Reland 66791 (change was innocent)...

net/base/x509_certificate.cc

 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/base/x509_certificate.h"
 
 #include <map>
 
+#include "base/lazy_instance.h"
 #include "base/logging.h"
 #include "base/metrics/histogram.h"
-#include "base/singleton.h"
 #include "base/string_piece.h"
 #include "base/time.h"
 #include "net/base/pem_tokenizer.h"
 
 namespace net {
 
 namespace {
 
 // Returns true if this cert fingerprint is the null (all zero) fingerprint.
 // We use this as a bogus fingerprint value.
@@ skipping 10 matching lines @@
 const X509Certificate::Format kFormatDecodePriority[] = {
   X509Certificate::FORMAT_SINGLE_CERTIFICATE,
   X509Certificate::FORMAT_PKCS7
 };
 
 // The PEM block header used for DER certificates
 const char kCertificateHeader[] = "CERTIFICATE";
 // The PEM block header used for PKCS#7 data
 const char kPKCS7Header[] = "PKCS7";
 
-}  // namespace
-
-bool X509Certificate::LessThan::operator()(X509Certificate* lhs,
-                                           X509Certificate* rhs) const {
-  if (lhs == rhs)
-    return false;
-
-  SHA1FingerprintLessThan fingerprint_functor;
-  return fingerprint_functor(lhs->fingerprint_, rhs->fingerprint_);
-}
-
 // A thread-safe cache for X509Certificate objects.
 //
 // The cache does not hold a reference to the certificate objects.  The objects
 // must |Remove| themselves from the cache upon destruction (or else the cache
 // will be holding dead pointers to the objects).
 // TODO(rsleevi): There exists a chance of a use-after-free, due to a race
 // between Find() and Remove(). See http://crbug.com/49377
-class X509Certificate::Cache {
+class X509CertificateCache {
  public:
-  static Cache* GetInstance();
   void Insert(X509Certificate* cert);
   void Remove(X509Certificate* cert);
   X509Certificate* Find(const SHA1Fingerprint& fingerprint);
 
  private:
   typedef std::map<SHA1Fingerprint, X509Certificate*, SHA1FingerprintLessThan>
       CertMap;
 
-  // Obtain an instance of X509Certificate::Cache via GetInstance().
-  Cache() {}
-  friend struct DefaultSingletonTraits<Cache>;
+  // Obtain an instance of X509CertificateCache via a LazyInstance.
+  X509CertificateCache() {}
+  ~X509CertificateCache() {}
+  friend struct base::DefaultLazyInstanceTraits<X509CertificateCache>;
 
   // You must acquire this lock before using any private data of this object.
   // You must not block while holding this lock.
   Lock lock_;
 
   // The certificate cache.  You must acquire |lock_| before using |cache_|.
   CertMap cache_;
 
-  DISALLOW_COPY_AND_ASSIGN(Cache);
+  DISALLOW_COPY_AND_ASSIGN(X509CertificateCache);
 };
 
-// Get the singleton object for the cache.
-// static
-X509Certificate::Cache* X509Certificate::Cache::GetInstance() {
-  return Singleton<X509Certificate::Cache>::get();
-}
+base::LazyInstance<X509CertificateCache,
+                   base::LeakyLazyInstanceTraits<X509CertificateCache> >
+    g_x509_certificate_cache(base::LINKER_INITIALIZED);
 
 // Insert |cert| into the cache.  The cache does NOT AddRef |cert|.
 // Any existing certificate with the same fingerprint will be replaced.
-void X509Certificate::Cache::Insert(X509Certificate* cert) {
+void X509CertificateCache::Insert(X509Certificate* cert) {
   AutoLock lock(lock_);
 
   DCHECK(!IsNullFingerprint(cert->fingerprint())) <<
       "Only insert certs with real fingerprints.";
   cache_[cert->fingerprint()] = cert;
 };
 
 // Remove |cert| from the cache.  The cache does not assume that |cert| is
 // already in the cache.
-void X509Certificate::Cache::Remove(X509Certificate* cert) {
+void X509CertificateCache::Remove(X509Certificate* cert) {
   AutoLock lock(lock_);
 
   CertMap::iterator pos(cache_.find(cert->fingerprint()));
   if (pos == cache_.end())
     return;  // It is not an error to remove a cert that is not in the cache.
   cache_.erase(pos);
 };
 
 // Find a certificate in the cache with the given fingerprint.  If one does
 // not exist, this method returns NULL.
-X509Certificate* X509Certificate::Cache::Find(
+X509Certificate* X509CertificateCache::Find(
     const SHA1Fingerprint& fingerprint) {
   AutoLock lock(lock_);
 
   CertMap::iterator pos(cache_.find(fingerprint));
   if (pos == cache_.end())
     return NULL;
 
   return pos->second;
 };
 
+}  // namespace
+
+bool X509Certificate::LessThan::operator()(X509Certificate* lhs,
+                                           X509Certificate* rhs) const {
+  if (lhs == rhs)
+    return false;
+
+  SHA1FingerprintLessThan fingerprint_functor;
+  return fingerprint_functor(lhs->fingerprint_, rhs->fingerprint_);
+}
+
 // static
 X509Certificate* X509Certificate::CreateFromHandle(
     OSCertHandle cert_handle,
     Source source,
     const OSCertHandles& intermediates) {
   DCHECK(cert_handle);
   DCHECK(source != SOURCE_UNUSED);
 
   // Check if we already have this certificate in memory.
-  X509Certificate::Cache* cache = X509Certificate::Cache::GetInstance();
+  X509CertificateCache* cache = g_x509_certificate_cache.Pointer();
   X509Certificate* cached_cert =
       cache->Find(CalculateFingerprint(cert_handle));
   if (cached_cert) {
     DCHECK(cached_cert->source_ != SOURCE_UNUSED);
     if (cached_cert->source_ > source ||
         (cached_cert->source_ == source &&
          cached_cert->HasIntermediateCertificates(intermediates))) {
       // Return the certificate with the same fingerprint from our cache.
       DHISTOGRAM_COUNTS("X509CertificateReuseCount", 1);
       return cached_cert;
@@ skipping 159 matching lines @@
       issuer_(issuer),
       valid_start_(start_date),
       valid_expiry_(expiration_date),
       cert_handle_(NULL),
       source_(SOURCE_UNUSED) {
   memset(fingerprint_.data, 0, sizeof(fingerprint_.data));
 }
 
 X509Certificate::~X509Certificate() {
   // We might not be in the cache, but it is safe to remove ourselves anyway.
-  X509Certificate::Cache::GetInstance()->Remove(this);
+  g_x509_certificate_cache.Get().Remove(this);
   if (cert_handle_)
     FreeOSCertHandle(cert_handle_);
   for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i)
     FreeOSCertHandle(intermediate_ca_certs_[i]);
 }
 
 bool X509Certificate::HasExpired() const {
   return base::Time::Now() > valid_expiry();
 }
 
@@ skipping 15 matching lines @@
 
 bool X509Certificate::HasIntermediateCertificates(const OSCertHandles& certs) {
   for (size_t i = 0; i < certs.size(); ++i) {
     if (!HasIntermediateCertificate(certs[i]))
       return false;
   }
   return true;
 }
 
 }  // namespace net