768 100644
--- a/net/socket/dns_cert_provenance_checker.h
+++ b/net/socket/dns_cert_provenance_checker.h
@@ -27,10 +27,10 @@ class DnsCertProvenanceChecker {
         const std::vector<std::string>& der_certs) = 0;
   };
 
-  virtual void Shutdown() = 0;
-
   virtual ~DnsCertProvenanceChecker();
 
+  virtual void Shutdown() = 0;
+
   // DoAsyncVerification starts an asynchronous check for the given certificate
   // chain. It must be run on the network thread.
   virtual void DoAsyncVerification(
diff --git a/net/socket/nss_ssl_util.cc b/net/socket/nss_ssl_util.cc
index eb8bafb..1ad1f1c 100644
--- a/net/socket/nss_ssl_util.cc
+++ b/net/socket/nss_ssl_util.cc
@@ -13,7 +13,7 @@
 #include "base/logging.h"
 #include "base/nss_util.h"
 #include "base/singleton.h"
-#include "base/thread_restrictions.h"
+#include "base/threading/thread_restrictions.h"
 #include "base/values.h"
 #include "net/base/net_errors.h"
 #include "net/base/net_log.h"
diff --git a/net/socket/socket_test_util.h b/net/socket/socket_test_util.h
index 73dd07c..91f8fc9 100644
--- a/net/socket/socket_test_util.h
+++ b/net/socket/socket_test_util.h
@@ -168,12 +168,6 @@ class StaticSocketDataProvider : public SocketDataProvider {
                            MockWrite* writes, size_t writes_count);
   virtual ~StaticSocketDataProvider();
 
-  // SocketDataProvider methods:
-  virtual MockRead GetNextRead();
-  virtual MockWriteResult OnWrite(const std::string& data);
-  virtual void Reset();
-  virtual void CompleteRead() {}
-
   // These functions get access to the next available read and write data.
   const MockRead& PeekRead() const;
   const MockWrite& PeekWrite() const;
@@ -188,6 +182,12 @@ class StaticSocketDataProvider : public SocketDataProvider {
   bool at_read_eof() const { return read_index_ >= read_count_; }
   bool at_write_eof() const { return write_index_ >= write_count_; }
 
+  // SocketDataProvider methods:
+  virtual MockRead GetNextRead();
+  virtual MockWriteResult OnWrite(const std::string& data);
+  virtual void Reset();
+  virtual void CompleteRead() {}
+
  private:
   MockRead* reads_;
   size_t read_index_;
diff --git a/net/socket/ssl_client_socket_mac.cc b/net/socket/ssl_client_socket_mac.cc
index e0753b9..868e13d 100644
--- a/net/socket/ssl_client_socket_mac.cc
+++ b/net/socket/ssl_client_socket_mac.cc
@@ -14,6 +14,7 @@
 #include "base/lazy_instance.h"
 #include "base/mac/scoped_cftyperef.h"
 #include "base/string_util.h"
+#include "base/sys_info.h"
 #include "net/base/address_list.h"
 #include "net/base/cert_verifier.h"
 #include "net/base/io_buffer.h"
@@ -140,6 +141,27 @@ enum {
 };
 #endif
 
