diff options
Diffstat (limited to 'net/base')
49 files changed, 5511 insertions, 462 deletions
diff --git a/net/base/cert_database.h b/net/base/cert_database.h index 377c0a8..7915cc6 100644 --- a/net/base/cert_database.h +++ b/net/base/cert_database.h @@ -67,7 +67,7 @@ class CertDatabase { // the platform cert database, or possibly other network error codes. int AddUserCert(X509Certificate* cert); -#if defined(USE_NSS) +#if defined(USE_NSS) || defined(USE_OPENSSL) // Get a list of unique certificates in the certificate database. (One // instance of all certificates.) void ListCerts(CertificateList* certs); @@ -124,6 +124,9 @@ class CertDatabase { // Returns true on success or false on failure. // |cert| is still valid when this function returns. bool DeleteCertAndKey(const X509Certificate* cert); + + // Check whether cert is stored in a readonly slot. + bool IsReadOnly(const X509Certificate* cert) const; #endif private: diff --git a/net/base/cert_database_nss.cc b/net/base/cert_database_nss.cc index 8445d4d..a32a7a3 100644 --- a/net/base/cert_database_nss.cc +++ b/net/base/cert_database_nss.cc @@ -168,7 +168,6 @@ unsigned int CertDatabase::GetCertTrust( trust.HasTrustedCA(PR_FALSE, PR_TRUE, PR_FALSE) * TRUSTED_EMAIL + trust.HasTrustedCA(PR_FALSE, PR_FALSE, PR_TRUE) * TRUSTED_OBJ_SIGN; case SERVER_CERT: - case EMAIL_CERT: return trust.HasTrustedPeer(PR_TRUE, PR_FALSE, PR_FALSE) * TRUSTED_SSL + trust.HasTrustedPeer(PR_FALSE, PR_TRUE, PR_FALSE) * TRUSTED_EMAIL + trust.HasTrustedPeer(PR_FALSE, PR_FALSE, PR_TRUE) * TRUSTED_OBJ_SIGN; @@ -205,4 +204,9 @@ bool CertDatabase::DeleteCertAndKey(const X509Certificate* cert) { return true; } +bool CertDatabase::IsReadOnly(const X509Certificate* cert) const { + PK11SlotInfo* slot = cert->os_cert_handle()->slot; + return slot && PK11_IsReadOnly(slot); +} + } // namespace net diff --git a/net/base/cert_test_util.cc b/net/base/cert_test_util.cc index cb7f9a8..1042d50 100644 --- a/net/base/cert_test_util.cc +++ b/net/base/cert_test_util.cc @@ -26,9 +26,27 @@ namespace net { #if defined(USE_OPENSSL) -X509Certificate* LoadTemporaryRootCert(const FilePath& filename) { +X509Certificate* AddTemporaryRootCertToStore(X509* x509_cert) { OpenSSLInitSingleton* openssl_init = GetOpenSSLInitSingleton(); + if (!X509_STORE_add_cert(openssl_init->x509_store(), x509_cert)) { + unsigned long error_code = ERR_get_error(); + if (ERR_GET_LIB(error_code) != ERR_LIB_X509 || + ERR_GET_REASON(error_code) != X509_R_CERT_ALREADY_IN_HASH_TABLE) { + do { + LOG(ERROR) << "X509_STORE_add_cert error: " << error_code; + } while ((error_code = ERR_get_error()) != 0); + return NULL; + } + } + return X509Certificate::CreateFromHandle( + x509_cert, X509Certificate::SOURCE_LONE_CERT_IMPORT, + X509Certificate::OSCertHandles()); +} + +X509Certificate* LoadTemporaryRootCert(const FilePath& filename) { + EnsureOpenSSLInit(); + std::string rawcert; if (!file_util::ReadFileToString(filename, &rawcert)) { LOG(ERROR) << "Can't load certificate " << filename.value(); @@ -43,27 +61,21 @@ X509Certificate* LoadTemporaryRootCert(const FilePath& filename) { return NULL; } - ScopedSSL<X509, X509_free> x509_cert(PEM_read_bio_X509(cert_bio.get(), - NULL, NULL, NULL)); - if (!x509_cert.get()) { - LOG(ERROR) << "Can't parse certificate " << filename.value(); - return NULL; - } - - if (!X509_STORE_add_cert(openssl_init->x509_store(), x509_cert.get())) { - unsigned long error_code = ERR_get_error(); - if (ERR_GET_LIB(error_code) != ERR_LIB_X509 || - ERR_GET_REASON(error_code) != X509_R_CERT_ALREADY_IN_HASH_TABLE) { - do { - LOG(ERROR) << "X509_STORE_add_cert error: " << error_code; - } while ((error_code = ERR_get_error()) != 0); - return NULL; - } - } - - return X509Certificate::CreateFromHandle( - x509_cert.get(), X509Certificate::SOURCE_LONE_CERT_IMPORT, - X509Certificate::OSCertHandles()); + ScopedSSL<X509, X509_free> pem_cert(PEM_read_bio_X509(cert_bio.get(), + NULL, NULL, NULL)); + if (pem_cert.get()) + return AddTemporaryRootCertToStore(pem_cert.get()); + + // File does not contain PEM data, let's try DER. + const unsigned char* der_data = + reinterpret_cast<const unsigned char*>(rawcert.c_str()); + int der_length = rawcert.length(); + ScopedSSL<X509, X509_free> der_cert(d2i_X509(NULL, &der_data, der_length)); + if (der_cert.get()) + return AddTemporaryRootCertToStore(der_cert.get()); + + LOG(ERROR) << "Can't parse certificate " << filename.value(); + return NULL; } #elif defined(USE_NSS) X509Certificate* LoadTemporaryRootCert(const FilePath& filename) { diff --git a/net/base/cert_test_util.h b/net/base/cert_test_util.h index 45c8ed3..8709156 100644 --- a/net/base/cert_test_util.h +++ b/net/base/cert_test_util.h @@ -14,7 +14,7 @@ namespace net { class X509Certificate; -#if defined(USE_NSS) || defined(OS_MACOSX) +#if defined(USE_NSS) || defined(OS_MACOSX) || defined(USE_OPENSSL) // Loads and trusts a root CA certificate (stored in a file) temporarily. // TODO(wtc): Implement this function on Windows (http://crbug.com/8470). X509Certificate* LoadTemporaryRootCert(const FilePath& filename); diff --git a/net/base/cert_type.h b/net/base/cert_type.h index fbe4339..d9cb8a5 100644 --- a/net/base/cert_type.h +++ b/net/base/cert_type.h @@ -11,16 +11,14 @@ namespace net { // This is only used in the context of CertDatabase, but is defined outside to // avoid an awkwardly long type name. // The type is a combination of intrinsic properties, such as the presense of an -// email address or Certificate Authority Basic Constraint, and assigned trust -// values. For example, a cert with no email address, basic constraints, or -// trust, would be classified as UNKNOWN_CERT. If that cert is then trusted -// with SetCertTrust(cert, SERVER_CERT, TRUSTED_SSL), it would become a -// SERVER_CERT. +// Certificate Authority Basic Constraint, and assigned trust values. For +// example, a cert with no basic constraints or trust would be classified as +// UNKNOWN_CERT. If that cert is then trusted with SetCertTrust(cert, +// SERVER_CERT, TRUSTED_SSL), it would become a SERVER_CERT. enum CertType { UNKNOWN_CERT, CA_CERT, USER_CERT, - EMAIL_CERT, SERVER_CERT, NUM_CERT_TYPES }; diff --git a/net/base/connection_type_histograms.h b/net/base/connection_type_histograms.h index e6c2a59..e3e4a84 100644 --- a/net/base/connection_type_histograms.h +++ b/net/base/connection_type_histograms.h @@ -30,6 +30,11 @@ enum ConnectionType { // in the certificate chain (excluding root) CONNECTION_HTTP = 7, // An HTTP connection CONNECTION_SPDY = 8, // A SPDY connection + CONNECTION_SSL_SSL2 = 9, // An SSL connection that uses SSL 2.0 + CONNECTION_SSL_SSL3 = 10, // An SSL connection that uses SSL 3.0 + CONNECTION_SSL_TLS1 = 11, // An SSL connection that uses TLS 1.0 + CONNECTION_SSL_TLS1_1 = 12, // An SSL connection that uses TLS 1.1 + CONNECTION_SSL_TLS1_2 = 13, // An SSL connection that uses TLS 1.2 NUM_OF_CONNECTION_TYPES }; diff --git a/net/base/cookie_monster.cc b/net/base/cookie_monster.cc index de00016..2fb8d0f 100644 --- a/net/base/cookie_monster.cc +++ b/net/base/cookie_monster.cc @@ -90,6 +90,13 @@ struct OrderByCreationTimeDesc { } }; +// Constants for use in VLOG +const int kVlogPerCookieMonster = 1; +const int kVlogPeriodic = 3; +const int kVlogGarbageCollection = 5; +const int kVlogSetCookies = 7; +const int kVlogGetCookies = 9; + } // namespace // static @@ -724,7 +731,8 @@ bool CookieMonster::HasCookieableScheme(const GURL& url) { } // The scheme didn't match any in our whitelist. - DVLOG(1) << "WARNING: Unsupported cookie scheme: " << url.scheme(); + VLOG(kVlogPerCookieMonster) << "WARNING: Unsupported cookie scheme: " + << url.scheme(); return false; } @@ -747,7 +755,7 @@ bool CookieMonster::SetCookieWithCreationTimeAndOptions( const CookieOptions& options) { lock_.AssertAcquired(); - DVLOG(1) << "SetCookie() line: " << cookie_line; + VLOG(kVlogSetCookies) << "SetCookie() line: " << cookie_line; Time creation_time = creation_time_or_null; if (creation_time.is_null()) { @@ -759,12 +767,12 @@ bool CookieMonster::SetCookieWithCreationTimeAndOptions( ParsedCookie pc(cookie_line); if (!pc.IsValid()) { - DVLOG(1) << "WARNING: Couldn't parse cookie"; + VLOG(kVlogSetCookies) << "WARNING: Couldn't parse cookie"; return false; } if (options.exclude_httponly() && pc.IsHttpOnly()) { - DVLOG(1) << "SetCookie() not setting httponly cookie"; + VLOG(kVlogSetCookies) << "SetCookie() not setting httponly cookie"; return false; } @@ -785,7 +793,7 @@ bool CookieMonster::SetCookieWithCreationTimeAndOptions( !cookie_expires.is_null(), cookie_expires)); if (!cc.get()) { - DVLOG(1) << "WARNING: Failed to allocate CanonicalCookie"; + VLOG(kVlogSetCookies) << "WARNING: Failed to allocate CanonicalCookie"; return false; } return SetCanonicalCookie(&cc, creation_time, options); @@ -839,11 +847,12 @@ bool CookieMonster::SetCanonicalCookie(scoped_ptr<CanonicalCookie>* cc, const CookieOptions& options) { const std::string key(GetKey((*cc)->Domain())); if (DeleteAnyEquivalentCookie(key, **cc, options.exclude_httponly())) { - DVLOG(1) << "SetCookie() not clobbering httponly cookie"; + VLOG(kVlogSetCookies) << "SetCookie() not clobbering httponly cookie"; return false; } - DVLOG(1) << "SetCookie() key: " << key << " cc: " << (*cc)->DebugString(); + VLOG(kVlogSetCookies) << "SetCookie() key: " << key << " cc: " + << (*cc)->DebugString(); // Realize that we might be setting an expired cookie, and the only point // was to delete the cookie which we've already done. @@ -906,7 +915,7 @@ void CookieMonster::InternalDeleteCookie(CookieMap::iterator it, histogram_cookie_deletion_cause_->Add(deletion_cause); CanonicalCookie* cc = it->second; - DVLOG(1) << "InternalDeleteCookie() cc: " << cc->DebugString(); + VLOG(kVlogSetCookies) << "InternalDeleteCookie() cc: " << cc->DebugString(); if (cc->IsPersistent() && store_ && sync_to_store) store_->DeleteCookie(*cc); @@ -973,7 +982,8 @@ static bool FindLeastRecentlyAccessed( std::vector<CookieMonster::CookieMap::iterator>* cookie_its) { DCHECK_LE(num_purge, num_max); if (cookie_its->size() > num_max) { - DVLOG(1) << "FindLeastRecentlyAccessed() Deep Garbage Collect."; + VLOG(kVlogGarbageCollection) + << "FindLeastRecentlyAccessed() Deep Garbage Collect."; num_purge += cookie_its->size() - num_max; DCHECK_GT(cookie_its->size(), num_purge); @@ -1020,7 +1030,7 @@ int CookieMonster::GarbageCollect(const Time& current, // Collect garbage for this key. if (cookies_.count(key) > kDomainMaxCookies) { - DVLOG(1) << "GarbageCollect() key: " << key; + VLOG(kVlogGarbageCollection) << "GarbageCollect() key: " << key; std::vector<CookieMap::iterator> cookie_its; num_deleted += GarbageCollectExpired( @@ -1056,7 +1066,7 @@ int CookieMonster::GarbageCollect(const Time& current, (expiry_and_key_scheme_ == EKS_DISCARD_RECENT_AND_PURGE_DOMAIN || earliest_access_time_ < Time::Now() - TimeDelta::FromDays(kSafeFromGlobalPurgeDays))) { - DVLOG(1) << "GarbageCollect() everything"; + VLOG(kVlogGarbageCollection) << "GarbageCollect() everything"; std::vector<CookieMap::iterator> cookie_its; base::Time oldest_left; num_deleted += GarbageCollectExpired( @@ -1067,7 +1077,7 @@ int CookieMonster::GarbageCollect(const Time& current, Time oldest_safe_cookie( expiry_and_key_scheme_ == EKS_KEEP_RECENT_AND_PURGE_ETLDP1 ? (Time::Now() - TimeDelta::FromDays(kSafeFromGlobalPurgeDays)) : - Time::Now()); + Time()); // Null time == ignore access time. int num_evicted = GarbageCollectDeleteList( current, oldest_safe_cookie, @@ -1259,7 +1269,7 @@ std::string CookieMonster::GetCookiesWithOptions(const GURL& url, histogram_time_get_->AddTime(TimeTicks::Now() - start_time); - DVLOG(1) << "GetCookies() result: " << cookie_line; + VLOG(kVlogGetCookies) << "GetCookies() result: " << cookie_line; return cookie_line; } @@ -1497,8 +1507,9 @@ void CookieMonster::RecordPeriodicStats(const base::Time& current_time) { it_key = its_cookies.second; } - DVLOG(1) << "Time for recording cookie stats (us): " - << (TimeTicks::Now() - beginning_of_time).InMicroseconds(); + VLOG(kVlogPeriodic) + << "Time for recording cookie stats (us): " + << (TimeTicks::Now() - beginning_of_time).InMicroseconds(); last_statistic_record_time_ = current_time; } diff --git a/net/base/cookie_monster_perftest.cc b/net/base/cookie_monster_perftest.cc index c006128..8c64d9a 100644 --- a/net/base/cookie_monster_perftest.cc +++ b/net/base/cookie_monster_perftest.cc @@ -283,10 +283,10 @@ TEST(CookieMonsterTest, TestGCTimes) { }; for (int ci = 0; ci < static_cast<int>(ARRAYSIZE_UNSAFE(test_cases)); ++ci) { const TestCase& test_case(test_cases[ci]); - scoped_refptr<CookieMonster> cm = + scoped_refptr<CookieMonster> cm( CreateMonsterFromStoreForGC( test_case.num_cookies, test_case.num_old_cookies, - CookieMonster::kSafeFromGlobalPurgeDays * 2); + CookieMonster::kSafeFromGlobalPurgeDays * 2)); GURL gurl("http://google.com"); std::string cookie_line("z=3"); diff --git a/net/base/cookie_monster_unittest.cc b/net/base/cookie_monster_unittest.cc index 80d58ed..751b255 100644 --- a/net/base/cookie_monster_unittest.cc +++ b/net/base/cookie_monster_unittest.cc @@ -1852,7 +1852,7 @@ TEST(CookieMonsterTest, BackingStoreCommunication) { // Create new cookies and flush them to the store. { - scoped_refptr<net::CookieMonster> cmout = new CookieMonster(store, NULL); + scoped_refptr<net::CookieMonster> cmout(new CookieMonster(store, NULL)); for (const CookiesInputInfo* p = input_info; p < &input_info[ARRAYSIZE_UNSAFE(input_info)]; p++) { EXPECT_TRUE(cmout->SetCookieWithDetails(GURL(p->gurl), p->name, p->value, @@ -1866,7 +1866,7 @@ TEST(CookieMonsterTest, BackingStoreCommunication) { // Create a new cookie monster and make sure that everything is correct { - scoped_refptr<net::CookieMonster> cmin = new CookieMonster(store, NULL); + scoped_refptr<net::CookieMonster> cmin(new CookieMonster(store, NULL)); CookieMonster::CookieList cookies(cmin->GetAllCookies()); ASSERT_EQ(2u, cookies.size()); // Ordering is path length, then creation time. So second cookie @@ -1895,7 +1895,7 @@ TEST(CookieMonsterTest, BackingStoreCommunication) { TEST(CookieMonsterTest, CookieOrdering) { // Put a random set of cookies into a monster and make sure // they're returned in the right order. - scoped_refptr<net::CookieMonster> cm = new CookieMonster(NULL, NULL); + scoped_refptr<net::CookieMonster> cm(new CookieMonster(NULL, NULL)); EXPECT_TRUE(cm->SetCookie(GURL("http://d.c.b.a.google.com/aa/x.html"), "c=1")); EXPECT_TRUE(cm->SetCookie(GURL("http://b.a.google.com/aa/bb/cc/x.html"), @@ -1953,13 +1953,12 @@ static net::CookieMonster* CreateMonsterForGC(int num_cookies) { // get rid of cookies when we should). The perftest is probing for // whether garbage collection happens when it shouldn't. See comments // before that test for more details. -// Flaky as per http://crbug.com/60015 -TEST(CookieMonsterTest, FLAKY_GarbageCollectionTriggers) { +TEST(CookieMonsterTest, GarbageCollectionTriggers) { // First we check to make sure that a whole lot of recent cookies // doesn't get rid of anything after garbage collection is checked for. { - scoped_refptr<net::CookieMonster> cm = - CreateMonsterForGC(CookieMonster::kMaxCookies * 2); + scoped_refptr<net::CookieMonster> cm( + CreateMonsterForGC(CookieMonster::kMaxCookies * 2)); EXPECT_EQ(CookieMonster::kMaxCookies * 2, cm->GetAllCookies().size()); cm->SetCookie(GURL("http://newdomain.com"), "b=2"); EXPECT_EQ(CookieMonster::kMaxCookies * 2 + 1, cm->GetAllCookies().size()); @@ -2017,10 +2016,10 @@ TEST(CookieMonsterTest, FLAKY_GarbageCollectionTriggers) { recent_scheme < static_cast<int>(ARRAYSIZE_UNSAFE(schemes)); recent_scheme++) { const TestCase *test_case = &test_cases[ci]; - scoped_refptr<net::CookieMonster> cm = + scoped_refptr<net::CookieMonster> cm( CreateMonsterFromStoreForGC( test_case->num_cookies, test_case->num_old_cookies, - CookieMonster::kSafeFromGlobalPurgeDays * 2); + CookieMonster::kSafeFromGlobalPurgeDays * 2)); cm->SetExpiryAndKeyScheme(schemes[recent_scheme]); EXPECT_EQ(test_case->expected_initial_cookies, static_cast<int>(cm->GetAllCookies().size())) diff --git a/net/base/directory_lister_unittest.cc b/net/base/directory_lister_unittest.cc index f75d8d8..5607bc5 100644 --- a/net/base/directory_lister_unittest.cc +++ b/net/base/directory_lister_unittest.cc @@ -77,8 +77,8 @@ TEST(DirectoryListerTest, BigDirTest) { ASSERT_TRUE(PathService::Get(base::DIR_SOURCE_ROOT, &path)); ListerDelegate delegate(false); - scoped_refptr<net::DirectoryLister> lister = - new net::DirectoryLister(path, &delegate); + scoped_refptr<net::DirectoryLister> lister( + new net::DirectoryLister(path, &delegate)); lister->Start(); @@ -92,11 +92,11 @@ TEST(DirectoryListerTest, BigDirRecursiveTest) { ASSERT_TRUE(PathService::Get(base::DIR_EXE, &path)); ListerDelegate delegate(true); - scoped_refptr<net::DirectoryLister> lister = + scoped_refptr<net::DirectoryLister> lister( new net::DirectoryLister(path, true, net::DirectoryLister::FULL_PATH, - &delegate); + &delegate)); lister->Start(); @@ -110,8 +110,8 @@ TEST(DirectoryListerTest, CancelTest) { ASSERT_TRUE(PathService::Get(base::DIR_SOURCE_ROOT, &path)); ListerDelegate delegate(false); - scoped_refptr<net::DirectoryLister> lister = - new net::DirectoryLister(path, &delegate); + scoped_refptr<net::DirectoryLister> lister( + new net::DirectoryLister(path, &delegate)); lister->Start(); lister->Cancel(); diff --git a/net/base/ev_root_ca_metadata.cc b/net/base/ev_root_ca_metadata.cc index 7c1c96a..7de971b 100644 --- a/net/base/ev_root_ca_metadata.cc +++ b/net/base/ev_root_ca_metadata.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. +// Copyright (c) 2010 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -9,6 +9,8 @@ #include <pkcs11n.h> #include <secerr.h> #include <secoid.h> +#elif defined(OS_WIN) +#include <stdlib.h> #endif #include "base/logging.h" @@ -251,6 +253,36 @@ static const EVMetadata ev_root_ca_metadata[] = { } }; +#if defined(OS_WIN) +// static +const EVRootCAMetadata::PolicyOID EVRootCAMetadata::policy_oids_[] = { + // The OIDs must be sorted in ascending order. + "1.2.392.200091.100.721.1", + "1.3.6.1.4.1.14370.1.6", + "1.3.6.1.4.1.22234.2.5.2.3.1", + "1.3.6.1.4.1.23223.1.1.1", + "1.3.6.1.4.1.34697.2.1", + "1.3.6.1.4.1.34697.2.2", + "1.3.6.1.4.1.34697.2.3", + "1.3.6.1.4.1.34697.2.4", + "1.3.6.1.4.1.4146.1.1", + "1.3.6.1.4.1.6334.1.100.1", + "1.3.6.1.4.1.6449.1.2.1.5.1", + "1.3.6.1.4.1.782.1.2.1.8.1", + "1.3.6.1.4.1.8024.0.2.100.1.2", + "2.16.528.1.1001.1.1.1.12.6.1.1.1", + "2.16.756.1.89.1.2.1.1", + "2.16.840.1.113733.1.7.23.6", + "2.16.840.1.113733.1.7.48.1", + "2.16.840.1.114028.10.1.2", + "2.16.840.1.114171.500.9", + "2.16.840.1.114404.1.1.2.4.1", + "2.16.840.1.114412.2.1", + "2.16.840.1.114413.1.7.23.3", + "2.16.840.1.114414.1.7.23.3", +}; +#endif + // static EVRootCAMetadata* EVRootCAMetadata::GetInstance() { return Singleton<EVRootCAMetadata>::get(); @@ -266,6 +298,35 @@ bool EVRootCAMetadata::GetPolicyOID( return true; } +#if defined(OS_WIN) +static int PolicyOIDCmp(const void* keyval, const void* datum) { + const char* oid1 = reinterpret_cast<const char*>(keyval); + const char* const* oid2 = reinterpret_cast<const char* const*>(datum); + return strcmp(oid1, *oid2); +} + +bool EVRootCAMetadata::IsEVPolicyOID(PolicyOID policy_oid) const { + return bsearch(policy_oid, &policy_oids_[0], num_policy_oids_, + sizeof(PolicyOID), PolicyOIDCmp) != NULL; +} +#else +bool EVRootCAMetadata::IsEVPolicyOID(PolicyOID policy_oid) const { + for (size_t i = 0; i < policy_oids_.size(); ++i) { + if (PolicyOIDsAreEqual(policy_oid, policy_oids_[i])) + return true; + } + return false; +} +#endif + +bool EVRootCAMetadata::HasEVPolicyOID(const SHA1Fingerprint& fingerprint, + PolicyOID policy_oid) const { + PolicyOID ev_policy_oid; + if (!GetPolicyOID(fingerprint, &ev_policy_oid)) + return false; + return PolicyOIDsAreEqual(ev_policy_oid, policy_oid); +} + EVRootCAMetadata::EVRootCAMetadata() { // Constructs the object from the raw metadata in ev_root_ca_metadata. #if defined(USE_NSS) @@ -293,6 +354,18 @@ EVRootCAMetadata::EVRootCAMetadata() { ev_policy_[metadata.fingerprint] = policy; policy_oids_.push_back(policy); } +#elif defined(OS_WIN) + num_policy_oids_ = arraysize(policy_oids_); + // Verify policy_oids_ is in ascending order. + for (int i = 0; i < num_policy_oids_ - 1; i++) + CHECK(strcmp(policy_oids_[i], policy_oids_[i + 1]) < 0); + + for (size_t i = 0; i < arraysize(ev_root_ca_metadata); i++) { + const EVMetadata& metadata = ev_root_ca_metadata[i]; + ev_policy_[metadata.fingerprint] = metadata.policy_oid; + // Verify policy_oids_ contains every EV policy OID. + DCHECK(IsEVPolicyOID(metadata.policy_oid)); + } #else for (size_t i = 0; i < arraysize(ev_root_ca_metadata); i++) { const EVMetadata& metadata = ev_root_ca_metadata[i]; @@ -308,4 +381,13 @@ EVRootCAMetadata::EVRootCAMetadata() { EVRootCAMetadata::~EVRootCAMetadata() { } +// static +bool EVRootCAMetadata::PolicyOIDsAreEqual(PolicyOID a, PolicyOID b) { +#if defined(USE_NSS) + return a == b; +#else + return !strcmp(a, b); +#endif +} + } // namespace net diff --git a/net/base/ev_root_ca_metadata.h b/net/base/ev_root_ca_metadata.h index e9e8130..e0961f3 100644 --- a/net/base/ev_root_ca_metadata.h +++ b/net/base/ev_root_ca_metadata.h @@ -1,4 +1,4 @@ -// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. +// Copyright (c) 2010 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -40,21 +40,40 @@ class EVRootCAMetadata { PolicyOID* policy_oid) const; const PolicyOID* GetPolicyOIDs() const { return &policy_oids_[0]; } +#if defined(OS_WIN) + int NumPolicyOIDs() const { return num_policy_oids_; } +#else int NumPolicyOIDs() const { return policy_oids_.size(); } +#endif - private: - EVRootCAMetadata(); - ~EVRootCAMetadata(); + // Returns true if policy_oid is an EV policy OID of some root CA. + bool IsEVPolicyOID(PolicyOID policy_oid) const; + + // Returns true if the root CA with the given certificate fingerprint has + // the EV policy OID policy_oid. + bool HasEVPolicyOID(const SHA1Fingerprint& fingerprint, + PolicyOID policy_oid) const; + private: friend struct DefaultSingletonTraits<EVRootCAMetadata>; typedef std::map<SHA1Fingerprint, PolicyOID, SHA1FingerprintLessThan> PolicyOidMap; + EVRootCAMetadata(); + ~EVRootCAMetadata(); + + static bool PolicyOIDsAreEqual(PolicyOID a, PolicyOID b); + // Maps an EV root CA cert's SHA-1 fingerprint to its EV policy OID. PolicyOidMap ev_policy_; +#if defined(OS_WIN) + static const PolicyOID policy_oids_[]; + int num_policy_oids_; +#else std::vector<PolicyOID> policy_oids_; +#endif DISALLOW_COPY_AND_ASSIGN(EVRootCAMetadata); }; diff --git a/net/base/host_resolver.h b/net/base/host_resolver.h index 2fb7067..471ad8a 100644 --- a/net/base/host_resolver.h +++ b/net/base/host_resolver.h @@ -20,6 +20,7 @@ namespace net { class AddressList; class BoundNetLog; class HostResolverImpl; +class HostResolverProc; class NetLog; // This class represents the task of resolving hostnames (or IP address @@ -230,13 +231,13 @@ class SingleRequestHostResolver { DISALLOW_COPY_AND_ASSIGN(SingleRequestHostResolver); }; -// Creates a HostResolver implementation that queries the underlying system. -// (Except if a unit-test has changed the global HostResolverProc using -// ScopedHostResolverProc to intercept requests to the system). -// |max_concurrent_resolves| is how many resolve requests will be allowed to -// run in parallel. Pass HostResolver::kDefaultParallelism to choose a -// default value. +// Creates a HostResolver implementation using |resolver_proc| as resolver, +// (which if NULL, will default to getaddrinfo() wrapper) that queries the +// underlying system, |max_concurrent_resolves| is how many resolve +// requests will be allowed to run in parallel. Pass +// HostResolver::kDefaultParallelism to choose a default value. HostResolver* CreateSystemHostResolver(size_t max_concurrent_resolves, + HostResolverProc* resolver_proc, NetLog* net_log); } // namespace net diff --git a/net/base/host_resolver_impl.cc b/net/base/host_resolver_impl.cc index 37063af..5812d17 100644 --- a/net/base/host_resolver_impl.cc +++ b/net/base/host_resolver_impl.cc @@ -16,7 +16,8 @@ #include "base/basictypes.h" #include "base/compiler_specific.h" -#include "base/debug_util.h" +#include "base/debug/debugger.h" +#include "base/debug/stack_trace.h" #include "base/lock.h" #include "base/message_loop.h" #include "base/metrics/field_trial.h" @@ -71,7 +72,9 @@ HostCache* CreateDefaultCache() { } // anonymous namespace HostResolver* CreateSystemHostResolver(size_t max_concurrent_resolves, + HostResolverProc* resolver_proc, NetLog* net_log) { +<<<<<<< HEAD // Maximum of 50 concurrent threads. // TODO(eroman): Adjust this, do some A/B experiments. #ifdef ANDROID @@ -80,6 +83,13 @@ HostResolver* CreateSystemHostResolver(size_t max_concurrent_resolves, #else static const size_t kDefaultMaxJobs = 50u; #endif +======= + // Maximum of 8 concurrent resolver threads. + // Some routers (or resolvers) appear to start to provide host-not-found if + // too many simultaneous resolutions are pending. This number needs to be + // further optimized, but 8 is what FF currently does. + static const size_t kDefaultMaxJobs = 8u; +>>>>>>> chromium.org at r65505 if (max_concurrent_resolves == HostResolver::kDefaultParallelism) max_concurrent_resolves = kDefaultMaxJobs; @@ -93,7 +103,7 @@ HostResolver* CreateSystemHostResolver(size_t max_concurrent_resolves, return systemResolver; #else HostResolverImpl* resolver = - new HostResolverImpl(NULL, CreateDefaultCache(), + new HostResolverImpl(resolver_proc, CreateDefaultCache(), max_concurrent_resolves, net_log); return resolver; @@ -369,9 +379,10 @@ class HostResolverImpl::Job had_non_speculative_request_(false), net_log_(BoundNetLog::Make(net_log, NetLog::SOURCE_HOST_RESOLVER_IMPL_JOB)) { - net_log_.BeginEvent(NetLog::TYPE_HOST_RESOLVER_IMPL_JOB, - new JobCreationParameters(key.hostname, - source_net_log.source())); + net_log_.BeginEvent( + NetLog::TYPE_HOST_RESOLVER_IMPL_JOB, + make_scoped_refptr( + new JobCreationParameters(key.hostname, source_net_log.source()))); } // Attaches a request to this job. The job takes ownership of |req| and