| Index: net/ocsp/nss_ocsp.cc
|
| diff --git a/net/ocsp/nss_ocsp.cc b/net/ocsp/nss_ocsp.cc
|
| index 33d1933f348ebbae152f5f5be3404e5f7e82958d..e31891d076cc4be584cd4b5e8082e7ff8cc0456d 100644
|
| --- a/net/ocsp/nss_ocsp.cc
|
| +++ b/net/ocsp/nss_ocsp.cc
|
| @@ -107,9 +107,9 @@ class OCSPIOLoop {
|
| void CancelAllRequests();
|
|
|
| mutable base::Lock lock_;
|
| - bool shutdown_; // Protected by |lock_|.
|
| + bool shutdown_; // Protected by |lock_|.
|
| std::set<OCSPRequestSession*> requests_; // Protected by |lock_|.
|
| - bool used_; // Protected by |lock_|.
|
| + bool used_; // Protected by |lock_|.
|
| // This should not be modified after |used_|.
|
| base::MessageLoopForIO* io_loop_; // Protected by |lock_|.
|
| base::ThreadChecker thread_checker_;
|
| @@ -117,8 +117,8 @@ class OCSPIOLoop {
|
| DISALLOW_COPY_AND_ASSIGN(OCSPIOLoop);
|
| };
|
|
|
| -base::LazyInstance<OCSPIOLoop>::Leaky
|
| - g_ocsp_io_loop = LAZY_INSTANCE_INITIALIZER;
|
| +base::LazyInstance<OCSPIOLoop>::Leaky g_ocsp_io_loop =
|
| + LAZY_INSTANCE_INITIALIZER;
|
|
|
| const int kRecvBufferSize = 4096;
|
|
|
| @@ -126,10 +126,11 @@ const int kRecvBufferSize = 4096;
|
| // CertVerifier's thread (i.e. worker pool, not on the I/O thread).
|
| // It supports blocking mode only.
|
|
|
| -SECStatus OCSPCreateSession(const char* host, PRUint16 portnum,
|
| +SECStatus OCSPCreateSession(const char* host,
|
| + PRUint16 portnum,
|
| SEC_HTTP_SERVER_SESSION* pSession);
|
| SECStatus OCSPKeepAliveSession(SEC_HTTP_SERVER_SESSION session,
|
| - PRPollDesc **pPollDesc);
|
| + PRPollDesc** pPollDesc);
|
| SECStatus OCSPFreeSession(SEC_HTTP_SERVER_SESSION session);
|
|
|
| SECStatus OCSPCreate(SEC_HTTP_SERVER_SESSION session,
|
| @@ -154,7 +155,7 @@ SECStatus OCSPTrySendAndReceive(SEC_HTTP_REQUEST_SESSION request,
|
| PRUint32* http_response_data_len);
|
| SECStatus OCSPFree(SEC_HTTP_REQUEST_SESSION request);
|
|
|
| -char* GetAlternateOCSPAIAInfo(CERTCertificate *cert);
|
| +char* GetAlternateOCSPAIAInfo(CERTCertificate* cert);
|
|
|
| class OCSPNSSInitialization {
|
| private:
|
| @@ -193,7 +194,8 @@ class OCSPRequestSession
|
| io_loop_(NULL),
|
| finished_(false) {}
|
|
|
| - void SetPostData(const char* http_data, PRUint32 http_data_len,
|
| + void SetPostData(const char* http_data,
|
| + PRUint32 http_data_len,
|
| const char* http_content_type) {
|
| // |upload_content_| should not be modified if |request_| is active.
|
| DCHECK(!request_);
|
| @@ -202,8 +204,7 @@ class OCSPRequestSession
|
| }
|
|
|
| void AddHeader(const char* http_header_name, const char* http_header_value) {
|
| - extra_request_headers_.SetHeader(http_header_name,
|
| - http_header_value);
|
| + extra_request_headers_.SetHeader(http_header_name, http_header_value);
|
| }
|
|
|
| void Start() {
|
| @@ -212,13 +213,10 @@ class OCSPRequestSession
|
| // set only in StartURLRequest, so no need to lock |lock_| here.