+// On OS X 10.5.x, SSLHandshake() is broken with respect to renegotiation
+// handshakes, and the only way to advance the handshake state machine is
+// to use SSLRead(), which transparently re-handshakes and then reads
+// application data. Using SSLRead() to pump the handshake, rather than
+// SSLHandshake(), is not presently implemented, so on 10.5.x, SSL
+// renegotiation is disabled entirely. On 10.6.x, SSLHandshake() behaves as
+// expected/documented, so renegotiation is supported.
+struct RenegotiationBroken {
+  RenegotiationBroken() : broken(false) {
+    int32 major, minor, bugfix;
+    base::SysInfo::OperatingSystemVersionNumbers(&major, &minor, &bugfix);
+    if (major < 10 || (major == 10 && minor < 6))
+      broken = true;
+  }
+
+  bool broken;
+};
+
+base::LazyInstance<RenegotiationBroken> g_renegotiation_broken(
+    base::LINKER_INITIALIZED);
+
 // For an explanation of the Mac OS X error codes, please refer to:
 // http://developer.apple.com/mac/library/documentation/Security/Reference/secureTransportRef/Reference/reference.html
 int NetErrorFromOSStatus(OSStatus status) {
@@ -1127,6 +1149,9 @@ int SSLClientSocketMac::DoPayloadRead() {
   OSStatus status = SSLRead(ssl_context_, user_read_buf_->data(),
                             user_read_buf_len_, &processed);
   if (status == errSSLWouldBlock && renegotiating_) {
+    if (g_renegotiation_broken.Get().broken)
+      return ERR_SSL_RENEGOTIATION_REQUESTED;
+
     CHECK_EQ(static_cast<size_t>(0), processed);
     next_handshake_state_ = STATE_HANDSHAKE;
     return DoHandshakeLoop(OK);
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index 333fe67..b12c59d 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -52,6 +52,7 @@
 #include <keyhi.h>
 #include <nspr.h>
 #include <nss.h>
+#include <ocsp.h>
 #include <pk11pub.h>
 #include <secerr.h>
 #include <sechash.h>
@@ -68,7 +69,7 @@
 #include "base/string_number_conversions.h"
 #include "base/string_util.h"
 #include "base/stringprintf.h"
-#include "base/thread_restrictions.h"
+#include "base/threading/thread_restrictions.h"
 #include "base/values.h"
 #include "net/base/address_list.h"
 #include "net/base/cert_status_flags.h"
@@ -111,6 +112,29 @@ static const int kRecvBufferSize = 4096;
 // and some will time out such sockets quite aggressively.
 static const int kCorkTimeoutMs = 200;
 
+#if defined(OS_LINUX)
+// On Linux, we dynamically link against the system version of libnss3.so. In
+// order to continue working on systems without up-to-date versions of NSS we
+// declare CERT_CacheOCSPResponseFromSideChannel to be a weak symbol. If, at
+// run time, we find that the symbol didn't resolve then we can avoid calling
+// the function.
+extern SECStatus
+CERT_CacheOCSPResponseFromSideChannel(
+    CERTCertDBHandle *handle, CERTCertificate *cert, PRTime time,
+    SECItem *encodedResponse, void *pwArg) __attribute__((weak));
+
+static bool HaveCacheOCSPResponseFromSideChannelFunction() {
+  return CERT_CacheOCSPResponseFromSideChannel != NULL;
+}
+#else
+// On other platforms we use the system's certificate validation functions.
+// Thus we need, in the future, to plumb the OCSP response into those system
+// functions. Until then, we act as if we didn't support OCSP stapling.
+static bool HaveCacheOCSPResponseFromSideChannelFunction() {
+  return false;
+}
+#endif
+
 namespace net {
 
 // State machines are easier to debug if you log state transitions.
@@ -641,6 +665,15 @@ int SSLClientSocketNSS::InitializeSSLOptions() {
   }
 #endif
 
+#ifdef SSL_ENABLE_OCSP_STAPLING
+  if (HaveCacheOCSPResponseFromSideChannelFunction() &&
+      !ssl_config_.snap_start_enabled) {
+    rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_OCSP_STAPLING, PR_TRUE);
+    if (rv != SECSuccess)
+      LogFailedNSSFunction(net_log_, "SSL_OptionSet (OCSP stapling)", "");
+  }
+#endif
+
   rv = SSL_OptionSet(nss_fd_, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
   if (rv != SECSuccess) {
     LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_HANDSHAKE_AS_CLIENT");
@@ -1963,6 +1996,32 @@ int SSLClientSocketNSS::DoHandshake() {
           }
         }
 