will @@ -379,7 +390,8 @@ class HostResolverImpl::Job void AddRequest(Request* req) { req->request_net_log().BeginEvent( NetLog::TYPE_HOST_RESOLVER_IMPL_JOB_ATTACH, - new NetLogSourceParameter("source_dependency", net_log_.source())); + make_scoped_refptr(new NetLogSourceParameter( + "source_dependency", net_log_.source()))); req->set_job(this); requests_.push_back(req); @@ -1082,7 +1094,7 @@ void HostResolverImpl::CancelRequest(RequestHandle req_handle) { // Because we destroy outstanding requests during Shutdown(), // |req_handle| is already cancelled. LOG(ERROR) << "Called HostResolverImpl::CancelRequest() after Shutdown()."; - StackTrace().PrintBacktrace(); + base::debug::StackTrace().PrintBacktrace(); return; } Request* req = reinterpret_cast<Request*>(req_handle); @@ -1251,11 +1263,13 @@ void HostResolverImpl::OnStartRequest(const BoundNetLog& source_net_log, const RequestInfo& info) { source_net_log.BeginEvent( NetLog::TYPE_HOST_RESOLVER_IMPL, - new NetLogSourceParameter("source_dependency", request_net_log.source())); + make_scoped_refptr(new NetLogSourceParameter( + "source_dependency", request_net_log.source()))); request_net_log.BeginEvent( NetLog::TYPE_HOST_RESOLVER_IMPL_REQUEST, - new RequestInfoParameters(info, source_net_log.source())); + make_scoped_refptr(new RequestInfoParameters( + info, source_net_log.source()))); // Notify the observers of the start. if (!observers_.empty()) { @@ -1384,7 +1398,7 @@ void HostResolverImpl::ProcessQueuedRequests() { if (!top_req) return; - scoped_refptr<Job> job = CreateAndStartJob(top_req); + scoped_refptr<Job> job(CreateAndStartJob(top_req)); // Search for any other pending request which can piggy-back off this job. for (size_t pool_i = 0; pool_i < POOL_COUNT; ++pool_i) { @@ -1414,8 +1428,8 @@ HostResolverImpl::Job* HostResolverImpl::CreateAndStartJob(Request* req) { req->request_net_log().AddEvent(NetLog::TYPE_HOST_RESOLVER_IMPL_CREATE_JOB, NULL); - scoped_refptr<Job> job = new Job(next_job_id_++, this, key, - req->request_net_log(), net_log_); + scoped_refptr<Job> job(new Job(next_job_id_++, this, key, + req->request_net_log(), net_log_)); job->AddRequest(req); AddOutstandingJob(job); job->Start(); diff --git a/net/base/host_resolver_impl_unittest.cc b/net/base/host_resolver_impl_unittest.cc index 07e00bf..f3bdb74 100644 --- a/net/base/host_resolver_impl_unittest.cc +++ b/net/base/host_resolver_impl_unittest.cc @@ -259,8 +259,8 @@ TEST_F(HostResolverImplTest, SynchronousLookup) { AddressList addrlist; const int kPortnum = 80; - scoped_refptr<RuleBasedHostResolverProc> resolver_proc = - new RuleBasedHostResolverProc(NULL); + scoped_refptr<RuleBasedHostResolverProc> resolver_proc( + new RuleBasedHostResolverProc(NULL)); resolver_proc->AddRule("just.testing", "192.168.1.42"); scoped_ptr<HostResolver> host_resolver( @@ -291,8 +291,8 @@ TEST_F(HostResolverImplTest, AsynchronousLookup) { AddressList addrlist; const int kPortnum = 80; - scoped_refptr<RuleBasedHostResolverProc> resolver_proc = - new RuleBasedHostResolverProc(NULL); + scoped_refptr<RuleBasedHostResolverProc> resolver_proc( + new RuleBasedHostResolverProc(NULL)); resolver_proc->AddRule("just.testing", "192.168.1.42"); scoped_ptr<HostResolver> host_resolver( @@ -328,8 +328,8 @@ TEST_F(HostResolverImplTest, AsynchronousLookup) { } TEST_F(HostResolverImplTest, CanceledAsynchronousLookup) { - scoped_refptr<WaitingHostResolverProc> resolver_proc = - new WaitingHostResolverProc(NULL); + scoped_refptr<WaitingHostResolverProc> resolver_proc( + new WaitingHostResolverProc(NULL)); CapturingNetLog net_log(CapturingNetLog::kUnbounded); CapturingBoundNetLog log(CapturingNetLog::kUnbounded); @@ -390,8 +390,8 @@ TEST_F(HostResolverImplTest, CanceledAsynchronousLookup) { TEST_F(HostResolverImplTest, NumericIPv4Address) { // Stevens says dotted quads with AI_UNSPEC resolve to a single sockaddr_in. - scoped_refptr<RuleBasedHostResolverProc> resolver_proc = - new RuleBasedHostResolverProc(NULL); + scoped_refptr<RuleBasedHostResolverProc> resolver_proc( + new RuleBasedHostResolverProc(NULL)); resolver_proc->AllowDirectLookup("*"); scoped_ptr<HostResolver> host_resolver( @@ -413,8 +413,8 @@ TEST_F(HostResolverImplTest, NumericIPv4Address) { } TEST_F(HostResolverImplTest, NumericIPv6Address) { - scoped_refptr<RuleBasedHostResolverProc> resolver_proc = - new RuleBasedHostResolverProc(NULL); + scoped_refptr<RuleBasedHostResolverProc> resolver_proc( + new RuleBasedHostResolverProc(NULL)); resolver_proc->AllowDirectLookup("*"); // Resolve a plain IPv6 address. Don't worry about [brackets], because @@ -445,8 +445,8 @@ TEST_F(HostResolverImplTest, NumericIPv6Address) { } TEST_F(HostResolverImplTest, EmptyHost) { - scoped_refptr<RuleBasedHostResolverProc> resolver_proc = - new RuleBasedHostResolverProc(NULL); + scoped_refptr<RuleBasedHostResolverProc> resolver_proc( + new RuleBasedHostResolverProc(NULL)); resolver_proc->AllowDirectLookup("*"); scoped_ptr<HostResolver> host_resolver( @@ -459,8 +459,8 @@ TEST_F(HostResolverImplTest, EmptyHost) { } TEST_F(HostResolverImplTest, LongHost) { - scoped_refptr<RuleBasedHostResolverProc> resolver_proc = - new RuleBasedHostResolverProc(NULL); + scoped_refptr<RuleBasedHostResolverProc> resolver_proc( + new RuleBasedHostResolverProc(NULL)); resolver_proc->AllowDirectLookup("*"); scoped_ptr<HostResolver> host_resolver( @@ -523,8 +523,8 @@ class DeDupeRequestsVerifier : public ResolveRequest::Delegate { TEST_F(HostResolverImplTest, DeDupeRequests) { // Use a capturing resolver_proc, since the verifier needs to know what calls // reached Resolve(). Also, the capturing resolver_proc is initially blocked. - scoped_refptr<CapturingHostResolverProc> resolver_proc = - new CapturingHostResolverProc(NULL); + scoped_refptr<CapturingHostResolverProc> resolver_proc( + new CapturingHostResolverProc(NULL)); scoped_ptr<HostResolver> host_resolver( CreateHostResolverImpl(resolver_proc)); @@ -574,8 +574,8 @@ TEST_F(HostResolverImplTest, CancelMultipleRequests) { // Use a capturing resolver_proc, since the verifier needs to know what calls // reached Resolver(). Also, the capturing resolver_proc is initially // blocked. - scoped_refptr<CapturingHostResolverProc> resolver_proc = - new CapturingHostResolverProc(NULL); + scoped_refptr<CapturingHostResolverProc> resolver_proc( + new CapturingHostResolverProc(NULL)); scoped_ptr<HostResolver> host_resolver( CreateHostResolverImpl(resolver_proc)); @@ -661,8 +661,8 @@ TEST_F(HostResolverImplTest, CancelWithinCallback) { // Use a capturing resolver_proc, since the verifier needs to know what calls // reached Resolver(). Also, the capturing resolver_proc is initially // blocked. - scoped_refptr<CapturingHostResolverProc> resolver_proc = - new CapturingHostResolverProc(NULL); + scoped_refptr<CapturingHostResolverProc> resolver_proc( + new CapturingHostResolverProc(NULL)); scoped_ptr<HostResolver> host_resolver( CreateHostResolverImpl(resolver_proc)); @@ -718,8 +718,8 @@ TEST_F(HostResolverImplTest, DeleteWithinCallback) { // Use a capturing resolver_proc, since the verifier needs to know what calls // reached Resolver(). Also, the capturing resolver_proc is initially // blocked. - scoped_refptr<CapturingHostResolverProc> resolver_proc = - new CapturingHostResolverProc(NULL); + scoped_refptr<CapturingHostResolverProc> resolver_proc( + new CapturingHostResolverProc(NULL)); // The class will receive callbacks for when each resolve completes. It // checks that the right things happened. Note that the verifier holds the @@ -773,8 +773,8 @@ TEST_F(HostResolverImplTest, StartWithinCallback) { // Use a capturing resolver_proc, since the verifier needs to know what calls // reached Resolver(). Also, the capturing resolver_proc is initially // blocked. - scoped_refptr<CapturingHostResolverProc> resolver_proc = - new CapturingHostResolverProc(NULL); + scoped_refptr<CapturingHostResolverProc> resolver_proc( + new CapturingHostResolverProc(NULL)); // Turn off caching for this host resolver. scoped_ptr<HostResolver> host_resolver( @@ -1105,8 +1105,8 @@ TEST_F(HostResolverImplTest, FlushCacheOnIPAddressChange) { // Test that IP address changes send ERR_ABORTED to pending requests. TEST_F(HostResolverImplTest, AbortOnIPAddressChanged) { - scoped_refptr<WaitingHostResolverProc> resolver_proc = - new WaitingHostResolverProc(NULL); + scoped_refptr<WaitingHostResolverProc> resolver_proc( + new WaitingHostResolverProc(NULL)); HostCache* cache = CreateDefaultCache(); scoped_ptr<HostResolver> host_resolver( new HostResolverImpl(resolver_proc, cache, kMaxJobs, NULL)); @@ -1130,8 +1130,8 @@ TEST_F(HostResolverImplTest, AbortOnIPAddressChanged) { // Obey pool constraints after IP address has changed. TEST_F(HostResolverImplTest, ObeyPoolConstraintsAfterIPAddressChange) { - scoped_refptr<WaitingHostResolverProc> resolver_proc = - new WaitingHostResolverProc(NULL); + scoped_refptr<WaitingHostResolverProc> resolver_proc( + new WaitingHostResolverProc(NULL)); scoped_ptr<MockHostResolver> host_resolver(new MockHostResolver()); host_resolver->Reset(resolver_proc); @@ -1202,8 +1202,8 @@ class ResolveWithinCallback : public CallbackRunner< Tuple1<int> > { }; TEST_F(HostResolverImplTest, OnlyAbortExistingRequestsOnIPAddressChange) { - scoped_refptr<WaitingHostResolverProc> resolver_proc = - new WaitingHostResolverProc(NULL); + scoped_refptr<WaitingHostResolverProc> resolver_proc( + new WaitingHostResolverProc(NULL)); scoped_ptr<MockHostResolver> host_resolver(new MockHostResolver()); host_resolver->Reset(resolver_proc); @@ -1227,8 +1227,8 @@ TEST_F(HostResolverImplTest, OnlyAbortExistingRequestsOnIPAddressChange) { // Tests that when the maximum threads is set to 1, requests are dequeued // in order of priority. TEST_F(HostResolverImplTest, HigherPriorityRequestsStartedFirst) { - scoped_refptr<CapturingHostResolverProc> resolver_proc = - new CapturingHostResolverProc(NULL); + scoped_refptr<CapturingHostResolverProc> resolver_proc( + new CapturingHostResolverProc(NULL)); // This HostResolverImpl will only allow 1 outstanding resolve at a time. size_t kMaxJobs = 1u; @@ -1312,8 +1312,8 @@ TEST_F(HostResolverImplTest, HigherPriorityRequestsStartedFirst) { // Try cancelling a request which has not been attached to a job yet. TEST_F(HostResolverImplTest, CancelPendingRequest) { - scoped_refptr<CapturingHostResolverProc> resolver_proc = - new CapturingHostResolverProc(NULL); + scoped_refptr<CapturingHostResolverProc> resolver_proc( + new CapturingHostResolverProc(NULL)); // This HostResolverImpl will only allow 1 outstanding resolve at a time. const size_t kMaxJobs = 1u; @@ -1375,8 +1375,8 @@ TEST_F(HostResolverImplTest, CancelPendingRequest) { // Test that when too many requests are enqueued, old ones start to be aborted. TEST_F(HostResolverImplTest, QueueOverflow) { - scoped_refptr<CapturingHostResolverProc> resolver_proc = - new CapturingHostResolverProc(NULL); + scoped_refptr<CapturingHostResolverProc> resolver_proc( + new CapturingHostResolverProc(NULL)); // This HostResolverImpl will only allow 1 outstanding resolve at a time. const size_t kMaxOutstandingJobs = 1u; @@ -1453,8 +1453,8 @@ TEST_F(HostResolverImplTest, QueueOverflow) { // Tests that after changing the default AddressFamily to IPV4, requests // with UNSPECIFIED address family map to IPV4. TEST_F(HostResolverImplTest, SetDefaultAddressFamily_IPv4) { - scoped_refptr<CapturingHostResolverProc> resolver_proc = - new CapturingHostResolverProc(new EchoingHostResolverProc); + scoped_refptr<CapturingHostResolverProc> resolver_proc( + new CapturingHostResolverProc(new EchoingHostResolverProc)); // This HostResolverImpl will only allow 1 outstanding resolve at a time. const size_t kMaxOutstandingJobs = 1u; @@ -1521,8 +1521,8 @@ TEST_F(HostResolverImplTest, SetDefaultAddressFamily_IPv4) { // of requests 0 and 1 is flipped, and the default is set to IPv6 in place of // IPv4. TEST_F(HostResolverImplTest, SetDefaultAddressFamily_IPv6) { - scoped_refptr<CapturingHostResolverProc> resolver_proc = - new CapturingHostResolverProc(new EchoingHostResolverProc); + scoped_refptr<CapturingHostResolverProc> resolver_proc( + new CapturingHostResolverProc(new EchoingHostResolverProc)); // This HostResolverImpl will only allow 1 outstanding resolve at a time. const size_t kMaxOutstandingJobs = 1u; @@ -1588,8 +1588,8 @@ TEST_F(HostResolverImplTest, SetDefaultAddressFamily_IPv6) { // This tests that the default address family is respected for synchronous // resolutions. TEST_F(HostResolverImplTest, SetDefaultAddressFamily_Synchronous) { - scoped_refptr<CapturingHostResolverProc> resolver_proc = - new CapturingHostResolverProc(new EchoingHostResolverProc); + scoped_refptr<CapturingHostResolverProc> resolver_proc( + new CapturingHostResolverProc(new EchoingHostResolverProc)); const size_t kMaxOutstandingJobs = 10u; scoped_ptr<HostResolverImpl> host_resolver(new HostResolverImpl( diff --git a/net/base/listen_socket.cc b/net/base/listen_socket.cc index 0cb529d..c964ec9 100644 --- a/net/base/listen_socket.cc +++ b/net/base/listen_socket.cc @@ -121,8 +121,8 @@ SOCKET ListenSocket::Accept(SOCKET s) { void ListenSocket::Accept() { SOCKET conn = Accept(socket_); if (conn != kInvalidSocket) { - scoped_refptr<ListenSocket> sock = - new ListenSocket(conn, socket_delegate_); + scoped_refptr<ListenSocket> sock( + new ListenSocket(conn, socket_delegate_)); // it's up to the delegate to AddRef if it wants to keep it around #if defined(OS_POSIX) sock->WatchSocket(WAITING_READ); diff --git a/net/base/mime_util.cc b/net/base/mime_util.cc index a580997..ddcfc4b 100644 --- a/net/base/mime_util.cc +++ b/net/base/mime_util.cc @@ -82,6 +82,7 @@ static const MimeInfo primary_mappings[] = { { "text/xml", "xml" }, { "image/gif", "gif" }, { "image/jpeg", "jpeg,jpg" }, + { "image/webp", "webp" }, { "image/png", "png" }, { "video/mp4", "mp4,m4v" }, { "audio/x-m4a", "m4a" }, @@ -192,6 +193,7 @@ static const char* const supported_image_types[] = { "image/jpeg", "image/pjpeg", "image/jpg", + "image/webp", "image/png", "image/gif", "image/bmp", @@ -547,6 +549,7 @@ static const char* kStandardImageTypes[] = { "image/gif", "image/ief", "image/jpeg", + "image/webp", "image/pict", "image/pipeg", "image/png", @@ -660,7 +663,6 @@ void HashSetToVector(base::hash_set<T>* source, std::vector<T>* target) { target->at(old_target_size + i) = *iter; } } - } void GetImageExtensions(std::vector<FilePath::StringType>* extensions) { diff --git a/net/base/mock_host_resolver.cc b/net/base/mock_host_resolver.cc index 9c82f93..9ee5c53 100644 --- a/net/base/mock_host_resolver.cc +++ b/net/base/mock_host_resolver.cc @@ -80,8 +80,8 @@ void MockHostResolverBase::Reset(HostResolverProc* interceptor) { synchronous_mode_ = false; // At the root of the chain, map everything to localhost. - scoped_refptr<RuleBasedHostResolverProc> catchall = - new RuleBasedHostResolverProc(NULL); + scoped_refptr<RuleBasedHostResolverProc> catchall( + new RuleBasedHostResolverProc(NULL)); catchall->AddRule("*", "127.0.0.1"); // Next add a rules-based layer the use controls. diff --git a/net/base/net_error_list.h b/net/base/net_error_list.h index d7ae9d1..96b19ad 100644 --- a/net/base/net_error_list.h +++ b/net/base/net_error_list.h @@ -50,7 +50,7 @@ NET_ERROR(FILE_TOO_BIG, -8) // invalid assumption. NET_ERROR(UNEXPECTED, -9) -// Permission to access a resource was denied. +// Permission to access a resource, other than the network, was denied. NET_ERROR(ACCESS_DENIED, -10) // The operation failed because of unimplemented functionality. @@ -66,7 +66,7 @@ NET_ERROR(OUT_OF_MEMORY, -13) // from the expectation. NET_ERROR(UPLOAD_FILE_CHANGED, -14) -// The socket is not connected +// The socket is not connected. NET_ERROR(SOCKET_NOT_CONNECTED, -15) // A connection was closed (corresponding to a TCP FIN). @@ -191,10 +191,7 @@ NET_ERROR(SSL_SNAP_START_NPN_MISPREDICTION, -131) // give the user a helpful error message rather than have the connection hang. NET_ERROR(ESET_ANTI_VIRUS_SSL_INTERCEPTION, -132) -// We detected NetNanny intercepting our HTTPS connections. Since this product -// is False Start intolerant, we return this error so that we can give the user -// a helpful error message rather than have the connection hang. -NET_ERROR(NETNANNY_SSL_INTERCEPTION, -133) +// Missing -133. Feel free to reuse in the future. // The permission to use the SSL client certificate's private key was denied. NET_ERROR(SSL_CLIENT_AUTH_PRIVATE_KEY_ACCESS_DENIED, -134) @@ -208,6 +205,11 @@ NET_ERROR(PROXY_CERTIFICATE_INVALID, -136) // An error occurred when trying to do a name resolution (DNS). NET_ERROR(NAME_RESOLUTION_FAILED, -137) +// Permission to access the network was denied. This is used to distinguish +// errors that were most likely caused by a firewall from other access denied +// errors. See also ERR_ACCESS_DENIED. +NET_ERROR(NETWORK_ACCESS_DENIED, -138) + // Certificate error codes // // The values of certificate error codes must be consecutive. diff --git a/net/base/net_log_event_type_list.h b/net/base/net_log_event_type_list.h index 398f7c1..6183749 100644 --- a/net/base/net_log_event_type_list.h +++ b/net/base/net_log_event_type_list.h @@ -334,6 +334,17 @@ EVENT_TYPE(SSL_HANDSHAKE_ERROR) EVENT_TYPE(SSL_READ_ERROR) EVENT_TYPE(SSL_WRITE_ERROR) +// An SSL Snap Start was attempted +// The following parameters are attached to the event: +// { +// "type": <Integer code for the Snap Start result>, +// } +EVENT_TYPE(SSL_SNAP_START) + +// We found that our prediction of the server's certificates was correct and +// we merged the verification with the SSLHostInfo. +EVENT_TYPE(SSL_VERIFICATION_MERGED) + // An SSL error occurred while calling an NSS function not directly related to // one of the above activities. Can also be used when more information than // is provided by just an error code is needed: diff --git a/net/base/net_test_suite.h b/net/base/net_test_suite.h index eab3a53..00d9844 100644 --- a/net/base/net_test_suite.h +++ b/net/base/net_test_suite.h @@ -9,7 +9,9 @@ #include "base/message_loop.h" #include "base/ref_counted.h" #include "base/test/test_suite.h" +#include "build/build_config.h" #include "net/base/mock_host_resolver.h" +#include "net/ocsp/nss_ocsp.h" class NetTestSuite : public base::TestSuite { public: @@ -39,6 +41,10 @@ class NetTestSuite : public base::TestSuite { } virtual void Shutdown() { +#if defined(OS_LINUX) + net::ShutdownOCSP(); +#endif // defined(OS_LINUX) + // We want to destroy this here before the TestSuite continues to tear down // the environment. message_loop_.reset(); diff --git a/net/base/net_util.cc b/net/base/net_util.cc index c1f769e..5afba6f 100644 --- a/net/base/net_util.cc +++ b/net/base/net_util.cc @@ -181,7 +181,7 @@ STR GetSpecificHeaderT(const STR& headers, const STR& name) { typename STR::const_iterator begin = search(headers.begin(), headers.end(), match.begin(), match.end(), - CaseInsensitiveCompareASCII<typename STR::value_type>()); + base::CaseInsensitiveCompareASCII<typename STR::value_type>()); if (begin == headers.end()) return STR(); @@ -374,9 +374,7 @@ bool DecodeWord(const std::string& encoded_word, // it should be Ok because we're not an email client but a // web browser. - // What IE6/7 does: %-escaped UTF-8. We could extend this to - // support a rudimentary form of RFC 2231 with charset label, but - // it'd gain us little in terms of compatibility. + // What IE6/7 does: %-escaped UTF-8. tmp = UnescapeURLComponent(encoded_word, UnescapeRule::SPACES); if (IsStringUTF8(tmp)) { output->swap(tmp); @@ -425,11 +423,12 @@ bool DecodeParamValue(const std::string& input, // TODO(mpcomplete): This is a quick and dirty implementation for now. I'm // sure this doesn't properly handle all (most?) cases. template<typename STR> -STR GetHeaderParamValueT(const STR& header, const STR& param_name) { +STR GetHeaderParamValueT(const STR& header, const STR& param_name, + QuoteRule::Type quote_rule) { // This assumes args are formatted exactly like "bla; arg1=value; arg2=value". typename STR::const_iterator param_begin = search(header.begin(), header.end(), param_name.begin(), param_name.end(), - CaseInsensitiveCompareASCII<typename STR::value_type>()); + base::CaseInsensitiveCompareASCII<typename STR::value_type>()); if (param_begin == header.end()) return STR(); @@ -448,7 +447,7 @@ STR GetHeaderParamValueT(const STR& header, const STR& param_name) { return STR(); typename STR::const_iterator param_end; - if (*param_begin == '"') { + if (*param_begin == '"' && quote_rule == QuoteRule::REMOVE_OUTER_QUOTES) { param_end = find(param_begin+1, header.end(), '"'); if (param_end == header.end()) return STR(); // poorly formatted param? @@ -1096,29 +1095,86 @@ std::string GetSpecificHeader(const std::string& headers, return GetSpecificHeaderT(headers, name); } +bool DecodeCharset(const std::string& input, + std::string* decoded_charset, + std::string* value) { + StringTokenizer t(input, "'"); + t.set_options(StringTokenizer::RETURN_DELIMS); + std::string temp_charset; + std::string temp_value; + int numDelimsSeen = 0; + while (t.GetNext()) { + if (t.token_is_delim()) { + ++numDelimsSeen; + continue; + } else { + switch (numDelimsSeen) { + case 0: + temp_charset = t.token(); + break; + case 1: + // Language is ignored. + break; + case 2: + temp_value = t.token(); + break; + default: + return false; + } + } + } + if (numDelimsSeen != 2) + return false; + if (temp_charset.empty() || temp_value.empty()) + return false; + decoded_charset->swap(temp_charset); + value->swap(temp_value); + return true; +} + std::string GetFileNameFromCD(const std::string& header, const std::string& referrer_charset) { - std::string param_value = GetHeaderParamValue(header, "filename"); + std::string decoded; + std::string param_value = GetHeaderParamValue(header, "filename*", + QuoteRule::KEEP_OUTER_QUOTES); + if (!param_value.empty()) { + if (param_value.find('"') == std::string::npos) { + std::string charset; + std::string value; + if (DecodeCharset(param_value, &charset, &value)) { + // RFC 5987 value should be ASCII-only. + if (!IsStringASCII(value)) + return std::string(); + std::string tmp = UnescapeURLComponent(value, UnescapeRule::SPACES); + if (base::ConvertToUtf8AndNormalize(tmp, charset, &decoded)) + return decoded; + } + } + } + param_value = GetHeaderParamValue(header, "filename", + QuoteRule::REMOVE_OUTER_QUOTES); if (param_value.empty()) { // Some servers use 'name' parameter. - param_value = GetHeaderParamValue(header, "name"); + param_value = GetHeaderParamValue(header, "name", + QuoteRule::REMOVE_OUTER_QUOTES); } if (param_value.empty()) return std::string(); - std::string decoded; if (DecodeParamValue(param_value, referrer_charset, &decoded)) return decoded; return std::string(); } std::wstring GetHeaderParamValue(const std::wstring& field, - const std::wstring& param_name) { - return GetHeaderParamValueT(field, param_name); + const std::wstring& param_name, + QuoteRule::Type quote_rule) { + return GetHeaderParamValueT(field, param_name, quote_rule); } std::string GetHeaderParamValue(const std::string& field, - const std::string& param_name) { - return GetHeaderParamValueT(field, param_name); + const std::string& param_name, + QuoteRule::Type quote_rule) { + return GetHeaderParamValueT(field, param_name, quote_rule); } // TODO(brettw) bug 734373: check the scripts for each host component and @@ -1681,10 +1737,11 @@ void SetExplicitlyAllowedPorts(const std::string& allowed_ports) { (allowed_ports[i] != kComma)) return; if (i == size || allowed_ports[i] == kComma) { - size_t length = i - last; - if (length > 0) { + if (i > last) { int port; - base::StringToInt(allowed_ports.substr(last, length), &port); + base::StringToInt(allowed_ports.begin() + last, + allowed_ports.begin() + i, + &port); ports.insert(port); } last = i + 1; diff --git a/net/base/net_util.h b/net/base/net_util.h index f5a6151..4b87c70 100644 --- a/net/base/net_util.h +++ b/net/base/net_util.h @@ -42,6 +42,18 @@ namespace net { typedef uint32 FormatUrlType; typedef uint32 FormatUrlTypes; +// Used by GetHeaderParamValue to determine how to handle quotes in the value. +class QuoteRule { + public: + enum Type { + KEEP_OUTER_QUOTES, + REMOVE_OUTER_QUOTES, + }; + + private: + QuoteRule(); +}; + // Nothing is ommitted. extern const FormatUrlType kFormatUrlOmitNothing; @@ -124,23 +136,26 @@ std::string GetSpecificHeader(const std::string& headers, // 'param_name'. Returns the empty string if the parameter is not found or is // improperly formatted. std::wstring GetHeaderParamValue(const std::wstring& field, - const std::wstring& param_name); + const std::wstring& param_name, + QuoteRule::Type quote_rule); std::string GetHeaderParamValue(const std::string& field, - const std::string& param_name); + const std::string& param_name, + QuoteRule::Type quote_rule); // Return the filename extracted from Content-Disposition header. The following // formats are tried in order listed below: // -// 1. RFC 2047 -// 2. Raw-8bit-characters : +// 1. RFC 5987 +// 2. RFC 2047 +// 3. Raw-8bit-characters : // a. UTF-8, b. referrer_charset, c. default os codepage. -// 3. %-escaped UTF-8. +// 4. %-escaped UTF-8. // -// In step 2, if referrer_charset is empty(i.e. unknown), 2b is skipped. -// In step 3, the fallback charsets tried in step 2 are not tried. We +// In step 3, if referrer_charset is empty(i.e. unknown), 3b is skipped. +// In step 4, the fallback charsets tried in step 3 are not tried. We // can consider doing that later. // -// When a param value is ASCII, but is not in format #1 or format #3 above, +// When a param value is ASCII, but is not in format #2 or format #4 above, // it is returned as it is unless it's pretty close to two supported // formats but not well-formed. In that case, an empty string is returned. // diff --git a/net/base/net_util_unittest.cc b/net/base/net_util_unittest.cc index ad7ccad..77d3a00 100644 --- a/net/base/net_util_unittest.cc +++ b/net/base/net_util_unittest.cc @@ -711,7 +711,8 @@ TEST(NetUtilTest, GetHeaderParamValue) { std::wstring header_value = net::GetSpecificHeader(google_headers, tests[i].header_name); std::wstring result = - net::GetHeaderParamValue(header_value, tests[i].param_name); + net::GetHeaderParamValue(header_value, tests[i].param_name, + net::QuoteRule::REMOVE_OUTER_QUOTES); EXPECT_EQ(result, tests[i].expected); } @@ -719,11 +720,38 @@ TEST(NetUtilTest, GetHeaderParamValue) { std::wstring header_value = net::GetSpecificHeader(L"", tests[i].header_name); std::wstring result = - net::GetHeaderParamValue(header_value, tests[i].param_name); + net::GetHeaderParamValue(header_value, tests[i].param_name, + net::QuoteRule::REMOVE_OUTER_QUOTES); EXPECT_EQ(result, std::wstring()); } } +TEST(NetUtilTest, GetHeaderParamValueQuotes) { + struct { + const char* header; + const char* expected_with_quotes; + const char* expected_without_quotes; + } tests[] = { + {"filename=foo", "foo", "foo"}, + {"filename=\"foo\"", "\"foo\"", "foo"}, + {"filename=foo\"", "foo\"", "foo\""}, + {"filename=fo\"o", "fo\"o", "fo\"o"}, + }; + + for (size_t i = 0; i < ARRAYSIZE_UNSAFE(tests); ++i) { + std::string actual_with_quotes = + net::GetHeaderParamValue(tests[i].header, "filename", + net::QuoteRule::KEEP_OUTER_QUOTES); + std::string actual_without_quotes = + net::GetHeaderParamValue(tests[i].header, "filename", + net::QuoteRule::REMOVE_OUTER_QUOTES); + EXPECT_EQ(tests[i].expected_with_quotes, actual_with_quotes) + << "Failed while processing: " << tests[i].header; + EXPECT_EQ(tests[i].expected_without_quotes, actual_without_quotes) + << "Failed while processing: " << tests[i].header; + } +} + TEST(NetUtilTest, GetFileNameFromCD) { const FileNameCDCase tests[] = { // Test various forms of C-D header fields emitted by web servers. @@ -762,7 +790,7 @@ TEST(NetUtilTest, GetFileNameFromCD) { "_3=2Epng?