Add a whitelist for QUIC hosts.

net/http/http_stream_factory_impl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/http/http_stream_factory_impl.h"
 
 #include <string>
 
 #include "base/logging.h"
 #include "base/stl_util.h"
+#include "base/strings/string_util.h"
 #include "net/base/net_util.h"
 #include "net/http/http_network_session.h"
 #include "net/http/http_server_properties.h"
 #include "net/http/http_stream_factory_impl_job.h"
 #include "net/http/http_stream_factory_impl_request.h"
+#include "net/http/transport_security_state.h"
 #include "net/log/net_log.h"
 #include "net/quic/quic_server_id.h"
 #include "net/spdy/spdy_http_stream.h"
 #include "url/gurl.h"
 
 #if defined(ENABLE_BIDIRECTIONAL_STREAM)
 #include "net/spdy/bidirectional_stream_spdy_job.h"
 #endif
 
 namespace net {
@@ skipping 252 matching lines @@
 
     // Check whether there's an existing session to use for this QUIC Alt-Svc.
     HostPortPair destination = alternative_service.host_port_pair();
     std::string origin_host =
         ApplyHostMappingRules(request_info.url, &destination).host();
     QuicServerId server_id(destination, request_info.privacy_mode);
     if (session_->quic_stream_factory()->CanUseExistingSession(
             server_id, request_info.privacy_mode, origin_host))
       return alternative_service;
 
+    if (!IsQuicWhitelistedForHost(destination.host()))
+      continue;
+
     // Cache this entry if we don't have a non-broken Alt-Svc yet.
     if (first_alternative_service.protocol == UNINITIALIZED_ALTERNATE_PROTOCOL)
       first_alternative_service = alternative_service;
   }
 
   // Ask delegate to mark QUIC as broken for the origin.
   if (quic_advertised && quic_all_broken && delegate != nullptr)
     delegate->OnQuicBroken();
 
   return first_alternative_service;
@@ skipping 60 matching lines @@
   orphaned_job_set_.erase(job);
   delete job;
 }
 
 void HttpStreamFactoryImpl::OnPreconnectsComplete(const Job* job) {
   preconnect_job_set_.erase(job);
   delete job;
   OnPreconnectsCompleteInternal();
 }
 
+bool HttpStreamFactoryImpl::IsQuicWhitelistedForHost(const std::string& host) {
+  if (session_->params().transport_security_state->IsGooglePinnedHost(host)) {
+    return true;
+  }

[Ryan Sleevi, 2016/01/11 23:54:26]

nit: This file uses no braces for single-line conditionals

[Ryan Hamilton, 2016/01/12 00:22:46]

Indeed! I had a LOG(INFO) there and when I removed it, I forgot to remove the
{}s. Doh.

Done.

+
+  for (const std::string& white : session_->params().quic_host_whitelist) {

[Ryan Sleevi, 2016/01/11 23:54:27]

s/white/whitelisted_host/

Just the color name doesn't seem very descriptive.

[Ryan Hamilton, 2016/01/12 00:22:46]

Agreed. (though this code is now gone.)

+    if (host == white)

[Ryan Sleevi, 2016/01/11 23:54:27]

Is |host| guaranteed to be normalized? What about case-folded?

Should this be a binary search? Is Linear the right thing?

[Ryan Hamilton, 2016/01/12 00:22:46]

Hopefully, this will always be empty, but if it's not we should be performant :>
Switched to unordered_set which makes it constant.

+      return true;
+  }
+
+  return base::EndsWith(host, ".snapchat.com",

[Ryan Sleevi, 2016/01/11 23:54:27]

What about trailing dots? (.snapchat.com.) - do those matter?

[Ryan Hamilton, 2016/01/12 00:22:46]

they don't matter in this case.

+                        base::CompareCase::INSENSITIVE_ASCII);

[Ryan Sleevi, 2016/01/11 23:54:27]

If it's normalized (line 379), then you should be able to optimize using
case-sensitive, so that you can just do a memcmp instead of having to
re-normalize host.

[Ryan Hamilton, 2016/01/12 00:22:46]

Done.

+}
+
 }  // namespace net