+#if defined(SSL_ENABLE_OCSP_STAPLING)
+        // TODO: we need to be able to plumb an OCSP response into the system
+        // libraries. When we do, HaveCacheOCSPResponseFromSideChannelFunction
+        // needs to be updated for those platforms.
+        if (!predicted_cert_chain_correct_ &&
+            HaveCacheOCSPResponseFromSideChannelFunction()) {
+          unsigned int len = 0;
+          SSL_GetStapledOCSPResponse(nss_fd_, NULL, &len);
+          if (len) {
+            const unsigned int orig_len = len;
+            scoped_array<uint8> ocsp_response(new uint8[orig_len]);
+            SSL_GetStapledOCSPResponse(nss_fd_, ocsp_response.get(), &len);
+            DCHECK_EQ(orig_len, len);
+
+            SECItem ocsp_response_item;
+            ocsp_response_item.type = siBuffer;
+            ocsp_response_item.data = ocsp_response.get();
+            ocsp_response_item.len = len;
+
+            CERT_CacheOCSPResponseFromSideChannel(
+                CERT_GetDefaultCertDB(), server_cert_nss_, PR_Now(),
+                &ocsp_response_item, NULL);
+          }
+        }
+#endif
+
         SaveSnapStartInfo();
         // SSL handshake is completed. It's possible that we mispredicted the
         // NPN agreed protocol. In this case, we've just sent a request in the
diff --git a/net/socket/ssl_client_socket_pool.cc b/net/socket/ssl_client_socket_pool.cc
index 1e53c6f..d899c16 100644
--- a/net/socket/ssl_client_socket_pool.cc
+++ b/net/socket/ssl_client_socket_pool.cc
@@ -210,6 +210,10 @@ int SSLConnectJob::DoTCPConnect() {
           ssl_host_info_factory_->GetForHost(params_->host_and_port().host(),
                                              params_->ssl_config()));
   }
+
+  if (dnsrr_resolver_)
+    ssl_host_info_->StartDnsLookup(dnsrr_resolver_);
+
   if (ssl_host_info_.get()) {
     // This starts fetching the SSL host info from the disk cache for Snap
     // Start.
diff --git a/net/socket/ssl_client_socket_unittest.cc b/net/socket/ssl_client_socket_unittest.cc
index 9ba5cbf..3df20bb 100644
--- a/net/socket/ssl_client_socket_unittest.cc
+++ b/net/socket/ssl_client_socket_unittest.cc
@@ -58,8 +58,8 @@ class SSLClientSocketTest : public PlatformTest {
 // write.
 static bool LogContainsSSLConnectEndEvent(
     const net::CapturingNetLog::EntryList& log, int i) {
-  return  net::LogContainsEndEvent(log, -1, net::NetLog::TYPE_SSL_CONNECT) ||
-          net::LogContainsEvent(log, -1, net::NetLog::TYPE_SOCKET_BYTES_SENT,
+  return net::LogContainsEndEvent(log, i, net::NetLog::TYPE_SSL_CONNECT) ||
+         net::LogContainsEvent(log, i, net::NetLog::TYPE_SOCKET_BYTES_SENT,
                                 net::NetLog::PHASE_NONE);
 };
 