=", "", L"\U00010330 3.png"}, {"Content-Disposition: inline; filename=\"=?iso88591?Q?caf=e9_=2epng?=\"", "", L"caf\x00e9 .png"}, - // Space after an encode word should be removed. + // Space after an encoded word should be removed. {"Content-Disposition: inline; filename=\"=?iso88591?Q?caf=E9_?= .png\"", "", L"caf\x00e9 .png"}, // Two encoded words with different charsets (not very likely to be emitted @@ -812,11 +840,92 @@ TEST(NetUtilTest, GetFileNameFromCD) { // Two RFC 2047 encoded words in a row without a space is an error. {"Content-Disposition: attachment; filename==?windows-1252?Q?caf=E3?=" "=?iso-8859-7?b?4eIucG5nCg==?=", "", L""}, + + // RFC 5987 tests with Filename* : see http://tools.ietf.org/html/rfc5987 + {"Content-Disposition: attachment; filename*=foo.html", "", L""}, + {"Content-Disposition: attachment; filename*=foo'.html", "", L""}, + {"Content-Disposition: attachment; filename*=''foo'.html", "", L""}, + {"Content-Disposition: attachment; filename*=''foo.html'", "", L""}, + {"Content-Disposition: attachment; filename*=''f\"oo\".html'", "", L""}, + {"Content-Disposition: attachment; filename*=bogus_charset''foo.html'", + "", L""}, + {"Content-Disposition: attachment; filename*='en'foo.html'", "", L""}, + {"Content-Disposition: attachment; filename*=iso-8859-1'en'foo.html", "", + L"foo.html"}, + {"Content-Disposition: attachment; filename*=utf-8'en'foo.html", "", + L"foo.html"}, + // charset cannot be omitted. + {"Content-Disposition: attachment; filename*='es'f\xfa.html'", "", L""}, + // Non-ASCII bytes are not allowed. + {"Content-Disposition: attachment; filename*=iso-8859-1'es'f\xfa.html", "", + L""}, + {"Content-Disposition: attachment; filename*=utf-8'es'f\xce\xba.html", "", + L""}, + // TODO(jshin): Space should be %-encoded, but currently, we allow + // spaces. + {"Content-Disposition: inline; filename*=iso88591''cafe foo.png", "", + L"cafe foo.png"}, + + // Filename* tests converted from Q-encoded tests above. + {"Content-Disposition: attachment; filename*=EUC-JP''%B7%DD%BD%D13%2Epng", + "", L"\x82b8\x8853" L"3.png"}, + {"Content-Disposition: attachment; filename*=utf-8''" + "%E8%8A%B8%E8%A1%93%203%2Epng", "", L"\x82b8\x8853 3.png"}, + {"Content-Disposition: attachment; filename*=utf-8''%F0%90%8C%B0 3.png", "", + L"\U00010330 3.png"}, + {"Content-Disposition: inline; filename*=Euc-Kr'ko'%BF%B9%BC%FA%2Epng", "", + L"\xc608\xc220.png"}, + {"Content-Disposition: attachment; filename*=windows-1252''caf%E9.png", "", + L"caf\x00e9.png"}, + + // http://greenbytes.de/tech/tc2231/ filename* test cases. + // attwithisofn2231iso + {"Content-Disposition: attachment; filename*=iso-8859-1''foo-%E4.html", "", + L"foo-\xe4.html"}, + // attwithfn2231utf8 + {"Content-Disposition: attachment; filename*=" + "UTF-8''foo-%c3%a4-%e2%82%ac.html", "", L"foo-\xe4-\x20ac.html"}, + // attwithfn2231noc : no encoding specified but UTF-8 is used. + {"Content-Disposition: attachment; filename*=''foo-%c3%a4-%e2%82%ac.html", + "", L""}, + // attwithfn2231utf8comp + {"Content-Disposition: attachment; filename*=UTF-8''foo-a%cc%88.html", "", + L"foo-\xe4.html"}, +#ifdef ICU_SHOULD_FAIL_CONVERSION_ON_INVALID_CHARACTER + // This does not work because we treat ISO-8859-1 synonymous with + // Windows-1252 per HTML5. For HTTP, in theory, we're not + // supposed to. + // attwithfn2231utf8-bad + {"Content-Disposition: attachment; filename*=" + "iso-8859-1''foo-%c3%a4-%e2%82%ac.html", "", L""}, +#endif + // attwithfn2231ws1 + {"Content-Disposition: attachment; filename *=UTF-8''foo-%c3%a4.html", "", + L""}, + // attwithfn2231ws2 + {"Content-Disposition: attachment; filename*= UTF-8''foo-%c3%a4.html", "", + L"foo-\xe4.html"}, + // attwithfn2231ws3 + {"Content-Disposition: attachment; filename* =UTF-8''foo-%c3%a4.html", "", + L"foo-\xe4.html"}, + // attwithfn2231quot + {"Content-Disposition: attachment; filename*=\"UTF-8''foo-%c3%a4.html\"", + "", L""}, + // attfnboth + {"Content-Disposition: attachment; filename=\"foo-ae.html\"; " + "filename*=UTF-8''foo-%c3%a4.html", "", L"foo-\xe4.html"}, + // attfnboth2 + {"Content-Disposition: attachment; filename*=UTF-8''foo-%c3%a4.html; " + "filename=\"foo-ae.html\"", "", L"foo-\xe4.html"}, + // attnewandfn + {"Content-Disposition: attachment; foobar=x; filename=\"foo.html\"", "", + L"foo.html"}, }; for (size_t i = 0; i < ARRAYSIZE_UNSAFE(tests); ++i) { EXPECT_EQ(tests[i].expected, UTF8ToWide(net::GetFileNameFromCD(tests[i].header_field, - tests[i].referrer_charset))); + tests[i].referrer_charset))) + << "Failed on input: " << tests[i].header_field; } } diff --git a/net/base/network_config_watcher_mac.cc b/net/base/network_config_watcher_mac.cc index 365859e..dd93067 100644 --- a/net/base/network_config_watcher_mac.cc +++ b/net/base/network_config_watcher_mac.cc @@ -8,12 +8,10 @@ #include <SystemConfiguration/SCSchemaDefinitions.h> #include <algorithm> +#include "base/compiler_specific.h" #include "base/thread.h" #include "base/mac/scoped_cftyperef.h" -// We only post tasks to a child thread we own, so we don't need refcounting. -DISABLE_RUNNABLE_METHOD_REFCOUNT(net::NetworkConfigWatcherMac); - namespace net { namespace { @@ -27,48 +25,59 @@ void DynamicStoreCallback(SCDynamicStoreRef /* store */, net_config_delegate->OnNetworkConfigChange(changed_keys); } -} // namespace +class NetworkConfigWatcherMacThread : public base::Thread { + public: + NetworkConfigWatcherMacThread(NetworkConfigWatcherMac::Delegate* delegate); + virtual ~NetworkConfigWatcherMacThread(); -NetworkConfigWatcherMac::NetworkConfigWatcherMac( - Delegate* delegate) - : notifier_thread_(new base::Thread("NetworkConfigWatcher")), - delegate_(delegate) { - // We create this notifier thread because the notification implementation - // needs a thread with a CFRunLoop, and there's no guarantee that - // MessageLoop::current() meets that criterion. - base::Thread::Options thread_options(MessageLoop::TYPE_UI, 0); - notifier_thread_->StartWithOptions(thread_options); + protected: + // base::Thread + virtual void Init(); + virtual void CleanUp(); + + private: + // The SystemConfiguration calls in this function can lead to contention early + // on, so we invoke this function later on in startup to keep it fast. + void InitNotifications(); + + base::mac::ScopedCFTypeRef<CFRunLoopSourceRef> run_loop_source_; + NetworkConfigWatcherMac::Delegate* const delegate_; + ScopedRunnableMethodFactory<NetworkConfigWatcherMacThread> method_factory_; + + DISALLOW_COPY_AND_ASSIGN(NetworkConfigWatcherMacThread); +}; + +NetworkConfigWatcherMacThread::NetworkConfigWatcherMacThread( + NetworkConfigWatcherMac::Delegate* delegate) + : base::Thread("NetworkConfigWatcher"), + delegate_(delegate), + ALLOW_THIS_IN_INITIALIZER_LIST(method_factory_(this)) {} + +NetworkConfigWatcherMacThread::~NetworkConfigWatcherMacThread() { + Stop(); +} + +void NetworkConfigWatcherMacThread::Init() { // TODO(willchan): Look to see if there's a better signal for when it's ok to // initialize this, rather than just delaying it by a fixed time. - const int kNotifierThreadInitializationDelayMS = 1000; - notifier_thread_->message_loop()->PostDelayedTask( + const int kInitializationDelayMS = 1000; + message_loop()->PostDelayedTask( FROM_HERE, - NewRunnableMethod(this, &NetworkConfigWatcherMac::Init), - kNotifierThreadInitializationDelayMS); -} - -NetworkConfigWatcherMac::~NetworkConfigWatcherMac() { - // We don't need to explicitly Stop(), but doing so allows us to sanity- - // check that the notifier thread shut down properly. - notifier_thread_->Stop(); - DCHECK(run_loop_source_ == NULL); + method_factory_.NewRunnableMethod( + &NetworkConfigWatcherMacThread::InitNotifications), + kInitializationDelayMS); } -void NetworkConfigWatcherMac::WillDestroyCurrentMessageLoop() { - DCHECK(notifier_thread_ != NULL); - // We can't check the notifier_thread_'s message_loop(), as it's now 0. - // DCHECK_EQ(notifier_thread_->message_loop(), MessageLoop::current()); +void NetworkConfigWatcherMacThread::CleanUp() { + if (!run_loop_source_.get()) + return; - DCHECK(run_loop_source_ != NULL); CFRunLoopRemoveSource(CFRunLoopGetCurrent(), run_loop_source_.get(), kCFRunLoopCommonModes); run_loop_source_.reset(); } -void NetworkConfigWatcherMac::Init() { - DCHECK(notifier_thread_ != NULL); - DCHECK_EQ(notifier_thread_->message_loop(), MessageLoop::current()); - +void NetworkConfigWatcherMacThread::InitNotifications() { // Add a run loop source for a dynamic store to the current run loop. SCDynamicStoreContext context = { 0, // Version 0. @@ -86,8 +95,19 @@ void NetworkConfigWatcherMac::Init() { // Set up notifications for interface and IP address changes. delegate_->SetDynamicStoreNotificationKeys(store.get()); +} + +} // namespace - MessageLoop::current()->AddDestructionObserver(this); +NetworkConfigWatcherMac::NetworkConfigWatcherMac(Delegate* delegate) + : notifier_thread_(new NetworkConfigWatcherMacThread(delegate)) { + // We create this notifier thread because the notification implementation + // needs a thread with a CFRunLoop, and there's no guarantee that + // MessageLoop::current() meets that criterion. + base::Thread::Options thread_options(MessageLoop::TYPE_UI, 0); + notifier_thread_->StartWithOptions(thread_options); } +NetworkConfigWatcherMac::~NetworkConfigWatcherMac() {} + } // namespace net diff --git a/net/base/network_config_watcher_mac.h b/net/base/network_config_watcher_mac.h index f9f9d36..3bd55f9 100644 --- a/net/base/network_config_watcher_mac.h +++ b/net/base/network_config_watcher_mac.h @@ -19,7 +19,7 @@ class Thread; namespace net { // Base class for watching the Mac OS system network settings. -class NetworkConfigWatcherMac : public MessageLoop::DestructionObserver { +class NetworkConfigWatcherMac { public: // NOTE: The lifetime of Delegate is expected to exceed the lifetime of // NetworkConfigWatcherMac. @@ -41,24 +41,11 @@ class NetworkConfigWatcherMac : public MessageLoop::DestructionObserver { virtual ~NetworkConfigWatcherMac(); private: - // MessageLoop::DestructionObserver: - virtual void WillDestroyCurrentMessageLoop(); - - // Called on the notifier thread to initialize the notification - // implementation. The SystemConfiguration calls in this function can lead to - // contention early on, so we invoke this function later on in startup to keep - // it fast. - void Init(); - // The thread used to listen for notifications. This relays the notification // to the registered observers without posting back to the thread the object // was created on. scoped_ptr<base::Thread> notifier_thread_; - base::mac::ScopedCFTypeRef<CFRunLoopSourceRef> run_loop_source_; - - Delegate* const delegate_; - DISALLOW_COPY_AND_ASSIGN(NetworkConfigWatcherMac); }; diff --git a/net/base/openssl_util.cc b/net/base/openssl_util.cc index fcdc3a1..51797ac 100644 --- a/net/base/openssl_util.cc +++ b/net/base/openssl_util.cc @@ -59,6 +59,10 @@ OpenSSLInitSingleton* GetOpenSSLInitSingleton() { return Singleton<OpenSSLInitSingleton>::get(); } +void EnsureOpenSSLInit() { + Singleton<OpenSSLInitSingleton>::get(); +} + // static void OpenSSLInitSingleton::LockingCallback(int mode, int n, diff --git a/net/base/openssl_util.h b/net/base/openssl_util.h index 4218a89..d4603c6 100644 --- a/net/base/openssl_util.h +++ b/net/base/openssl_util.h @@ -25,7 +25,7 @@ class ScopedSSL { }; // Singleton for initializing / cleaning up OpenSSL and holding a X509 store. -// Access it via EnsureOpenSSLInit(). +// Access it via GetOpenSSLInitSingleton(). class OpenSSLInitSingleton { public: SSL_CTX* ssl_ctx() const { return ssl_ctx_.get(); } @@ -49,5 +49,11 @@ class OpenSSLInitSingleton { OpenSSLInitSingleton* GetOpenSSLInitSingleton(); +// Initialize OpenSSL if it isn't already initialized. This must be called +// before any other OpenSSL functions (except GetOpenSSLInitSingleton above). +// This function is thread-safe, and OpenSSL will only ever be initialized once. +// OpenSSL will be properly shut down on program exit. +void EnsureOpenSSLInit(); + } // namespace net diff --git a/net/base/ssl_cipher_suite_names.cc b/net/base/ssl_cipher_suite_names.cc index 2db9a4b..39efd1c 100644 --- a/net/base/ssl_cipher_suite_names.cc +++ b/net/base/ssl_cipher_suite_names.cc @@ -6,6 +6,8 @@ #include <stdlib.h> +#include "base/logging.h" +#include "net/base/ssl_connection_status_flags.h" // Rather than storing the names of all the ciphersuites we eliminate the // redundancy and break each cipher suite into a key exchange method, cipher @@ -346,4 +348,28 @@ void SSLCompressionToString(const char** name, uint8 compresssion) { } } +void SSLVersionToString(const char** name, int ssl_version) { + switch (ssl_version) { + case SSL_CONNECTION_VERSION_SSL2: + *name = "SSL 2.0"; + break; + case SSL_CONNECTION_VERSION_SSL3: + *name = "SSL 3.0"; + break; + case SSL_CONNECTION_VERSION_TLS1: + *name = "TLS 1.0"; + break; + case SSL_CONNECTION_VERSION_TLS1_1: + *name = "TLS 1.1"; + break; + case SSL_CONNECTION_VERSION_TLS1_2: + *name = "TLS 1.2"; + break; + default: + NOTREACHED(); + *name = "???"; + break; + } +} + } // namespace net diff --git a/net/base/ssl_cipher_suite_names.h b/net/base/ssl_cipher_suite_names.h index cd61471..9241c1b 100644 --- a/net/base/ssl_cipher_suite_names.h +++ b/net/base/ssl_cipher_suite_names.h @@ -25,6 +25,12 @@ void SSLCipherSuiteToStrings(const char** key_exchange_str, // If the algorithm is unknown, |name| is set to "???". void SSLCompressionToString(const char** name, uint8 compression_method); +// SSLVersionToString returns the name of the SSL protocol version +// specified by |ssl_version|, which is defined in +// net/base/ssl_connection_status_flags.h. +// If the version is unknown, |name| is set to "???". +void SSLVersionToString(const char** name, int ssl_version); + } // namespace net #endif // NET_BASE_SSL_CIPHER_SUITE_NAMES_H_ diff --git a/net/base/ssl_config_service.cc b/net/base/ssl_config_service.cc index d8ecb0b..5c38f97 100644 --- a/net/base/ssl_config_service.cc +++ b/net/base/ssl_config_service.cc @@ -99,6 +99,7 @@ static bool g_dnssec_enabled = false; static bool g_false_start_enabled = true; static bool g_mitm_proxies_allowed = false; static bool g_snap_start_enabled = false; +static bool g_dns_cert_provenance_checking = false; // static void SSLConfigService::SetSSLConfigFlags(SSLConfig* ssl_config) { @@ -106,6 +107,8 @@ void SSLConfigService::SetSSLConfigFlags(SSLConfig* ssl_config) { ssl_config->false_start_enabled = g_false_start_enabled; ssl_config->mitm_proxies_allowed = g_mitm_proxies_allowed; ssl_config->snap_start_enabled = g_snap_start_enabled; + ssl_config->dns_cert_provenance_checking_enabled = + g_dns_cert_provenance_checking; } // static @@ -148,6 +151,16 @@ bool SSLConfigService::mitm_proxies_allowed() { return g_mitm_proxies_allowed; } +// static +void SSLConfigService::EnableDNSCertProvenanceChecking() { + g_dns_cert_provenance_checking = true; +} + +// static +bool SSLConfigService::dns_cert_provenance_checking_enabled() { + return g_dns_cert_provenance_checking; +} + void SSLConfigService::AddObserver(Observer* observer) { observer_list_.AddObserver(observer); } diff --git a/net/base/ssl_config_service.h b/net/base/ssl_config_service.h index 0ab88b2..be50097 100644 --- a/net/base/ssl_config_service.h +++ b/net/base/ssl_config_service.h @@ -28,6 +28,8 @@ struct SSLConfig { bool tls1_enabled; // True if TLS 1.0 is enabled. bool dnssec_enabled; // True if we'll accept DNSSEC chains in certificates. bool snap_start_enabled; // True if we'll try Snap Start handshakes. + // True if we'll do async checks for certificate provenance using DNS. + bool dns_cert_provenance_checking_enabled; // True if we allow this connection to be MITM attacked. This sounds a little // worse than it is: large networks sometimes MITM attack all SSL connections @@ -144,6 +146,10 @@ class SSLConfigService : public base::RefCountedThreadSafe<SSLConfigService> { // True if we use False Start for SSL and TLS. static bool false_start_enabled(); + // Enables DNS side checks for certificates. + static void EnableDNSCertProvenanceChecking(); + static bool dns_cert_provenance_checking_enabled(); + // Add an observer of this service. void AddObserver(Observer* observer); diff --git a/net/base/ssl_config_service_win.cc b/net/base/ssl_config_service_win.cc index 14c4d24..debea7d 100644 --- a/net/base/ssl_config_service_win.cc +++ b/net/base/ssl_config_service_win.cc @@ -4,6 +4,7 @@ #include "net/base/ssl_config_service_win.h" +#include "base/thread_restrictions.h" #include "base/win/registry.h" using base::TimeDelta; @@ -59,6 +60,9 @@ void SSLConfigServiceWin::GetSSLConfigAt(SSLConfig* config, TimeTicks now) { // static bool SSLConfigServiceWin::GetSSLConfigNow(SSLConfig* config) { + // This registry access goes to disk and will slow down the IO thread. + // http://crbug.com/61455 + base::ThreadRestrictions::ScopedAllowIO allow_io; RegKey internet_settings; if (!internet_settings.Open(HKEY_CURRENT_USER, kInternetSettingsSubKeyName, KEY_READ)) @@ -83,6 +87,8 @@ bool SSLConfigServiceWin::GetSSLConfigNow(SSLConfig* config) { // static void SSLConfigServiceWin::SetRevCheckingEnabled(bool enabled) { + // This registry access goes to disk and will slow down the IO thread. + // http://crbug.com/61455 DWORD value = enabled; RegKey internet_settings(HKEY_CURRENT_USER, kInternetSettingsSubKeyName, KEY_WRITE); @@ -108,6 +114,8 @@ void SSLConfigServiceWin::SetTLS1Enabled(bool enabled) { // static void SSLConfigServiceWin::SetSSLVersionEnabled(int version, bool enabled) { + // This registry access goes to disk and will slow down the IO thread. + // http://crbug.com/61455 RegKey internet_settings(HKEY_CURRENT_USER, kInternetSettingsSubKeyName, KEY_READ | KEY_WRITE); DWORD value; diff --git a/net/base/ssl_connection_status_flags.h b/net/base/ssl_connection_status_flags.h index 1b7640c..9596f00 100644 --- a/net/base/ssl_connection_status_flags.h +++ b/net/base/ssl_connection_status_flags.h @@ -27,10 +27,28 @@ enum { // library that doesn't report it, like SChannel.) SSL_CONNECTION_NO_RENEGOTIATION_EXTENSION = 1 << 19, + // The next three bits are reserved for the SSL version. + SSL_CONNECTION_VERSION_SHIFT = 20, + SSL_CONNECTION_VERSION_MASK = 7, + // 1 << 31 (the sign bit) is reserved so that the SSL connection status will // never be negative. }; +// NOTE: the SSL version enum constants must be between 0 and +// SSL_CONNECTION_VERSION_MASK, inclusive. +enum { + SSL_CONNECTION_VERSION_UNKNOWN = 0, // Unknown SSL version. + SSL_CONNECTION_VERSION_SSL2 = 1, + SSL_CONNECTION_VERSION_SSL3 = 2, + SSL_CONNECTION_VERSION_TLS1 = 3, + SSL_CONNECTION_VERSION_TLS1_1 = 4, + SSL_CONNECTION_VERSION_TLS1_2 = 5, + SSL_CONNECTION_VERSION_MAX, +}; +COMPILE_ASSERT(SSL_CONNECTION_VERSION_MAX - 1 <= SSL_CONNECTION_VERSION_MASK, + SSL_CONNECTION_VERSION_MASK_too_small); + inline int SSLConnectionStatusToCipherSuite(int connection_status) { return (connection_status >> SSL_CONNECTION_CIPHERSUITE_SHIFT) & SSL_CONNECTION_CIPHERSUITE_MASK; @@ -41,6 +59,11 @@ inline int SSLConnectionStatusToCompression(int connection_status) { SSL_CONNECTION_COMPRESSION_MASK; } +inline int SSLConnectionStatusToVersion(int connection_status) { + return (connection_status >> SSL_CONNECTION_VERSION_SHIFT) & + SSL_CONNECTION_VERSION_MASK; +} + } // namespace net #endif // NET_BASE_SSL_CONNECTION_STATUS_FLAGS_H_ diff --git a/net/base/ssl_false_start_blacklist.cc b/net/base/ssl_false_start_blacklist.cc index 9e0f309..b57826b 100644 --- a/net/base/ssl_false_start_blacklist.cc +++ b/net/base/ssl_false_start_blacklist.cc @@ -12,8 +12,8 @@ bool SSLFalseStartBlacklist::IsMember(const char* host) { if (!last_two_labels) return false; const unsigned bucket = Hash(last_two_labels) & (kBuckets - 1); - const uint16 start = kHashTable[bucket]; - const uint16 end = kHashTable[bucket + 1]; + const uint32 start = kHashTable[bucket]; + const uint32 end = kHashTable[bucket + 1]; const size_t len = strlen(host); for (size_t i = start; i < end;) { diff --git a/net/base/ssl_false_start_blacklist.h b/net/base/ssl_false_start_blacklist.h index 1d44d0a..d0b10e2 100644 --- a/net/base/ssl_false_start_blacklist.h +++ b/net/base/ssl_false_start_blacklist.h @@ -81,7 +81,7 @@ class SSLFalseStartBlacklist { // kHashTable contains an offset into |kHashData| for each bucket. The // additional element at the end contains the length of |kHashData|. - static const uint16 kHashTable[kBuckets + 1]; + static const uint32 kHashTable[kBuckets + 1]; // kHashData contains the contents of the hash table. |kHashTable| indexes // into this array. Each bucket consists of zero or more, 8-bit length // prefixed strings. Each string is a DNS name in dotted form. For a given diff --git a/net/base/ssl_false_start_blacklist.txt b/net/base/ssl_false_start_blacklist.txt index c718618..d782b5b 100644 --- a/net/base/ssl_false_start_blacklist.txt +++ b/net/base/ssl_false_start_blacklist.txt @@ -8,504 +8,4896 @@ # This is included for unit tests: example.com +008880.com +1-plus.com +111112.com 123.cht.com.tw +123people.com +155551.com +233332.com +24sevenselfstorage.com +2ndc.dk +2whateverittakes.com +333332.com +333337.com +365days.jp +38shop.jp +3mfx.three.com.hk +48pickup.com 4science.net +4ward.asia +50pickupnow.com +622222.com +6ftoverhead.com +911twenty.com +a-star.edu.sg +a.eap-net.com +a.thatsping.com +aaa.grh.org +aaastationreports.com +aanmelden.bjaa.nl +aaucm.org +abacustech.co.jp abangdani.wordpress.com +abc.attendseurope.com +abcirclenow.com +abdr.blood.gov.au +abeno-tennoji.jp +ablwebmail.com +abrocket.com +abrocketpilates.com +abrocketpowertrainer.com +abtserver.com +abtwebxpress.com +ac-besancon.fr +ac-caen.fr +ac-guyane.fr +ac-lille.fr +ac-limoges.fr +ac-lyon.fr +ac-nice.fr +ac-orleans-tours.fr +ac-paris.fr +ac-poitiers.fr +ac-reims.fr +ac-strasbourg.fr +ac-versailles.fr +acad1.dlit.edu.tw +academicclub.org +acams.dhs.gov access.arkansas.gov +access.coinstar.com +access.csn.edu +access.moric.org +access.opco.com +access.sullivanandassoc.com +access.vch.ca +access1.spokesman.com accessgeneral.com accessingram.com +accesswr.bannerhealth.com accorservicesdirect.net +account.payclick.com.au +accounts.jelhi.net +accu-doc.ch +acea.de +acebenefitsplus.co.uk +acheteremerycat.ca +acheterpalmwallet.ca +achs.org.au +acidesign.com +acommit.ch +acs-inc.com +acsi.eu +actionpoint.ch +activase.com +adcenter.msn.com.sg +adcouncil.tv adfox.cz +adhbcn.net +adhdtreatmenttoday.com +admin.centerpoint.jelecos.com +admin.iot.dtag.de +admin.webcast.fi +admin2.bloosky.com +administaffservices.com +adoptionscentrum.se +adox.sk +adplacer.com.au ads.bridgetrack.com +adtran.com adult.dl.rakuten.co.jp adulthire.com advanceautoparts.com +advisorpracticeconsulting.com +advocates.org.uk +aecc.ac.uk +aecom.com +aemc.net +aerosped.org +afconsult.com +afeyewear.com +affinitycircles.com +afflelou.net +afflinkservice.com +afflinksource.com +afternic.com +afterpayroll.com +aftonxchange.com +ag.729972.com +ag.ibc88.com +agencywow.com agents.nationalsecuritygroup.com +aggis.com.br +agir-recouvrement.com +agreemanager.net +agriinfo.copa-cogeca.be +agriinfo.copa-cogeca.eu +agromercantil.com.gt +ahanw.org +ahika.com +akabis.com +akershus-fk.no +aktionsplan-allergien.de alamode.com algoritam.hr +algvpn.algonquincollege.com +alinean.com +alle-inklusive.behindertenbeauftragte.de +allianz.hr +alliedliquor.co.nz +allmyaccounts.bankofamerica.com +alltours.at +alltours.de +alltours.info +almliquor.com.au +alperton.brent.sch.uk +alpinecapitalbank.com alsformalwear.com alucmo.com +alvo.com +alwaysillinois.org +am.cmc.com amail.centrum.cz +american-summit-flood.com +americanchia.com +americanexpress.hu +americanreliefcard.com +americanreliefcard.net +amesbank.com amexweb.com.mx +amf-assurances.fr +amgusa.com +ammail.edwards.com +amo-20happy.com +amo-happy-patients.com +amo-signature.net +amo-top.net +ampecommerce.com amsi.alliedgroup.net amwaylive.com +analytics.sonymusic.com +animate-onlineshop.jp +annssl01.fticonsulting.com anntaylor.recruitmax.com +anoka.k12.mn.us +anpassung.net +anshin-access.ezweb.ne.jp +antispam.hireahit.com +apex.utpa.edu +api.gogrid.com +api.rapleaf.com +apo-vpn-02.apotex.com +app.actre.it +app.audit-navigator.nl +app.elal.co.il +applicaties.tln.nl +appliedi.net +applymarketforce.com +applyshopnchek.ca +applyshopnchek.com +appraisalzone.lendervend.com +apps.caa.qld.gov.au apps.revenuecycle.com +appsgate.com +aproposgeschenk.de aps2.toshiba-tro.de apus.edu +ara.bahamaselectricity.com +aravo.com +arc.org.uk +archivedata.com +arena.highview.org aribabuyer.us.dell.com ariston.es +arizona.edu +arkansas.gov +arkona.com +arnecommunity.thomsonreuters.com +arowanacapital.com +arts.ac.uk +arvidsvensson.net +asa-seattle-1.adobe.com +asa01.svccorp.com +asacitrix.ccgh.org asb.dk +aschc.com ashgate.com ashleymadison.com +ashleyportal.com +asiandating.com +asklepios.com +asmconnects.com +asn.advolution.de asp.fm-pc.com +aspentrack.com +aspraytshirt.com +asthmamatters.com +astral.com +asugroup.com atari.com +athenasweb.brynmawr.edu +atl-c1.goodrich.com +atlas.fd.com ats.openhire.com +att.com attask-ondemand.com attask.com +attaskbeta.com +attendsguiden.se +audittool.bdoasf.com +auone.jp +aus-vpn.amd.com +auslandsschulwesen.de +authentication.accorhotels.com +autodiscover.barron.com.pe +autodiscover.dwvsolutions.com +autodiscover.eternalnetworx.com +autodiscover.montco.com +autodiscover.net +autodiscover.nimbus.nl +autodiscover.wrinklebrain.com +autopalvelut.kuusakoski.fi +autoradiostore.be +autoradiostore.nl +avastin.com +avgrewards.com +avlk.dishmail.net +avondale.org +avs.de +awesomearmsnow.com +awvn.nl axa.co.uk +axess.telcordia.com +axiamail.phoenix.edu +aza-lite.com +azurance.com +b-tracker.com +b2b.aksel.com.tr +b2b.mammut.ch +babyfoonstore.be +babyfoonstore.nl +babylon.inverso.de +backend02.d1g.com +backup.datassur.net +backupumbrella.net +bafin.de +bag-mail.de +bahmueller.de +bam.com.gt +bamf.de +bank4u.bancapopolare.it +bank4u.volksbank.it +bankadviser.com banking.ing-diba.at +bankingon.com baptisthealth.net +barakhosting.com +barclaystravelinsurance.co.uk +barelifts.tv barkoff.tv +barkoffspecialoffer.com barracudaserver.com +barrierepoker.fr barronscatalog.com +bartletthospital.org +bartoncreek.com +basco.com +basf-farefinder.com +baua.de +baxter.com bb3.utc.edu +bboardtest.nsula.edu +bbsihq.com +bcbsal.org bcbsfl.recruitmax.com +bdmp.com +beamercenter.be +beamercenter.nl +beanfun.com +bedfordschool.org.uk +beespace.issukraine.com +behindertenbeauftragter.de +bel.com.bz +belvis.swibi.ch +ben.billing.com.au +bendarooscreativity.com +bendaroosglow.com +benderball.tv +benefitsconnect.net +benendenschool.net +bennett.kent.sch.uk bentley.edu +berg-hansen.no +berger-meditec.com +berryworld.co.uk +bestobamacoin.com +bestpossiblequotes.com +bestwhole.com +beta-lighting.com +beta.algodeal.com +beta.ekool.eu +betcloud.com +betlegion.com +bettertrades.com +bevoelkerungsschutz-portal.de +bevoelkerungsschutz.de +beztakcorp.com +bfarm.de +bfu.ch +bhinc.com +bi.com +bib-demografie.de +bid53.com +bidclay.com biddingforgood.com +bidmc.org +bidokaloosa.com biffalo.net +bigcityslider.com +biglobe.ne.jp +bigwintracking.com bilder.buecher.de +billing.ntt-east.co.jp +billonline.com +biloxiregional.net +biooncology.com +biozid-portal.de +biprod01.mfsasp.com bishops.org.za +bisp-sportpsychologie.de bitfang.com +bitlasso.com +biz.portlandgeneral.com +bizneslink.pl +bizoubazart.com +blackmarble.co.uk +ble.de +blinkbox.com +blog.mudy.info +blog.neosec.dk blogger.huffingtonpost.com +blooads.com +bluearea.net +bluefinsolutions.com +blurayspelershop.be +blurayspelershop.nl +bmelv.de +bmwi-unternehmensportal.de +boaregistret.se +bockelman.org +bodycareshop.nl +bokuvpn.boku.ac.at +bonfils.org +book.lowestairfares.com +bookeo.org +bookitnow.mirabeauparkhotel.com +boormachinestore.be +boormachinestore.nl +bopowa.elcabop.org +born.ch +borsen.klasselotteriet.dk +bos.stidelivers.com +bosch-savingsystem.com +bottletops.tv +bowldvd.com +boxmedia.bredband.net +bp-platinum.com +brabantwater.nl +bradfordcollege.ac.uk +brainforce.nl +braintumorconnections.com +branders.com +brandon.ca +brcc.edu +brcn.edu +breastcancerconnections.com +brest-metropole-oceane.fr +bridgetrack.com +brighton.ac.uk +brightonsc.vic.edu.au brinksinc.com +britishmusicexperience.com +broadoak.n-somerset.sch.uk +broker.healthcompare.com +brookfield.hants.sch.uk +brookfieldservices.com +brookshealth.org +broomwellhealthwatch.com +brotheroffers.com +bs24.jp +bsal.com.au +bsi-fuer-buerger.de bsi.de +bskytracking.com +bsnparentnet.nl +bsnstaffnet.nl +bsp.bradfieldcollege.org.uk +bsprivat.de +btlaw.com +btracker.com +buckinghamhotel.com +budget.bmas.de buecher.de +bui.co.za buildings.com bund.de +bundesfinanzministerium.de +bundesgerichtshof.de +bundesgesundheitsministerium.de +bundespolizei.de +bundesrat.de +bundesversicherungsamt.de +burtsbeesacne.com +businessassetmanager.com +businessverifications.com +businessware.com +businesszone.quester.at bux.ee +buxtonbag.com +buxtoncartera.com +buxtonmicro.com +buxtonpalmwallet.com +buxtonwallet.com +buy1948pickup.com +buy1957caddy.com +buy33caddy.com +buy41flatbed.com +buy50pickupnow.com +buy57caddy.com +buyaquaglobes.tv +buyaspray.com +buybanoodle.com +buybeautifulworshipcd.com +buybenderballca.com +buybionicwrenchonline.com +buyblueplanet.com +buybombachop.com +buybumpit.tv +buychiaseedsnow.com +buycollegesuggies.com +buycucumbervine.com +buydesignersnuggie.com +buydomains.com +buyeasyreach.com +buyemagrece.com +buyfiftydollargold.com +buyflatbedfireset.com +buyflirtygirlfit.net +buyflirtygirlfit.tv +buyforemaneverydayandmore.com +buyfountainofyouthnow.com +buyfranklinmint.com +buygetitgreen.com +buygrandpa.com +buygrillglovetv.com +buygyrobowl.com +buygyrobowlset.com +buyhandyvalet.com +buyhangingstrawberry.com +buyhdvisionreaderssite.com +buyhdvisionultra.com +buyheeltastic.tv +buyhydroheel.com +buyidooffer.com +buylastmorgans.com +buymagicjacknow.com +buymagictarptv.com +buymagnetrim.com +buymightyfixit.com +buymightyputtynow.com +buymightyshine.com +buymightysuperpack.com +buymilitaryflatbed.com +buyminimaxnow.com +buymonstersteamjet.com +buymorgansilver.com +buymushroomkit.com +buymusiccristianaespanol.com +buymyarmyset.com +buymygianttomatoes.com +buymyhairblock.com +buymysportelec.com +buyoptic1050.com +buyoptic1050tv.com +buyoverthedoor.com +buypedegg.tv +buypedipaws.ca +buypedipistol.tv +buypestfree.tv +buypetmd.com +buyphilsdvdsnow.com +buypowerjuicerpro.com +buypowershaper.com +buyprofitfromrealestatenow.net +buyptpro.com +buypumpitfresh.com +buyquicklawnseed.com +buyrainbowpeppersnow.com +buyrazordock.com +buysamowraiblade.com +buysecretsolution.com buyshakeweightformen.com +buyshakeweightforwomen.com +buyshamwownow.com +buysideshowskillettv.com +buyslimmettes.com +buysnuggie.tv +buysnuggieforkids.tv +buysoftpullleash.com +buysongs4soldiers.com +buysteamjetnow.com +buystonenow.com +buyteddyspridesite.com +buytexastail.com +buythecrazycritters.com +buythecuttermouse.com +buythekingcoin.com +buythelittleredchef.com +buythemousechaser.com +buytheoptic1050.com +buytheperfectbutton.com +buythesnuggie.com +buythesteambuddy.com +buythinspin.com +buyticklemeplant.com +buytidytable.com +buytimelifeespanol.com +buytomatofactory.com +buytomatofactorynow.com +buytoolbandit.com +buytopsytree.com +buytopsyturvy.com +buytvhatnow.com +buyultimatetable.com +buyupsydaisytv.com +buywidgetlight.com +buywindshieldwonder.tv +buywonderhanger.com +buyzipdo.com +buzzcity.com +byebye.de +bzgs.ch +bzi-interlaken.ch +bzport.net +ca.gov +cachezone.cache.org.uk +cadizretail.co.za +cadizwealth.co.za cagreatamerica.com +caisse-epargne.fr +cal-x.net +calchoice.com +calchoiceplus.com +caldicott.com +call2.nl +callbe.com +callingcards.at +calvijn.nl +cambriancollege.ca +camelvpn.conncoll.edu +campasol.com +campus.himeji-du.ac.jp +campus.norquest.ca +campusharvest.org +canadaswonderland.com +canadianbenefits.com +cancer-test.com +cancerchampionprogram.org candydirect.com +caowa.altara.com +cap.dyntek.com +capellfarmfinance.com +capeplc.com.au +capgemini.com +capitalonedealsdone.com +capvpn.capilanou.ca +carcraft.co.uk +cardlabconnect.com cardsdirect.com +career.cdtechno.com +careers.hphood.com +careers.nicta.com.au +careers1.flagstar.com +careport.carilion.com +careylink.com.au +caridianbct.com +carilionlabs.com caringbridge.org +carintreggelandgroep.nl +carisbrookehighschool.net +carlislermc.com +carrinho.casashow.com.br +cas.freud.com +cas.grey.com cash.netmarble.net +cashexpress.com +cashpoint.com +catalog.synthes.com +cathflo.com +catholic.edu.au +catie.ac.cr +cave-kit.com +cbcag.edu +cbfive.com +cbsmail.constangy.com +ccisd.us ccmail.cc.gatech.edu +ccpb-basse-normandie.fr +ccpvpn.ccpdocs.com +cdcpoint.it +cdfbooks.com +cdmwsa.com +cdp.moduspec.com +cduvpn.cdu.edu.au +ce.byu.edu +cedardoc-cm.com +cedardoc-demo.com +cedardoc-dev.com +cei253e.com celebrateyourfaith.com +celebritysweatnelly.com +celtipharm.net +cemex.com +centralmississippimedicalcenter.com centralr.com +centrum.cz +centuriondirect.com +ceramicreview.com certs.zurich.co.uk +cespmi.org +ceuherning.dk +cfai-centre.net +cfliving.com +cfw.org +cgi.mbs.jp +ch.cutler-hammer.com champions-online.com +channeladvisor.com +chapmantripp.com +charlotteregional.com +charltonschool.net +chasslvpn.ecommunity.com +checkoutblog.com +cheizoo-sp.online-documents.net +chester.ac.uk +chesterregional.com +chevrolet-leadengine.de +chiaobama.ca +chiaobama.tv +chiba.jp +chill-n-go.com +chinookhosting.com +chinooknetworks.com +chl-peq.co.uk chnla.com +chocolatefactorytv.com +choicebuilder.com +churchill.n-somerset.sch.uk chw.recruitmax.com ciaoitalia.com +cic-valencia.org.ve +cifex.ethz.ch cinema.warnermycal.com circlesofwisdom.com +cisco.com cisr-ssl-vpn2.univ-lyon1.fr citi.bridgetrack.com +citicards.com +citiforward.com +citixcard.co.jp citizensfla.com +citonline.com +citynet.net +ckbmail.me +clarity.com claritycon.com +clarksoncollege.edu +claroline.lakato.net classbauth.austin.hp.com +classicsoftrock.com +classifiedventures.com +clayko.com.au +click.showcase-tv.jp +clickanalyzer.jp +client.neftex.com +client.uniastrum.ru +clients.mdmatic.com +clineavestudy.com +cloroxspss.com +cloud-mail.co.uk +cloud.carthagecsd.org +cloud.mvctc.com +cloud.santeesd.net +cloudconnectsd.net +cloudhoist.com +cloudmail.trustcld.com +cloudonestorage.peer1.com +cloudspeaker.fm +cloudworks.com +cm.commercehub.com +cmithun.dojiggy.com +cms.whereilive.com.au +cnw.albertaequestrian.com +cnw.hcbc.ca +codarts.nl +coddy.com cofunds.co.uk +cohowa.houstontx.gov +collaborate.sandia.gov +colorectalcancerconnections.com combattesting.com +commandaware.com +commentor.dk +commissies.ser.nl +commonwealth.int +communitylakes.com +compass.emmanuelschools.net +compass.oxiana.com.au compaxtrade.com -confirmit.suw.corp.google.com +compellent.com +complete180degree.com +comporium.com +comprabuxton.com +comprariddexpulse.com +comprasnuggie.com +compratastiwave.com +compreabrocket.com +compupaypartner.com +compus.de +computerstore.be +computerstore.nl +coms.industrialcontrolrepair.com +concat.de +concur.csmc.edu +conduxio.com +config.tplpbx.de +confluence.mediaspectrum.net +connect.bangor.ac.uk +connect.clearpointe.com +connect.coventry.ac.uk +connect.dpem.tas.gov.au +connect.plan-b-gmbh.com +connect.studygroup.com +connecta.se +consoleshop.be +consoleshop.nl +construction-ec.com +contitiremanagement.com +controlpanel.ch +coolblue.nl +coop-kobe.net coopervisionrebates.com +coorscup.com +copeskoal.com corporate.bpn.pt +corpset.com +correctionalbillingservices.com +correio.fdc.org.br +correio.ina.pt +correo.entelpcs.com +correo.orizonia.com +correo.psl.com.co +correo.tec.ac.cr correo.uft.cl +cortesoft.com +costco.com.mx +couplesnuggie.com +courriel.jlp.ca +courriel.journalmtl.com +courriel.lepisc.com +covlecremote.org +covnet.covenantretirement.org +coyoteportal.wc.edu +cozi.com +cp.billing.ru +cp.it2all.eu +cpas.cz +cportal.sechan.com +cprmc.com +cpsb.org +cpse.dundee.ac.uk +cranbrook.kent.sch.uk +crci.org.uk credinamico.programapar.com.br creditcards.citicards.com +creditunionon.com +creuna.dk +crew.transavia.com +criny.com +crmpartners.crmpartners.org +crnbc.ca +croc.ru +crossgatesriveroaks.com +cryptolab.org +crystalfunds.com +crystaltools.com +csaa.com +cscinfo.com +csp.cvut.cz +csst.qc.ca +ctasanywhere.centraltas.co.nz +ctdhe.org cts.vresp.com +cu.edu +cuatrecasas.com +cubewano.com cubizone.com +customer.comcast.com +customer.dgrefining.com +customer.gbs-consult.com customer.precash.com +customer.unicaresys.com +customerconnect.scholasticbookfairs.com +cusys.edu +cv.occstrategy.com cvintranet.classifiedventures.com +cwa.astra-honda.com +cwa.avanade.com +cwa.fandr.com +cwa.telecomputing.no +cwt.no +cwtnordic.com +cybershoppersonline.com +d-ikt.no +d-starjob.com +d115.de +d15email2010.d15.us d49.org +daidalos.nl +daiwa-bs.co.jp +dalinis.net +dallasregionalmedicalcenter.com +danks.com.au +daphne.gfk.com +dasa-dortmund.de +data.eglia.com +dataformas.com +dataliberation.com +datasettlement.com +datatel.com +davidson.edu +davisregional.com +dbpn.com +dc.myflorida.com +dc110.4shared.com +dcess.dallascounty.org +dcvpn.cov.com +de-mail.de +deadliestdvd.com +decc.gov.uk +dehaagsescholen.nl +deklimboom.nl +deloitte.com +deloitteresources.com +delorentz.nl +deltek.forceprotection.net +demo.crm4destinations.at +dentalxchange.com depo.ru +deshaw.com +design.cscape.com +design.nzzdomizil.ch +designersnuggie.com destinationlighting.com +deutsche-islam-konferenz.de +developer.smartapp.tw +development-school.jp +device.fancast.com +dexia.be +dexter.ansaldo-sts.us +df.co.kr +dfc.inovestor.com +dhhnet.dhh.louisiana.gov +dhs.edu.sa +diamail.diadubai.com +dice.com +dienstleistungszentrum.de +digi.mobilethink.net +digicamshop.be +digicamshop.nl +direct.msn.com +direct2wholesale.com +directv.com +disc.co.jp +discomp.cz +discovertotal.com +discovwww.waterford.k12.mi.us +dishnetwork.com +disneydigitalshare.com +dist113.org +district205.net djmmusic.com +dl.com dl.rakuten.co.jp dmgov.org +dmz.rgcweb.org +docmesa.com docstoc.com +docufide.com docuware.com +dodgeprojects.construction.com +doe.gov dokeos.ehb.be +dolandesigns.com +domain.amta.com +dosco.com.tw +dpwn-airlinesourcing.com +dr.rachisholm.com drammen.skole.d-ikt.no +drimanagement.com +drlists.com +drm.nl +droppstv.com +drs-digital.com drsha.com +drudeans.com dskdirect.bg +dsl-art.org +dsoguild.com +dtvce.com +dualforceaccessories.com +dualsaw.com +dualsawcanada.ca +dualsawspanish.com +dunamare.nl +dupnet.org +durham.ca +durringtonhigh.w-sussex.sch.uk +duvak.nl +dvlottery.state.gov dwarest.disc.co.jp +dws.com.au +dynamicscrm.asia +dynetics.com +e-billing.econgas.it +e-cap.fr +e-denpo.net +e-healthnet.mhlw.go.jp e-lotto.be +e-mechatronics.com +e-mergedata.net +e-quilibrium.net +e-state.co.jp +e-state.ne.jp +e-trade-center.com +e-usluge.rijeka.hr +e-valuer.com +e-zoa.com +earlybird.ae +earlyedcloud.net +earnplaza.com +earthclassmail.com +eastgate1.frontiercorp.com +eastgeorgiaregional.com +easv.dk +easweb.thecdmgroup.com easybillindia.in +easyhome.com.tw +easymovewithfios.com +easyreachoffer.com +easyreachtv.com easyswitch.nl +eaton.com +eazifleet.com ebb.ubb.bg +ebencom.com ebit.com.br +ec.broadom.net +ecafe.lahey.org +ecare.proctor.org echo.com +echostar.com echotrak.com +eclipse.molagers.org +ecom.peoples-bank.com +ecommerce.colsubsidio.com econda-monitor.de +ecwid.com edaccents.com +edenbrook.co.uk +edinet.cenet.ws +edu.on.ca +education.vic.gov.au edumail.tokem.fi +edumail.vic.gov.au eduportal.pl +eduweb.vic.gov.au +edziekanat.wsf.edu.pl +efo.adplan-tg.com +ehb.be +ehs.dk +ehub.dsionline.com +eiffel.nl +einfach-teilhaben.de +eisweb.enterinfo.com +eku.edu +elibrary.asdealernet.com +elibrary.comfortsite.com +elliottdevon.com elm.mcmaster.ca elmls.mcmaster.ca +elogistic.motorola.com +elpodercd.com +elproman.biz +els.cis.fukuoka-u.ac.jp +els.streetly.walsall.sch.uk +email-internet.pekao.com.pl +email.arbora-ausonia.com +email.campus.uvt.nl +email.cosan.com.br +email.eatoncounty.org +email.energy-northwest.com +email.frostburg.edu +email.fusionsys.com.mx +email.greatershepparton.com.au +email.hermos-vhm.de +email.jyu.fi email.manutouch.com.hk +email.masku.com +email.medianewsgroup.com +email.mycontact.co.nz +email.ndm.edu +email.phillynews.com +email.piraeusbank.gr +email.sjb.com.au +email.sjbcommunity.ca +email.starair.dk +email.stpeters.qld.edu.au +email.stpeters.sa.edu.au +email.svcfs.org +email.uk.betfair.com +email.unity.net.nz +email.usiu.ac.ke +email.wallawalla.edu +email.whgardiner.com email.wsd1.org email.yorksj.ac.uk +email2010.smu.edu.sg +emanet.com +embeddedwebserver.net +emea.archive.messaging.microsoft.com +emeamail.corp.salesforce.com +emedic.jp +emergenow.com +emericalinksite.com +emersonhosp.org +emerycat.ca +emerycat.com +emerycatrefill.ca +emerycatspecialoffer.com +emi.eu +emi.hu +emploi.sitq.com +employee.coastmountainbus.com employee.translink.bc.ca +empresas.bancobcr.com +enav.it +endlager-asse.de +endlager-konrad.de +endtoendsourcing.com +enhancedservices.paetec.com +enrol.ie ent.enteduc.fr +ent95.valdoise.fr enterprise.channeladvisor.com +envisionitsolutions.net +eod.teamcolts.net +eoir.com +eom.performance.gr +epaveiro.edu.pt +epistrofi-eurobank.gr epk.tv +eplus.jp +epm.com.co +eportal.fleetwoodhs.org.uk +eportal.shelfieldcommunityacademy.co.uk +epost.ha.kommune.no +epost.luftnett.com +epost.skola.ljungby.se +epost.uddevalla.se +epost.visma.no epoti.abanka.si +epsb.ca equippers.com +equitydriver.com +ercasharepoint.com +ereaderstore.be +ereaderstore.nl +erecruit.thechildrenshospital.org +ereg.biz +ergo.ergonomidesign.com +ergonet.pl +erhgroup.com +ericom.com +erivpn.eisai.com +eroom.arvato-systems.de +esabilgisayar.com.tr +esales.master.ca +esdlife.com +eshbelhost.com +eshbelsaas.co.il +eshbelsaas.com +esher.ac.uk +eskilstuna.se +esloo.nl +espaicambrabcn.org +especificacoes.com +esportivaparana.com.br +espprofitlink.com +estore.hpfairfield.com +estrellamountain.edu +etk.fi +etrack.teletrack.com +ettu.nl eumail.nov.com eurobank.pl +europ-assistance.pt +europa.eu +europass.cz +europlan.ru +eurotax.at +events.sainc.com +evergabe-online.info +evoline.net +evoraoralcaresite.com +evpn.techteam.com +ex.uni-paderborn.de +exadmin.rcs-mail.com +excels.org +exch-hub.cancer.dk +exch.naaco.ru +exchange.berden.nl exchange.chc.be +exchange.clarkslegal.com +exchange.clearwaterpaper.com +exchange.cs-soreltracy.qc.ca +exchange.datacom.com.au +exchange.dcpud.net +exchange.gilacountyaz.gov exchange.hostnet.nl +exchange.intranet.neumanpools.com +exchange.keyhie.org +exchange.khlim.be +exchange.knpc.net +exchange.mit.ie +exchange.netbit.ch +exchange.public.eibs.co.uk +exchange.raakict.nl +exchange.roteskreuz-tirol.at exchange.selco.info +exchange.tinozplace.com +exchange.uetcl.com +exchange.uniserver.nl +exchange.unitek.com +exchange4u.cz +existenzgruender.de +exmail.businesslinksoutheast.co.uk +exmail.med.uni-magdeburg.de +expesite.com +ext01.lifesouth.org +extclt.isatech.fr +extern.balslev.dk +external.piggott.wokingham.sch.uk external1.collaboration.hp.com extra.chrysler.de +extranet.4ward.it +extranet.calvis.com +extranet.cbr.nl extranet.cchmc.org +extranet.cec.org +extranet.chaco.com.bo +extranet.dialoggroup.biz +extranet.hbj-gw.com +extranet.infoproject.fr +extranet.jbdelasalle.com +extranet.lackverband.de +extranet.metabolomicscentre.nl +extranet.ministryofsound.com +extranet.mm-software.com +extranet.pandasoftware.com +extranet.portalsolutions.net +extranet.sysmex.com +extranet.transpondertech.com +extranet.ubgonline.net +extranet.winchester.com +eyelovelytv.com +eyeonamd.com +eyeonamd2.com +f-seneca.org +faberwebshop.nl +faimai.hcri.net +falcontrading.ro +falmouth.cornwall.sch.uk +fanclub.tokyodisneyresort.co.jp +fanniemae.com +farefinder.de +farsigeotech.com +fastmvr.com +fastsearch.com faxbetter.com +fcaamd.com fdc.org.br +fe-bud.mag-news.it +fedintel.net +feitest.com +felixlive.com +fema.gov +fenwalinc.com +ffis.es +fhvasa01.flhosp.org +filexchange.accarda.com financialengines.com +finansnet.dk +finn.no +fiosfriends.com +fire.tas.gov.au +firma.pcs.cz +firmaface.com firstam.net +firstassistinsurance.co.uk +firstassistinsurance.com +fish4.co.uk +fishermenshospital.com +fit.ba +fiu.edu +fiztrade.com +fjarvinna.grund.is +fleetwoodsc.org.uk +flhsmv.gov +flirtygirlfitca.com +floodlands.com +floodonline.com +floodplus.com +floodplus.net +flowerpowercds.com +flowersbelgium.hostbasket.com flydenver.com +fmglobal.com +fmpro.cati.com +fokusanalys.se +folkestonegirls.kent.sch.uk +footnote.com +footnotelibrary.com +ford.com +form-gic.altran.net +formassist.jp +forms.lasikmd.com +forms.techdata.net forums.champions-online.com forums.startrekonline.com +fossport.com +foto.mitlejerbo.dk +foxtix.com.au +fpcu.org +fr.powerjuicerpro.ca +frankfurt-oder.de +frankfurter-bankgesellschaft.ch +franklinregionalmedicalctr.com +freebioven.com +freegrillglovetv.com +freehandycaddy.com +freerejuvenateautotv.com +freerejuvenateca.com +freerejuvenatetv.com +freo.ne.jp +fridgelockertv.com +fs-efo.jp +ftp.cambridge-design.co.uk +ftp.lim.com +ftp.maedapat.co.jp +ftsportal.forensicsandediscovery.com +fubar.com fucam.ac.be +fuchs-datentechnik.de +fueldoctorcanada.ca +fueldoctorfd47.com +fueru.jp +fuji-ie.com fullseat.com +fultonschools.org +fusdaz.org futuretrails.com +fv-group.net +fw01.monheim.de +fx.sovereignbank.com +fxedge.trader.integral.net +fxinside.net +fye.com +g4s.se +gakushuin.ac.jp +gamania.com ganymede.chester.ac.uk +garconet.garco.com +garmin.com +gate.we-learn.org.uk +gatech.edu +gatekeeper2.aspectsecurity.com gateway.madisoncity.k12.al.us +gateway.sagemontchurch.org +gbssg.ch +gcc.edu +gcportal.guycarp.com +gda-portal.de +geicocard.com +geicocreditcardapplication.com +gemini-apx.com +gene.com +genentechaccesssolutions.com +genentechmm.com +geniusreport.com genuineonlinebank.com +geomant.com +geometrik.golder.se +geonosis.itsso.gc.ca +georgefox.edu +gepartsrebates.com +germfree.org +get1931roadster.com +get1933caddy.com +get2instantcover.com +get31roadster.com +get6weekbodymakeover.com +get911twentynow.com +getair-o-sage.com +getbendaroostv.com +getbestline.com +getboomaringnow.com +getcablecapture.com +getcan-air.com +getchefandgo.com +getclassicfriarsroast.com +getclassicsforrelaxation.com +getcomfortfurnace.com +getcozycolors.com +getdigitalbiblenow.com +geteasyreach.com +getefx.com +geteggiestv.com +getesiobev.com +geteyetality.com +getflexibrite.com +getflipperremote.com +getgianttomato.com +getglowbeam.com +getgreenbags.tv +getgyrobowl.com +gethandyvalet.com +gethealthsupplies.com +gethightenz.com +geticanonlyimaginecd.com +getiknowkey.com +getionpod.com +getirenewnow.com +getjupiterjack.com +getkuddles.com +getlesko1995.com +getmatthewleskoquickstart.com +getmightyputtynow.com +getmiracleplunger.com +getmonstersteamjet.com +getmorgans.com +getmpgreennow.com +getmy.com +getmybedsidetable.com +getmydreamtable.com +getmyt4.com +getmytaxform.com +getmyw2.com +getmyyobaby.com +getnazidvds.com +getnuwaveovennow.com +getopeneyesofmyheart.com +getoprydvd.com +getpalmwallet.ca +getparkbillstv.com +getpetmdnow.com +getpopmemories.com +getpuplight.com +getrejuvenate.com +getrejuvenateautotv.com +getrejuvenateca.com +getromancingthe70scds.com +getsanistep.com +getscrubglove.com +getseatwedgy.com +getsecretsolutiontv.com +getshakeweight.com +getshakeweightnow.com +getshockitclean.com +getslimts.com getslimtsnow.com +getswirlyclip.com +gettheemerycat.com +gettheturbosnakenow.com +getthewonderhanger.com +getultimaterockballadscds.com +geturinegone.com +getvibrobelt.com +getvietnamwardvds.com +getwiperwizardnow.com +getworkout180.com +getworldatwar.com +getworldatwarespanol.com +getworldofreading.com +getyourpajamajeans.com +getzasshu.com +getzerogerm.com +getznowonline.com +gezeb.cmpd.org +gfk-repinsight.com +gfkdaphne.com +ggu.edu +ggusd.us +ggy.com +gilmorehealth.com global2.mtsallstream.com +glove.mizunoballpark.com +glowinghealth.com.au +glueckkanja.net +gmb.org.uk +gmxy.org go.enbw.net +go.post.de goamp.com +gogamer.com +golan.wisela.org +goldflux.com +golfdo.com +golfersland.net gomopa.net +goodfellowbros.com +goodyear.com +goquickstart.com goredsea.com +gorm.tauron-pe.pl +got-root.ch gotobelfast.com +gotomypc.rareeditions.com +gov.on.ca +gpsshop.be +gpsshop.nl +gpz.it +gr-espel.com +graceselah.com +gradwellintra.net +graniteschools.org +greatsankey.org greenpower24.com +grillingadget.com +gripperglovestv.com +gristedes.com +grizridge.com +grmetrieve.com +grmorc.com +groenewelle.nl +grotiuscollege.nl +gruenderpreis-nominierung.de +grupalotos.pl +gsmstore.be +gu.se +guardiant.com +guardiantauto.com +guhsdaz.org +gw.alumni.iae.edu.ar gw2.fli.bund.de +gw2.vincentz.de +gynspecialistsorlando.com +gzb.info +ha.jmpextra.net +hadar.fr +hades.tens.pl haken.mynavi.jp +hakwr-neustadt.ac.at +halton.ca +hammerofgod.com +hancockbank.hb2go.mobi +hancockfabrics.com +handelwandel.com +handydryer.com +handyvalettv.com hangikredi.com +hapimag.com +happyoz.com +harborwholesale.com +harbottleonpremise.com.au +hardandheavycds.com +hardpoint.eu +harrisdseries.com +harrisvle.org.uk +hartonmedicalcenter.com +hartslagmetercenter.be +hartslagmetercenter.nl +harvard.edu +harvestbible.org hastingsdirect.com +hastingsessential.com +hatchearlychildhood.com +hcc-tripod.hoffmancorp.com +hccanet.org +hclab.jp +hcmysteryshop.com +headsetshop.be +headsetshop.nl +healthinsurance.org.au +healthportdirect.com hearablog.com +heartofflorida.com +heartoflancaster.com heavens-above.com +heeltasticpedeggpromo.com +heelusa.com +helinium.nl helpdesk.clear2pay.com +helpdesk.sarnt.co.uk +helpdesk.v-h.nl +helpdesk.yhc.edu helwanbb.com +henleycol.ac.uk +hensongroup.com +her2genes.com +herceptin.com hercle.com +herconnection.com +herculiteondemand.com +hesse-lignal.de +hetassink.nl +hhc.acerebates.com +highlandsregional.com +hillgatetravel.com +hillsgradprogram.com +hipcomputer.de +hire.acxiominsight.com +historybeat.com hivanet.hitachi-ies.co.jp +hj2.hjemmekontor.nhn.no +hma.com +hmc.it-ernity.nl +hmc.vdx.nl +hnvpn.hostnordic.com +hoganas.se +hoken-clinic.com hoken-clinic.info +hollywoodhobobagaccessories.com +hollywoodhobobagtv.com +home.ceadvisors.com homedepotrebates.com +homespot.dk honeybakedonline.com +honeywellusersgroup.com hood.com +hoodhomedelivery.com +hoodneighborhood.com +hoofdtelefoonstore.be +hoofdtelefoonstore.nl +hopline.net hostedjobs.openhire.com +hosting.privatehost.nl +hostpoint.ch +hosttraxx.com +hotelleriesuisse.ch +householdshop.nl +housingservices.com +houstonisd.org howtowritearesume.net +hox.biz +hq.eisenhowerlaw.com +hq.nimvpn.com +hq.totalengineering.biz +hqaccess.acs.org +hro-gate.aida.de +hrwow.com +hs.ct-net.nl +hsacalifornia.com +hubpen.biz +hull.ac.uk