Split SdchManager::Dictionary out into separate class/file.

net/base/sdch_manager.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/base/sdch_manager.h"
 
 #include "base/base64.h"
 #include "base/logging.h"
 #include "base/metrics/histogram.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_util.h"
 #include "base/time/default_clock.h"
 #include "base/values.h"
 #include "crypto/sha2.h"
-#include "net/base/registry_controlled_domains/registry_controlled_domain.h"
 #include "net/base/sdch_observer.h"
 #include "net/url_request/url_request_http_job.h"
 
 namespace {
 
 void StripTrailingDot(GURL* gurl) {
   std::string host(gurl->host());
 
   if (host.empty())
     return;
@@ skipping 12 matching lines @@
 }  // namespace
 
 namespace net {
 
 // static
 bool SdchManager::g_sdch_enabled_ = true;
 
 // static
 bool SdchManager::g_secure_scheme_supported_ = true;
 
-SdchManager::Dictionary::Dictionary(const std::string& dictionary_text,
-                                    size_t offset,
-                                    const std::string& client_hash,
-                                    const std::string& server_hash,
-                                    const GURL& gurl,
-                                    const std::string& domain,
-                                    const std::string& path,
-                                    const base::Time& expiration,
-                                    const std::set<int>& ports)
-    : text_(dictionary_text, offset),
-      client_hash_(client_hash),
-      server_hash_(server_hash),
-      url_(gurl),
-      domain_(domain),
-      path_(path),
-      expiration_(expiration),
-      ports_(ports),
-      clock_(new base::DefaultClock) {
-}
-
-SdchManager::Dictionary::Dictionary(const SdchManager::Dictionary& rhs)
-    : text_(rhs.text_),
-      client_hash_(rhs.client_hash_),
-      server_hash_(rhs.server_hash_),
-      url_(rhs.url_),
-      domain_(rhs.domain_),
-      path_(rhs.path_),
-      expiration_(rhs.expiration_),
-      ports_(rhs.ports_),
-      clock_(new base::DefaultClock) {
-}
-
-SdchManager::Dictionary::~Dictionary() {}
-
-// Security functions restricting loads and use of dictionaries.
-
-// static
-SdchProblemCode SdchManager::Dictionary::CanSet(const std::string& domain,
-                                                const std::string& path,
-                                                const std::set<int>& ports,
-                                                const GURL& dictionary_url) {
-  /*
-  A dictionary is invalid and must not be stored if any of the following are
-  true:
-    1. The dictionary has no Domain attribute.
-    2. The effective host name that derives from the referer URL host name does
-      not domain-match the Domain attribute.
-    3. The Domain attribute is a top level domain.
-    4. The referer URL host is a host domain name (not IP address) and has the
-      form HD, where D is the value of the Domain attribute, and H is a string
-      that contains one or more dots.
-    5. If the dictionary has a Port attribute and the referer URL's port was not
-      in the list.
-  */
-
-  // TODO(jar): Redirects in dictionary fetches might plausibly be problematic,
-  // and hence the conservative approach is to not allow any redirects (if there
-  // were any... then don't allow the dictionary to be set).
-
-  if (domain.empty())
-    return SDCH_DICTIONARY_MISSING_DOMAIN_SPECIFIER;  // Domain is required.
-
-  if (registry_controlled_domains::GetDomainAndRegistry(
-          domain, registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES)
-          .empty()) {
-    return SDCH_DICTIONARY_SPECIFIES_TOP_LEVEL_DOMAIN;  // domain was a TLD.
-  }
-
-  if (!Dictionary::DomainMatch(dictionary_url, domain))
-    return SDCH_DICTIONARY_DOMAIN_NOT_MATCHING_SOURCE_URL;
-
-  std::string referrer_url_host = dictionary_url.host();
-  size_t postfix_domain_index = referrer_url_host.rfind(domain);
-  // See if it is indeed a postfix, or just an internal string.
-  if (referrer_url_host.size() == postfix_domain_index + domain.size()) {
-    // It is a postfix... so check to see if there's a dot in the prefix.
-    size_t end_of_host_index = referrer_url_host.find_first_of('.');
-    if (referrer_url_host.npos != end_of_host_index &&
-        end_of_host_index < postfix_domain_index) {
-      return SDCH_DICTIONARY_REFERER_URL_HAS_DOT_IN_PREFIX;
-    }
-  }
-
-  if (!ports.empty() && 0 == ports.count(dictionary_url.EffectiveIntPort()))
-    return SDCH_DICTIONARY_PORT_NOT_MATCHING_SOURCE_URL;
-
-  return SDCH_OK;
-}
-
-SdchProblemCode SdchManager::Dictionary::CanUse(
-    const GURL& target_url) const {
-  /*
-    1. The request URL's host name domain-matches the Domain attribute of the
-      dictionary.
-    2. If the dictionary has a Port attribute, the request port is one of the
-      ports listed in the Port attribute.
-    3. The request URL path-matches the path attribute of the dictionary.
-    4. The request is not an HTTPS request.
-    We can override (ignore) item (4) only when we have explicitly enabled
-    HTTPS support AND the dictionary acquisition scheme matches the target
-     url scheme.
-  */
-  if (!DomainMatch(target_url, domain_))
-    return SDCH_DICTIONARY_FOUND_HAS_WRONG_DOMAIN;
-
-  if (!ports_.empty() && 0 == ports_.count(target_url.EffectiveIntPort()))
-    return SDCH_DICTIONARY_FOUND_HAS_WRONG_PORT_LIST;
-
-  if (path_.size() && !PathMatch(target_url.path(), path_))
-    return SDCH_DICTIONARY_FOUND_HAS_WRONG_PATH;
-
-  if (!SdchManager::secure_scheme_supported() && target_url.SchemeIsSecure())
-    return SDCH_DICTIONARY_FOUND_HAS_WRONG_SCHEME;
-
-  if (target_url.SchemeIsSecure() != url_.SchemeIsSecure())
-    return SDCH_DICTIONARY_FOUND_HAS_WRONG_SCHEME;
-
-  // TODO(jar): Remove overly restrictive failsafe test (added per security
-  // review) when we have a need to be more general.
-  if (!target_url.SchemeIsHTTPOrHTTPS())
-    return SDCH_ATTEMPT_TO_DECODE_NON_HTTP_DATA;
-
-  return SDCH_OK;
-}
-
-// static
-bool SdchManager::Dictionary::PathMatch(const std::string& path,
-                                        const std::string& restriction) {
-  /*  Must be either:
-  1. P2 is equal to P1
-  2. P2 is a prefix of P1 and either the final character in P2 is "/" or the
-      character following P2 in P1 is "/".
-      */
-  if (path == restriction)
-    return true;
-  size_t prefix_length = restriction.size();
-  if (prefix_length > path.size())
-    return false;  // Can't be a prefix.
-  if (0 != path.compare(0, prefix_length, restriction))
-    return false;
-  return restriction[prefix_length - 1] == '/' || path[prefix_length] == '/';
-}
-
-// static
-bool SdchManager::Dictionary::DomainMatch(const GURL& gurl,
-                                          const std::string& restriction) {
-  // TODO(jar): This is not precisely a domain match definition.
-  return gurl.DomainIs(restriction.data(), restriction.size());
-}
-
-bool SdchManager::Dictionary::Expired() const {
-  return clock_->Now() > expiration_;
-}
-
-void SdchManager::Dictionary::SetClockForTesting(
-    scoped_ptr<base::Clock> clock) {
-  clock_ = clock.Pass();
-}
-
 SdchManager::DictionarySet::DictionarySet() {}
 