|
| DCHECK(!io_loop_);
|
| g_ocsp_io_loop.Get().PostTaskToIOLoop(
|
| - FROM_HERE,
|
| - base::Bind(&OCSPRequestSession::StartURLRequest, this));
|
| + FROM_HERE, base::Bind(&OCSPRequestSession::StartURLRequest, this));
|
| }
|
|
|
| - bool Started() const {
|
| - return request_ != NULL;
|
| - }
|
| + bool Started() const { return request_ != NULL; }
|
|
|
| void Cancel() {
|
| // IO thread may set |io_loop_| to NULL, so protect by |lock_|.
|
| @@ -250,17 +248,13 @@ class OCSPRequestSession
|
| return finished_;
|
| }
|
|
|
| - const GURL& url() const {
|
| - return url_;
|
| - }
|
| + const GURL& url() const { return url_; }
|
|
|
| const std::string& http_request_method() const {
|
| return http_request_method_;
|
| }
|
|
|
| - base::TimeDelta timeout() const {
|
| - return timeout_;
|
| - }
|
| + base::TimeDelta timeout() const { return timeout_; }
|
|
|
| PRUint16 http_response_code() const {
|
| DCHECK(finished_);
|
| @@ -309,8 +303,7 @@ class OCSPRequestSession
|
| OnReadCompleted(request_, bytes_read);
|
| }
|
|
|
| - virtual void OnReadCompleted(URLRequest* request,
|
| - int bytes_read) OVERRIDE {
|
| + virtual void OnReadCompleted(URLRequest* request, int bytes_read) OVERRIDE {
|
| DCHECK_EQ(request, request_);
|
| DCHECK_EQ(base::MessageLoopForIO::current(), io_loop_);
|
|
|
| @@ -374,8 +367,7 @@ class OCSPRequestSession
|
| lock_.AssertAcquired();
|
| if (io_loop_) {
|
| io_loop_->PostTask(
|
| - FROM_HERE,
|
| - base::Bind(&OCSPRequestSession::CancelURLRequest, this));
|
| + FROM_HERE, base::Bind(&OCSPRequestSession::CancelURLRequest, this));
|
| }
|
| }
|
|
|
| @@ -408,8 +400,8 @@ class OCSPRequestSession
|
| DCHECK(!upload_content_type_.empty());
|
|
|
| request_->set_method("POST");
|
| - extra_request_headers_.SetHeader(
|
| - HttpRequestHeaders::kContentType, upload_content_type_);
|
| + extra_request_headers_.SetHeader(HttpRequestHeaders::kContentType,
|
| + upload_content_type_);
|
|
|
| scoped_ptr<UploadElementReader> reader(new UploadBytesElementReader(
|
| upload_content_.data(), upload_content_.size()));
|
| @@ -423,10 +415,10 @@ class OCSPRequestSession
|
| AddRef(); // Release after |request_| deleted.
|
| }
|
|
|
| - GURL url_; // The URL we eventually wound up at
|
| + GURL url_; // The URL we eventually wound up at
|
| std::string http_request_method_;
|
| - base::TimeDelta timeout_; // The timeout for OCSP
|
| - URLRequest* request_; // The actual request this wraps
|
| + base::TimeDelta timeout_; // The timeout for OCSP
|
| + URLRequest* request_; // The actual request this wraps
|
| scoped_refptr<IOBuffer> buffer_; // Read buffer
|
| HttpRequestHeaders extra_request_headers_;
|
|
|
| @@ -434,10 +426,10 @@ class OCSPRequestSession
|
| std::string upload_content_;
|
| std::string upload_content_type_; // MIME type of POST payload
|
|
|
| - int response_code_; // HTTP status code for the request
|
| + int response_code_; // HTTP status code for the request
|
| std::string response_content_type_;
|
| scoped_refptr<HttpResponseHeaders> response_headers_;
|
| - std::string data_; // Results of the request
|
| + std::string data_; // Results of the request
|
|
|
| // |lock_| protects |finished_| and |io_loop_|.