humana.recruitmax.com +humanadental.com +hurleymc.com hurmail01.hurriyet.com.tr +huronconsultinggroup.com +huttonhotel.com +hva.nl +hwinet.org hydra.cusys.edu +hypecits.com.au hz.nl +i-95alternatives.com +i-ecnet.co.il +i-teamroom.com +i485project.com +iata.invoiceworks.net +ibank.mpbsecure.com +ibank.sabank.hr +ibank.snoras.com +ibc123.com +ibc168.com +ibc4u.com +ibc818.com +ibc888.com +ibcbet.com +ibet888.net +ibqonline.com +ibweb.alphabank.ro +icc-cpi.int +icecream-money.com +iconnect4.interiorhealth.ca +ict.gov.qa +id.telecom.pt +identity.ppdi.com +identitymine.com +idrettsmail.no +ie.com +ifa.ch +ifraudalert.org +ifs.thaeles.nl +igaseguros.com.br +igc.infragard.org +igeinfo.com +igniterealestatesite.com +igweb.meridiana.it +ihale.gov.tr +iiarc.net il.systemb2b.com il2l.com +ilsole24ore.com +im-sc.com +im.its.iastate.edu +images.bdotickets.com.au +imageworksdisplay.com +imail.healtheast.org +imakenews.com +imediador.com +img.mspub1.com +imgroup.com +imgssl.shinsegae.com +imperva.com +ims.esdcar.org +imsbackyardfightclub.com +imsbi.com +imsbuyezcombs.tv +imsbuyquicklawn.com +imsbuyshoesunder.tv +imschools.org +imscleverclips.com +imsdualforce.com +imsfiftydollargold.com +imsfridgegenie.com +imsfueldoctor.com +imslappertrays.com +imsmightybite.com +imsmightybitetv.com +imspalmwallet.com +incircle.alphaomicronpi.org +incircle.alumni.american.edu +incircle.artcenter.edu +incircle.ato.org +incircle.cmualum.com +incircle.drexel.edu +incircle.lagrange.edu +incircle.mainealumni.com +incircle.sae.net +incircle.tridelta.org +incircle.umalumni.com +incircle.usfalumni.org +incircle.westwood.edu +incircle.wiu.edu +incirclepro.com +incolink.org.au indraweb.indra.es +indstate.edu +inetportals.com ineways.com +ineways.eu +inewayscanada.com +infineon-farefinder.com +info.broadsoft.com info.enet-japan.com +info.oebv.com +infobear.bridgew.edu infonet.hz.nl +infosupport.com +inframan.nl +ing-diba.at +ing-hipotecaria.mx +ingramentertainment.com +inlogin.com +innmarinsecure.com +inos.nl +inria.fr +insattningsgarantin.se +inscodico.com +inside.cod.edu +inside.consona.net inside.nhl.com +inside.santamariaworld.com insight.smartdm.com +insite.henrich.de +instantfisherman.com +instantintelligence.com +insurancebis.com integrishealth.recruitmax.com +intellilink.visa.com +intellium.co.nz +interact2.ird.govt.nz +interconnect.be +interhosting.interfree.it interiorsandsources.com +interlaken-congress.gosecure.ch +intern.abm-energie.de +intern.abm-service.de +intern.goebel.de +intern.med-bz.de +intern.svk.no internal.imaginets.com +internal.ppww.org +internal.razimports.com +internap.com +intersourcing.com +intex.com +intra.2at.net intra.billing.ru +intra.motion10.com +intra.nordfyns-gym.dk +intra.svendborg-gym.dk +intra.unbonn.org +intranet.1-first.com +intranet.2nsb.org.au +intranet.a3is.com +intranet.abesse.hu +intranet.bexleygs.co.uk +intranet.bhtc.sandwell.sch.uk +intranet.britishscienceassociation.org +intranet.carrel.fr +intranet.ceff.ch +intranet.chilcote.bham.sch.uk +intranet.espria.nl +intranet.frederikssund.dk +intranet.grupocopisa.com +intranet.hallwilcox.com.au +intranet.ipi-gmbh.com +intranet.itsduero.es +intranet.majedie.com +intranet.mhc.cc intranet.peckham.org +intranet.scriptum-site.nl +intranet.stanville.bham.sch.uk +intranet.uck.nl intranet.ucol.ac.nz +intranet.xperta.se +intuit.com +intuitrebates.com inverhills.edu +investissementsdavenir.agencerecherche.fr +inzicht.dfa.nl +ioffer.com iol.pt +iowaworkforce.org +ip.clubcorp.com +ipayables.net +ipi-interactive.com +ippo.net +iqmetrix.com iqsystem.irrc.co.jp +iraniansinglesconnection.com +iris.colum.edu +irrc.co.jp +ish-bridge.com +ishbs.com +isi-net.com +isic.hu +isstct.cz +issuemanager.myriad-it.com +istoreit.net +isupplier.americanlafrance.com +it-consult.net +itgroovehosting.com ito.org.tr +itoncloud.com +itrackit.net itrade.fhtrust.com.tw +itsfogo.com +itsyourview.com +itunescards.co.za +iva.de +ivoo.certiris.be +iwcc.edu iweb.thebankersbank.com +iyummy.com j-union.com +jac.go.jp +jamestownregional.com +japanpost.jp jasaga.or.jp +jasmenterprises.com +jazanu.edu.sa +jeddah.zfp.com +jennisondryden.com +jerseymanagedhosting.com +jerusalem.muni.il +jetblue.com +jgh.com.sg +jhop.jp +jmlexaktsaw.com +jmlfastfit.com +jmlmagiccarpet.com +jmlscratchremover.com +jmlsmoothit.com +jmltwisteze.com +jmsapps.jmsmucker.net jnet.agsys.sompo-japan.co.jp +joagift.com job.disc.co.jp job.nikkei.co.jp jobmgr.disc.co.jp +jobs.1800contacts.com +jobs.carlsonhotelsasiapacific.com +jobs.cas.org +jobs.sourcefire.com +jockjam.nl +joeys.org +journie.net +jr.com.au +jrfh.tsacorporation.com +js.joomlaservices.ca +js.metalinq.com +jsps.go.jp +jta.jtafla.com +jtasoutheast.com +jumbomortgage.citimortgage.com +juneau.billeo.com +juronghealth.com.sg +k12.al.us +k12.ks.us +k12.mo.us +k12.mt.us +k12.nm.us +k12.pa.us +k12.sc.us +k12.wa.us +k12.wi.us +k9glowguardtv.com +kabeldeutschland.com +kabukiza-kabu.com kahosl.be +kalender.nakskov-gym.dk +kanagawa.jp +kanjam.com +kaosmos.jp +karierasro.cz +katlehotrust.co.za +kawacki.com.br +kb.mbms.com +kbacmportal.net +kcc.com +kcn.jp +kddi.ne.jp keas.com +keitaipost.jp +kemi.se +kenkou-design.com +keybankdeveloper.com +kfz-versicherung.faz.net +kgh.on.ca +kicho.shoko-shimane.or.jp +kidneycancerconnections.com kimberlyclark.myvurv.com +kindenonderwijsrotterdam.nl king-invest.net kingsdominion.com +kingsize-bottle.com +kingsmail3.kings-ely.cambs.sch.uk kingsroadmerch.com +kingston-college.ac.uk +kinsou.com +kintetsu-bs.co.jp +kintetsu-hoken.co.jp +kipp.org +kirenet.com +kit.ac.jp +kkcom.co.jp +klc-ondemand.com +klerx.biz +klikbca.com +klive.kellogg.edu +klz.org.uk +kme.ch +knox.nsw.edu.au +koffiecenter.be +koffiecenter.nl +kohlaborate.com +kontor.polytec.no +kordia.net.nz +korowa.vic.edu.au +kpchoicesolution.com +kpos.melsc.co.jp +kramesondemand.com +kredinor.no +krungsricashlink.com +krungsrifileserver.com +krungsrimobile.com +ks.gov +ktr.com +ku.dk +kuanywhere.ku.edu +kuk-networks.de +kulturgutschutz-deutschland.de kwiktrip.com +kwv.nl +kyfb.com +kymweb.tokoha-jc.ac.jp +kymweb.tokoha-u.ac.jp +labs.arubanetworks.com +ladyphoneshop.be +ladyphoneshop.nl +lakecomm.com +lambertconsulting.ch +lamda.org.uk +lancasterregional.com +lancer.webhosting.uk.com +laprevisionmallorquina.com +laptoporder.wab.edu +laptopshop.be +laptopshop.nl +larix.cevak.cz +las.perkinelmer.ca +las.perkinelmer.co.uk +las.perkinelmer.com +latax.lacity.org +lavprisfly.no +lbiclaim.com +lbschools.net +lc.leics.sch.uk +lcgs.tas.edu.au +lead.rotary.nl +leadintelligence.co.uk +leadrouter.com +leap.neustar.biz +learningseat.com +learningseat.com.au +learnsheffield.com +leben-hat-gewicht.de leerlingmail.niftarlake.nl +legacy.lcpharma.com +legacy.medietilsynet.no legalconnection.com +legalease.jmls.edu +lehighregional.com +lendingpit.com +lendingtreeautos.com +leopards-den.us +leshamwowoffre.com +level.mol.hu +lexor.lsp.at +lexsan.vestingonline.nl +lh.k12.ar.us +library.failteireland.ie +liemerscollege.nl +lifeaction.net +lifeio.com +lifenetems.org +liftmonitoring.nl +liftnfix.com lightstone.co.za +limewire.com +lincoln-obama.com +linkmanager.shalink.com +linkservicepro.com +linkzeal.com +lion.wild.net +lipa.ac.uk +lisa.lpshp.fi +listech.com +lit.edu +liu.se +livegrades.com +livingwithcll.com +livingwithlymphoma.com +ljbc.wa.edu.au +lkmc.com +lks.jackhenry.com +lmmis.com +lms.kansaigaidai.ac.jp +lnrmc.com +loanet.net +loans.citifinancial.ca +loans.citifinancial.com +loanstowomen.com +localret.cat +lodge.maishima.co.jp +logica.com +logicnet.pc-ware.org login-pos.eurobank.pl login-raty.eurobank.pl +login.aderantpm.com +login.bcferries.com +login.bild.de +login.clientaccess.net +login.danskerhverv.dk +login.dtl.eu +login.skwich.com +login.smmj.com +login.visionalist.com +logixs.com +logowanie.osemka.pl +london.edu +loro.ch +loterie.ch +loucoll.ac.uk +louisianaappliancerebate.com +lpb.dueri.net +lsu.edu +lucentis.com +lucky-pantry.net +luckybuy.com.tw +ludus.greve-gym.dk +ludus.grindsted-gym.dk +ludus.maribo-gym.dk +ludus.midtfyns-gym.dk +ludus.roskilde.dk +ludus.vuc-vsn.dk +ludusweb.akat.dk +ludusweb.frberg-gym.dk +ludusweb.fredericia-gym.dk +ludusweb.herninghfogvuc.dk +ludusweb.horsenshfogvuc.dk +ludusweb.middelfart-gym.dk +ludusweb.roende-gym.dk +ludusweb.toender-gym.dk +ludusweb.tornbjerg-gym.dk +ludusweb.vejle.dk +ludusweb.vucaarhus.dk +ludusweb.vucfyn.dk +ludusweb.vucha.dk +ludusweb.vuckolding.dk +ludusweb.vucroskilde.dk +ludusweb.vucstor.dk +ludusweb.vuctm.dk +ludusweb.vucvest.dk +lukeassoc.net +lumalamps.com +lungcancerconnections.com +lusitania-cs.pt +luxoft.com +lvmpd.com +lvs1.com lxr.com +m.aafes.com +m.stackmedia.net +maandag.nl maartenluther.calvijn.nl +maastrichtuniversity.nl +macaw.nl +macihotline.com +maconomy.com +madisonregionalmedicalcenter.com magelo.com magtek.com +mail.abz.ch +mail.accretivehealth.com +mail.achap.org +mail.acousticalspecialties.com +mail.activision.co.uk +mail.aeat.co.uk +mail.albany.k12.ny.us +mail.albil.com.tr +mail.alexdejong.com +mail.almajles.gov.ae +mail.amrita-parus.ru +mail.anbank.com +mail.aocterra.nl +mail.aps.k12.co.us +mail.arcelormittal.kz +mail.asapnet.nl +mail.asascience.com +mail.asmnet.com +mail.auscampus.net +mail.avalonhealthcare.com +mail.avanquestusa.com +mail.axemusic.com +mail.axens.net +mail.banquemisr.com +mail.baptisthealth.net +mail.bb.softbank.co.jp +mail.bbms.no +mail.bedeck.co.uk +mail.behr.ch +mail.beveric.com +mail.bfds.com +mail.bfw-mainz.de +mail.bigfishgames.com +mail.bilia.net +mail.borgmanschool.nl +mail.bornholmstrafikken.dk +mail.bpsd.mb.ca +mail.burohappold.com +mail.cafuamanagement.com +mail.cardinalhume.com +mail.cba.edu.sa +mail.ccina.ro +mail.ccsmgr.com +mail.cdh.com +mail.ceat.in mail.centrum.cz +mail.chargoon.com +mail.charlton.greenwich.sch.uk +mail.charltonschool.com +mail.chenderit.northants.sch.uk +mail.childrens.com +mail.citizensmn.com +mail.citp.nl +mail.cm-sobral.pt +mail.cmalliance.org +mail.cmpunjab.gov.pk +mail.colegiodorosario.pt +mail.collab.uni.edu +mail.comeup-soft.de +mail.compuworx.hu +mail.configura.com +mail.congreso.gob.hn +mail.connectivityit.com.au +mail.cookcountyil.gov +mail.coopdefrance.coop +mail.cpnpr.org +mail.crestron.com +mail.cssaz.org +mail.cta.org +mail.cvd.nl +mail.cws.biz +mail.datagroup.de +mail.dearborncountyhospital.org +mail.depend.se +mail.desancta.nl +mail.dioceseofgreensburg.org +mail.doe.k12.de.us +mail.dollardcollege.nl +mail.dqc-hosting.net +mail.drivetime.com +mail.du.ae +mail.e-farmcredit.com +mail.eatough.net +mail.ebsi.com +mail.edwards-ind.com +mail.emailonline.net.br +mail.energy.gov.ab.ca +mail.escrotrans.com +mail.exchpro.dk +mail.expertsystems.net mail.extranet.hp.com +mail.ezeit.co.uk +mail.fachisthers.com +mail.faf.cuni.cz +mail.federalequipment.com +mail.fhconsulting.com.br +mail.footballaustralia.com.au +mail.fozzy.ua +mail.g4s.no +mail.gallowglass.co.uk +mail.gama.com.tr +mail.geninf.com +mail.ggi-sa.com +mail.ggs.vic.edu.au +mail.globeteam.com +mail.gmrgroup.in +mail.govwentworth.k12.nh.us +mail.gpworldwide.com +mail.grafil.com +mail.groupegt.ca +mail.gruppocredem.it +mail.gruppoveritas.it mail.gtri.gatech.edu +mail.guideone.com +mail.guidewire.com +mail.guk.org.uk mail.gunnebo.com +mail.haderslev-gym.dk +mail.hallrender.com +mail.hamptoncollege.org.uk +mail.harbourmsp.com +mail.harvestnaperville.org +mail.havantacademy.co.uk +mail.hemofarm.com +mail.hgs.n-yorks.sch.uk +mail.hib.no +mail.hoegh.com mail.hoover.k12.al.us +mail.horizonsd.org +mail.houdijk.com +mail.hsd153.org +mail.hsventures.org mail.hzeeland.nl +mail.iac.com.tw +mail.icepronav.ro mail.idera.com +mail.iimc.kyoto-u.ac.jp mail.ilsole24ore.com +mail.indiska.se +mail.insanity-inc.org +mail.ipswichschool.net +mail.isnsolutions.co.uk +mail.itc.mb.ca +mail.itc.net.sa +mail.itcs.com.ge +mail.iteam.se +mail.itgsolutions.com +mail.itility.us +mail.itu.queensu.ca +mail.janaf.hr +mail.jardboranir.is +mail.jarfalla.se mail.jetblue.com +mail.jjuc.no +mail.jordanhospital.org +mail.jus.cz +mail.justinho.com +mail.kairos-it.com +mail.karlsson.se +mail.kces.de +mail.kerners.com +mail.kidneyfund.org +mail.kik.gov.tr +mail.kingscollegeguildford.com +mail.kit.ae +mail.kks.se +mail.klingenberg.com +mail.kolektor.com +mail.kubota-kma.com +mail.kvanum.com +mail.labranche.net +mail.lancercatering.com +mail.lfhi.com +mail.lochem.nl +mail.loreto.nsw.edu.au +mail.lpbs.org.uk +mail.mandersconsulting.com +mail.maristcollege.school.nz +mail.mariuspedersen.cz +mail.marnixcollege.nl +mail.mauser-cabs.at +mail.mbsds.com +mail.mbvm.org +mail.mciblues.net +mail.mcx.pl +mail.mcycd.gov.ae +mail.meau.com +mail.metito.com +mail.metrostav.cz +mail.metrotrains.com.au +mail.meyernetconsulting.com +mail.mf.dk +mail.micronav.co.uk +mail.midco.net +mail.middevon.gov.uk +mail.midental.org +mail.mihs.org +mail.milesplatts.co.uk +mail.minsterlaw.co.uk +mail.mlhslancers.com +mail.moe.gov.my +mail.momatos.com +mail.moorsidehigh.com +mail.mosa.gov.qa +mail.mrcc.aast.edu +mail.msa-oost.nl +mail.mulhouse.fr +mail.mvsd.ca +mail.mygcx.org +mail.myrtuemedical.org +mail.mysterynet.mb.ca +mail.namwater.com.na +mail.nap.gsic.titech.ac.jp +mail.navitasworld.com +mail.neway.co.il +mail.nicor.com +mail.nkadd.org +mail.nli.no +mail.normandale.edu +mail.norsar.no +mail.notionsolutions.com +mail.npaid.org +mail.nty.m86security.com +mail.oakley.kent.sch.uk +mail.ocusd.net mail.officebroker.com +mail.ofg.lv mail.oma.nl +mail.omanair.aero +mail.optimum.bm +mail.oshochem.com +mail.ouc.ac.cy +mail.paratek.com +mail.pdb.se +mail.petranso.com +mail.petrex.com.pe +mail.pewsey-vale.wilts.sch.uk +mail.pflag.org +mail.pgesco.com +mail.pinecreeksd.mb.ca +mail.plainconcepts.com +mail.plpsd.mb.ca +mail.pmc-sierra.com +mail.polycom.co.il +mail.primevision.net +mail.prsdmb.ca +mail.pukzh.ch +mail.qataridiar.com +mail.ravenstone.co.uk mail.rawlinscollege.org.uk +mail.rca.gov.om mail.rcsdk12.org +mail.red-red.ru +mail.reiv.com.au +mail.rewar.com.br +mail.rexel.nl +mail.ribblesdale.org +mail.richardhicks.com +mail.ridgian.co.uk +mail.rittal.be +mail.rkbs-de-vlinder.nl +mail.rmc.com.au +mail.ruudlighting.com +mail.sage.com +mail.saic-dc.com +mail.sarasamerica.com +mail.savininsurance.com +mail.sd206.org +mail.seekeducation.org +mail.serralves.pt +mail.sigtuna.se mail.silmu.fi mail.sinclair.edu mail.skmc.gov.ae +mail.skov.com +mail.skp.com +mail.sli.com +mail.slt.com.lk +mail.smart3group.com +mail.smiddy.co.uk +mail.softlinesolutions.com.au +mail.spotlight.co.za +mail.ssb.eu +mail.ssi.com.vn +mail.stadsmissionen.se +mail.stallionoilfield.com +mail.stccs.ca +mail.stcg.net +mail.steel-line.com.au +mail.storstockholm.brand.se +mail.stuwebportal.net +mail.styletronix.net +mail.sv-com.de +mail.svsd.ca +mail.swmed.edu +mail.tegola.ru +mail.texasent.com +mail.tgn.com mail.the-ascott.com +mail.thomassabo.com +mail.tommoz.co.nz +mail.townsquaremedia.com mail.tox-us.com +mail.transunion.com +mail.tri-center.k12.ia.us +mail.tridenttech.edu +mail.trinco.de +mail.tunisiana.com +mail.tvfr.com +mail.ufonegsm.net mail.ugs.com +mail.um.sopot.pl +mail.umfmpookies.info +mail.unitil.com mail.uottawa.ca +mail.usd450.net +mail.ustboniface.mb.ca +mail.uvh.nl +mail.vakko.com.tr +mail.valdichienti.net +mail.vasallen.se +mail.vejlehs.dk +mail.versicherungsforen.net +mail.vertigo.com +mail.vestconsult.dk +mail.vicore.se +mail.viettel.com.vn +mail.vmkfb.se +mail.wasbol.nl +mail.wasserstudios.com +mail.wbd.ru +mail.wcc.vic.edu.au +mail.wellsway.bathnes.sch.uk +mail.wienholding.at +mail.wipfli.com +mail.wsdmi.org mail.yvc.ac.il +mail.zoloto585.ru +mail01.nct.ac.uk +mail1.asfourcrystal.com +mail1.sog.ga.gov mail2.law.stetson.edu +mail2.lisluanda.com +mail2.marqnet.com +mail2.nonlinear.ca mail2.skanetrafiken.se +mail3.gibsondunn.com +mailer.kuehnel-web.org +mailfilter.bowdoin.edu mailhub1.cpsb.org mailhub2.cpsb.org +maillab.state.nm.us +mailsrv.angelantoni.it +mailsrv.artax.cz +mailstation.ch +maisoku.co.jp +mall123.com.tw +mallorca.co.uk +manabo.chukyo-u.ac.jp +manchester.ac.uk +mandat24.de +mangawebstore.com +manifest5.craig-is.com +manmail.nice.org.uk +manmaruyoyaku2.jp +manukinvest.com +mapmfc.com +marathonfoto.com +maringeneral.org +maritimetacticalsecurity.com +marketforceshopper.com +mars.micex.ru marshallsonline.com +maruetsu.net +marymount.qld.edu.au +massdor.com massport.com +matgenie.com +matmut.fr +matricis.com +matsuzakaya.co.jp +mattel.com +mayvillestate.edu +mbanking.ncrwebhost.mobi +mbdvd.com +mc0.multimap.com +mc4me.mccd.edu +mc4u-ext.mcdonalds.fr +mch.io +mchscares.org +mchvpn01.midcoasthealth.com +mcostaff.com +md-whistleblower.com +meadsd.net +meagpower.org +meathvec.ie +medewerker.jouwregardz.nl +media.filas.pl +media.martignetti.com +media.wschiro.edu +media3.ignitemedia.com mediabistro.com +mediacentershop.be +mediacentershop.nl +mediafire.com +mediamaxonline.com +mediazp.cz +medicalcannabismanager.com +medicalert.co.nz +mediclinic.co.za +meinkonto.orf-gis.at +meltitofftv.com +member.marmar.com.tw member.yong-online.com.tw +memberadviser.com +members.bsrservices.biz +memory-express.co.uk +memoryshop.be +memoryshop.nl +memphis.edu +merchantcart.net merchantonlineapp.com +mercyhousing.org +meriden.nsw.edu.au +merlin.ca merrickbank.com +messaging.macmahon.com.au metalinq.com +metrogr.org +metrostarsystems.com +mexicancupid.com +mf-web.d2c.ne.jp +mg.afimilk.co.il +mhhitws.cahwnet.gov +mhric.org +mhs1.3f.dk +mhsecure.dmcontact.com +michelsville.com +midfloridacardiology.com +midnightcharm.com +midwayautosupply.com +midwestregional.com miele.co.uk +migdataengine.cms.hhs.gov +mightyblasttv.com +mightyfixit.com +mightymendittv.com +mightythirstynow.com +mightythirstytv.com +mijnrijnijssel.nl +milkmandelivers.com +mill-hillcollege.nl +milldtrack.com miller.co.jp +milsoftssl.com +mindbusiness.org +mingorp.hr +misd.net mishlohim.co.il +misim.gov.il +mitserv.com +mizuho-int.com +mizuno.co.jp +mizuno.jp +mizunonetorder.com mizunoshop.net +mmint.org +mmrpatientview.com +mmrpersonalhealthrecords.com +mnscu.edu +mobil.alfru.net +mobile.animate-shop.jp +mobile.xjt.com +mobilebankcardservices.co.uk +mochiads.com mochibot.com mochigames.com mochimedia.com +mochimedia.net +mochipass.com +mod.yodobashi.com +moe.gov.ae +mof.go.jp +mohawkeriesharepoint.com +molinosmodernos.com +monash.edu +monbureau.sophiaconseil.fr +monreglement.fr +monserviceconciergerie.com +montebello.ridgevineyards.net +montetrader.com +montiplaza.nl +montroseaccess.org.au +mopera.net +morainevalley.edu +moralesfamily.net +moreheadstate.edu +morganschaffer.net +mosalira.nl +moshtix.com moss.esher.ac.uk +moss.ise.de +moundsparkacademy.org +mp01.canon.jp +mp3shop.be +mp3shop.nl +mrc-ws.mrceweb.com +mrclaurentides.qc.ca +mrmrshandycaddy.com +mrus.co.uk +msauth.mainstreet.fiserv.net +msbmyndigheten.se +mscw.vic.edu.au msexchange.lyon.edu +msg.gov.hu +msimmunology.com msishopper.net +msmail.mvnu.edu +msu.edu +msvpn.wusm.wustl.edu +mtimail.metal-technologies.com +mtnpeaktrail.com mtsexchange.mtsn.org.uk +mtvninvoices.com mudy.info +mule.co.kr +musc.edu +mustangps.org +mwd.incontech.co.uk +mwn.de +mws.acculynk.net +mx.ahmadiyya.de +mx.twfp.com +mxs.at +mxs.deff.ru +my-aime.net +my-hammer.at +my-hammer.de +my-office.ro my.bentley.edu my.berkeleycollege.edu +my.bluebunny.com +my.ccu.edu +my.colby-sawyer.edu +my.comprehensivesleep.com +my.cpscorp.com +my.dhlglobalmail.com my.dover.edu my.ecwid.com +my.hillsdale.edu +my.ju.edu +my.proactiv.com.ph +my.sandi.net +my.siematic.de +my.snhu.edu +my.tfl.gov.uk +my.unifiedbrands.net my.wcupa.edu +myabakus.net +myaero.org +myameda.com +myapps.skiffmed.com +mybenetech.com +mybethanyranchhome.org +mybfffishfood.com +mybffnow.com +mybigcommerce.com +mybuxtonwallet.com +mycardprinter.com +mychart.carilionclinic.org +myclinicallogic.com mycls.cls.ch +mycoldfire.com +mycollaboration.sug.com +mycundus.com +myemail.com.sg +myemail.sg +myesafedepositbox.com +myevolver.com +myexterran.com +myfauquierhealth.org +myfldocs.com +myfloodonline.com +myfluvaccine.com +mygetmighytighty.com +mygiftregistry.co.za +myhdwraparoundstv.com +myholtca.com +mymail.brueggers.com +mymail.warnerconnect.com +mymccc.mc3.edu +mymcso.com +mymdc.mo.gov +mymedicallocker.com +mymedicalrecordsmd.com +mynavi.jp +mynha.com +mynhatest.com myoffice.eu.goodyear.com myoffice.na.goodyear.com myparceldelivery.com +myparkbillstv.com +mypoint.com +myportal.vhschicago.com +myr00t.com +myriad.com +myriddexpulse.com +myservices.suffolk.ac.uk +myshakeweight.com +mysheridan.shcr.com +mystarcentral.com +mystatebillstv.com +mysteryworldnet.com +mystorage.cloudleverage.com +mystudentsquare.com +mysullystore.com +mytdriver.com +mytravelersflood.com +myvpn.mdavisinc.com +myvpn.ubc.ca +mywagnercat.com +mze.cz +n-fukushi.ac.jp na.ntrsupport.com +naehmaschinen-welt.de +nagasaki.lg.jp +namg1.ipsos.com +nan.kujalleq.gl +napster.com naramail.nara.gov +nas.gov.ua +nasadvd.com +nat.tribalddb.net +natchezcommunityhospital.com +national-preferred.com +nationalparkbillstv.com +nationalsecuritygroup.com +natlloyds-flood.com +navicast.jp +navysealsfund.org +nbch.com.ar +nbrc.org +nbst.org.uk +nccrimecontrol.org +ncm-c.org +ncmpay.com +ncmstl.com +ncst.com +ndcconsultants.co.uk +ndl.qc.ca +ndr.nu +nebraska.gov +nectarwallet.com +nelson.azdamiaan.be neospeech.com +net4.saga-ja.jp +netcafe.ft.dk +netdocuments.com +netleasing.ersteleasing.hu +netmail.nmh.org +netmailing.liderexpress.hr +netnfu.ne.jp +netorder.sogo-seibu.co.jp +netpractice.com.au +netstorm.no +nettkirken.no nettkontoret.kredinor.no +nettobank.ch +netview.nu +network.directrelief.org +networkrail.rapport-online.com +nevada.edu +never-was.com +new2u.us neways.com newaysonline.com +newcollege.ac.uk +newmarket.com +news.nzzexecutive.ch newvistalive.com +nexusos.net +nfipservices.com +ngenx.net +nhc.ac.uk +nhk-ep.com +nhs.uk +nhselearning.co.uk +nhtv.nl +nicovideo.jp +niftarlake.nl +nightingaleconant.co.uk +nihon-u.ac.jp +nikkei.co.jp +niktec.com +nimbus.peru.edu +nintex.com +njreflood.com +nmsmp.alsok.co.jp +noc.touchnoc.com nochex.com +nomade.etu.univ-nantes.fr noridian.totalonboarding.com +nortcoll.ac.uk +norwich-union.com +notebookbuffer.com +notes.parliament.qld.gov.au noticiastelemicro.com +notleyhigh.com +nousinfo.com +novabase.pt +novocorreio.ultra.com.br +nowa.ntelos.com nr.edu +nraesafe.com +nrwbank.com +ns002.toshiba-sol.co.jp +ns11mm.sept11mm.org +nsw.gov.au +nswmentors.com +ntdira.com +ntstaxonline.com +ntx.at +nubod.com +nuii.com +nuskin.com +nutropin.com +nuungolf.com nuwaveoven.com +nuwaveovennow.com +nwhc.ac.uk +nyvpn.conifersecurities.com +nzmail.deloitte.co.nz +nzz.ch +oasen.nl +oasiswebvpn.net +oasystems.co.nz +obdp.org +obsmail.com +ocean.ac-toulouse.fr +odlmarkets.com +odlsecurities.com +offertool.galenos.ch +office.mls.lib.il.us +office.occ.on.ca +office.rooscs.nl +office.tatemono.com +office.wacom.de +officemd.net +ogdenbancshares.com +oha.com +oit.ac.jp +olchs.org +ollusa.edu +olmsted.mn.us +oma.nl +omnidualsaw.ca +on-linepojisteni.cz +on-nets.com +one-info.net +onecoin.tayoreru.com +onee.se +onefmcremote.com +onesies.com.au +onestop.gsi.go.jp +oneuso.org +onforce.com +online-processingcenter.com +online.alpha-web.jp +online.alphabank.com.cy +online.americanbus.com +online.clalcredit.co.il online.eurobank.pl +online.julbo-rx.com +online.mycontoso.de +online.shamir.es +online.shamir.fr +online.shamirlens.co.uk +online.steens.dk +onlinebanking.bankofalbuquerque.com +onlinebanking.bankofarizona.com +onlinebanking.bankofarkansas.com +onlinebanking.bankofkansascity.com +onlinebanking.bankofoklahoma.com +onlinebanking.bankoftexas.com +onlinebanking.csbt.com +onlinebill.fl1.li +onlinebt.de +onlineclient.nyscorporate.com +onlinelibrary.wiley.com +onlineticket.jp +onmail.dk +onmyo.com +ontarioinsco.com +ontimeweb.itfocus.co.nz onyxinv.com +opel-leadengine.de +openhire.com +operations.nvmp.nl +oppassessment.eu.com +oppenheimerfunds.com +oppy.com +opsource.net +oralchirurgie-ehingen.de +orchardworld.co.uk +ordemenfermeiros.pt +order.fujifilm.com +order.pvpl.com +orderdiscoabs.com +ordermonster1200.com +orderoxyclinical.com +orderpacecoach.com +orderpopmemories.com +orders.airculinaireinternational.com +orders.caterlinkworldwide.com +ordina.nl +oreckvac.ca orix-sumai.jp +orixliving.jp +osaki-eweb.com +oscar.gov.au +oss.schuster-gmbh.de +osuvpn.okstate.edu osvinc.com +otodok.com otpbank.hu +otpcafeteria.hu +otppenztarak.hu +otsuka-shokai.co.jp +outdoorchristmaslighting.co.uk +outlook.belam.lv +outlook.bolthouse.com +outlook.bosleyconsulting.com +outlook.cgw.com.au +outlook.delichtenvoorde.nl +outlook.effix.be +outlook.fritzhansen.net +outlook.haarlem.nl +outlook.hfwu.de +outlook.hillcrest.vic.edu.au +outlook.it-service-schwadorf.de +outlook.kennedykrieger.org +outlook.probil.com.tr +outlook.t-online.de +outlook.wcsr.com +outlook.y-tech.co.il +outlook1.wilshire.com +outlookonline.nl +outlookpremium.com +outside.cmworks.com +outspark.com +overblick.se +overthedoor.com +ovo-zaanstad.nl +owa.aas.ru +owa.acbl.net +owa.addon.de +owa.afridata.net +owa.asp.ruf.ch +owa.belnet.de +owa.bushbros.com +owa.byui.edu +owa.cancom.de +owa.caritas.at +owa.cimt-ag.de +owa.cms-hs.com +owa.consilium-uk.com +owa.consortioservices.com +owa.dannenbaum.com +owa.db-international.de +owa.dbr.com +owa.dish.com owa.dist113.org +owa.dunnhumby.com +owa.dyrbergkern.com +owa.edipresse.ch +owa.electric-house.com +owa.eneco.eu +owa.esn.at +owa.eucnordvest.dk +owa.exe.it +owa.executrain.com +owa.fh-jena.de +owa.gfe.com +owa.gft.com +owa.gtlaw.com.au +owa.hcuge.ch +owa.helsingborg.se +owa.iadt.ie +owa.ic3.gov +owa.isl-automotive.com +owa.itsindy.com +owa.iwco.com +owa.jabirumetals.com.au +owa.jacksonkelly.com +owa.jetstar.com owa.kajak.fi owa.kan.se +owa.kromannreumert.com +owa.kwfdn.org +owa.lamy-lexel.com +owa.lfb.fr +owa.lrgs.org.uk +owa.mainroads.wa.gov.au +owa.matrix.co.il +owa.mdx.ac.uk +owa.midroc.se +owa.namfg.com +owa.narsaq.gl +owa.nd.edu.au owa.nordakademie.de +owa.orangecoastcollege.net +owa.oranim.ac.il +owa.otani.ac.jp +owa.ouc.com +owa.palama.gov.za +owa.parlement.nl +owa.peak-it.nl +owa.perceptis.com +owa.pinklotusbreastcenter.com +owa.prgparking.com +owa.prinbox.com +owa.priorsfieldschool.com +owa.qaqortoq.gl +owa.qortex.com +owa.rbs1.com +owa.rcha.net +owa.rochesterathleticclub.com +owa.roeverbroenner.de +owa.rrpub.com +owa.rtc-mailing.de +owa.rtix.com +owa.sirc.co.il +owa.sktf.se +owa.slagelse.dk +owa.smh.ca +owa.spservicing.com +owa.st-benetbiscop.org.uk owa.tecnicasreunidas.es +owa.terremark.com +owa.uni.lu +owa.uniten.edu.my +owa.vetmeduni.ac.at +owa.wdm-ia.com +owa.westoncolorado.com +owa.windmobile.ca +owa.witstor.de +owa2.earthfare.com owa2k3.bhw.de +owamail.calu.edu +owenscorning.com +oztravel.com +p2pia.com +pagos.uveritas.ac.cr +pagport.jp +painel.mtv.com.br +painel.onlinesol.com.br +pajamajeans.com +pamperedchefconsultantcardapplication.com +pandorahost.net +paperlessemployee.com parfumdreams.de +parkbillstv.com +parkcity.org +parking.bristolairport.co.uk +parrishmed.com +partille.se partner.buzzcity.com +partnerhosted.com +partners.carnegieam.dk partners.conocophillipsalaska.com +partners.org +partners.sitesense-oo.com +partners.smartname.com +pascoregionalmc.com pastel.co.za +pastelincheck.co.za +pasts.lattelecom.lv +pasts.riga.lv +pathfinder.woolworths.co.za +pathrocket.com +patsiprod.upr.edu +pay.cimbal.com +paybacktime.com +payment.soulultimatenation.com.tw +payments.abm.com +paymyassociation.com +pbhrmc.com +pc-one.net +pc-soft.info +pcpobr.nl +pct.edu +pdashop.be +pdashop.nl +pdgm.com +peacecorps.gov +peaceriverregional.com +peckham.org +pedirefills.ca +pedvd.com +peelpolice.ca +penncommons.com +pent-valley.kent.sch.uk +perfectbrownie.tv perfectmoney.com +perimeter.eiu.edu +perkinelmergenetics.com +perse.co.uk +personalausweisportal.de +perspectica.telmetrics.com +perspektive-it.de +pest.griffsoft.hu +pestfreetv.com +petfinder.com +pethairpicksytv.com +petshed.com +pfizerpro.jp +pgcwl.com +pgfl.org.uk +pgi105.pacifica.edu +ph.book.airbypleasant.com +phfewic.org +photomask.com +phwebvpn.org +phwebvpn2.org +physiciansregional.net picnik.com +pictureitpostage.com +pieseautoaccesorii.com +pim.hypoport.de pimkie.de pimkie.es pimkie.fr pimkie.it pineconeresearch.com +piratenpartei-nrw.de +pittsborotransportationplan.com +piwik.healthplan.com +pixgate.fokus.fraunhofer.de +pizzutitrac.com +pl-fax.com +pl.wikidot.com +planapps.org planet-tachyon.com +plasmacool.ca +plasmacool.com +plasmaquebec.com +platform-one.suffolkone.org +playlsi.com playneverwinter.com +playnextlevel.com +plusuk01.smartsgroup.com +pluto.fipotex.com +plweb.evenflo.com +pmat3.com +pmptech.biz +pobal.ie pocket.matsui.co.jp +pocketchair.com +pocketu.jp +pocklingtonschool.com +poczta.adamed.com +poczta.barlinek.com.pl +poczta.km-net.pl +poczta.umwm.pl +pocztam.pap.pl +pods.thinkorswim.com pokervt.com +polautomatisering.nl +pooledmoneyinvestmentboard.com poolzconnect.singaporepools.com.sg +poplarbluffregional.com popularglasses.com portaal.nh1816.nl +portaal.steenbok.com +portaal.veenendaal.nl +portail.bienetrealacarte.com +portail.croix-rouge.fr +portail.ensai.fr +portail.mairie-blagnac.fr portail.mont-notre-dame.qc.ca +portal-dynamics.com +portal.aasa.ac.jp +portal.algoe-it.nl +portal.aquon.nl +portal.asms.sa.edu.au +portal.bisd.com +portal.brescia.co.za +portal.campverde.az.gov +portal.capital-tour.ru +portal.cmocpa.com +portal.coastalrange.ca +portal.collaborative.com +portal.colonialsd.org +portal.core.gb.com +portal.covenantsolutions.org +portal.crh-corp.net +portal.crtx.com portal.eduweb.vic.gov.au portal.eiffel.nl +portal.estridge.net +portal.flaglerschools.com +portal.gov.cz +portal.gses.l-3com.com +portal.halcyonit.com +portal.hallco.org +portal.hc-vlc.nl +portal.heel.com portal.hello.ch +portal.hpisd.org +portal.hud.de +portal.human-skills.com +portal.hutto.txed.net +portal.ijsselcollege.nl +portal.klinikum-niederlausitz.de portal.klz.org.uk portal.langara.bc.ca +portal.marchesschool.net portal.mariestad.se +portal.maryhare.org.uk +portal.mez.nl +portal.mhyork.org +portal.myabc.no +portal.netcuras.com +portal.nordavia.ru +portal.orlandoheart.com +portal.pascack.k12.nj.us portal.peckham.org portal.perse.co.uk +portal.riskrighter.com +portal.s1.com +portal.sangart.com +portal.sierrasystems.com +portal.sigmax.nl +portal.skbo.nl +portal.skitsap.wednet.edu +portal.stjansdal.nl +portal.svms.net +portal.tape-llc.com +portal.telefonbuchverlag-sutter.de portal.tku.ac.jp +portal.toreboda.se +portal.usgjuristen.nl +portal.yourithost.com +portal.zeidlerpartnership.com +portal2.znb.nl +portale.ervet.it +portam.jp +porthuronstclairsharepoint.com post.norwegian.no +post.simple.ru +post.socialrdg.dk +post.stortinget.no +post.time.kommune.no +post.wastecare.co.uk +posta.copma.it posta.dsi.gov.tr +posta.kolektor.si +posta.nuk.uni-lj.si +posti.hippos.fi +posti.pirko.fi +postkodlotteriet.se +postur.borgun.is +postur.hve.is powerschool.ccsdut.net +powerschool.com powerschool.lawrence.k12.ma.us +powershiftfastcash.com +powertoolshop.be +powertoolshop.nl +pph.peres-center.org +practika.ru +pragma-group.biz +precash.com +preferredhomecare.com +preishelden.de +premierinc.com +premiodestaque.com +primehhs.com +princeportal.com +princeton.edu +printershop.be +printershop.nl +private.stelizabeth.com +pro.mothers-auction.net +procapita.gfbs.se +procoder.aviacode.com +proexam.org profil.centrum.cz +profilecenter.ru +profitbuilderenroll.com +profitweb.afasgroep.nl projectinsight.cbre.com +projectserve.disti.com +promail.ru +proposalsystem.seic.com +provident.com +providentfunding.com +provider.dchpkids.com providers.tufts-health.com +prox-c.com ps.dvusd.org ps.glenbard.org ps.liberty.k12.mo.us +ps.meridianschools.org +psiwebmail.com psyquel.com +ptcube.de +ptstaxonline.com +ptw.qp.com.qa +public.myfwc.com +pufferfish.de +pulmozyme.com +puripo.jp +puser.centrum.sk pushentertainment.com +pvhs.org q8car.com +qbranch.se +qeliz.ac.uk +qenos.com +qenterprises.com +qeportal.co.uk +qewebmail.co.uk qisweb2-verw.uni-hohenheim.de +qmgs.walsall.sch.uk +qqweb.jp +qsquirrel.com +qt.sat.gob.mx +quickreg.ci.irvine.ca.us +quintogest.com +quon.asia quotien.onlinebank.com +qvc.jp +qvcliquidation.com +qwazy.net +r1.techpuls.hr +r4.musicstationonline.com +ra.budco.com +ra.hntb.com +ra.libertymgt.com +ra.pega.com +raasnet.com +raciborz.edu.pl +rahorizons.com +raildata.orr.gov.uk rainforest-alliance.org rakuraku-market.com +rakuten.co.jp +rampvpn.tessituranetwork.com +raona.com +raptiva.com +rasowa.ramairservices.com rbc.bridgetrack.com +rbsiseast.org.uk rc.kotoha.co.jp +rcssalem.com +rcxasa.watson.ibm.com +rd.rlcdn.com +rds.ilc.gov.au +reach-clp-helpdesk.de +reaktor.no +realsuperpass1.smartsubs.net +redbullcontentpool.com +redhawk.golfcart.com +region-view.com +register.daum.net +register.lynctrial.com +registration.gov.gg +regmurcia.com +rehabcare.com +rejuvenateautocanada.com +relaxtrade.com +releaseyourpotential.net +rem.clow.net.nz +remedy.justice.gov.za +remote.4tw.dk +remote.aa.net.nz +remote.aacl.com.au +remote.ap.asm.com +remote.bdmtexas.com +remote.capita.co.uk +remote.cftc.gov +remote.clickconsult.com +remote.clovertowing.com remote.cushingco.com +remote.daugherty.com +remote.dumasmining.com +remote.fhn.org +remote.fnh.no +remote.frog.se +remote.frontier-si.com +remote.fumcallen.org +remote.gndlaw.com +remote.graduateleverage.com +remote.hbcs.org +remote.hillvue.com +remote.hrjconsulting.com +remote.hselaw.com +remote.ilergroup.com +remote.inshuckch.com +remote.ipmotion.de +remote.keyorganics.net +remote.maybourne.com +remote.neighborimpact.org +remote.nexant.com +remote.nlogic.com +remote.nmcfd.com +remote.noyes-hospital.org +remote.opensolutions.com +remote.penton.com +remote.progpl.com +remote.queens.org +remote.reefdiver.de +remote.renouf-family.com +remote.rttg.co.uk +remote.sb-groep.nl +remote.senhoc.com +remote.sgsep.com.au +remote.shetland.gov.uk +remote.slalomdemo.com +remote.slfa.com +remote.starofhope.us +remote.sticares.org +remote.thechurchofgod.org +remote.unicorr.com +remote.unitedspinal.org +remote.utsystem.edu +remoteaccess.skaggs.net +remoteaccess.starkstate.net +remotecall.jp +remoteoutlook.webjet.com.au +remoteportal.nasonhospital.com +remotingcoders.com +rencap.com +reporthawk.com +reporting.accesshma.com +reporting.accessrga.com +reportingportal.com reprofinance.com +republiconline.republictt.com +resalesmart.com +resealandsave.com +research.majesticsteel.com +researchapoptosis.com +researcharchive.wintec.ac.nz +researchherpathways.com +researchvegf.com +reservations.encorelasvegas.com +reservations.wynnlasvegas.com +resource-ctr.com +ressu.ficora.fi restaurantwedding.jp +resurskontoret.se +retailer.gfkms.com +retention.nextpage.com +retina.org +revlonrunwalk.com +revonix.com +rewardgateway.co.uk +rewardplus.co.uk +rezitech.net +rgdata.com.ua +rgiexchange.net +rgiimail.com +rhwebmail.com +ricoh-usa.com +riddexcanada.com +riddexpulse.com +riddexpulsenow.com +rightathomehomestay.com +riksgalden.se +rileyhosp.com rio.edu +risesupport.com +risk-buster.com +rismail.rafflesis.com +ristken.com +rituxan.com +riverartsfestmemphis.org +riveroakshosp.com +riverviewregional.com +rk.sjdc.co.jp rlcdn.com +rlh-gmuend.at +rma.sensus.com rmg.i-grasp.com +rms.unlv.edu +rochester.edu +rockettesdvd.com +rocmondriaan.net +rodekruis.nl +rodino.ro +rome.faber.co.uk +rosalie.ciad.ch rosevalleyindia.com +rosey.ch +ross.fs.fed.us rotaban.ru +routercenter.be +routercenter.nl rozodoniy.com rpv.fbn.ca rr.com +rreporter.nl +rs.gov.br +rsasurveys.co.uk +rsg-nc.rsgsystems.com +rsmn.reschini.com +rsmoss.rsmedical.com +rsracing.com +rsu.lv +rt.rtoaster.jp +rtstr.netbk.co.jp +rumail.rockefeller.edu run.auone.jp runnet.jp +runraceresults.com +rush.edu +ryujus-netsuper.com +s-immobilien.de s-yoyaku.city.sagamihara.kanagawa.jp s-yoyaku.city.urayasu.chiba.jp +s.ixiaa.com +s.ncp.imrworldwide.com +s1defense.com +saab-leadengine.de +saas.dynamate.eu +saas.it-telcom.nl +saas.nines.nl safelinkwireless.com +safestream.com +safetekusa.com sail.iwcc.edu +saintvincenthealth.com +saksincorporated.com +salaris.acera-online.nl +sales.skipark.com +salvador-dali.org +sam.lst.se +sam.sesameworkshop.org samba.huji.ac.il samsami2u.wordpress.com +samsclub.com samstores.com +samworthenterpriseacademy.org +sandalsuperstore.com +sandingglovestv.com +sandiskdealpal.com +sandwellschools.org.uk +sanpasqualunion.net +santa-clarita.com sap.kenexa.com saratogaschools.org +sas.com +satalyst.com +satis.tcdd.gov.tr +savpn.sysadm.suny.edu +sbdc.uga.edu +sbiapps.sitesell.com +sbobet.com +sbr.shooti.jp +sbsgroupusa.com +sby.co.il +scad.edu +scarboroughcollege.co.uk +scartreatmentnow.com +scb.flysas.com +scca.com +sch.uk +schedulemyshot.vaxamerica.com +schicktech.com +schoolwebpages.com +schulstatistik-thueringen.de +scientia.sk scottsliquidgold.com +scu-vpn.scu.edu.au +sd68.bc.ca +sdt.tntpost.nl +sdx-ag.de +seanet.sbexp.com search.boox.jp search.petfinder.com +secep.net +secondmarket.com +secservizi.it +sectorzero.pt +secure-access.cne-siar.gov.uk +secure.3creditreportsinstantly.com +secure.aceinsurance.com.au +secure.anzmoneymanager.com +secure.asce.org +secure.astepsdiv.com +secure.atriacom.com +secure.atv.com +secure.bybox.com secure.cambrianc.on.ca +secure.citizenlink.com +secure.click2callu.com secure.court.gov.il +secure.cst.org +secure.cygnusresources.com secure.discountadvances.com secure.earthclassmail.com +secure.eastbayfellowship.org +secure.elcofduval.org +secure.frenell.com +secure.globalstar.com +secure.gway.org +secure.igliving.com +secure.keuzenkamp.eu +secure.makinglifebetter.com +secure.mbsbillingsolutions.com +secure.mcpa4you.org +secure.mdrc.org +secure.mededcoventry.com secure.merchantcart.net +secure.molapo.co.za +secure.motorcycle.com +secure.mrcad.co.uk +secure.my3creditreportsinstantly.com +secure.mybybox.com secure.mycashnow.com +secure.nicoga.jp secure.nochex.com +secure.nufactor.com +secure.passport.mnginteractive.com +secure.payconnect.net secure.paydaymax.com +secure.personalwatercraft.com +secure.pompvanhetvolk.be +secure.reboot.ca +secure.rfi-walmart.com +secure.rhodesfs.com +secure.sandhillsregional.com +secure.sbmonline.com +secure.sjpharmacal.com +secure.snowmobile.com +secure.softwarepursuits.com +secure.stuartelvish.com +secure.tempus-rex.com +secure.vivemejor.com +secure.www.contracostatimes.com +secure.www.dailybreeze.com +secure.www.dailybulletin.com +secure.www.dailynews.com secure.www.denverpost.com +secure.www.la.com secure.www.mercurynews.com +secure.www.montereyherald.com +secure.www.pasadenastarnews.com +secure.www.presstelegram.com +secure.www.redlandsdailyfacts.com +secure.www.santacruzsentinel.com +secure.www.sbsun.com +secure.www.sgvtribune.com +secure.www.siliconvalley.com secure.www.twincities.com +secure.www.whittierdailynews.com +secure.wzhi.net +secure.your3creditreportsinstantly.com secure.zeelandnet.nl secure.zoominfo.com secureaccess.cacu.com +secureconnect.shawgrp.com +secureconnect.uis.edu +secured.erdbeerli.ch +securedatacollection.com securedlogons.humanadental.com +securefeed.co.uk +securepayment.newapproachmarketing.co.za +securetrack.rebatetrack.com +securevtp.com +securible.com +securities.com +sedgemoor.gov.uk +seearprewards.com +sefinenlinea.jalisco.gob.mx seha.ae +seibu.jp +seibubus-gt.jp +seisentopbin.com +seizetheday.com selfcare.rr.com +selfservice.smartree.com +selfservice.vsource.com +semanticweb.com +sen-farefinder.com +send.group.com +senvpnen.senate.gov +sercel.com +serifrebates.com +serv.webhostnr1.com +server.alsautomotive.com +serveraccess.practice-it.co.uk +service.deutschepost.de +service.hkn.de +service.itatbusiness.de +servicebund.com +servicedesk.geoeye.com +servicelinkproonline.com +servicemagic.com +serviceportal.telekom.at services.bag-mail.de +services.canadoil.com +services.esc-pau.fr +services.gyc.ac.uk +servicingconnect.com +servizi.allianzbank.it +servizi.atime.it +sesameconnection.org +setnlift.com +sf-vpn01.embark.com +sfoon.com +sfsj.se +sftsrc.com +sgw.ngxo.trinity.ebay.co.uk +sgw.ngxo.trinity.ebay.com +sgw.ngxo.trinity.ebay.it shakeweight.com +shakeweight4men.com +shakeweighttimer.com +shaklee.com +shamir.pt +shamwowca.com +share.epeerless.com +sharepoint.centurionmp.com +sharepoint.convergys.com +sharepoint.exiis.net +sharepoint.rosasconstrutores.pt +sharepoint.smartit.ch +sharepoint.xformity.com +sharepointgermany.cinram.com +sharepointgurus.net +sharepointiichiprojects.iichi.org +sharkweekdvd.com +sharpmail.sharpamericas.com +shavematetv.com +shavershop.be +shavershop.nl +sheabuild.com shiki.gr.jp +shiki.jp +shinsei.kyoukaikenpo.or.jp +shochiku-kabu.com +shop.benningtonmuseum.org +shop.fatboy.co.uk +shop.fatboy.com +shop.fatboy.de +shop.fatboy.fr +shop.fatboy.nl +shop.foxxfoe.com +shop.ftv.com.tw +shop.kgcheck.com.tw +shop.lindora.com +shop.rcn.com +shop.whatsinyourcity.net +shop123.com.tw +shop4.vcomshop.com +shopbase.finetunes.net +shopnchekshopper.ca +shopnchekshopper.com +shopoutdoornebraska.ne.gov +shoptotalpillow.com +shortinsights.com +shortside.com showcase-tv.com +shr.ro +shsmail.swedish.org shsremote.solarishs.org +shutdown.cfs.iupui.edu sierranevada.com +sigmakudos.com +signup.cloudprofile.com +sildelaget.no +silkcloudservices.microfocus.com +silkroad.com +silverjoes.com +simonizfixittv.com +simonlyshop.nl +simplewebmanagement.com +sims.tanfieldschool.co.uk +sinergiefinancial.net +singtel.com +sip.ttcg.net +siriusxmrewards.com +sis.ais-r.edu.sa sis.ggusd.us +sis.gpc.edu sisense.com +sistema.giannetti.com.br +sjomannskirken.no +sjpremote.com +sjsualumninetwork.com +skills.luovi.fi +skivehs.dk +sklep.vitapertutti.com +skmm.gov.my +skogforsk.se +skyliner.ec.keisei.co.jp +slg.schools.nottscc.gov.uk +slinkprovider.com +slowemdownbowl.com smart.otpbanka.hr +smartdrv.com +smartmoptv.com +smartphoneshop.be +smartphoneshop.nl +smes.org +smoothawaysite.com +smtp.ikic.co.jp +smtp.ngatawa.school.nz +snuggie.ca +snuggiefordogs.com +snuggieforkids.com +snuggietv.com +snuggievarsity.com sobexinvest.com socketstore.co.uk +socrambanque.fr +sodexhovpn.com +sodexovpn.com +softsupercoolertv.com +sog.nl +sogo-gogo.com +sols.org +solutionsbiz.com +solvethatdebt.com +son.stellatravel.com.au +sonicwall.com +sonymusicd2c.com +soquij.qc.ca soundvision.com +southernwine.com +southlakecarroll.edu +sp.cti-w.com +sp.edu.sg +sp.hanoverva.gov +sp.se +sp1.zvw.uni-goettingen.de spalding.edu +sparinvest.dk +sparkasse.de +sparrapid.se +speedy2k3.viglen.co.uk +speedyspark.com +spilldaddy.com +spkgroup.com +spkhome.net +spknet.com +splogin.se +sports-nakama.com +sportundshop.de +spragueenergy.com +springer-sbm.com +springhillregional.net +springisd.org +sprint.com +sprint.net sprintrebates.com +sprooms.swiss.com +spss-asp.com squareup.com +sr-owa.walter.net.au +sra.com +src.sk.ca +srigold.com +srmcfl.com ss3.e-state.co.jp +ssl-vpn.multifa.com +ssl-vpn1.aau.dk ssl.arcsoft.com +ssl.clinique-pasteur.com +ssl.coig.pl +ssl.cpmc.columbia.edu +ssl.ksd.ch +ssl.levinglobal.com +ssl.siih5962.fr +ssl.walsworth.com +ssl.weniger-verbrauch.de +ssl.whoajack.com +ssl2.americanprogressaction.org +ssl3.costar.com +sslclient.runshaw.ac.uk +sslgw.emis-electrics.de +sslvpn.accent.nl +sslvpn.bentonpud.org sslvpn.broadcom.com +sslvpn.curtin.edu.au +sslvpn.emerson.com +sslvpn.mid.org +sslvpn.nyp.org +sslvpn.roedl.pl sslvpn.savannah.chatham.k12.ga.us +sslvpn.thrivent.com +sso.agglo-royan.fr +sso.collegeboard.com +sso.utilityservice.com +st.ig.com.au +stadspoort.asp4all.nl +staff.ftc.health-partners.org +staff1.f-i-f.co.uk staffmail.brighton.ac.uk +staffmail.ja.net +staffordschools.org staffportal.bne.catholic.edu.au +stage.sparksecure.com stapleseasyrebates.com +stapleseasyway.com +start.spro.no startnextweek.com.au +startrack.gfkrt.com startrekonline.com +starwoodresidenceclub.com +starwoodvacationownership.com +state.fl.us +state.ks.us +state.wy.us +static.brandsclub.com.br +static.collegeprowler.com +static.gebrauchtwagen.de +static.limewirestore.com +statistik.msb.se +statlerhotel.cornell.edu +stc.ac.uk +stcloudregional.com ste-exch1.nhc.ac.uk +steeleye.com +steelhorsecomputers.com +stemcellskintherapytv.com +stetson.edu +stichtingwillemvanoranje.nl +stihl.de +stilltracking.com +stlawrencecollege.ca +stleonards.vic.edu.au +stlogic.com +stofzuigerstore.be +stofzuigerstore.nl +stone-ware.com +stoneware.cloverdale.k12.in.us +store.homeheartbeat.com +store.sun.com +store.toto-dream.com stores.channeladvisor.com +stories.citi.com +stormgenius.com +stpats.vic.edu.au +straitservice.com +strapperfect.com +strapperfect.tv +stratfordhigh.org.uk strideeveryday.com +strijkijzerstore.be +strijkijzerstore.nl +stringfellowmemorial.com studentdata.warwick.ac.uk +studentinfo.trinityhigh.com +studmagic.com studynet.dem.hva.nl +stylio.jp subjectivemetrics.com +sug-spirit.net +suitespot.mynextsuite.com +summitmedicalcenter.net +summitshack.com +summitstrategies.com +sundahus.se +sunriseearthdvd.com +superhub.hk +support.ataretail.com +support.bsc-ideas.com +support.cryptas.com +support.dridefault.com +support.goshen.bluestarpro.com +support.landsteinar.nl +support.mcigb.com +support.orgmanager.de +support.rosebudtech.com +supportlink.net survey5.spss-asp.com surveys.itsyourview.com suvana.com +svc.aegmis.de svelvik.skole.d-ikt.no +sw.nvusd.k12.ca.us +sw.quirinale.it +sw4men.com +sw4menespanol.com +swartdev.net +sweden.icw.se +sweettracking.com +swiss-rx-login.ch +switch2verizonfios.com +swivelwonderhanger.com +swuhealth.org +sykehuspartner.no syllabus.doshisha.ac.jp +symetra.com +synergy.nma-ict.nl +synergy.workarea.nl sys.ins-uni.co.jp +syspro.com +system.cord.osaka-geidai.ac.jp +systemb2b.com +t-mobile.nl +taerobicsdvds.com +tahomasd.us +tai.com.tr +tamiflu.com +tandenborstelstore.be +tandenborstelstore.nl taocan777.com +tapapp.com +tarceva.com +tas-japan.com +tasgroup.cl +tasmanliquor.co.nz +tasmantest.sdc-online.net +tastiwave.ca +tastiwave.com +tastiwavepan.com +tatertornadotv.com +taxport.convey.com +taxslayer.com +taxslayerbooks.com +taxslayerpro.com +taxstatusnow.com +taxtes.com +tc4men.com +tco.cfbt-inspections.com +tcspost.thomassen.com +tdj.ac.jp +teachingpersonnel.com +teambrandon.ca +tecdlr.com +technology-security-associates.com +technologyandstrategy.com +techscaler.com +tecplot.com teetimesusa.com +teetroit.com +telaris.wlu.ca +telefoonshop.nl +teleplan.no +telifhaklari.gov.tr +tellabs.com +temptationscanada.com terrabanking.romexterra.ro +testdrivereward.com testdriveunlimited2.com +tewkesburyschool.org +tge.cl tgn.co.jp tgw.com +the-house.com +the-k-factor.com +theadspot.tv +thealabamacollegesnuggie.com +thealbany.biz +thebarkoff.com +thecarletonsheetscoachnetwork.com +thecharacter-classics.com thecinema.in +thecomfortfurnace.com thediamondstore.co.uk +thedownsschool.org +theezstringer.com +thefushigi.com +theglobalfund.org +thegreenspider.com +thehandyvalet.com +thehexlightsite.com +theknowledgeexchange.info +themicrowallet.com +themightysuperstore.com +theorphan.com +thepalmwallet.com +thepancakepuff.com +therockradionetwork.secure.myhosting.net +thesecuraoven.com +theshedd.org +thesource.freemanco.com +thesuperjuicer.com +thetotalcore.com +thewire.wynnresorts.com thor.movistar.com.co +threepalms.com +threescompany.com +thueringen.de +thuis.ckxs.com +thw.de thymes.com +thymesnet.com +ticket-web-shochiku.com +ticket.fast.no +ticketfly.com +tickets.carowinds.com +tickets.dorneypark.com +tickets.spoorwegmuseum.nl +tickets.valleyfair.com +tickets.worldsoffun.com +tidytweet.com +tieup.demae-can.com +tightboards.com +tigmail.tigdistributing.com +time.staffme.net +timken.com +timtrac.ca +tirerebatestatus.com +tis.co.jp +tis.jp +tixforkids.org +tjmaxx.com +tku.ac.jp tlfw01.fhsg.ch +tmgowa.pointsharp.net +tmsanalytics.com +tmsnervecenter.com +tnkase.com +tohmatsu.co.jp +toho-u.ac.jp +tokem.fi +token.vpn.mim.dk +tokyo.jp +toltestworld.com +tomategigantetv.com +tomwatsondvdtv.com +tondeusestore.be +tondeusestore.nl tools.med.nyu.edu +topearnmoney.com topfox.co.uk +toppenishhospital.com +topsytomatotree.com +topsytree.com +topsytreetv.com +toptvstuff.com +toranoana.jp +toranomon-ichiba.com +tosti-asia.com totalcore.com +touchnbrush.tv +toutatice.fr +tpmail.transplace.com tracs.txstate.edu +tradecollege.com.au +traderssupersummit.com +trans-cosmos.co.jp +transat.com +transmontaigne.com +transportationtomorrow.on.ca +travelersflood.com +travelerssaves.com +travelindochina.co.nz +travelindochina.co.uk +travelindochina.com +travelindochina.com.au +travelmoneynow.com +trebesin.cz +trendsource.com trialpay.com +tribune.com +tricarsales.com +tritium.ch +trusted.com +tryabcircle.com +tryabrocket.com +tryabrocket.tv +tryabrocketflexmaster.com +trycrunchlessabs.com +tryeasyfeet.com +tryeasyreach.com +tryeyemagic.com +tryfastfit.com +tryfreegrillglovetv.com +tryfreerejuvenate.com +trygianttomato.com +tryhealthinitiative.com +trymybffnow.com +trymytomatofactory.com +trypetmd.com tryshakeweight.com +tryshakeweightespanol.com +trysidesleeperpro.com +tryslimmersilhouette.com +tryslimtsnow.com +trytomatofactorynow.com trytotalpillow.com +ts.cadritech.com.br +ts.k14.net +ts.transsoft.dk +tsn.dataresolution.net +tss-j.co.jp +tsubuyaki.fx.dmm.com +tsuweb.pilgrimsoftware.com +tu-chemnitz.de +tu-dortmund.de +tuev-nord.de +tufts-health.com +tui.rewardgateway.ie +tulane.wisenbaker.com +tum.de +tunnel.ltu.edu +tunnel.services.wisc.edu +tutornet.com.br +tuvakademie.it +tuwien.ac.at tvspy.com tw.event.gamania.com +twinriversregional.com +twoa.ac.nz +twyford.ealing.sch.uk +twynhamschool.com +tx.maxim-ic.com +tylerisd.org +u-tokyo.ac.jp +uab.edu +uatoa.americanexpress.com +ube-ind.co.jp +ubi.pt +ucf.edu +uci.edu +uckac.edu ucol.ac.nz +ucr.edu +ucsd.edu +udsis.com +uemail.unitedelec.com +ufl.edu +ugyfelkapu.mindigtvextra.hu +uhk.cz +uillinois.edu ukblelite01.emea.aza-lite.com ukblelite02.emea.aza-lite.com +ukwebmail.markit.com +ultrapos.net +umea.se +umons.ac.be +umpcshop.nl +umsamofund.com +umweltbundesamt.at +umweltrat.de +un.org +unc.edu +uncg.edu +undercovermags.com +uni-career.jp +uni-hamburg.de uni-hohenheim.de +unibas.ch +unifymoffice.com +unionvpn.union.edu +unisanta.br +unitron.no +univ-lyon1.fr +universalfloodpr.com +universitymedicalcenter.com +unixnotes.wordpress.com +unlimity.biz +uno.edu +unr.edu +unv.org +uottawa.ca +update.com +upenn.edu +upgradeserver.coremobility.com +upstatecarolina.net +urclickthru.com +urlinkthru.com +uruanna.com +us.connect.newegg.net +us17action.com +us36managedlanetrafficandrevenue.com +usa800.net +usacapitol.com +usc.edu +uscg.gov +user.atlas.sk user.centrum.cz +userapp.waubonsee.edu +usfinancialsource.com usuwazavpn04.americas.aza-lite.com +uta.edu +utah.gov +uws.edu +v-da-001.dp-itsolutions.de +va.gov +vaderstad.com +valenciaport.com +valtech.se +vanfcog.org +vangent.com +vasttrafik.se +vaxjo.se +vbgov.com +vci.de +vcommerce.com vcsportal.viasyscs.com +vdvexchange.com +veluwsescholengroepcvo.nl +ven.softec.sk +veniceregional.com +venners.co.uk +verifiering.se +verint.com +versicherungsvergleich.payback.de +verticalresponse.com +vervoerzcn.nl +verwaltung-innovativ.de +vestedanet.com +vestedapartners.com +vetsfirstchoice.com +vfwsturgis.org +vhspoint.lt +vi.macromill.com +viacord.com +vic33.win.kennesaw.edu +video.actadvantage.org +videocamerashop.be +videocamerashop.nl +villeesch.lu +virtualexchange.nl +virtuall.nl +visualvault.com +vitalberry.eu +vivaldi.ru +vivid-trade.com +vivus.se vle.guilsborough.northants.sch.uk +vle.marling.gloucs.sch.uk +vle.saddleworthschool.org +vocalocity.com +vodamail.hu +voicerecordershop.be +voicerecordershop.nl voogd.com +vosdemarches.saintgermainenlaye.fr +vpdn.dlr.de vpn-01.houstonisd.org vpn-03.houstonisd.org vpn-04.houstonisd.org +vpn-ap2.infor.com +vpn-gw1.unbc.ca +vpn-indy.exacttarget.com +vpn-server.rrzn.uni-hannover.de +vpn-stud-ssl.hogent.be +vpn-testbetrieb.rus.uni-stuttgart.de +vpn-us-ssl.lionbridge.com +vpn-wv.mentorg.com +vpn.4j.lane.edu +vpn.agnesirwin.org +vpn.ahss.org +vpn.anl.gov +vpn.ats.edu +vpn.ausrad.com +vpn.barry.edu +vpn.bchydro.com +vpn.bonitahealthcenter.com +vpn.caltech.edu +vpn.cclswi.com +vpn.challenger.wa.edu.au +vpn.claas.com +vpn.cmu.edu +vpn.coasolutions.com +vpn.coffey.com.au +vpn.concur.com +vpn.dearborn.pcgcampbell.com +vpn.del-valle.k12.tx.us +vpn.diebold.com +vpn.doncaster.gov.uk +vpn.douglasesd.k12.or.us +vpn.ehu.es +vpn.eurecom.fr +vpn.fhi-berlin.mpg.de +vpn.gribskov.dk +vpn.gsorad.com +vpn.hbstubbs.com +vpn.hobokenumc.com +vpn.hppartners.com +vpn.ins-lua.com +vpn.interseco.nl +vpn.iridium.com +vpn.kleinandhoffman.com +vpn.kmcnetwork.org +vpn.l3stratis.com +vpn.lafayette.edu +vpn.lan.kth.se +vpn.liberty.edu +vpn.libertyregional.org +vpn.llproducts.eu +vpn.lrdc.com +vpn.mcgrathnicol.com +vpn.memorialsb.org +vpn.mercer.edu +vpn.minecofin.gov.rw +vpn.mobilearmor.com +vpn.msmc.la.edu +vpn.nbeavers.com +vpn.netprivateer.com +vpn.newpaltz.edu +vpn.pace.edu +vpn.pasadenaisd.org +vpn.pih.net +vpn.pxi.com +vpn.redbarchetta.com +vpn.reliablesprinkler.com +vpn.reykjavik.is +vpn.rmc.ca +vpn.rz.tu-clausthal.de +vpn.sausd.us +vpn.stadsdeel-osdorp.nl +vpn.stb.eu vpn.tarumanagara.com +vpn.tesd.net +vpn.tfh-wildau.de +vpn.ud-medien.ch +vpn.uiowa.edu +vpn.uni-giessen.de +vpn.univ-lr.fr +vpn.unizar.es +vpn.uoguelph.ca +vpn.uow.edu.au +vpn.utexas.edu +vpn.uwhealth.org +vpn.virteva.com +vpn.wrij.nl +vpn01.us-support.com +vpn02.nucomm.net +vpn1.dot.state.ga.us +vpn1.prvlimburg.nl +vpn1.sandyspringbank.com +vpn1.security-finance.com +vpn2.bakbone.com +vpn2.qualys.com +vpnaccess.sales-service.com +vpngate.tu-bs.de +vpngate.uni-koeln.de +vpngw.uni-wuerzburg.de +vpnssl.nwths.biz +vpnuk.oup.com vr.is +vresp.com +vrg.se +vserver.de +vtc.edu.hk vtrade.vincomsc.com.vn +vucvejle.dk +vyvxinview.com +vzw.getyourscores.com +wa.gov +wa.infrontsports.com +waffenamt.it +wakeside.com +walbeekgroep.com +walmartfaces.com +walmarthowwedoit.com +walmartstores.com +walsallcollege.ac.uk warranty.akeryards.as +warwick.ac.uk +was.org +wastis-eu.st.com +wcupa.edu +wcvpn.wartburg.edu +wdpartnersonline.com web-opas.osakaya.co.jp +web-pl.daikin.co.jp +web-vpn.hefr.ch +web.rbc.com +web.storen.ch +web.uc.atosorigin.com +web.vpn.finanzit.net +web01.de.amadee.net webaccess.7p-group.com +webaccess.atkearney.com webaccess.pvhs.org +webapp.dpd.nl +webapp.meredith.com +webapps.hudsonisd.org +webbdaf.com +webbmail.ssg.se webbt.banque-tahiti.pf +webcenc.com +webchat.unt.edu +webcomputer.nl +webdagbog.kvuc.dk +webdirect.jp +webenroll.accesstpa.com webforensics.co.uk +webgate.no +webinfra.nl +webmail.5sqc.com +webmail.aap.com.au +webmail.accentonline.com +webmail.action-inter.com +webmail.administaff.com +webmail.aguiabranca.com.br +webmail.ahs.ae +webmail.ak-normal.school.nz +webmail.akd.nl +webmail.akl.whk.co.nz +webmail.albertadoctors.org +webmail.alere.co.uk +webmail.alexmann.com +webmail.alturkigroup.net +webmail.ampvisualtv.tv +webmail.anacom.pt +webmail.apotex.ca +webmail.arbella.com +webmail.aritzia.com +webmail.arthurterry.bham.sch.uk webmail.asb.dk +webmail.asparis.fr +webmail.assembly.ab.ca +webmail.attendshealthcare.com +webmail.audencia.com webmail.austmus.gov.au +webmail.aventus.nl +webmail.awsg.at +webmail.azmedien.ch +webmail.barnet.ac.uk +webmail.bayamonpr.org +webmail.bg.fnv.nl +webmail.bggs.qld.edu.au +webmail.bie.edu +webmail.bife.ie +webmail.bluepointsolutions.com webmail.bne.catholic.edu.au webmail.bose.com +webmail.bravilor.com +webmail.bridgercapital.com +webmail.brigantine.atlnet.org +webmail.brinkgroep.nl +webmail.bwfc.co.uk +webmail.c-e.com +webmail.capacent.is +webmail.cardonald.ac.uk +webmail.carmelcollegesalland.nl +webmail.casgen.com +webmail.cavanvec.ie +webmail.cet.ac.il +webmail.cg68.fr +webmail.chmca.org webmail.choa.org +webmail.cineplex.com +webmail.citationair.com +webmail.cityofvancouver.us +webmail.cmslegal.at +webmail.corenet.se +webmail.corptax.com +webmail.cosmopolitanlasvegas.com +webmail.crchealth.com +webmail.creuna.com +webmail.croklaan.com +webmail.crow.nl webmail.csaa.com +webmail.dabs.com +webmail.davenportdiocese.org +webmail.debaak.nl +webmail.deckers.com +webmail.dibrosi.be +webmail.dongemondcollege.nl +webmail.donlen.com +webmail.dpsg.com +webmail.dwango.co.jp +webmail.e-boticario.com.br +webmail.ea.aku.edu +webmail.ecerdc.com.my +webmail.ecosystem.ca +webmail.edinburghacademy.org.uk +webmail.edita.se +webmail.ekero.se +webmail.emmahuis.nl +webmail.energimidt.dk +webmail.energyfutureholdings.com +webmail.enex-om.com.br +webmail.engevix.com.br +webmail.escortinc.com +webmail.etch.com +webmail.euroatlantic.pt +webmail.excanto.com +webmail.fdm.dk +webmail.ferroeste.com.br +webmail.finning.co.uk webmail.firstam.net +webmail.flydubai.com +webmail.francetv.fr +webmail.frederikshavn.dk +webmail.furuboda.se +webmail.gazprom-mt.com +webmail.gebalis.pt +webmail.genphysics.com +webmail.globalcloudservices.nl +webmail.gmh.edu +webmail.gorinchem.nl +webmail.guido.nl +webmail.haaga-helia.fi +webmail.hanno.dk +webmail.henrico.k12.va.us +webmail.hostedoutlook.be +webmail.howerter.org webmail.hrblock.com +webmail.icare.nl +webmail.icr-inc.net +webmail.ikno.nl webmail.ingbank.com.tr +webmail.insight-onsite.us +webmail.integrationsfonds.at +webmail.interwetten.com +webmail.intrinsec.com +webmail.ipzs.it +webmail.iqhs.nl +webmail.irdeto.com +webmail.isolve.co.za +webmail.ithaca.edu +webmail.ivoclarvivadent.com +webmail.javelindirect.com +webmail.jbc.nl +webmail.jmp.co.uk +webmail.jungfrau.ch webmail.kapsch.net +webmail.kentalis.nl +webmail.keuda.fi +webmail.kinder-stad.nl +webmail.knauf.fr +webmail.knighttrans.com +webmail.knvb.nl +webmail.komatsuforest.com +webmail.ku.edu.tr +webmail.lancashire.bm +webmail.lappia.fi +webmail.larkinhoffman.com +webmail.lett.dk +webmail.levillage1.be webmail.levinglobal.com +webmail.loginlogistica.com.br webmail.lolland.dk +webmail.macsstores.com +webmail.mahouse.gov +webmail.malvik.kommune.no +webmail.manheim.com +webmail.manpower.ch +webmail.mansion.com +webmail.marketing-asiapac.com +webmail.mcbdds.org +webmail.mdc.wa.edu.au +webmail.meca.se +webmail.med.uni-muenchen.de +webmail.medic911.com +webmail.menai.ac.uk +webmail.metalor.com +webmail.mioc.hr +webmail.mjncomputers.co.uk +webmail.modal.com.br +webmail.moeller.org +webmail.mof.gov.ae +webmail.moh.gov.sa +webmail.mondigroup.com +webmail.mondipackaging.com +webmail.monroecounty-fl.gov +webmail.montessoricollege.nl +webmail.monumentalsports.com webmail.mopera.net +webmail.morphosys.com +webmail.mr-daten.de webmail.mt.gov +webmail.mutter.se +webmail.myeasyoffice.nl +webmail.myfloridahouse.gov +webmail.mystructured.com +webmail.netdesign.dk +webmail.nettrust.ch webmail.newlook.net +webmail.nilu.no +webmail.nobel.nl +webmail.noelgroup.com +webmail.nordoc.no +webmail.normik.dk +webmail.nyfors.dk +webmail.odin-groep.nl +webmail.oecd.org +webmail.oem.dk +webmail.oensmurer.dk +webmail.offmadisonave.com +webmail.orbitone.se webmail.ordina.nl +webmail.ormiston.qld.edu.au +webmail.parametrix.com +webmail.pdtit.be +webmail.peacehealth.org webmail.peelpolice.ca +webmail.pinellascounty.org +webmail.plenarygroup.com +webmail.proag.com +webmail.psd.pt +webmail.pu-kumamoto.ac.jp +webmail.qinvest.com +webmail.quest.com +webmail.raiffeisenevolution.com +webmail.randaberg.kommune.no +webmail.rasmussen.edu +webmail.realtors.org +webmail.rebild.dk +webmail.reesmanley.com +webmail.regentcomm.com +webmail.renn4.nl +webmail.rgomiddelharnis.nl +webmail.rietlanden.nl +webmail.rijnijssel.nl +webmail.rodenstock.com +webmail.roe.ac.uk +webmail.rollins.edu +webmail.rta.ae +webmail.rtg.at +webmail.rtl.hr +webmail.rtp.pt +webmail.saintjohn.ca +webmail.sanoma-magazines.be +webmail.sbl.ch +webmail.schuleherisau.ch +webmail.seaservers.net +webmail.seha.ae +webmail.semtribe.com +webmail.shepleybulfinch.com +webmail.sicl.co.uk +webmail.skanderborg.dk +webmail.skilled.com.au +webmail.skm.gov.my +webmail.skogu.nl +webmail.sma.de +webmail.socu.dk +webmail.sotog.nl +webmail.span.hr webmail.springer-sbm.com +webmail.sprm.gov.my webmail.srhs.com +webmail.stavanger.kommune.no +webmail.struttandparker.com +webmail.stsmd.dk +webmail.stura.uni-halle.de +webmail.swafnet.com +webmail.swietelsky.com +webmail.sysco.com +webmail.t-atrium.nl +webmail.t-systems.dk +webmail.t26.dk +webmail.taarnby.dk +webmail.teaterskolen.dk +webmail.techcampus.org +webmail.tecnalia.com +webmail.teknowlogic.com +webmail.tfmc.co.za +webmail.tisq.nl webmail.toho-u.ac.jp +webmail.torshavn.fo +webmail.touricoholidays.com webmail.transat.com webmail.tribune.com webmail.tuev-nord.de +webmail.tv1.com.br +webmail.tys.fi +webmail.uatlantica.pt +webmail.uc4.com +webmail.unifiedvalve.com +webmail.unikom.se +webmail.unilu.ch +webmail.univ-catholyon.fr +webmail.unl.pt +webmail.usek.edu.lb +webmail.users.co.uk webmail.valamar.com +webmail.varnesregion.no +webmail.veghel.nl +webmail.vennesla.kommune.no +webmail.verkinderen.com +webmail.viridisit.com +webmail.vu.nl +webmail.washsports.com webmail.waterman-group.co.uk +webmail.wc.com webmail.wcupa.edu +webmail.whitireia.ac.nz +webmail.windstream.net +webmail.witc.edu +webmail.wpod.net +webmail.wtamu.edu +webmail.wuerth-phoenix.com +webmail.wuerth.at +webmail.ymcamke.org +webmail0.gifu-net.ed.jp +webmail1.finansforbundet.dk +webmail1.gmrmarketing.com +webmail1.go2uti.com +webmail2.ems-t.com +webmail2.factset.com webmaildata.rr.com +webmaileu.elcoteq.com +webmailwg.datacom.co.nz +webnet.cscdgr.on.ca +webos.bonsallusd.com +webportal.bmw.nl +webportal.simacict.nl +webportal2.cfisd.net +webprod4.hc-sc.gc.ca +webremote.grainger.com +webservicescitoyens.com webshop.weijntjes.nl +websis.unimedcuiaba.com.br +websupport.f5.com +webvpn.aamc.org webvpn.au.aecom.com webvpn.ben.edu +webvpn.botsford.org +webvpn.brmchealthcare.com +webvpn.coe.int +webvpn.colfaxcorp.com +webvpn.dm-drogeriemarkt.com +webvpn.doherty.co.uk +webvpn.dpsk12.org +webvpn.egyptianlng.com +webvpn.eso.org webvpn.eu.aecom.com +webvpn.evraz.com +webvpn.globant.com +webvpn.greywolfcapital.com +webvpn.ieua.org +webvpn.jccc.edu +webvpn.lexmed.com +webvpn.more.net +webvpn.ned.org +webvpn.oceanspray.com +webvpn.orionhealth.com +webvpn.progress-energy.com +webvpn.promon.com.br +webvpn.purdue.edu +webvpn.roosevelt.edu +webvpn.rz.tu-harburg.de +webvpn.scf.cc +webvpn.sebh.org +webvpn.steaknshake.com +webvpn.thegoodguys.com.au +webvpn.trademe.co.nz +webvpn.uni-leipzig.de webvpn.usaa.com webvpn.usps.gov +webvpn.vcu.edu +webvpn.wesleyan.edu +wecc.biz +wein7.de +wellspan.org welltrix.com +welly.sm werecoverdata.com +wessexlearning.org.uk +west.skofirm.com +westbuckland.devon.sch.uk +westcon.no wettstar.de +wha-asa5520.wilmingtonhealth.com +whataburgerfranchisees.com +whataburgervendors.com +whataburgerventures.com +whatwouldmillionairedo.com +wheelingil.gov +whitworth.edu +wholesale.starfinancial.com +whoosh.hk +whrsd.org +widgetbox.com +wiki.ngmoco.com +wiki.tradeext.com +wikipat.com +williamsonmemorial.net +winahome4you.com +winebow.com +winxnet.com +wish.org +wizardfinance.net +wm.valley.ne.jp +wms01.wimaxforum.org +wnp.waseda.jp +womanshospitalms.com +woodiesdiy.com +woodlynde.org +wordandbrown.com workhere.jetblue.com +world-direct.at +worldatwardvds.com +worldwaronecolor.com +wortech.ac.uk +worthington-portal.org wowbeez.com +wrpinfo.org ws.licenzji-vetturi.gov.mt +wsaaudit.com +wsasr520study.com +wsbe.org.uk +wsl.ch +wsu.edu +wt.gfi-informatik.de wtc.lxr.com +wtoutlook.wellcome.ac.uk +ww3.metroymca.org +www-new.epc-business.com +www-sys2.tax.state.oh.us www.accessgeneral.com www.accessingram.com www.adfox.cz @@ -654,21 +5046,71 @@ www.zenfolio.com www.zenryonetwork.com www.zoominfo.com www1.cat365.net +www1.hop.ana.co.jp www1.ticket-web-shochiku.com www2.fakton.nl +www2.hokepon.com +www2.kenkyosai.or.jp +www2.lcmcisd.org www2.proexam.org www2.secom-techno.co.jp +www2.tagmulimta.co.il +www2.tel-aviv.gov.il www2.ticket-web-shochiku.com +www2.webfactory-world.de +www3.bs-j.co.jp +www3.inferencedata.com +www3.myfloridacounty.com +www3.tv-tokyo.co.jp www6.hsmv.state.fl.us wwws.jp-bank.japanpost.jp +wwwssl.isd109.org +wwwx.oaklandcc.edu wwy01.shiki.gr.jp wynbilling.wyndhamworldwide.com +wyndhamworldwide.com wynnmacau.recruitmax.com +wza.nl +wzanet.nl xbox.redeemer.ab.ca +xchanging.com +xchg.int.t-mobile.at +xfinityhomesecurity.com +xmlic.payfuse.com +xmlrpc4.mollom.com +xnet.woodforest.com +xolair.com +xolairhcp.com +xpansions.com +xs4all.nl +xsightrewards.com +xtiva.net +xtremecardioonline.com +yahoo-vi.co.jp +yakimaregional.com +yaskawa.co.jp +yayoi-kk.co.jp +yes123.com.tw +ymca.net yodlee.com +yourownshoppingcart.com +yourperfectweightloss.com yourwirelessrebatecenter.com yoyaku.city.funabashi.chiba.jp yoyaku.city.hachioji.tokyo.jp +yoyaku.koto-sports.net +yoyaku.nasva.go.jp +yoyaku.parksweb.net +yuyu.medicarelife.com +zain.com zenfolio.com +zenryonetwork.com +zgraggen.homeserver.com +zinio.com +zis.ch +zivildienst.de +zoomienation.usafa.org zoominfo.com +zooomeee.com +zuidwester.org zumbafitness.com diff --git a/net/base/ssl_false_start_blacklist_process.cc b/net/base/ssl_false_start_blacklist_process.cc index 46b99af..634df6a 100644 --- a/net/base/ssl_false_start_blacklist_process.cc +++ b/net/base/ssl_false_start_blacklist_process.cc @@ -19,6 +19,8 @@ using net::SSLFalseStartBlacklist; static const unsigned kBuckets = SSLFalseStartBlacklist::kBuckets; +static bool verbose = false; + static int usage(const char* argv0) { fprintf(stderr, "Usage: %s <blacklist file> <output .c file>\n", argv0); @@ -48,7 +50,8 @@ static void RemoveDuplicateEntries(std::vector<std::string>* hosts) { for (std::vector<std::string>::const_iterator i = hosts->begin(); i != hosts->end(); i++) { if (hosts_set.count(*i)) { - fprintf(stderr, "Removing duplicate entry for %s\n", i->c_str()); + if (verbose) + fprintf(stderr, "Removing duplicate entry for %s\n", i->c_str()); continue; } hosts_set.insert(*i); @@ -93,7 +96,8 @@ static void RemoveRedundantEntries(std::vector<std::string>* hosts) { if (parent.empty()) { ret.push_back(*i); } else { - fprintf(stderr, "Removing %s as redundant\n", i->c_str()); + if (verbose) + fprintf(stderr, "Removing %s as redundant\n", i->c_str()); } } @@ -124,7 +128,7 @@ int main(int argc, char** argv) { const char* input_file = argv[1]; const char* output_file = argv[2]; - FILE* input = fopen(input_file, "r"); + FILE* input = fopen(input_file, "rb"); if (!input) { perror("open"); return usage(argv[0]); @@ -143,11 +147,16 @@ int main(int argc, char** argv) { } char* buffer = static_cast<char*>(malloc(input_size)); - if (fread(buffer, input_size, 1, input) != 1) { - perror("fread"); - free(buffer); - fclose(input); - return 1; + long done = 0; + while (done < input_size) { + size_t n = fread(buffer + done, 1, input_size - done, input); + if (n == 0) { + perror("fread"); + free(buffer); + fclose(input); + return 1; + } + done += n; } fclose(input); @@ -158,8 +167,12 @@ int main(int argc, char** argv) { bool non_whitespace_seen = false; for (long i = 0; i <= input_size; i++) { if (i == input_size || buffer[i] == '\n') { - if (!is_comment && non_whitespace_seen) - hosts.push_back(std::string(&buffer[line_start], i - line_start)); + if (!is_comment && non_whitespace_seen) { + long len = i - line_start; + if (i > 0 && buffer[i-1] == '\r') + len--; + hosts.push_back(std::string(&buffer[line_start], len)); + } is_comment = false; non_whitespace_seen = false; line_start = i + 1; @@ -168,7 +181,7 @@ int main(int argc, char** argv) { if (i == line_start && buffer[i] == '#') is_comment = true; - if (buffer[i] != ' ' && buffer[i] != '\t') + if (buffer[i] != ' ' && buffer[i] != '\t' && buffer[i] != '\r') non_whitespace_seen = true; } free(buffer); @@ -185,7 +198,7 @@ int main(int argc, char** argv) { } fprintf(stderr, "Using %d entry hash table\n", kBuckets); - uint16 table[kBuckets]; + uint32 table[kBuckets]; std::vector<std::string> buckets[kBuckets]; for (std::vector<std::string>::const_iterator @@ -199,11 +212,6 @@ int main(int argc, char** argv) { std::string table_data; unsigned max_bucket_size = 0; for (unsigned i = 0; i < kBuckets; i++) { - if (table_data.size() > 65535) { - fprintf(stderr, "Hash table overflowed a uint16_t index\n"); - return 3; - } - if (buckets[i].size() > max_bucket_size) max_bucket_size = buckets[i].size(); @@ -231,31 +239,24 @@ int main(int argc, char** argv) { fprintf(out, "#include \"base/basictypes.h\"\n\n"); fprintf(out, "#include \"net/base/ssl_false_start_blacklist.h\"\n\n"); fprintf(out, "namespace net {\n\n"); - fprintf(out, "const uint16 SSLFalseStartBlacklist::kHashTable[%d + 1] = {\n", + fprintf(out, "const uint32 SSLFalseStartBlacklist::kHashTable[%d + 1] = {\n", kBuckets); for (unsigned i = 0; i < kBuckets; i++) { - fprintf(out, " %d,\n", (int) table[i]); + fprintf(out, " %u,\n", (unsigned) table[i]); } - fprintf(out, " %d,\n", (int) table_data.size()); + fprintf(out, " %u,\n", (unsigned) table_data.size()); fprintf(out, "};\n\n"); - fprintf(out, "const char SSLFalseStartBlacklist::kHashData[] = \n"); + fprintf(out, "const char SSLFalseStartBlacklist::kHashData[] = {\n"); for (unsigned i = 0, line_length = 0; i < table_data.size(); i++) { if (line_length == 0) - fprintf(out, " \""); + fprintf(out, " "); uint8 c = static_cast<uint8>(table_data[i]); - if (c < 32 || c > 127 || c == '"') { - fprintf(out, "\\%c%c%c", '0' + ((c >> 6) & 7), '0' + ((c >> 3) & 7), - '0' + (c & 7)); - line_length += 4; - } else { - fprintf(out, "%c", c); - line_length++; - } + line_length += fprintf(out, "%d, ", c); if (i == table_data.size() - 1) { - fprintf(out, "\";\n"); + fprintf(out, "\n};\n"); } else if (line_length >= 70) { - fprintf(out, "\"\n"); + fprintf(out, "\n"); line_length = 0; } } diff --git a/net/base/ssl_info.h b/net/base/ssl_info.h index 1786b58..4c68f06 100644 --- a/net/base/ssl_info.h +++ b/net/base/ssl_info.h @@ -42,9 +42,8 @@ class SSLInfo { int security_bits; // Information about the SSL connection itself. See - // ssl_connection_status_flags.h for values. The ciphersuite and compression - // in use are encoded within. - // TODO(agl): also encode the protocol version used. + // ssl_connection_status_flags.h for values. The protocol version, + // ciphersuite, and compression in use are encoded within. int connection_status; }; diff --git a/net/base/transport_security_state.cc b/net/base/transport_security_state.cc index a0d2794..3014e21 100644 --- a/net/base/transport_security_state.cc +++ b/net/base/transport_security_state.cc @@ -142,7 +142,9 @@ bool TransportSecurityState::ParseHeader(const std::string& value, case AFTER_MAX_AGE_EQUALS: if (IsAsciiWhitespace(*tokenizer.token_begin())) continue; - if (!base::StringToInt(tokenizer.token(), &max_age_candidate)) + if (!base::StringToInt(tokenizer.token_begin(), + tokenizer.token_end(), + &max_age_candidate)) return false; if (max_age_candidate < 0) return false; @@ -408,6 +410,7 @@ bool TransportSecurityState::IsPreloadedSTS( {12, true, "\006jottit\003com"}, {19, true, "\015sunshinepress\003org"}, {21, false, "\003www\013noisebridge\003net"}, + {10, false, "\004neg9\003org"}, }; static const size_t kNumPreloadedSTS = ARRAYSIZE_UNSAFE(kPreloadedSTS); diff --git a/net/base/transport_security_state_unittest.cc b/net/base/transport_security_state_unittest.cc index c4a173c..2a06501 100644 --- a/net/base/transport_security_state_unittest.cc +++ b/net/base/transport_security_state_unittest.cc @@ -342,6 +342,9 @@ TEST_F(TransportSecurityStateTest, Preloaded) { EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.noisebridge.net")); EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "noisebridge.net")); EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "foo.noisebridge.net")); + + EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "neg9.org")); + EXPECT_FALSE(state->IsEnabledForHost(&domain_state, "www.neg9.org")); } TEST_F(TransportSecurityStateTest, LongNames) { diff --git a/net/base/x509_certificate.cc b/net/base/x509_certificate.cc index e21a3bc..7bbce5c 100644 --- a/net/base/x509_certificate.cc +++ b/net/base/x509_certificate.cc @@ -153,6 +153,46 @@ X509Certificate* X509Certificate::CreateFromHandle( return cert; } +#if defined(OS_WIN) +static X509Certificate::OSCertHandle CreateOSCert(base::StringPiece der_cert) { + X509Certificate::OSCertHandle cert_handle = NULL; + BOOL ok = CertAddEncodedCertificateToStore( + X509Certificate::cert_store(), X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + reinterpret_cast<const BYTE*>(der_cert.data()), der_cert.size(), + CERT_STORE_ADD_USE_EXISTING, &cert_handle); + return ok ? cert_handle : NULL; +} +#else +static X509Certificate::OSCertHandle CreateOSCert(base::StringPiece der_cert) { + return X509Certificate::CreateOSCertHandleFromBytes( + const_cast<char*>(der_cert.data()), der_cert.size()); +} +#endif + +// static +X509Certificate* X509Certificate::CreateFromDERCertChain( + const std::vector<base::StringPiece>& der_certs) { + if (der_certs.size() == 0) + return NULL; + + X509Certificate::OSCertHandles intermediate_ca_certs; + for (size_t i = 1; i < der_certs.size(); i++) { + OSCertHandle handle = CreateOSCert(der_certs[i]); + DCHECK(handle); + intermediate_ca_certs.push_back(handle); + } + + OSCertHandle handle = CreateOSCert(der_certs[0]); + DCHECK(handle); + X509Certificate* cert = + CreateFromHandle(handle, SOURCE_FROM_NETWORK, intermediate_ca_certs); + FreeOSCertHandle(handle); + for (size_t i = 0; i < intermediate_ca_certs.size(); i++) + FreeOSCertHandle(intermediate_ca_certs[i]); + + return cert; +} + // static X509Certificate* X509Certificate::CreateFromBytes(const char* data, int length) { @@ -249,11 +289,9 @@ X509Certificate::X509Certificate(OSCertHandle cert_handle, const OSCertHandles& intermediates) : cert_handle_(DupOSCertHandle(cert_handle)), source_(source) { -#if defined(OS_MACOSX) || defined(OS_WIN) || defined(USE_OPENSSL) // Copy/retain the intermediate cert handles. for (size_t i = 0; i < intermediates.size(); ++i) intermediate_ca_certs_.push_back(DupOSCertHandle(intermediates[i])); -#endif // Platform-specific initialization. Initialize(); } @@ -276,10 +314,8 @@ X509Certificate::~X509Certificate() { X509Certificate::Cache::GetInstance()->Remove(this); if (cert_handle_) FreeOSCertHandle(cert_handle_); -#if defined(OS_MACOSX) || defined(OS_WIN) for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) FreeOSCertHandle(intermediate_ca_certs_[i]); -#endif } bool X509Certificate::HasExpired() const { diff --git a/net/base/x509_certificate.h b/net/base/x509_certificate.h index 577de92..68762e4 100644 --- a/net/base/x509_certificate.h +++ b/net/base/x509_certificate.h @@ -13,6 +13,7 @@ #include "base/gtest_prod_util.h" #include "base/ref_counted.h" +#include "base/string_piece.h" #include "base/time.h" #include "net/base/x509_cert_types.h" @@ -107,12 +108,20 @@ class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> { // certificate cache prefers the handle from the network because our HTTP // cache isn't caching the corresponding intermediate CA certificates yet // (http://crbug.com/7065). - // The list of intermediate certificates is ignored under NSS (i.e. Linux.) // The returned pointer must be stored in a scoped_refptr<X509Certificate>. static X509Certificate* CreateFromHandle(OSCertHandle cert_handle, Source source, const OSCertHandles& intermediates); + // Create an X509Certificate from a chain of DER encoded certificates. The + // first certificate in the chain is the end-entity certificate to which a + // handle is returned. The other certificates in the chain are intermediate + // certificates. See the comment for |CreateFromHandle| about the |source| + // argument. + // The returned pointer must be stored in a scoped_refptr<X509Certificate>. + static X509Certificate* CreateFromDERCertChain( + const std::vector<base::StringPiece>& der_certs); + // Create an X509Certificate from the DER-encoded representation. // Returns NULL on failure. // @@ -173,14 +182,12 @@ class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> { // now. bool HasExpired() const; -#if defined(OS_MACOSX) || defined(OS_WIN) || defined(USE_OPENSSL) // Returns intermediate certificates added via AddIntermediateCertificate(). // Ownership follows the "get" rule: it is the caller's responsibility to // retain the elements of the result. const OSCertHandles& GetIntermediateCertificates() const { return intermediate_ca_certs_; } -#endif // Returns true if I already contain the given intermediate cert. bool HasIntermediateCertificate(OSCertHandle cert); @@ -213,6 +220,17 @@ class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> { CFArrayRef CreateClientCertificateChain() const; #endif +#if defined(OS_WIN) + // Returns a handle to a global, in-memory certificate store. We use it for + // two purposes: + // 1. Import server certificates into this store so that we can verify and + // display the certificates using CryptoAPI. + // 2. Copy client certificates from the "MY" system certificate store into + // this store so that we can close the system store when we finish + // searching for client certificates. + static HCERTSTORE cert_store(); +#endif + // Verifies the certificate against the given hostname. Returns OK if // successful or an error code upon failure. // @@ -268,6 +286,10 @@ class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> { // Common object initialization code. Called by the constructors only. void Initialize(); +#if defined(OS_WIN) + bool CheckEV(PCCERT_CHAIN_CONTEXT chain_context, + const char* policy_oid) const; +#endif bool VerifyEV() const; // Calculates the SHA-1 fingerprint of the certificate. Returns an empty @@ -292,11 +314,9 @@ class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> { // A handle to the certificate object in the underlying crypto library. OSCertHandle cert_handle_; -#if defined(OS_MACOSX) || defined(OS_WIN) || defined(USE_OPENSSL) // Untrusted intermediate certificates associated with this certificate - // that may be needed for chain building. (NSS impl does not need these.) + // that may be needed for chain building. OSCertHandles intermediate_ca_certs_; -#endif #if defined(OS_MACOSX) // Blocks multiple threads from verifying the cert simultaneously. diff --git a/net/base/x509_certificate_mac.cc b/net/base/x509_certificate_mac.cc index 05fbe63..a2a0eea 100644 --- a/net/base/x509_certificate_mac.cc +++ b/net/base/x509_certificate_mac.cc @@ -694,6 +694,7 @@ int X509Certificate::Verify(const std::string& hostname, int flags, // Determine the certificate's EV status using SecTrustCopyExtendedResult(), // which we need to look up because the function wasn't added until // Mac OS X 10.5.7. + // Note: "ExtendedResult" means extended validation results. CFBundleRef bundle = CFBundleGetBundleWithIdentifier(CFSTR("com.apple.security")); if (bundle) { @@ -872,10 +873,10 @@ bool X509Certificate::IsIssuedBy( for (int i = 0; i < n; ++i) { SecCertificateRef cert_handle = reinterpret_cast<SecCertificateRef>( const_cast<void*>(CFArrayGetValueAtIndex(cert_chain, i))); - scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromHandle( + scoped_refptr<X509Certificate> cert(X509Certificate::CreateFromHandle( cert_handle, X509Certificate::SOURCE_LONE_CERT_IMPORT, - X509Certificate::OSCertHandles()); + X509Certificate::OSCertHandles())); for (unsigned j = 0; j < valid_issuers.size(); j++) { if (cert->issuer().Matches(valid_issuers[j])) return true; diff --git a/net/base/x509_certificate_openssl.cc b/net/base/x509_certificate_openssl.cc index 668fd5f..a9ad39c 100644 --- a/net/base/x509_certificate_openssl.cc +++ b/net/base/x509_certificate_openssl.cc @@ -20,9 +20,12 @@ #include "net/base/cert_verify_result.h" #include "net/base/net_errors.h" #include "net/base/openssl_util.h" +#include "net/base/x509_openssl_util.h" namespace net { +namespace nxou = net::x509_openssl_util; + namespace { void CreateOSCertHandlesFromPKCS7Bytes( @@ -51,39 +54,13 @@ void CreateOSCertHandlesFromPKCS7Bytes( } } -bool ParsePrincipalFieldInternal(X509_NAME* name, - int index, - std::string* field) { - ASN1_STRING* data = - X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, index)); - if (!data) - return false; - - unsigned char* buf = NULL; - int len = ASN1_STRING_to_UTF8(&buf, data); - if (len <= 0) - return false; - - field->assign(reinterpret_cast<const char*>(buf), len); - OPENSSL_free(buf); - return true; -} - -void ParsePrincipalField(X509_NAME* name, int nid, std::string* field) { - int index = X509_NAME_get_index_by_NID(name, nid, -1); - if (index < 0) - return; - - ParsePrincipalFieldInternal(name, index, field); -} - -void ParsePrincipalFields(X509_NAME* name, +void ParsePrincipalValues(X509_NAME* name, int nid, std::vector<std::string>* fields) { for (int index = -1; (index = X509_NAME_get_index_by_NID(name, nid, index)) != -1;) { std::string field; - if (!ParsePrincipalFieldInternal(name, index, &field)) + if (!nxou::ParsePrincipalValueByIndex(name, index, &field)) break; fields->push_back(field); } @@ -95,58 +72,23 @@ void ParsePrincipal(X509Certificate::OSCertHandle cert, if (!x509_name) return; - ParsePrincipalFields(x509_name, NID_streetAddress, + ParsePrincipalValues(x509_name, NID_streetAddress, &principal->street_addresses); - ParsePrincipalFields(x509_name, NID_organizationName, + ParsePrincipalValues(x509_name, NID_organizationName, &principal->organization_names); - ParsePrincipalFields(x509_name, NID_organizationalUnitName, + ParsePrincipalValues(x509_name, NID_organizationalUnitName, &principal->organization_unit_names); - ParsePrincipalFields(x509_name, NID_domainComponent, + ParsePrincipalValues(x509_name, NID_domainComponent, &principal->domain_components); - ParsePrincipalField(x509_name, NID_commonName, &principal->common_name); - ParsePrincipalField(x509_name, NID_localityName, &principal->locality_name); - ParsePrincipalField(x509_name, NID_stateOrProvinceName, - &principal->state_or_province_name); - ParsePrincipalField(x509_name, NID_countryName, &principal->country_name); -} - -void ParseDate(ASN1_TIME* x509_time, base::Time* time) { - if (!x509_time || - (x509_time->type != V_ASN1_UTCTIME && - x509_time->type != V_ASN1_GENERALIZEDTIME)) - return; - - std::string str_date(reinterpret_cast<char*>(x509_time->data), - x509_time->length); - // UTCTime: YYMMDDHHMMSSZ - // GeneralizedTime: YYYYMMDDHHMMSSZ - size_t year_length = x509_time->type == V_ASN1_UTCTIME ? 