 SdchManager::DictionarySet::~DictionarySet() {}
 
 std::string SdchManager::DictionarySet::GetDictionaryClientHashList() const {
   std::string result;
   bool first = true;
   for (const auto& entry: dictionaries_) {
     if (!first)
       result.append(",");
 
     result.append(entry.second->data.client_hash());
     first = false;
   }
   return result;
 }
 
-const SdchManager::Dictionary* SdchManager::DictionarySet::GetDictionary(
+const SdchDictionary* SdchManager::DictionarySet::GetDictionary(
     const std::string& hash) const {
   auto it = dictionaries_.find(hash);
   if (it == dictionaries_.end())
     return NULL;
 
   return &it->second->data;
 }
 
 bool SdchManager::DictionarySet::Empty() const {
   return dictionaries_.empty();
 }
 
 void SdchManager::DictionarySet::AddDictionary(
     const std::string& server_hash,
-    const scoped_refptr<base::RefCountedData<SdchManager::Dictionary>>&
-    dictionary) {
+    const scoped_refptr<base::RefCountedData<SdchDictionary>>& dictionary) {
   DCHECK(dictionaries_.end() == dictionaries_.find(server_hash));
 
   dictionaries_[server_hash] = dictionary;
 }
 
 SdchManager::SdchManager() : factory_(this) {
   DCHECK(thread_checker_.CalledOnValidThread());
 }
 
