Clang format slam.

net/cert/x509_certificate.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/cert/x509_certificate.h"
 
 #include <stdlib.h>
 
 #include <algorithm>
 #include <map>
@@ skipping 16 matching lines @@
 #include "net/cert/pem_tokenizer.h"
 #include "url/url_canon.h"
 
 namespace net {
 
 namespace {
 
 // Indicates the order to use when trying to decode binary data, which is
 // based on (speculation) as to what will be most common -> least common
 const X509Certificate::Format kFormatDecodePriority[] = {
-  X509Certificate::FORMAT_SINGLE_CERTIFICATE,
-  X509Certificate::FORMAT_PKCS7
-};
+    X509Certificate::FORMAT_SINGLE_CERTIFICATE, X509Certificate::FORMAT_PKCS7};
 
 // The PEM block header used for DER certificates
 const char kCertificateHeader[] = "CERTIFICATE";
 // The PEM block header used for PKCS#7 data
 const char kPKCS7Header[] = "PKCS7";
 
 #if !defined(USE_NSS)
 // A thread-safe cache for OS certificate handles.
 //
 // Within each of the supported underlying crypto libraries, a certificate
@@ skipping 52 matching lines @@
   // You must acquire this lock before using any private data of this object
   // You must not block while holding this lock.
   base::Lock lock_;
 
   // The certificate cache.  You must acquire |lock_| before using |cache_|.
   CertMap cache_;
 
   DISALLOW_COPY_AND_ASSIGN(X509CertificateCache);
 };
 
-base::LazyInstance<X509CertificateCache>::Leaky
-    g_x509_certificate_cache = LAZY_INSTANCE_INITIALIZER;
+base::LazyInstance<X509CertificateCache>::Leaky g_x509_certificate_cache =
+    LAZY_INSTANCE_INITIALIZER;
 
 void X509CertificateCache::InsertOrUpdate(
     X509Certificate::OSCertHandle* cert_handle) {
   DCHECK(cert_handle);
   SHA1HashValue fingerprint =
       X509Certificate::CalculateFingerprint(*cert_handle);
 
   X509Certificate::OSCertHandle old_handle = NULL;
   {
     base::AutoLock lock(lock_);
@@ skipping 38 matching lines @@
 
 void X509CertificateCache::Remove(X509Certificate::OSCertHandle cert_handle) {
   SHA1HashValue fingerprint =
       X509Certificate::CalculateFingerprint(cert_handle);
   base::AutoLock lock(lock_);
 
   CertMap::iterator pos = cache_.find(fingerprint);
   if (pos == cache_.end())
     return;  // A hash collision where the winning cert was already freed.
 
-  bool is_same_cert = X509Certificate::IsSameOSCert(cert_handle,
-                                                    pos->second.cert_handle);
+  bool is_same_cert =
+      X509Certificate::IsSameOSCert(cert_handle, pos->second.cert_handle);
   if (!is_same_cert)
     return;  // A hash collision where the winning cert is still around.
 
   if (--pos->second.ref_count == 0) {
     // The last reference to |cert_handle| has been removed, so release the
     // Entry's OS handle and remove the Entry. The caller still holds a
     // reference to |cert_handle| and is responsible for freeing it.
     X509Certificate::FreeOSCertHandle(pos->second.cert_handle);
     cache_.erase(pos);
   }
@@ skipping 33 matching lines @@
 }
 
 }  // namespace
 
 bool X509Certificate::LessThan::operator()(
     const scoped_refptr<X509Certificate>& lhs,
     const scoped_refptr<X509Certificate>& rhs) const {
   if (lhs.get() == rhs.get())
     return false;
 
-  int rv = memcmp(lhs->fingerprint_.data, rhs->fingerprint_.data,
+  int rv = memcmp(lhs->fingerprint_.data,
+                  rhs->fingerprint_.data,
                   sizeof(lhs->fingerprint_.data));
   if (rv != 0)
     return rv < 0;
 
-  rv = memcmp(lhs->ca_fingerprint_.data, rhs->ca_fingerprint_.data,
+  rv = memcmp(lhs->ca_fingerprint_.data,
+              rhs->ca_fingerprint_.data,
               sizeof(lhs->ca_fingerprint_.data));
   return rv < 0;
 }
 
