net/http/http_util.cc - Issue 425803014: Refactor pooling logic into a helper method

Side by Side Diff: net/http/http_util.cc

Issue 425803014: Refactor pooling logic into a helper method (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Working Created 6 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
	1

1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	2 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	3 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	4 // found in the LICENSE file.

4	5

5 // The rules for parsing content-types were borrowed from Firefox:	6 // The rules for parsing content-types were borrowed from Firefox:

6 // http://lxr.mozilla.org/mozilla/source/netwerk/base/src/nsURLHelper.cpp#834	7 // http://lxr.mozilla.org/mozilla/source/netwerk/base/src/nsURLHelper.cpp#834

7	8

8 #include "net/http/http_util.h"	9 #include "net/http/http_util.h"

9	10

10 #include <algorithm>	11 #include <algorithm>

11	12

12 #include "base/basictypes.h"	13 #include "base/basictypes.h"

13 #include "base/logging.h"	14 #include "base/logging.h"

14 #include "base/strings/string_number_conversions.h"	15 #include "base/strings/string_number_conversions.h"

15 #include "base/strings/string_piece.h"	16 #include "base/strings/string_piece.h"

16 #include "base/strings/string_tokenizer.h"	17 #include "base/strings/string_tokenizer.h"

17 #include "base/strings/string_util.h"	18 #include "base/strings/string_util.h"

18 #include "base/strings/stringprintf.h"	19 #include "base/strings/stringprintf.h"

19 #include "base/time/time.h"	20 #include "base/time/time.h"

20	21 #include "net/cert/cert_verify_result.h"

	22 #include "net/cert/x509_certificate.h"

	23 #include "net/http/transport_security_state.h"

	24 #include "net/ssl/channel_id_service.h"

	25 #include "net/ssl/ssl_info.h"

21	26

22 namespace net {	27 namespace net {

23	28

24 // Helpers --------------------------------------------------------------------	29 // Helpers --------------------------------------------------------------------

25	30

26 // Returns the index of the closing quote of the string, if any. \|start\| points	31 // Returns the index of the closing quote of the string, if any. \|start\| points

27 // at the opening quote.	32 // at the opening quote.

28 static size_t FindStringEnd(const std::string& line, size_t start, char delim) {	33 static size_t FindStringEnd(const std::string& line, size_t start, char delim) {

29 DCHECK_LT(start, line.length());	34 DCHECK_LT(start, line.length());

30 DCHECK_EQ(line[start], delim);	35 DCHECK_EQ(line[start], delim);

(...skipping 702 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
733 }	738 }

734	739

735 // static	740 // static

736 int HttpUtil::MapStatusCodeForHistogram(int code) {	741 int HttpUtil::MapStatusCodeForHistogram(int code) {

737 if (HISTOGRAM_MIN_HTTP_STATUS_CODE <= code &&	742 if (HISTOGRAM_MIN_HTTP_STATUS_CODE <= code &&

738 code <= HISTOGRAM_MAX_HTTP_STATUS_CODE)	743 code <= HISTOGRAM_MAX_HTTP_STATUS_CODE)

739 return code;	744 return code;

740 return 0;	745 return 0;

741 }	746 }

742	747

	748 // static

	749 bool HttpUtil::CanPool(TransportSecurityState* transport_security_state,

	750 const SSLInfo& ssl_info,

	751 const std::string& old_hostname,

	752 const std::string& new_hostname) {

	753 // Pooling is prohibited if the server cert is not valid for the new domain,

	754 // and for connections on which client certs were sent. It is also prohibited

	755 // when channel ID was sent if the hosts are from different eTLDs+1.

	756 bool unused = false;

	757 if (!ssl_info.cert->VerifyNameMatch(new_hostname, &unused))