 SdchManager::~SdchManager() {
@@ skipping 172 matching lines @@
 }
 
 scoped_ptr<SdchManager::DictionarySet>
 SdchManager::GetDictionarySet(const GURL& target_url) {
   if (IsInSupportedDomain(target_url) != SDCH_OK)
     return NULL;
 
   int count = 0;
   scoped_ptr<SdchManager::DictionarySet> result(new DictionarySet);
   for (const auto& entry: dictionaries_) {
+    if (!secure_scheme_supported() && target_url.SchemeIsSecure())
+      continue;
     if (entry.second->data.CanUse(target_url) != SDCH_OK)
       continue;
     if (entry.second->data.Expired())
       continue;
     ++count;
     result->AddDictionary(entry.first, entry.second);
   }
 
   if (count == 0)
     return NULL;
 
   UMA_HISTOGRAM_COUNTS("Sdch3.Advertisement_Count", count);
 
   return result.Pass();
 }
 
 scoped_ptr<SdchManager::DictionarySet>
 SdchManager::GetDictionarySetByHash(
     const GURL& target_url,
     const std::string& server_hash,
     SdchProblemCode* problem_code) {
   scoped_ptr<SdchManager::DictionarySet> result;
 
   *problem_code = SDCH_DICTIONARY_HASH_NOT_FOUND;
   const auto& it = dictionaries_.find(server_hash);
   if (it == dictionaries_.end())
     return result.Pass();
 
+  if (!SdchManager::secure_scheme_supported() && target_url.SchemeIsSecure()) {
+    *problem_code = SDCH_DICTIONARY_FOUND_HAS_WRONG_SCHEME;
+    return result.Pass();
+  }
+
   *problem_code = it->second->data.CanUse(target_url);
   if (*problem_code != SDCH_OK)
     return result.Pass();
 
   result.reset(new DictionarySet);
   result->AddDictionary(it->first, it->second);
   return result.Pass();
 }
 
 // static
@@ skipping 109 matching lines @@
   }
 
   // Narrow fix for http://crbug.com/389451.
   GURL dictionary_url_normalized(dictionary_url);
   StripTrailingDot(&dictionary_url_normalized);
 
   SdchProblemCode rv = IsInSupportedDomain(dictionary_url_normalized);
   if (rv != SDCH_OK)
     return rv;
 
-  rv = Dictionary::CanSet(domain, path, ports, dictionary_url_normalized);
+  rv = SdchDictionary::CanSet(domain, path, ports, dictionary_url_normalized);
   if (rv != SDCH_OK)
     return rv;
 
   UMA_HISTOGRAM_COUNTS("Sdch3.Dictionary size loaded", dictionary_text.size());
   DVLOG(1) << "Loaded dictionary with client hash " << client_hash
            << " and server hash " << server_hash;
-  Dictionary dictionary(dictionary_text, header_end + 2, client_hash,
-                        server_hash, dictionary_url_normalized, domain, path,
-                        expiration, ports);
+  SdchDictionary dictionary(dictionary_text, header_end + 2, client_hash,
+                            server_hash, dictionary_url_normalized, domain,
+                            path, expiration, ports);
   dictionaries_[server_hash] =
-      new base::RefCountedData<Dictionary>(dictionary);
+      new base::RefCountedData<SdchDictionary>(dictionary);
   if (server_hash_p)
     *server_hash_p = server_hash;
 
   return SDCH_OK;
 }
 
 SdchProblemCode SdchManager::RemoveSdchDictionary(
     const std::string& server_hash) {
   if (dictionaries_.find(server_hash) == dictionaries_.end())
     return SDCH_DICTIONARY_HASH_NOT_FOUND;
@@ skipping 59 matching lines @@
       entry_dict->SetInteger("tries", it->second.count);
     entry_dict->SetInteger("reason", it->second.reason);
     entry_list->Append(entry_dict);
   }
   value->Set("blacklisted", entry_list);
 
   return value;
 }
 
 }  // namespace net