 X509Certificate::X509Certificate(const std::string& subject,
                                  const std::string& issuer,
                                  base::Time start_date,
                                  base::Time expiration_date)
     : subject_(subject),
       issuer_(issuer),
@@ skipping 23 matching lines @@
     OSCertHandle handle = CreateOSCertHandleFromBytes(
         const_cast<char*>(der_certs[i].data()), der_certs[i].size());
     if (!handle)
       break;
     intermediate_ca_certs.push_back(handle);
   }
 
   OSCertHandle handle = NULL;
   // Return NULL if we failed to parse any of the certs.
   if (der_certs.size() - 1 == intermediate_ca_certs.size()) {
-    handle = CreateOSCertHandleFromBytes(
-        const_cast<char*>(der_certs[0].data()), der_certs[0].size());
+    handle = CreateOSCertHandleFromBytes(const_cast<char*>(der_certs[0].data()),
+                                         der_certs[0].size());
   }
 
   X509Certificate* cert = NULL;
   if (handle) {
     cert = CreateFromHandle(handle, intermediate_ca_certs);
     FreeOSCertHandle(handle);
   }
 
   for (size_t i = 0; i < intermediate_ca_certs.size(); i++)
     FreeOSCertHandle(intermediate_ca_certs[i]);
@@ skipping 94 matching lines @@
     cert = CreateFromHandle(cert_handle, intermediates);
   FreeOSCertHandle(cert_handle);
   for (size_t i = 0; i < intermediates.size(); ++i)
     FreeOSCertHandle(intermediates[i]);
 
   return cert;
 }
 
 // static
 CertificateList X509Certificate::CreateCertificateListFromBytes(
-    const char* data, int length, int format) {
+    const char* data,
+    int length,
+    int format) {
   OSCertHandles certificates;
 
   // Check to see if it is in a PEM-encoded form. This check is performed
   // first, as both OS X and NSS will both try to convert if they detect
   // PEM encoding, except they don't do it consistently between the two.
   base::StringPiece data_string(data, length);
   std::vector<std::string> pem_headers;
 
   // To maintain compatibility with NSS/Firefox, CERTIFICATE is a universally
   // valid PEM block header for any format.
@@ skipping 13 matching lines @@
       // also be DER encoded certificates wrapped inside of PEM blocks.
       format = FORMAT_PEM_CERT_SEQUENCE;
       certificates.push_back(handle);
       continue;
     }
 
     // If the first block failed to parse as a DER certificate, and
     // formats other than PEM are acceptable, check to see if the decoded
     // data is one of the accepted formats.
     if (format & ~FORMAT_PEM_CERT_SEQUENCE) {
-      for (size_t i = 0; certificates.empty() &&
-           i < arraysize(kFormatDecodePriority); ++i) {
+      for (size_t i = 0;
+           certificates.empty() && i < arraysize(kFormatDecodePriority);
+           ++i) {
         if (format & kFormatDecodePriority[i]) {
-          certificates = CreateOSCertHandlesFromBytes(decoded.c_str(),
-              decoded.size(), kFormatDecodePriority[i]);
+          certificates = CreateOSCertHandlesFromBytes(
+              decoded.c_str(), decoded.size(), kFormatDecodePriority[i]);
         }
       }
     }
 
     // Stop parsing after the first block for any format but a sequence of
     // PEM-encoded DER certificates. The case of FORMAT_PEM_CERT_SEQUENCE
     // is handled above, and continues processing until a certificate fails
     // to parse.
     break;
   }
 
   // Try each of the formats, in order of parse preference, to see if |data|
   // contains the binary representation of a Format, if it failed to parse
   // as a PEM certificate/chain.
-  for (size_t i = 0; certificates.empty() &&
-       i < arraysize(kFormatDecodePriority); ++i) {
+  for (size_t i = 0;
+       certificates.empty() && i < arraysize(kFormatDecodePriority);
+       ++i) {
     if (format & kFormatDecodePriority[i])
-      certificates = CreateOSCertHandlesFromBytes(data, length,
-                                                  kFormatDecodePriority[i]);
+      certificates =
+          CreateOSCertHandlesFromBytes(data, length, kFormatDecodePriority[i]);
   }
 