2 : 4; - size_t fields_offset = x509_time->type == V_ASN1_UTCTIME ? 0 : 2; - - if (str_date.length() < 11 + year_length) - return; - - base::Time::Exploded exploded = {0}; - bool valid = base::StringToInt(str_date.substr(0, year_length), - &exploded.year); - if (valid && year_length == 2) - exploded.year += exploded.year < 50 ? 2000 : 1900; - - valid &= base::StringToInt(str_date.substr(2 + fields_offset, 2), - &exploded.month); - valid &= base::StringToInt(str_date.substr(4 + fields_offset, 2), - &exploded.day_of_month); - valid &= base::StringToInt(str_date.substr(6 + fields_offset, 2), - &exploded.hour); - valid &= base::StringToInt(str_date.substr(8 + fields_offset, 2), - &exploded.minute); - valid &= base::StringToInt(str_date.substr(10 + fields_offset, 2), - &exploded.second); - - DCHECK(valid); - - *time = base::Time::FromUTCExploded(exploded); + nxou::ParsePrincipalValueByNID(x509_name, NID_commonName, + &principal->common_name); + nxou::ParsePrincipalValueByNID(x509_name, NID_localityName, + &principal->locality_name); + nxou::ParsePrincipalValueByNID(x509_name, NID_stateOrProvinceName, + &principal->state_or_province_name); + nxou::ParsePrincipalValueByNID(x509_name, NID_countryName, + &principal->country_name); } void ParseSubjectAltNames(X509Certificate::OSCertHandle cert, @@ -351,8 +293,8 @@ void X509Certificate::Initialize() { fingerprint_ = CalculateFingerprint(cert_handle_); ParsePrincipal(cert_handle_, X509_get_subject_name(cert_handle_), &subject_); ParsePrincipal(cert_handle_, X509_get_issuer_name(cert_handle_), &issuer_); - ParseDate(X509_get_notBefore(cert_handle_), &valid_start_); - ParseDate(X509_get_notAfter(cert_handle_), &valid_expiry_); + nxou::ParseDate(X509_get_notBefore(cert_handle_), &valid_start_); + nxou::ParseDate(X509_get_notAfter(cert_handle_), &valid_expiry_); } SHA1Fingerprint X509Certificate::CalculateFingerprint(OSCertHandle cert) { diff --git a/net/base/x509_certificate_unittest.cc b/net/base/x509_certificate_unittest.cc index 9bb81cb..31173e4 100644 --- a/net/base/x509_certificate_unittest.cc +++ b/net/base/x509_certificate_unittest.cc @@ -252,9 +252,9 @@ void CheckGoogleCert(const scoped_refptr<X509Certificate>& google_cert, } TEST(X509CertificateTest, GoogleCertParsing) { - scoped_refptr<X509Certificate> google_cert = + scoped_refptr<X509Certificate> google_cert( X509Certificate::CreateFromBytes( - reinterpret_cast<const char*>(google_der), sizeof(google_der)); + reinterpret_cast<const char*>(google_der), sizeof(google_der))); CheckGoogleCert(google_cert, google_fingerprint, 1238192407, // Mar 27 22:20:07 2009 GMT @@ -262,8 +262,8 @@ TEST(X509CertificateTest, GoogleCertParsing) { } TEST(X509CertificateTest, WebkitCertParsing) { - scoped_refptr<X509Certificate> webkit_cert = X509Certificate::CreateFromBytes( - reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)); + scoped_refptr<X509Certificate> webkit_cert(X509Certificate::CreateFromBytes( + reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der))); ASSERT_NE(static_cast<X509Certificate*>(NULL), webkit_cert); @@ -318,8 +318,8 @@ TEST(X509CertificateTest, WebkitCertParsing) { } TEST(X509CertificateTest, ThawteCertParsing) { - scoped_refptr<X509Certificate> thawte_cert = X509Certificate::CreateFromBytes( - reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der)); + scoped_refptr<X509Certificate> thawte_cert(X509Certificate::CreateFromBytes( + reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der))); ASSERT_NE(static_cast<X509Certificate*>(NULL), thawte_cert); @@ -379,10 +379,10 @@ TEST(X509CertificateTest, ThawteCertParsing) { } TEST(X509CertificateTest, PaypalNullCertParsing) { - scoped_refptr<X509Certificate> paypal_null_cert = + scoped_refptr<X509Certificate> paypal_null_cert( X509Certificate::CreateFromBytes( reinterpret_cast<const char*>(paypal_null_der), - sizeof(paypal_null_der)); + sizeof(paypal_null_der))); ASSERT_NE(static_cast<X509Certificate*>(NULL), paypal_null_cert); @@ -409,8 +409,8 @@ TEST(X509CertificateTest, PaypalNullCertParsing) { // This certificate will expire on 2011-09-08. TEST(X509CertificateTest, UnoSoftCertParsing) { FilePath certs_dir = GetTestCertsDirectory(); - scoped_refptr<X509Certificate> unosoft_hu_cert = - ImportCertFromFile(certs_dir, "unosoft_hu_cert.der"); + scoped_refptr<X509Certificate> unosoft_hu_cert( + ImportCertFromFile(certs_dir, "unosoft_hu_cert.der")); ASSERT_NE(static_cast<X509Certificate*>(NULL), unosoft_hu_cert); @@ -481,18 +481,18 @@ TEST(X509CertificateTest, Cache) { // certificate cache. google_cert_handle = X509Certificate::CreateOSCertHandleFromBytes( reinterpret_cast<const char*>(google_der), sizeof(google_der)); - scoped_refptr<X509Certificate> cert1 = X509Certificate::CreateFromHandle( + scoped_refptr<X509Certificate> cert1(X509Certificate::CreateFromHandle( google_cert_handle, X509Certificate::SOURCE_LONE_CERT_IMPORT, - X509Certificate::OSCertHandles()); + X509Certificate::OSCertHandles())); X509Certificate::FreeOSCertHandle(google_cert_handle); // Add a certificate from the same source (SOURCE_LONE_CERT_IMPORT). This // should return the cached certificate (cert1). google_cert_handle = X509Certificate::CreateOSCertHandleFromBytes( reinterpret_cast<const char*>(google_der), sizeof(google_der)); - scoped_refptr<X509Certificate> cert2 = X509Certificate::CreateFromHandle( + scoped_refptr<X509Certificate> cert2(X509Certificate::CreateFromHandle( google_cert_handle, X509Certificate::SOURCE_LONE_CERT_IMPORT, - X509Certificate::OSCertHandles()); + X509Certificate::OSCertHandles())); X509Certificate::FreeOSCertHandle(google_cert_handle); EXPECT_EQ(cert1, cert2); @@ -501,9 +501,9 @@ TEST(X509CertificateTest, Cache) { // cached certificate (cert1) and return a new certificate. google_cert_handle = X509Certificate::CreateOSCertHandleFromBytes( reinterpret_cast<const char*>(google_der), sizeof(google_der)); - scoped_refptr<X509Certificate> cert3 = X509Certificate::CreateFromHandle( + scoped_refptr<X509Certificate> cert3(X509Certificate::CreateFromHandle( google_cert_handle, X509Certificate::SOURCE_FROM_NETWORK, - X509Certificate::OSCertHandles()); + X509Certificate::OSCertHandles())); X509Certificate::FreeOSCertHandle(google_cert_handle); EXPECT_NE(cert1, cert3); @@ -512,43 +512,43 @@ TEST(X509CertificateTest, Cache) { // certificate (cert3). google_cert_handle = X509Certificate::CreateOSCertHandleFromBytes( reinterpret_cast<const char*>(google_der), sizeof(google_der)); - scoped_refptr<X509Certificate> cert4 = X509Certificate::CreateFromHandle( + scoped_refptr<X509Certificate> cert4(X509Certificate::CreateFromHandle( google_cert_handle, X509Certificate::SOURCE_FROM_NETWORK, - X509Certificate::OSCertHandles()); + X509Certificate::OSCertHandles())); X509Certificate::FreeOSCertHandle(google_cert_handle); EXPECT_EQ(cert3, cert4); google_cert_handle = X509Certificate::CreateOSCertHandleFromBytes( reinterpret_cast<const char*>(google_der), sizeof(google_der)); - scoped_refptr<X509Certificate> cert5 = X509Certificate::CreateFromHandle( + scoped_refptr<X509Certificate> cert5(X509Certificate::CreateFromHandle( google_cert_handle, X509Certificate::SOURCE_FROM_NETWORK, - X509Certificate::OSCertHandles()); + X509Certificate::OSCertHandles())); X509Certificate::FreeOSCertHandle(google_cert_handle); EXPECT_EQ(cert3, cert5); } TEST(X509CertificateTest, Pickle) { - scoped_refptr<X509Certificate> cert1 = X509Certificate::CreateFromBytes( - reinterpret_cast<const char*>(google_der), sizeof(google_der)); + scoped_refptr<X509Certificate> cert1(X509Certificate::CreateFromBytes( + reinterpret_cast<const char*>(google_der), sizeof(google_der))); Pickle pickle; cert1->Persist(&pickle); void* iter = NULL; - scoped_refptr<X509Certificate> cert2 = - X509Certificate::CreateFromPickle(pickle, &iter); + scoped_refptr<X509Certificate> cert2( + X509Certificate::CreateFromPickle(pickle, &iter)); EXPECT_EQ(cert1, cert2); } TEST(X509CertificateTest, Policy) { - scoped_refptr<X509Certificate> google_cert = X509Certificate::CreateFromBytes( - reinterpret_cast<const char*>(google_der), sizeof(google_der)); + scoped_refptr<X509Certificate> google_cert(X509Certificate::CreateFromBytes( + reinterpret_cast<const char*>(google_der), sizeof(google_der))); - scoped_refptr<X509Certificate> webkit_cert = X509Certificate::CreateFromBytes( - reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)); + scoped_refptr<X509Certificate> webkit_cert(X509Certificate::CreateFromBytes( + reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der))); CertPolicy policy; @@ -581,18 +581,18 @@ TEST(X509CertificateTest, Policy) { #if defined(OS_MACOSX) || defined(OS_WIN) TEST(X509CertificateTest, IntermediateCertificates) { - scoped_refptr<X509Certificate> webkit_cert = + scoped_refptr<X509Certificate> webkit_cert( X509Certificate::CreateFromBytes( - reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)); + reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der))); - scoped_refptr<X509Certificate> thawte_cert = + scoped_refptr<X509Certificate> thawte_cert( X509Certificate::CreateFromBytes( - reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der)); + reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der))); - scoped_refptr<X509Certificate> paypal_cert = + scoped_refptr<X509Certificate> paypal_cert( X509Certificate::CreateFromBytes( reinterpret_cast<const char*>(paypal_null_der), - sizeof(paypal_null_der)); + sizeof(paypal_null_der))); X509Certificate::OSCertHandle google_handle; // Create object with no intermediates: @@ -645,8 +645,8 @@ TEST(X509CertificateTest, IsIssuedBy) { FilePath certs_dir = GetTestCertsDirectory(); // Test a client certificate from MIT. - scoped_refptr<X509Certificate> mit_davidben_cert = - ImportCertFromFile(certs_dir, "mit.davidben.der"); + scoped_refptr<X509Certificate> mit_davidben_cert( + ImportCertFromFile(certs_dir, "mit.davidben.der")); ASSERT_NE(static_cast<X509Certificate*>(NULL), mit_davidben_cert); CertPrincipal mit_issuer; @@ -662,8 +662,8 @@ TEST(X509CertificateTest, IsIssuedBy) { EXPECT_TRUE(mit_davidben_cert->IsIssuedBy(mit_issuers)); // Test a client certificate from FOAF.ME. - scoped_refptr<X509Certificate> foaf_me_chromium_test_cert = - ImportCertFromFile(certs_dir, "foaf.me.chromium-test-cert.der"); + scoped_refptr<X509Certificate> foaf_me_chromium_test_cert( + ImportCertFromFile(certs_dir, "foaf.me.chromium-test-cert.der")); ASSERT_NE(static_cast<X509Certificate*>(NULL), foaf_me_chromium_test_cert); CertPrincipal foaf_issuer; diff --git a/net/base/x509_certificate_win.cc b/net/base/x509_certificate_win.cc index 380ff3c..9e018fd 100644 --- a/net/base/x509_certificate_win.cc +++ b/net/base/x509_certificate_win.cc @@ -291,48 +291,6 @@ void GetCertChainInfo(PCCERT_CHAIN_CONTEXT chain_context, } } -/////////////////////////////////////////////////////////////////////////// -// -// Functions used by X509Certificate::IsEV -// -/////////////////////////////////////////////////////////////////////////// - -// Constructs a certificate chain starting from the end certificate -// 'cert_context', matching any of the certificate policies. -// -// Returns the certificate chain context on success, or NULL on failure. -// The caller is responsible for freeing the certificate chain context with -// CertFreeCertificateChain. -PCCERT_CHAIN_CONTEXT ConstructCertChain( - PCCERT_CONTEXT cert_context, - const char* const* policies, - int num_policies) { - CERT_CHAIN_PARA chain_para; - memset(&chain_para, 0, sizeof(chain_para)); - chain_para.cbSize = sizeof(chain_para); - chain_para.RequestedUsage.dwType = USAGE_MATCH_TYPE_AND; - chain_para.RequestedUsage.Usage.cUsageIdentifier = 0; - chain_para.RequestedUsage.Usage.rgpszUsageIdentifier = NULL; // LPSTR* - chain_para.RequestedIssuancePolicy.dwType = USAGE_MATCH_TYPE_OR; - chain_para.RequestedIssuancePolicy.Usage.cUsageIdentifier = num_policies; - chain_para.RequestedIssuancePolicy.Usage.rgpszUsageIdentifier = - const_cast<char**>(policies); - PCCERT_CHAIN_CONTEXT chain_context; - if (!CertGetCertificateChain( - NULL, // default chain engine, HCCE_CURRENT_USER - cert_context, - NULL, // current system time - cert_context->hCertStore, // search this store - &chain_para, - CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT | - CERT_CHAIN_CACHE_END_CERT, - NULL, // reserved - &chain_context)) { - return NULL; - } - return chain_context; -} - // Decodes the cert's certificatePolicies extension into a CERT_POLICIES_INFO // structure and stores it in *output. void GetCertPoliciesInfo(PCCERT_CONTEXT cert, @@ -362,18 +320,6 @@ void GetCertPoliciesInfo(PCCERT_CONTEXT cert, output->reset(policies_info); } -// Returns true if the policy is in the array of CERT_POLICY_INFO in -// the CERT_POLICIES_INFO structure. -bool ContainsPolicy(const CERT_POLICIES_INFO* policies_info, - const char* policy) { - int num_policies = policies_info->cPolicyInfo; - for (int i = 0; i < num_policies; i++) { - if (!strcmp(policies_info->rgPolicyInfo[i].pszPolicyIdentifier, policy)) - return true; - } - return false; -} - // Helper function to parse a principal from a WinInet description of that // principal. void ParsePrincipal(const std::string& description, @@ -575,6 +521,33 @@ void X509Certificate::GetDNSNames(std::vector<std::string>* dns_names) const { dns_names->push_back(subject_.common_name); } +class GlobalCertStore { + public: + HCERTSTORE cert_store() { + return cert_store_; + } + + private: + friend struct DefaultSingletonTraits<GlobalCertStore>; + + GlobalCertStore() + : cert_store_(CertOpenStore(CERT_STORE_PROV_MEMORY, 0, NULL, 0, NULL)) { + } + + ~GlobalCertStore() { + CertCloseStore(cert_store_, 0 /* flags */); + } + + const HCERTSTORE cert_store_; + + DISALLOW_COPY_AND_ASSIGN(GlobalCertStore); +}; + +// static +HCERTSTORE X509Certificate::cert_store() { + return Singleton<GlobalCertStore>::get()->cert_store(); +} + int X509Certificate::Verify(const std::string& hostname, int flags, CertVerifyResult* verify_result) const { @@ -610,6 +583,28 @@ int X509Certificate::Verify(const std::string& hostname, // EV requires revocation checking. flags &= ~VERIFY_EV_CERT; } + + // Get the certificatePolicies extension of the certificate. + scoped_ptr_malloc<CERT_POLICIES_INFO> policies_info; + LPSTR ev_policy_oid = NULL; + if (flags & VERIFY_EV_CERT) { + GetCertPoliciesInfo(cert_handle_, &policies_info); + if (policies_info.get()) { + EVRootCAMetadata* metadata = EVRootCAMetadata::GetInstance(); + for (DWORD i = 0; i < policies_info->cPolicyInfo; ++i) { + LPSTR policy_oid = policies_info->rgPolicyInfo[i].pszPolicyIdentifier; + if (metadata->IsEVPolicyOID(policy_oid)) { + ev_policy_oid = policy_oid; + chain_para.RequestedIssuancePolicy.dwType = USAGE_MATCH_TYPE_AND; + chain_para.RequestedIssuancePolicy.Usage.cUsageIdentifier = 1; + chain_para.RequestedIssuancePolicy.Usage.rgpszUsageIdentifier = + &ev_policy_oid; + break; + } + } + } + } + PCCERT_CHAIN_CONTEXT chain_context; // IE passes a non-NULL pTime argument that specifies the current system // time. IE passes CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT as the @@ -625,6 +620,24 @@ int X509Certificate::Verify(const std::string& hostname, &chain_context)) { return MapSecurityError(GetLastError()); } + if (chain_context->TrustStatus.dwErrorStatus & + CERT_TRUST_IS_NOT_VALID_FOR_USAGE) { + ev_policy_oid = NULL; + chain_para.RequestedIssuancePolicy.Usage.cUsageIdentifier = 0; + chain_para.RequestedIssuancePolicy.Usage.rgpszUsageIdentifier = NULL; + CertFreeCertificateChain(chain_context); + if (!CertGetCertificateChain( + NULL, // default chain engine, HCCE_CURRENT_USER + cert_handle_, + NULL, // current system time + cert_handle_->hCertStore, // search this store + &chain_para, + chain_flags, + NULL, // reserved + &chain_context)) { + return MapSecurityError(GetLastError()); + } + } ScopedCertChainContext scoped_chain_context(chain_context); GetCertChainInfo(chain_context, verify_result); @@ -729,8 +742,7 @@ int X509Certificate::Verify(const std::string& hostname, if (IsCertStatusError(verify_result->cert_status)) return MapCertStatusToNetError(verify_result->cert_status); - // TODO(ukai): combine regular cert verification and EV cert verification. - if ((flags & VERIFY_EV_CERT) && VerifyEV()) + if (ev_policy_oid && CheckEV(chain_context, ev_policy_oid)) verify_result->cert_status |= CERT_STATUS_IS_EV; return OK; } @@ -741,16 +753,8 @@ int X509Certificate::Verify(const std::string& hostname, // certificates in the certificate chain according to Section 7 (pp. 11-12) // of the EV Certificate Guidelines Version 1.0 at // http://cabforum.org/EV_Certificate_Guidelines.pdf. -bool X509Certificate::VerifyEV() const { - DCHECK(cert_handle_); - net::EVRootCAMetadata* metadata = net::EVRootCAMetadata::GetInstance(); - - PCCERT_CHAIN_CONTEXT chain_context = ConstructCertChain(cert_handle_, - metadata->GetPolicyOIDs(), metadata->NumPolicyOIDs()); - if (!chain_context) - return false; - ScopedCertChainContext scoped_chain_context(chain_context); - +bool X509Certificate::CheckEV(PCCERT_CHAIN_CONTEXT chain_context, + const char* policy_oid) const { DCHECK(chain_context->cChain != 0); // If the cert doesn't match any of the policies, the // CERT_TRUST_IS_NOT_VALID_FOR_USAGE bit (0x10) in @@ -771,19 +775,16 @@ bool X509Certificate::VerifyEV() const { // Look up the EV policy OID of the root CA. PCCERT_CONTEXT root_cert = element[num_elements - 1]->pCertContext; SHA1Fingerprint fingerprint = CalculateFingerprint(root_cert); - const char* ev_policy_oid = NULL; - if (!metadata->GetPolicyOID(fingerprint, &ev_policy_oid)) - return false; - DCHECK(ev_policy_oid); - - // Get the certificatePolicies extension of the end certificate. - PCCERT_CONTEXT end_cert = element[0]->pCertContext; - scoped_ptr_malloc<CERT_POLICIES_INFO> policies_info; - GetCertPoliciesInfo(end_cert, &policies_info); - if (!policies_info.get()) - return false; + EVRootCAMetadata* metadata = EVRootCAMetadata::GetInstance(); + return metadata->HasEVPolicyOID(fingerprint, policy_oid); +} - return ContainsPolicy(policies_info.get(), ev_policy_oid); +bool X509Certificate::VerifyEV() const { + // We don't call this private method, but we do need to implement it because + // it's defined in x509_certificate.h. We perform EV checking in the + // Verify() above. + NOTREACHED(); + return false; } // static diff --git a/net/base/x509_openssl_util.cc b/net/base/x509_openssl_util.cc new file mode 100644 index 0000000..22ab59a --- /dev/null +++ b/net/base/x509_openssl_util.cc @@ -0,0 +1,113 @@ +// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/base/x509_openssl_util.h" + +#include "base/logging.h" +#include "base/string_number_conversions.h" +#include "base/string_piece.h" +#include "base/time.h" + +namespace net { + +namespace x509_openssl_util { + +namespace { + +// Helper for ParseDate. |*field| must contain at least |field_len| characters. +// |*field| will be advanced by |field_len| on exit. |*ok| is set to false if +// there is an error in parsing the number, but left untouched otherwise. +// Returns the parsed integer. +int ParseIntAndAdvance(const char** field, size_t field_len, bool* ok) { + int result = 0; + *ok &= base::StringToInt(*field, *field + field_len, &result); + *field += field_len; + return result; +} + +} // namespace + +bool ParsePrincipalKeyAndValueByIndex(X509_NAME* name, + int index, + std::string* key, + std::string* value) { + X509_NAME_ENTRY* entry = X509_NAME_get_entry(name, index); + if (!entry) + return false; + + if (key) { + ASN1_OBJECT* object = X509_NAME_ENTRY_get_object(entry); + key->assign(OBJ_nid2sn(OBJ_obj2nid(object))); + } + + ASN1_STRING* data = X509_NAME_ENTRY_get_data(entry); + if (!data) + return false; + + unsigned char* buf = NULL; + int len = ASN1_STRING_to_UTF8(&buf, data); + if (len <= 0) + return false; + + value->assign(reinterpret_cast<const char*>(buf), len); + OPENSSL_free(buf); + return true; +} + +bool ParsePrincipalValueByIndex(X509_NAME* name, + int index, + std::string* value) { + return ParsePrincipalKeyAndValueByIndex(name, index, NULL, value); +} + +bool ParsePrincipalValueByNID(X509_NAME* name, int nid, std::string* value) { + int index = X509_NAME_get_index_by_NID(name, nid, -1); + if (index < 0) + return false; + + return ParsePrincipalValueByIndex(name, index, value); +} + +bool ParseDate(ASN1_TIME* x509_time, base::Time* time) { + if (!x509_time || + (x509_time->type != V_ASN1_UTCTIME && + x509_time->type != V_ASN1_GENERALIZEDTIME)) + return false; + + base::StringPiece str_date(reinterpret_cast<const char*>(x509_time->data), + x509_time->length); + // UTCTime: YYMMDDHHMMSSZ + // GeneralizedTime: YYYYMMDDHHMMSSZ + size_t year_length = x509_time->type == V_ASN1_UTCTIME ? 2 : 4; + + if (str_date.length() < 11 + year_length) + return false; + + const char* field = str_date.data(); + bool valid = true; + base::Time::Exploded exploded = {0}; + + exploded.year = ParseIntAndAdvance(&field, year_length, &valid); + exploded.month = ParseIntAndAdvance(&field, 2, &valid); + exploded.day_of_month = ParseIntAndAdvance(&field, 2, &valid); + exploded.hour = ParseIntAndAdvance(&field, 2, &valid); + exploded.minute = ParseIntAndAdvance(&field, 2, &valid); + exploded.second = ParseIntAndAdvance(&field, 2, &valid); + if (valid && year_length == 2) + exploded.year += exploded.year < 50 ? 2000 : 1900; + + valid &= exploded.HasValidValues(); + + if (!valid) { + NOTREACHED() << "can't parse x509 date " << str_date; + return false; + } + + *time = base::Time::FromUTCExploded(exploded); + return true; +} + +} // namespace x509_openssl_util + +} // namespace net diff --git a/net/base/x509_openssl_util.h b/net/base/x509_openssl_util.h new file mode 100644 index 0000000..5ac511b --- /dev/null +++ b/net/base/x509_openssl_util.h @@ -0,0 +1,39 @@ +// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_BASE_X509_OPENSSL_UTIL_H_ +#define NET_BASE_X509_OPENSSL_UTIL_H_ +#pragma once + +#include <openssl/asn1.h> +#include <openssl/x509v3.h> + +#include <string> + +namespace base { +class Time; +} // namespace base + +namespace net { + +// A collection of helper functions to fetch data from OpenSSL X509 certificates +// into more convenient std / base datatypes. +namespace x509_openssl_util { + +bool ParsePrincipalKeyAndValueByIndex(X509_NAME* name, + int index, + std::string* key, + std::string* value); + +bool ParsePrincipalValueByIndex(X509_NAME* name, int index, std::string* value); + +bool ParsePrincipalValueByNID(X509_NAME* name, int nid, std::string* value); + +bool ParseDate(ASN1_TIME* x509_time, base::Time* time); + +} // namespace x509_openssl_util + +} // namespace net + +#endif // NET_BASE_X509_OPENSSL_UTIL_H_ |