|
| mutable base::Lock lock_;
|
| @@ -468,11 +460,10 @@ class OCSPServerSession {
|
| return NULL;
|
| }
|
|
|
| - std::string url_string(base::StringPrintf(
|
| - "%s://%s%s",
|
| - http_protocol_variant,
|
| - host_and_port_.ToString().c_str(),
|
| - path_and_query_string));
|
| + std::string url_string(base::StringPrintf("%s://%s%s",
|
| + http_protocol_variant,
|
| + host_and_port_.ToString().c_str(),
|
| + path_and_query_string));
|
| VLOG(1) << "URL [" << url_string << "]";
|
| GURL url(url_string);
|
|
|
| @@ -485,17 +476,13 @@ class OCSPServerSession {
|
| return new OCSPRequestSession(url, http_request_method, actual_timeout);
|
| }
|
|
|
| -
|
| private:
|
| HostPortPair host_and_port_;
|
|
|
| DISALLOW_COPY_AND_ASSIGN(OCSPServerSession);
|
| };
|
|
|
| -OCSPIOLoop::OCSPIOLoop()
|
| - : shutdown_(false),
|
| - used_(false),
|
| - io_loop_(NULL) {
|
| +OCSPIOLoop::OCSPIOLoop() : shutdown_(false), used_(false), io_loop_(NULL) {
|
| }
|
|
|
| OCSPIOLoop::~OCSPIOLoop() {
|
| @@ -532,8 +519,8 @@ void OCSPIOLoop::Shutdown() {
|
| pthread_mutex_unlock(&g_request_context_lock);
|
| }
|
|
|
| -void OCSPIOLoop::PostTaskToIOLoop(
|
| - const tracked_objects::Location& from_here, const base::Closure& task) {
|
| +void OCSPIOLoop::PostTaskToIOLoop(const tracked_objects::Location& from_here,
|
| + const base::Closure& task) {
|
| base::AutoLock autolock(lock_);
|
| if (io_loop_)
|
| io_loop_->PostTask(from_here, task);
|
| @@ -567,7 +554,7 @@ OCSPNSSInitialization::OCSPNSSInitialization() {
|
| // set an NSS/NSPR error code when they fail. Otherwise NSS will get the
|
| // residual error code from an earlier failed function call.
|
| client_fcn_.version = 1;
|
| - SEC_HttpClientFcnV1Struct *ft = &client_fcn_.fcnTable.ftable1;
|
| + SEC_HttpClientFcnV1Struct* ft = &client_fcn_.fcnTable.ftable1;
|
| ft->createSessionFcn = OCSPCreateSession;
|
| ft->keepAliveSessionFcn = OCSPKeepAliveSession;
|
| ft->freeSessionFcn = OCSPFreeSession;
|
| @@ -588,8 +575,8 @@ OCSPNSSInitialization::OCSPNSSInitialization() {
|
| // By using OCSP for those certificates, which don't have AIA extensions,
|
| // we can work around these bugs. See http://crbug.com/41730.
|
| CERT_StringFromCertFcn old_callback = NULL;
|
| - status = CERT_RegisterAlternateOCSPAIAInfoCallBack(
|
| - GetAlternateOCSPAIAInfo, &old_callback);
|
| + status = CERT_RegisterAlternateOCSPAIAInfoCallBack(GetAlternateOCSPAIAInfo,
|
| + &old_callback);
|
| if (status == SECSuccess) {
|
| DCHECK(!old_callback);
|
| } else {
|
| @@ -604,10 +591,10 @@ OCSPNSSInitialization::~OCSPNSSInitialization() {
|
| }
|
| }
|
|
|
| -
|
| // OCSP Http Client functions.
|
| // Our Http Client functions operate in blocking mode.