@@ -608,5 +608,14 @@ TEST_F(SSLClientSocketTest, CipherSuiteDisables) {
   // We cannot test sock->IsConnected(), as the NSS implementation disconnects
   // the socket when it encounters an error, whereas other implementations
   // leave it connected.
-  EXPECT_TRUE(LogContainsSSLConnectEndEvent(entries, -1));
+  // Because this an error that the test server is mutually aware of, as opposed
+  // to being an error such as a certificate name mismatch, which is
+  // client-only, the exact index of the SSL connect end depends on how
+  // quickly the test server closes the underlying socket. If the test server
+  // closes before the IO message loop pumps messages, there may be a 0-byte
+  // Read event in the NetLog due to TCPClientSocket picking up the EOF. As a
+  // result, the SSL connect end event will be the second-to-last entry,
+  // rather than the last entry.
+  EXPECT_TRUE(LogContainsSSLConnectEndEvent(entries, -1) ||
+              LogContainsSSLConnectEndEvent(entries, -2));
 }
diff --git a/net/socket/ssl_host_info.cc b/net/socket/ssl_host_info.cc
index ccfe7a5..1fcc053 100644
--- a/net/socket/ssl_host_info.cc
+++ b/net/socket/ssl_host_info.cc
@@ -7,6 +7,8 @@
 #include "base/metrics/histogram.h"
 #include "base/pickle.h"
 #include "base/string_piece.h"
+#include "net/base/dns_util.h"
+#include "net/base/dnsrr_resolver.h"
 #include "net/base/ssl_config_service.h"
 #include "net/base/x509_certificate.h"
 #include "net/socket/ssl_client_socket.h"
@@ -40,11 +42,31 @@ SSLHostInfo::SSLHostInfo(
       verifier_(cert_verifier),
       callback_(new CancelableCompletionCallback<SSLHostInfo>(
                         ALLOW_THIS_IN_INITIALIZER_LIST(this),
-                        &SSLHostInfo::VerifyCallback)) {
+                        &SSLHostInfo::VerifyCallback)),
+      dnsrr_resolver_(NULL),
+      dns_callback_(NULL),
+      dns_handle_(DnsRRResolver::kInvalidHandle) {
   state_.npn_valid = false;
 }
 
-SSLHostInfo::~SSLHostInfo() {}
+SSLHostInfo::~SSLHostInfo() {
+  if (dns_handle_ != DnsRRResolver::kInvalidHandle) {
+    dnsrr_resolver_->CancelResolve(dns_handle_);
+    delete dns_callback_;
+  }
+}
+
+void SSLHostInfo::StartDnsLookup(DnsRRResolver* dnsrr_resolver) {
+#if defined(OS_LINUX)
+  dnsrr_resolver_ = dnsrr_resolver;
+  dns_callback_ = NewCallback(this, &SSLHostInfo::DnsComplete);
+  dns_lookup_start_time_ = base::TimeTicks::Now();
+
+  dns_handle_ = dnsrr_resolver->Resolve(
+      hostname_, kDNS_CAA, DnsRRResolver::FLAG_WANT_DNSSEC, dns_callback_,
+      &dns_response_, 0, BoundNetLog());
+#endif
+}
 
 const SSLHostInfo::State& SSLHostInfo::state() const {
   return state_;
@@ -196,6 +218,16 @@ void SSLHostInfo::VerifyCallback(int rv) {
   }
 }
 
+void SSLHostInfo::DnsComplete(int rv) {
+  dns_handle_ = DnsRRResolver::kInvalidHandle;
+  delete dns_callback_;
+  dns_callback_ = NULL;
+
+  const base::TimeTicks now = base::TimeTicks::Now();
+  const base::TimeDelta elapsed = now - dns_lookup_start_time_;
+  UMA_HISTOGRAM_TIMES("Net.SSLHostInfoDNSLookup", elapsed);
+}
+
 SSLHostInfoFactory::~SSLHostInfoFactory() {}
 
 }  // namespace net
diff --git a/net/socket/ssl_host_info.h b/net/socket/ssl_host_info.h
index 8f1502b..c384e2e 100644
--- a/net/socket/ssl_host_info.h
+++ b/net/socket/ssl_host_info.h
@@ -14,6 +14,7 @@
 #include "net/base/cert_verifier.h"
 #include "net/base/cert_verify_result.h"
 #include "net/base/completion_callback.h"
+#include "net/base/dnsrr_resolver.h"
 #include "net/socket/ssl_client_socket.h"
 
 namespace net {
@@ -56,6 +57,9 @@ class SSLHostInfo {
   // callback.
   virtual void Persist() = 0;
 
+  // StartDnsLookup triggers a DNS lookup for the host.
+  void StartDnsLookup(DnsRRResolver* dnsrr_resolver);
+
   struct State {
     State();
     ~State();
@@ -119,6 +123,10 @@ class SSLHostInfo {
   // ParseInner is a helper function for Parse.
   bool ParseInner(const std::string& data);
 