   CertificateList results;
   // No certificates parsed.
   if (certificates.empty())
     return results;
 
   for (OSCertHandles::iterator it = certificates.begin();
-       it != certificates.end(); ++it) {
+       it != certificates.end();
+       ++it) {
     X509Certificate* result = CreateFromHandle(*it, OSCertHandles());
     results.push_back(scoped_refptr<X509Certificate>(result));
     FreeOSCertHandle(*it);
   }
 
   return results;
 }
 
 void X509Certificate::Persist(Pickle* pickle) {
   DCHECK(cert_handle_);
   // This would be an absolutely insane number of intermediates.
   if (intermediate_ca_certs_.size() > static_cast<size_t>(INT_MAX) - 1) {
     NOTREACHED();
     return;
   }
-  if (!pickle->WriteInt(
-          static_cast<int>(intermediate_ca_certs_.size() + 1)) ||
+  if (!pickle->WriteInt(static_cast<int>(intermediate_ca_certs_.size() + 1)) ||
       !WriteOSCertHandleToPickle(cert_handle_, pickle)) {
     NOTREACHED();
     return;
   }
   for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) {
     if (!WriteOSCertHandleToPickle(intermediate_ca_certs_[i], pickle)) {
       NOTREACHED();
       return;
     }
   }
@@ skipping 21 matching lines @@
     const std::vector<std::string>& cert_san_ip_addrs,
     bool* common_name_fallback_used) {
   DCHECK(!hostname.empty());
   // Perform name verification following http://tools.ietf.org/html/rfc6125.
   // The terminology used in this method is as per that RFC:-
   // Reference identifier == the host the local user/agent is intending to
   //                         access, i.e. the thing displayed in the URL bar.
   // Presented identifier(s) == name(s) the server knows itself as, in its cert.
 
   // CanonicalizeHost requires surrounding brackets to parse an IPv6 address.
-  const std::string host_or_ip = hostname.find(':') != std::string::npos ?
-      "[" + hostname + "]" : hostname;
+  const std::string host_or_ip =
+      hostname.find(':') != std::string::npos ? "[" + hostname + "]" : hostname;
   url::CanonHostInfo host_info;
   std::string reference_name = CanonicalizeHost(host_or_ip, &host_info);
   // CanonicalizeHost does not normalize absolute vs relative DNS names. If
   // the input name was absolute (included trailing .), normalize it as if it
   // was relative.
   if (!reference_name.empty() && *reference_name.rbegin() == '.')
     reference_name.resize(reference_name.size() - 1);
   if (reference_name.empty())
     return false;
 
   // Allow fallback to Common name matching?
-  const bool common_name_fallback = cert_san_dns_names.empty() &&
-                                    cert_san_ip_addrs.empty();
+  const bool common_name_fallback =
+      cert_san_dns_names.empty() && cert_san_ip_addrs.empty();
   *common_name_fallback_used = common_name_fallback;
 
   // Fully handle all cases where |hostname| contains an IP address.
   if (host_info.IsIPAddress()) {
     if (common_name_fallback && host_info.family == url::CanonHostInfo::IPV4) {
       // Fallback to Common name matching. As this is deprecated and only
       // supported for compatibility refuse it for IPv6 addresses.
       return reference_name == cert_common_name;
     }
     base::StringPiece ip_addr_string(
         reinterpret_cast<const char*>(host_info.address),
         host_info.AddressLength());
-    return std::find(cert_san_ip_addrs.begin(), cert_san_ip_addrs.end(),
+    return std::find(cert_san_ip_addrs.begin(),
+                     cert_san_ip_addrs.end(),
                      ip_addr_string) != cert_san_ip_addrs.end();
   }
 
