Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1398)

Side by Side Diff: net/base/ssl_false_start_blacklist.h

Issue 7778035: Revert 98885 - Third attempt at the following. Unreviewed, this was originally reviewed in http:... (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 9 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/ssl_config_service.cc ('k') | net/base/ssl_false_start_blacklist.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_BASE_SSL_FALSE_START_BLACKLIST_H_ 5 #ifndef NET_BASE_SSL_FALSE_START_BLACKLIST_H_
6 #define NET_BASE_SSL_FALSE_START_BLACKLIST_H_ 6 #define NET_BASE_SSL_FALSE_START_BLACKLIST_H_
7 7
8 #include <string> 8 #include "base/basictypes.h"
9
10 #include "base/logging.h"
11 #include "net/base/net_export.h" 9 #include "net/base/net_export.h"
12 10
13 namespace net { 11 namespace net {
14 12
15 // SSLFalseStartBlacklist is a set of domains which we believe to be intolerant 13 // SSLFalseStartBlacklist is a set of domains which we believe to be intolerant
16 // to TLS False Start. Because this set is several hundred long, it's 14 // to TLS False Start. Because this set is several hundred long, it's
17 // precompiled by the code in ssl_false_start_blacklist_process.cc into a hash 15 // precompiled by the code in ssl_false_start_blacklist_process.cc into a hash
18 // table for fast lookups. 16 // table for fast lookups.
19 class SSLFalseStartBlacklist { 17 class SSLFalseStartBlacklist {
20 public: 18 public:
21 // Returns true if |host| (a DNS name in dotted form, e.g. "www.example.com") 19 // IsMember returns true if the given host is in the blacklist.
22 // is in the blacklist. 20 // host: a DNS name in dotted form (i.e. "www.example.com")
23 NET_EXPORT_PRIVATE static bool IsMember(const std::string& host); 21 NET_EXPORT_PRIVATE static bool IsMember(const char* host);
24 22
25 // Returns the modified djb2 hash of |host|. 23 // Hash returns the modified djb2 hash of the given string.
26 // NOTE: This is inline because the code which generates the hash table needs 24 static unsigned Hash(const char* str) {
27 // to use it. However, the generating code cannot link against 25 // This is inline because the code which generates the hash table needs to
28 // ssl_false_start_blacklist.cc because that needs the tables which it 26 // use it. However, the generating code cannot link against
29 // generates. 27 // ssl_false_start_blacklist.cc because that needs the tables which it
30 static uint32 Hash(const std::string& host) { 28 // generates.
31 uint32 hash = 5381; 29 const unsigned char* in = reinterpret_cast<const unsigned char*>(str);
32 for (const uint8* in = reinterpret_cast<const uint8*>(host.c_str()); 30 unsigned hash = 5381;
33 *in != 0; ++in) 31 unsigned char c;
34 hash = ((hash << 5) + hash) ^ *in; 32
33 while ((c = *in++))
34 hash = ((hash << 5) + hash) ^ c;
35 return hash; 35 return hash;
36 } 36 }
37 37
38 // Returns the last two dot-separated components of |host|, ignoring any 38 // LastTwoLabels returns a pointer within |host| to the last two labels of
39 // trailing dots. For example, returns "c.d" for "a.b.c.d.". Returns an 39 // |host|. For example, if |host| is "a.b.c.d" then LastTwoLabels will return
40 // empty string if |host| does not have two dot-separated components. 40 // "c.d".
41 // NOTE: Inline for the same reason as Hash(). 41 // host: a DNS name in dotted form.
42 static std::string LastTwoComponents(const std::string& host) { 42 // returns: NULL on error, otherwise a pointer inside |host|.
43 size_t last_nondot = host.find_last_not_of('.'); 43 static const char* LastTwoLabels(const char* host) {
44 if (last_nondot == std::string::npos) 44 // See comment in |Hash| for why this function is inline.
45 return std::string(); 45 const size_t len = strlen(host);
46 size_t last_dot = host.find_last_of('.', last_nondot); 46 if (len == 0)
47 if ((last_dot == 0) || (last_dot == std::string::npos)) 47 return NULL;
48 return std::string(); 48
49 // NOTE: This next line works correctly even when the call returns npos. 49 unsigned dots_found = 0;
50 size_t components_begin = host.find_last_of('.', last_dot - 1) + 1; 50 size_t i;
51 return host.substr(components_begin, last_nondot - components_begin + 1); 51 for (i = len - 1; i < len; i--) {
52 if (host[i] == '.') {
53 dots_found++;
54 if (dots_found == 2) {
55 i++;
56 break;
57 }
58 }
59 }
60
61 if (i > len)
62 i = 0;
63
64 if (dots_found == 0)
65 return NULL; // no names with less than two labels are in the blacklist.
66 if (dots_found == 1) {
67 if (host[0] == '.')
68 return NULL; // ditto
69 }
70
71 return &host[i];
52 } 72 }
53 73
54 // This is the number of buckets in the blacklist hash table. (Must be a 74 // This is the number of buckets in the blacklist hash table. (Must be a
55 // power of two). 75 // power of two).
56 static const size_t kBuckets = 128; 76 static const unsigned kBuckets = 128;
57 77
58 private: 78 private:
59 // The following two members are defined in 79 // The following two members are defined in
60 // ssl_false_start_blacklist_data.cc, which is generated by 80 // ssl_false_start_blacklist_data.cc, which is generated by
61 // ssl_false_start_blacklist_process.cc 81 // ssl_false_start_blacklist_process.cc
62 82
63 // kHashTable contains an offset into |kHashData| for each bucket. The 83 // kHashTable contains an offset into |kHashData| for each bucket. The
64 // additional element at the end contains the length of |kHashData|. 84 // additional element at the end contains the length of |kHashData|.
65 static const uint32 kHashTable[kBuckets + 1]; 85 static const uint32 kHashTable[kBuckets + 1];
66 // kHashData contains the contents of the hash table. |kHashTable| indexes 86 // kHashData contains the contents of the hash table. |kHashTable| indexes
67 // into this array. Each bucket consists of zero or more, 8-bit length 87 // into this array. Each bucket consists of zero or more, 8-bit length
68 // prefixed strings. Each string is a DNS name in dotted form. For a given 88 // prefixed strings. Each string is a DNS name in dotted form. For a given
69 // string x, x and *.x are considered to be in the blacklist. In order to 89 // string x, x and *.x are considered to be in the blacklist. In order to
70 // assign a string to a hash bucket, the last two labels (not including the 90 // assign a string to a hash bucket, the last two labels (not including the
71 // root label) are hashed. Thus, the bucket for "www.example.com" is 91 // root label) are hashed. Thus, the bucket for "www.example.com" is
72 // Hash("example.com"). No names that are less than two labels long are 92 // Hash("example.com"). No names that are less than two labels long are
73 // included in the blacklist. 93 // included in the blacklist.
74 static const char kHashData[]; 94 static const char kHashData[];
75 }; 95 };
76 96
77 } // namespace net 97 } // namespace net
78 98
79 #endif // NET_BASE_SSL_FALSE_START_BLACKLIST_H_ 99 #endif // NET_BASE_SSL_FALSE_START_BLACKLIST_H_
OLDNEW
« no previous file with comments | « net/base/ssl_config_service.cc ('k') | net/base/ssl_false_start_blacklist.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698