|
| -SECStatus OCSPCreateSession(const char* host, PRUint16 portnum,
|
| +SECStatus OCSPCreateSession(const char* host,
|
| + PRUint16 portnum,
|
| SEC_HTTP_SERVER_SESSION* pSession) {
|
| VLOG(1) << "OCSP create session: host=" << host << " port=" << portnum;
|
| pthread_mutex_lock(&g_request_context_lock);
|
| @@ -627,7 +614,7 @@ SECStatus OCSPCreateSession(const char* host, PRUint16 portnum,
|
| }
|
|
|
| SECStatus OCSPKeepAliveSession(SEC_HTTP_SERVER_SESSION session,
|
| - PRPollDesc **pPollDesc) {
|
| + PRPollDesc** pPollDesc) {
|
| VLOG(1) << "OCSP keep alive";
|
| if (pPollDesc)
|
| *pPollDesc = NULL;
|
| @@ -787,16 +774,14 @@ SECStatus OCSPTrySendAndReceive(SEC_HTTP_REQUEST_SESSION request,
|
| const char* mime_type = "";
|
| if (ok)
|
| mime_type = req->http_response_content_type().c_str();
|
| - bool is_ocsp =
|
| - strcasecmp(mime_type, "application/ocsp-response") == 0;
|
| + bool is_ocsp = strcasecmp(mime_type, "application/ocsp-response") == 0;
|
| bool is_crl = strcasecmp(mime_type, "application/x-pkcs7-crl") == 0 ||
|
| strcasecmp(mime_type, "application/x-x509-crl") == 0 ||
|
| strcasecmp(mime_type, "application/pkix-crl") == 0;
|
| - bool is_cert =
|
| - strcasecmp(mime_type, "application/x-x509-ca-cert") == 0 ||
|
| - strcasecmp(mime_type, "application/x-x509-server-cert") == 0 ||
|
| - strcasecmp(mime_type, "application/pkix-cert") == 0 ||
|
| - strcasecmp(mime_type, "application/pkcs7-mime") == 0;
|
| + bool is_cert = strcasecmp(mime_type, "application/x-x509-ca-cert") == 0 ||
|
| + strcasecmp(mime_type, "application/x-x509-server-cert") == 0 ||
|
| + strcasecmp(mime_type, "application/pkix-cert") == 0 ||
|
| + strcasecmp(mime_type, "application/pkcs7-mime") == 0;
|
|
|
| if (!is_cert && !is_crl && !is_ocsp) {
|
| // We didn't get a hint from the MIME type, so do the best that we can.
|
| @@ -839,12 +824,12 @@ SECStatus OCSPTrySendAndReceive(SEC_HTTP_REQUEST_SESSION request,
|
| return SECFailure;
|
| }
|
|
|
| - return OCSPSetResponse(
|
| - req, http_response_code,
|
| - http_response_content_type,
|
| - http_response_headers,
|
| - http_response_data,
|
| - http_response_data_len);
|
| + return OCSPSetResponse(req,
|
| + http_response_code,
|
| + http_response_content_type,
|
| + http_response_headers,
|
| + http_response_data,
|
| + http_response_data_len);
|
| }
|
|
|
| SECStatus OCSPFree(SEC_HTTP_REQUEST_SESSION request) {
|
| @@ -861,32 +846,28 @@ SECStatus OCSPFree(SEC_HTTP_REQUEST_SESSION request) {
|
| //
|
| // There are two CAs with this name. Their key IDs are listed next.
|
| const unsigned char network_solutions_ca_name[] = {
|
| - 0x30, 0x62, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
|
| - 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x21, 0x30, 0x1f, 0x06,
|
| - 0x03, 0x55, 0x04, 0x0a, 0x13, 0x18, 0x4e, 0x65, 0x74, 0x77,
|
| - 0x6f, 0x72, 0x6b, 0x20, 0x53, 0x6f, 0x6c, 0x75, 0x74, 0x69,
|
| - 0x6f, 0x6e, 0x73, 0x20, 0x4c, 0x2e, 0x4c, 0x2e, 0x43, 0x2e,
|
| - 0x31, 0x30, 0x30, 0x2e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
|
| - 0x27, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x20, 0x53,
|
| - 0x6f, 0x6c, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x20, 0x43,
|
| - 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
|
| - 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79
|
| -};
|
| + 0x30, 0x62, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
|
| + 0x02, 0x55, 0x53, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x0a,
|
| + 0x13, 0x18, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x20, 0x53, 0x6f,
|
| + 0x6c, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x20, 0x4c, 0x2e, 0x4c, 0x2e,
|
| + 0x43, 0x2e, 0x31, 0x30, 0x30, 0x2e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
|
| + 0x27, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x20, 0x53, 0x6f, 0x6c,
|
| + 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69,
|
| + 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f,
|
| + 0x72, 0x69, 0x74, 0x79};
|
| const unsigned int network_solutions_ca_name_len = 100;
|
|
|
| // This CA is an intermediate CA, subordinate to UTN-USERFirst-Hardware.