   // |reference_domain| is the remainder of |host| after the leading host
   // component is stripped off, but includes the leading dot e.g.
   // "www.f.com" -> ".f.com".
   // If there is no meaningful domain part to |host| (e.g. it contains no dots)
   // then |reference_domain| will be empty.
   base::StringPiece reference_host, reference_domain;
   SplitOnChar(reference_name, '.', &reference_host, &reference_domain);
   bool allow_wildcards = false;
   if (!reference_domain.empty()) {
     DCHECK(reference_domain.starts_with("."));
 
     // Do not allow wildcards for public/ICANN registry controlled domains -
     // that is, prevent *.com or *.co.uk as valid presented names, but do not
     // prevent *.appspot.com (a private registry controlled domain).
     // In addition, unknown top-level domains (such as 'intranet' domains or
     // new TLDs/gTLDs not yet added to the registry controlled domain dataset)
     // are also implicitly prevented.
     // Because |reference_domain| must contain at least one name component that
     // is not registry controlled, this ensures that all reference domains
     // contain at least three domain components when using wildcards.
-    size_t registry_length =
-        registry_controlled_domains::GetRegistryLength(
-            reference_name,
-            registry_controlled_domains::INCLUDE_UNKNOWN_REGISTRIES,
-            registry_controlled_domains::EXCLUDE_PRIVATE_REGISTRIES);
+    size_t registry_length = registry_controlled_domains::GetRegistryLength(
+        reference_name,
+        registry_controlled_domains::INCLUDE_UNKNOWN_REGISTRIES,
+        registry_controlled_domains::EXCLUDE_PRIVATE_REGISTRIES);
 
     // Because |reference_name| was already canonicalized, the following
     // should never happen.
     CHECK_NE(std::string::npos, registry_length);
 
     // Account for the leading dot in |reference_domain|.
     bool is_registry_controlled =
         registry_length != 0 &&
         registry_length == (reference_domain.size() - 1);
 
@@ skipping 10 matching lines @@
   std::vector<std::string> common_name_as_vector;
   const std::vector<std::string>* presented_names = &cert_san_dns_names;
   if (common_name_fallback) {
     // Note: there's a small possibility cert_common_name is an international
     // domain name in non-standard encoding (e.g. UTF8String or BMPString
     // instead of A-label). As common name fallback is deprecated we're not
     // doing anything specific to deal with this.
     common_name_as_vector.push_back(cert_common_name);
     presented_names = &common_name_as_vector;
   }
-  for (std::vector<std::string>::const_iterator it =
-           presented_names->begin();
-       it != presented_names->end(); ++it) {
+  for (std::vector<std::string>::const_iterator it = presented_names->begin();
+       it != presented_names->end();
+       ++it) {
     // Catch badly corrupt cert names up front.
     if (it->empty() || it->find('\0') != std::string::npos) {
       DVLOG(1) << "Bad name in cert: " << *it;
       continue;
     }
     std::string presented_name(StringToLowerASCII(*it));
 
     // Remove trailing dot, if any.
     if (*presented_name.rbegin() == '.')
       presented_name.resize(presented_name.length() - 1);
@@ skipping 31 matching lines @@
         reference_host.ends_with(pattern_end))
       return true;
   }
   return false;
 }
 
 bool X509Certificate::VerifyNameMatch(const std::string& hostname,
                                       bool* common_name_fallback_used) const {
   std::vector<std::string> dns_names, ip_addrs;
   GetSubjectAltName(&dns_names, &ip_addrs);
-  return VerifyHostname(hostname, subject_.common_name, dns_names, ip_addrs,
+  return VerifyHostname(hostname,
+                        subject_.common_name,
+                        dns_names,
+                        ip_addrs,
                         common_name_fallback_used);
 }
 
 // static
 bool X509Certificate::GetPEMEncodedFromDER(const std::string& der_encoded,
                                            std::string* pem_encoded) {
   if (der_encoded.empty())
     return false;
   std::string b64_encoded;
   base::Base64Encode(der_encoded, &b64_encoded);
@@ skipping 59 matching lines @@
     RemoveFromCache(cert_handle_);
     FreeOSCertHandle(cert_handle_);
   }
   for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) {
     RemoveFromCache(intermediate_ca_certs_[i]);
     FreeOSCertHandle(intermediate_ca_certs_[i]);
   }
 }
 
 }  // namespace net