	758 return false;
	Ryan Sleevi 2014/08/07 18:49:29 You should check this on 771 You should check this on 771 Ryan Hamilton 2014/08/08 19:27:43 Done. (But how come?) Show quoted text On 2014/08/07 18:49:29, Ryan Sleevi wrote: > You should check this on 771 Done. (But how come?) Ryan Sleevi 2014/08/11 19:03:43 Forgot to answer this - verify the cert is trusted Show quoted text On 2014/08/08 19:27:43, Ryan Hamilton wrote: > On 2014/08/07 18:49:29, Ryan Sleevi wrote: > > You should check this on 771 > > Done. (But how come?) Forgot to answer this - verify the cert is trusted/trustworthy before acting upon/processing the parsed data. Avoid hijinks from hostile certs :) Ryan Hamilton 2014/08/12 14:39:06 Oh! Good point. Show quoted text On 2014/08/11 19:03:43, Ryan Sleevi wrote: > On 2014/08/08 19:27:43, Ryan Hamilton wrote: > > On 2014/08/07 18:49:29, Ryan Sleevi wrote: > > > You should check this on 771 > > > > Done. (But how come?) > > Forgot to answer this - verify the cert is trusted/trustworthy before acting > upon/processing the parsed data. Avoid hijinks from hostile certs :) Oh! Good point.
	759

	760 if (IsCertStatusError(ssl_info.cert_status))

	761 return false;

	762

	763 if (ssl_info.client_cert_sent)

	764 return false;

	765

	766 if (ssl_info.channel_id_sent &&

	767 ChannelIDService::GetDomainForHost(new_hostname) !=

	768 ChannelIDService::GetDomainForHost(old_hostname)) {

	769 return false;

	770 }

	771

	772 if (!transport_security_state->VerifyPinning(

	773 ssl_info.public_key_hashes,

	774 ssl_info.is_issued_by_known_root,

	775 /* sni_available= */ true,

	776 new_hostname,

	777 /* pinning_failure_log= */ NULL)) {
	Ryan Sleevi 2014/08/07 18:49:29 1) git-cl-format this (you should be four additio 1) git-cl-format this (you should be four additional* spaces indented) 2) It seems like the style from http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml?showone=Functi... should apply here , which matches a good bit of Chromium That is true, /* sni_available / NULL, / pinning_failure_log / Ryan Hamilton* 2014/08/08 19:27:43 Done. Show quoted text On 2014/08/07 18:49:29, Ryan Sleevi wrote: > 1) git-cl-format this (you should be four additional spaces indented) Done. Show quoted text > 2) It seems like the style from > http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml?showone=Functi... > should apply here , I don't think that part of the style guide applies here, because that is simple commenting out the name of a parameter in the location it would otherwise appear. I think the part of the style guide which is more on point is here, right? http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml?showone=Implem... Show quoted text > which matches a good bit of Chromium > > That is > true, /* sni_available / > NULL, / pinning_failure_log / I'm ok switching to this (or perhaps to "// SNI is available") but I don't love it and I'm curious what you think. The trouble comes with: false, / is_server */ When I read that, I'm always confused if that is saying that is_server is false, or if it is saying that false means that this is a server. (This is particularly trick if the term is something like "success"). That's why I prefer the style with the =. That being said, when in Rome...
	778 return false;

	779 }

	780

	781 return true;

	782 }

	783

743 // BNF from section 4.2 of RFC 2616:	784 // BNF from section 4.2 of RFC 2616:

744 //	785 //

745 // message-header = field-name ":" [ field-value ]	786 // message-header = field-name ":" [ field-value ]

746 // field-name = token	787 // field-name = token

747 // field-value = *( field-content \| LWS )	788 // field-value = *( field-content \| LWS )

748 // field-content = <the OCTETs making up the field-value	789 // field-content = <the OCTETs making up the field-value

749 // and consisting of either *TEXT or combinations	790 // and consisting of either *TEXT or combinations

750 // of token, separators, and quoted-string>	791 // of token, separators, and quoted-string>

751 //	792 //

752	793

(...skipping 145 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
898 value_is_quoted_ = true;	939 value_is_quoted_ = true;

899 // Do not store iterators into this. See declaration of unquoted_value_.	940 // Do not store iterators into this. See declaration of unquoted_value_.

900 unquoted_value_ = HttpUtil::Unquote(value_begin_, value_end_);	941 unquoted_value_ = HttpUtil::Unquote(value_begin_, value_end_);

901 }	942 }

902 }	943 }

903	944

904 return true;	945 return true;

905 }	946 }

906	947

907 } // namespace net	948 } // namespace net

OLD	NEW

« no previous file with comments | « net/http/http_util.h ('k') | net/http/http_util_unittest.cc » ('j') | net/http/http_util_unittest.cc » ('J')