|
| const unsigned char network_solutions_ca_key_id[] = {
|
| - 0x3c, 0x41, 0xe2, 0x8f, 0x08, 0x08, 0xa9, 0x4c, 0x25, 0x89,
|
| - 0x8d, 0x6d, 0xc5, 0x38, 0xd0, 0xfc, 0x85, 0x8c, 0x62, 0x17
|
| -};
|
| + 0x3c, 0x41, 0xe2, 0x8f, 0x08, 0x08, 0xa9, 0x4c, 0x25, 0x89,
|
| + 0x8d, 0x6d, 0xc5, 0x38, 0xd0, 0xfc, 0x85, 0x8c, 0x62, 0x17};
|
| const unsigned int network_solutions_ca_key_id_len = 20;
|
|
|
| // This CA is a root CA. It is also cross-certified by
|
| // UTN-USERFirst-Hardware.
|
| const unsigned char network_solutions_ca_key_id2[] = {
|
| - 0x21, 0x30, 0xc9, 0xfb, 0x00, 0xd7, 0x4e, 0x98, 0xda, 0x87,
|
| - 0xaa, 0x2a, 0xd0, 0xa7, 0x2e, 0xb1, 0x40, 0x31, 0xa7, 0x4c
|
| -};
|
| + 0x21, 0x30, 0xc9, 0xfb, 0x00, 0xd7, 0x4e, 0x98, 0xda, 0x87,
|
| + 0xaa, 0x2a, 0xd0, 0xa7, 0x2e, 0xb1, 0x40, 0x31, 0xa7, 0x4c};
|
| const unsigned int network_solutions_ca_key_id2_len = 20;
|
|
|
| // An entry in our OCSP responder table. |issuer| and |issuer_key_id| are
|
| @@ -894,41 +875,24 @@ const unsigned int network_solutions_ca_key_id2_len = 20;
|
| struct OCSPResponderTableEntry {
|
| SECItem issuer;
|
| SECItem issuer_key_id;
|
| - const char *ocsp_url;
|
| + const char* ocsp_url;
|
| };
|
|
|
| const OCSPResponderTableEntry g_ocsp_responder_table[] = {
|
| - {
|
| - {
|
| - siBuffer,
|
| - const_cast<unsigned char*>(network_solutions_ca_name),
|
| - network_solutions_ca_name_len
|
| - },
|
| - {
|
| - siBuffer,
|
| - const_cast<unsigned char*>(network_solutions_ca_key_id),
|
| - network_solutions_ca_key_id_len
|
| - },
|
| - "http://ocsp.netsolssl.com"
|
| - },
|
| - {
|
| - {
|
| - siBuffer,
|
| - const_cast<unsigned char*>(network_solutions_ca_name),
|
| - network_solutions_ca_name_len
|
| - },
|
| - {
|
| - siBuffer,
|
| - const_cast<unsigned char*>(network_solutions_ca_key_id2),
|
| - network_solutions_ca_key_id2_len
|
| - },
|
| - "http://ocsp.netsolssl.com"
|
| - }
|
| -};
|
| -
|
| -char* GetAlternateOCSPAIAInfo(CERTCertificate *cert) {
|
| + {{siBuffer, const_cast<unsigned char*>(network_solutions_ca_name),
|
| + network_solutions_ca_name_len},
|
| + {siBuffer, const_cast<unsigned char*>(network_solutions_ca_key_id),
|
| + network_solutions_ca_key_id_len},
|
| + "http://ocsp.netsolssl.com"},
|
| + {{siBuffer, const_cast<unsigned char*>(network_solutions_ca_name),
|
| + network_solutions_ca_name_len},
|
| + {siBuffer, const_cast<unsigned char*>(network_solutions_ca_key_id2),
|
| + network_solutions_ca_key_id2_len},
|
| + "http://ocsp.netsolssl.com"}};
|
| +
|
| +char* GetAlternateOCSPAIAInfo(CERTCertificate* cert) {
|
| if (cert && !cert->isRoot && cert->authKeyID) {
|
| - for (unsigned int i=0; i < arraysize(g_ocsp_responder_table); i++) {
|
| + for (unsigned int i = 0; i < arraysize(g_ocsp_responder_table); i++) {
|
| if (SECITEM_CompareItem(&g_ocsp_responder_table[i].issuer,
|
| &cert->derIssuer) == SECEqual &&
|
| SECITEM_CompareItem(&g_ocsp_responder_table[i].issuer_key_id,
|
|
|
Chromium Code Reviews
