Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(193)

Side by Side Diff: net/base/ssl_false_start_blacklist.h

Issue 7804001: Third attempt at: (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: Created 9 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/ssl_config_service.cc ('k') | net/base/ssl_false_start_blacklist.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_BASE_SSL_FALSE_START_BLACKLIST_H_ 5 #ifndef NET_BASE_SSL_FALSE_START_BLACKLIST_H_
6 #define NET_BASE_SSL_FALSE_START_BLACKLIST_H_ 6 #define NET_BASE_SSL_FALSE_START_BLACKLIST_H_
7 7
8 #include "base/basictypes.h" 8 #include <string>
9
10 #include "base/logging.h"
9 #include "net/base/net_export.h" 11 #include "net/base/net_export.h"
10 12
11 namespace net { 13 namespace net {
12 14
13 // SSLFalseStartBlacklist is a set of domains which we believe to be intolerant 15 // SSLFalseStartBlacklist is a set of domains which we believe to be intolerant
14 // to TLS False Start. Because this set is several hundred long, it's 16 // to TLS False Start. Because this set is several hundred long, it's
15 // precompiled by the code in ssl_false_start_blacklist_process.cc into a hash 17 // precompiled by the code in ssl_false_start_blacklist_process.cc into a hash
16 // table for fast lookups. 18 // table for fast lookups.
17 class SSLFalseStartBlacklist { 19 class SSLFalseStartBlacklist {
18 public: 20 public:
19 // IsMember returns true if the given host is in the blacklist. 21 // Returns true if |host| (a DNS name in dotted form, e.g. "www.example.com")
20 // host: a DNS name in dotted form (i.e. "www.example.com") 22 // is in the blacklist.
21 NET_EXPORT_PRIVATE static bool IsMember(const char* host); 23 NET_EXPORT_PRIVATE static bool IsMember(const std::string& host);
22 24
23 // Hash returns the modified djb2 hash of the given string. 25 // Returns the modified djb2 hash of |host|.
24 static unsigned Hash(const char* str) { 26 // NOTE: This is inline because the code which generates the hash table needs
25 // This is inline because the code which generates the hash table needs to 27 // to use it. However, the generating code cannot link against
26 // use it. However, the generating code cannot link against 28 // ssl_false_start_blacklist.cc because that needs the tables which it
27 // ssl_false_start_blacklist.cc because that needs the tables which it 29 // generates.
28 // generates. 30 static uint32 Hash(const std::string& host) {
29 const unsigned char* in = reinterpret_cast<const unsigned char*>(str); 31 uint32 hash = 5381;
30 unsigned hash = 5381; 32 for (const uint8* in = reinterpret_cast<const uint8*>(host.c_str());
31 unsigned char c; 33 *in != 0; ++in)
32 34 hash = ((hash << 5) + hash) ^ *in;
33 while ((c = *in++))
34 hash = ((hash << 5) + hash) ^ c;
35 return hash; 35 return hash;
36 } 36 }
37 37
38 // LastTwoLabels returns a pointer within |host| to the last two labels of 38 // Returns the last two dot-separated components of |host|, ignoring any
39 // |host|. For example, if |host| is "a.b.c.d" then LastTwoLabels will return 39 // trailing dots. For example, returns "c.d" for "a.b.c.d.". Returns an
40 // "c.d". 40 // empty string if |host| does not have two dot-separated components.
41 // host: a DNS name in dotted form. 41 // NOTE: Inline for the same reason as Hash().
42 // returns: NULL on error, otherwise a pointer inside |host|. 42 static std::string LastTwoComponents(const std::string& host) {
43 static const char* LastTwoLabels(const char* host) { 43 size_t last_nondot = host.find_last_not_of('.');
44 // See comment in |Hash| for why this function is inline. 44 if (last_nondot == std::string::npos)
45 const size_t len = strlen(host); 45 return std::string();
46 if (len == 0) 46 size_t last_dot = host.find_last_of('.', last_nondot);
47 return NULL; 47 if ((last_dot == 0) || (last_dot == std::string::npos))
48 48 return std::string();
49 unsigned dots_found = 0; 49 // NOTE: This next line works correctly even when the call returns npos.
50 size_t i; 50 size_t components_begin = host.find_last_of('.', last_dot - 1) + 1;
51 for (i = len - 1; i < len; i--) { 51 return host.substr(components_begin, last_nondot - components_begin + 1);
52 if (host[i] == '.') {
53 dots_found++;
54 if (dots_found == 2) {
55 i++;
56 break;
57 }
58 }
59 }
60
61 if (i > len)
62 i = 0;
63
64 if (dots_found == 0)
65 return NULL; // no names with less than two labels are in the blacklist.
66 if (dots_found == 1) {
67 if (host[0] == '.')
68 return NULL; // ditto
69 }
70
71 return &host[i];
72 } 52 }
73 53
74 // This is the number of buckets in the blacklist hash table. (Must be a 54 // This is the number of buckets in the blacklist hash table. (Must be a
75 // power of two). 55 // power of two).
76 static const unsigned kBuckets = 128; 56 static const size_t kBuckets = 128;
77 57
78 private: 58 private:
79 // The following two members are defined in 59 // The following two members are defined in
80 // ssl_false_start_blacklist_data.cc, which is generated by 60 // ssl_false_start_blacklist_data.cc, which is generated by
81 // ssl_false_start_blacklist_process.cc 61 // ssl_false_start_blacklist_process.cc
82 62
83 // kHashTable contains an offset into |kHashData| for each bucket. The 63 // kHashTable contains an offset into |kHashData| for each bucket. The
84 // additional element at the end contains the length of |kHashData|. 64 // additional element at the end contains the length of |kHashData|.
85 static const uint32 kHashTable[kBuckets + 1]; 65 static const uint32 kHashTable[kBuckets + 1];
86 // kHashData contains the contents of the hash table. |kHashTable| indexes 66 // kHashData contains the contents of the hash table. |kHashTable| indexes
87 // into this array. Each bucket consists of zero or more, 8-bit length 67 // into this array. Each bucket consists of zero or more, 8-bit length
88 // prefixed strings. Each string is a DNS name in dotted form. For a given 68 // prefixed strings. Each string is a DNS name in dotted form. For a given
89 // string x, x and *.x are considered to be in the blacklist. In order to 69 // string x, x and *.x are considered to be in the blacklist. In order to
90 // assign a string to a hash bucket, the last two labels (not including the 70 // assign a string to a hash bucket, the last two labels (not including the
91 // root label) are hashed. Thus, the bucket for "www.example.com" is 71 // root label) are hashed. Thus, the bucket for "www.example.com" is
92 // Hash("example.com"). No names that are less than two labels long are 72 // Hash("example.com"). No names that are less than two labels long are
93 // included in the blacklist. 73 // included in the blacklist.
94 static const char kHashData[]; 74 static const char kHashData[];
95 }; 75 };
96 76
97 } // namespace net 77 } // namespace net
98 78
99 #endif // NET_BASE_SSL_FALSE_START_BLACKLIST_H_ 79 #endif // NET_BASE_SSL_FALSE_START_BLACKLIST_H_
OLDNEW
« no previous file with comments | « net/base/ssl_config_service.cc ('k') | net/base/ssl_false_start_blacklist.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698