+  // DnsComplete is a callback function which is called when our DNS resolution
+  // completes.
+  void DnsComplete(int rv);
+
   // This is the hostname that we'll validate the certificates against.
   const std::string hostname_;
   bool cert_parsing_failed_;
@@ -132,6 +140,12 @@ class SSLHostInfo {
   SingleRequestCertVerifier verifier_;
   scoped_refptr<X509Certificate> cert_;
   scoped_refptr<CancelableCompletionCallback<SSLHostInfo> > callback_;
+
+  DnsRRResolver* dnsrr_resolver_;
+  CompletionCallback* dns_callback_;
+  DnsRRResolver::Handle dns_handle_;
+  RRResponse dns_response_;
+  base::TimeTicks dns_lookup_start_time_;
 };
 
 class SSLHostInfoFactory {
diff --git a/net/socket/tcp_client_socket_libevent.h b/net/socket/tcp_client_socket_libevent.h
index 1f3434b..345c688 100644
--- a/net/socket/tcp_client_socket_libevent.h
+++ b/net/socket/tcp_client_socket_libevent.h
@@ -7,9 +7,9 @@
 #pragma once
 
 #include "base/message_loop.h"
-#include "base/non_thread_safe.h"
 #include "base/ref_counted.h"
 #include "base/scoped_ptr.h"
+#include "base/threading/non_thread_safe.h"
 #include "net/base/address_list.h"
 #include "net/base/completion_callback.h"
 #include "net/base/net_log.h"
@@ -22,7 +22,7 @@ namespace net {
 class BoundNetLog;
 
 // A client socket that uses TCP as the transport layer.
-class TCPClientSocketLibevent : public ClientSocket, NonThreadSafe {
+class TCPClientSocketLibevent : public ClientSocket, base::NonThreadSafe {
  public:
   // The IP address(es) and port number to connect to.  The TCP socket will try
   // each IP address in the list until it succeeds in establishing a
diff --git a/net/socket/tcp_client_socket_pool_unittest.cc b/net/socket/tcp_client_socket_pool_unittest.cc
index 454f5b8..bd1b8bd 100644
--- a/net/socket/tcp_client_socket_pool_unittest.cc
+++ b/net/socket/tcp_client_socket_pool_unittest.cc
@@ -7,6 +7,7 @@
 #include "base/callback.h"
 #include "base/compiler_specific.h"
 #include "base/message_loop.h"
+#include "base/threading/platform_thread.h"
 #include "net/base/mock_host_resolver.h"
 #include "net/base/net_errors.h"
 #include "net/base/test_completion_callback.h"
@@ -758,7 +759,8 @@ TEST_F(TCPClientSocketPoolTest, BackupSocketConnect) {
     MessageLoop::current()->RunAllPending();
 
     // Wait for the backup socket timer to fire.
-    PlatformThread::Sleep(ClientSocketPool::kMaxConnectRetryIntervalMs * 2);
+    base::PlatformThread::Sleep(
+        ClientSocketPool::kMaxConnectRetryIntervalMs * 2);
 
     // Let the appropriate socket connect.
     MessageLoop::current()->RunAllPending();
@@ -800,7 +802,7 @@ TEST_F(TCPClientSocketPoolTest, BackupSocketCancel) {
 
     if (index == CANCEL_AFTER_WAIT) {
       // Wait for the backup socket timer to fire.
-      PlatformThread::Sleep(ClientSocketPool::kMaxConnectRetryIntervalMs);
+      base::PlatformThread::Sleep(ClientSocketPool::kMaxConnectRetryIntervalMs);
     }
 
     // Let the appropriate socket connect.
@@ -843,7 +845,7 @@ TEST_F(TCPClientSocketPoolTest, BackupSocketFailAfterStall) {
   MessageLoop::current()->RunAllPending();
 
   // Wait for the backup socket timer to fire.
-  PlatformThread::Sleep(ClientSocketPool::kMaxConnectRetryIntervalMs);
+  base::PlatformThread::Sleep(ClientSocketPool::kMaxConnectRetryIntervalMs);
 
   // Let the second connect be synchronous. Otherwise, the emulated
   // host resolution takes an extra trip through the message loop.
@@ -888,7 +890,7 @@ TEST_F(TCPClientSocketPoolTest, BackupSocketFailAfterDelay) {
   MessageLoop::current()->RunAllPending();
 
   // Wait for the backup socket timer to fire.
-  PlatformThread::Sleep(ClientSocketPool::kMaxConnectRetryIntervalMs);
+  base::PlatformThread::Sleep(ClientSocketPool::kMaxConnectRetryIntervalMs);
 
   // Let the second connect be synchronous. Otherwise, the emulated
   // host resolution takes an extra trip through the message loop.
diff --git a/net/socket/tcp_client_socket_win.cc b/net/socket/tcp_client_socket_win.cc
index 6624a5e..262ccd4 100644
--- a/net/socket/tcp_client_socket_win.cc
+++ b/net/socket/tcp_client_socket_win.cc
@@ -10,6 +10,7 @@
 #include "base/metrics/stats_counters.h"
 #include "base/string_util.h"
 #include "base/sys_info.h"
+#include "base/win/object_watcher.h"
 #include "net/base/address_list_net_log_param.h"
 #include "net/base/connection_type_histograms.h"
 #include "net/base/io_buffer.h"
@@ -170,7 +171,7 @@ class TCPClientSocketWin::Core : public base::RefCounted<Core> {
  private:
   friend class base::RefCounted<Core>;
 
-  class ReadDelegate : public base::ObjectWatcher::Delegate {
+  class ReadDelegate : public base::win::ObjectWatcher::Delegate {
    public:
     explicit ReadDelegate(Core* core) : core_(core) {}
     virtual ~ReadDelegate() {}
@@ -182,7 +183,7 @@ class TCPClientSocketWin::Core : public base::RefCounted<Core> {
     Core* const core_;
   };
 
-  class WriteDelegate : public base::ObjectWatcher::Delegate {
+  class WriteDelegate : public base::win::ObjectWatcher::Delegate {
    public:
     explicit WriteDelegate(Core* core) : core_(core) {}
     virtual ~WriteDelegate() {}
@@ -205,9 +206,9 @@ class TCPClientSocketWin::Core : public base::RefCounted<Core> {
   WriteDelegate writer_;
 
   // |read_watcher_| watches for events from Connect() and Read().
-  base::ObjectWatcher read_watcher_;
+  base::win::ObjectWatcher read_watcher_;
   // |write_watcher_| watches for events from Write();
-  base::ObjectWatcher write_watcher_;
+  base::win::ObjectWatcher write_watcher_;
 
   // When doing reads from the socket, we try to mirror TCP's slow start.
   // We do this because otherwise the async IO subsystem artifically delays
diff --git a/net/socket/tcp_client_socket_win.h b/net/socket/tcp_client_socket_win.h
index bfd6a93..93fe9e6 100644
--- a/net/socket/tcp_client_socket_win.h
+++ b/net/socket/tcp_client_socket_win.h
@@ -8,8 +8,7 @@
 
 #include <winsock2.h>
 
-#include "base/non_thread_safe.h"
-#include "base/object_watcher.h"
+#include "base/threading/non_thread_safe.h"
 #include "net/base/address_list.h"
 #include "net/base/completion_callback.h"
 #include "net/base/net_log.h"
@@ -19,7 +18,7 @@ namespace net {
 
 class BoundNetLog;
 
-class TCPClientSocketWin : public ClientSocket, NonThreadSafe {
+class TCPClientSocketWin : public ClientSocket, base::NonThreadSafe {
  public:
   // The IP address(es) and port number to connect to.  The TCP socket will try
   // each IP address in the list until it succeeds in establishing a