diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2018-05-15 10:20:33 +0200 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2018-05-15 10:28:57 +0000 |
commit | d17ea114e5ef69ad5d5d7413280a13e6428098aa (patch) | |
tree | 2c01a75df69f30d27b1432467cfe7c1467a498da /chromium/net/cert_net | |
parent | 8c5c43c7b138c9b4b0bf56d946e61d3bbc111bec (diff) | |
download | qtwebengine-chromium-d17ea114e5ef69ad5d5d7413280a13e6428098aa.tar.gz |
BASELINE: Update Chromium to 67.0.3396.47
Change-Id: Idcb1341782e417561a2473eeecc82642dafda5b7
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
Diffstat (limited to 'chromium/net/cert_net')
-rw-r--r-- | chromium/net/cert_net/cert_net_fetcher_impl_unittest.cc | 4 | ||||
-rw-r--r-- | chromium/net/cert_net/nss_ocsp.cc | 109 | ||||
-rw-r--r-- | chromium/net/cert_net/nss_ocsp.h | 23 | ||||
-rw-r--r-- | chromium/net/cert_net/nss_ocsp_unittest.cc | 10 |
4 files changed, 53 insertions, 93 deletions
diff --git a/chromium/net/cert_net/cert_net_fetcher_impl_unittest.cc b/chromium/net/cert_net/cert_net_fetcher_impl_unittest.cc index 8eec0772d92..e2b4a4c236e 100644 --- a/chromium/net/cert_net/cert_net_fetcher_impl_unittest.cc +++ b/chromium/net/cert_net/cert_net_fetcher_impl_unittest.cc @@ -21,6 +21,7 @@ #include "net/test/embedded_test_server/embedded_test_server.h" #include "net/test/gtest_util.h" #include "net/test/url_request/url_request_hanging_read_job.h" +#include "net/traffic_annotation/network_traffic_annotation_test_helper.h" #include "net/url_request/url_request_filter.h" #include "net/url_request/url_request_job_factory_impl.h" #include "net/url_request/url_request_test_util.h" @@ -52,7 +53,8 @@ class RequestContext : public URLRequestContext { storage_.set_cert_transparency_verifier( std::make_unique<MultiLogCTVerifier>()); storage_.set_ct_policy_enforcer(std::make_unique<CTPolicyEnforcer>()); - storage_.set_proxy_resolution_service(ProxyResolutionService::CreateFixed(no_proxy)); + storage_.set_proxy_resolution_service(ProxyResolutionService::CreateFixed( + ProxyConfigWithAnnotation(no_proxy, TRAFFIC_ANNOTATION_FOR_TESTS))); storage_.set_ssl_config_service(new SSLConfigServiceDefaults); storage_.set_http_server_properties( std::unique_ptr<HttpServerProperties>(new HttpServerPropertiesImpl())); diff --git a/chromium/net/cert_net/nss_ocsp.cc b/chromium/net/cert_net/nss_ocsp.cc index 1926cf6af2b..8325fbdee09 100644 --- a/chromium/net/cert_net/nss_ocsp.cc +++ b/chromium/net/cert_net/nss_ocsp.cc @@ -33,6 +33,7 @@ #include "base/synchronization/lock.h" #include "base/threading/thread_checker.h" #include "base/threading/thread_restrictions.h" +#include "base/threading/thread_task_runner_handle.h" #include "base/time/time.h" #include "net/base/elements_upload_data_stream.h" #include "net/base/host_port_pair.h" @@ -71,8 +72,8 @@ class OCSPIOLoop { void StartUsing() { base::AutoLock autolock(lock_); used_ = true; - io_loop_ = base::MessageLoopForIO::current(); - DCHECK(io_loop_); + DCHECK(base::MessageLoopForIO::IsCurrent()); + io_task_runner_ = base::ThreadTaskRunnerHandle::Get(); } // Called on IO loop. @@ -90,23 +91,6 @@ class OCSPIOLoop { void AddRequest(OCSPRequestSession* request); void RemoveRequest(OCSPRequestSession* request); - // Clears internal state and calls |StartUsing()|. Should be called only in - // the context of testing. - void ReuseForTesting() { - { - base::AutoLock autolock(lock_); - DCHECK(base::MessageLoopForIO::current()); - thread_checker_.DetachFromThread(); - - // CalledOnValidThread is the only available API to reassociate - // thread_checker_ with the current thread. Result ignored intentionally. - ignore_result(thread_checker_.CalledOnValidThread()); - shutdown_ = false; - used_ = false; - } - StartUsing(); - } - private: friend struct base::LazyInstanceTraitsBase<OCSPIOLoop>; @@ -114,12 +98,14 @@ class OCSPIOLoop { void CancelAllRequests(); + // Protects all members below. mutable base::Lock lock_; - bool shutdown_; // Protected by |lock_|. - std::set<OCSPRequestSession*> requests_; // Protected by |lock_|. - bool used_; // Protected by |lock_|. + bool shutdown_; + std::set<OCSPRequestSession*> requests_; + bool used_; // This should not be modified after |used_|. - base::MessageLoopForIO* io_loop_; // Protected by |lock_|. + scoped_refptr<base::SingleThreadTaskRunner> io_task_runner_; + base::ThreadChecker thread_checker_; DISALLOW_COPY_AND_ASSIGN(OCSPIOLoop); @@ -199,7 +185,6 @@ class OCSPRequestSession buffer_(new IOBuffer(kRecvBufferSize)), response_code_(-1), cv_(&lock_), - io_loop_(NULL), finished_(false) {} void SetPostData(const char* http_data, PRUint32 http_data_len, @@ -217,9 +202,9 @@ class OCSPRequestSession void Start() { // At this point, it runs on worker thread. - // |io_loop_| was initialized to be NULL in constructor, and - // set only in StartURLRequest, so no need to lock |lock_| here. - DCHECK(!io_loop_); + // |io_task_runner_| is only initialized in StartURLRequest, so no need to + // lock |lock_| here. + DCHECK(!io_task_runner_); g_ocsp_io_loop.Get().PostTaskToIOLoop( FROM_HERE, base::Bind(&OCSPRequestSession::StartURLRequest, this)); @@ -230,7 +215,7 @@ class OCSPRequestSession } void Cancel() { - // IO thread may set |io_loop_| to NULL, so protect by |lock_|. + // IO thread may reset |io_task_runner_|, so protect by |lock_|. base::AutoLock autolock(lock_); CancelLocked(); } @@ -295,7 +280,7 @@ class OCSPRequestSession const RedirectInfo& redirect_info, bool* defer_redirect) override { DCHECK_EQ(request_.get(), request); - DCHECK_EQ(base::MessageLoopForIO::current(), io_loop_); + DCHECK(io_task_runner_->BelongsToCurrentThread()); if (!redirect_info.new_url.SchemeIs("http")) { // Prevent redirects to non-HTTP schemes, including HTTPS. This matches @@ -306,7 +291,7 @@ class OCSPRequestSession void OnResponseStarted(URLRequest* request, int net_error) override { DCHECK_EQ(request_.get(), request); - DCHECK_EQ(base::MessageLoopForIO::current(), io_loop_); + DCHECK(io_task_runner_->BelongsToCurrentThread()); DCHECK_NE(ERR_IO_PENDING, net_error); int bytes_read = 0; @@ -321,7 +306,7 @@ class OCSPRequestSession void OnReadCompleted(URLRequest* request, int bytes_read) override { DCHECK_EQ(request_.get(), request); - DCHECK_EQ(base::MessageLoopForIO::current(), io_loop_); + DCHECK(io_task_runner_->BelongsToCurrentThread()); while (bytes_read > 0) { data_.append(buffer_->data(), bytes_read); @@ -334,7 +319,7 @@ class OCSPRequestSession { base::AutoLock autolock(lock_); finished_ = true; - io_loop_ = NULL; + io_task_runner_ = nullptr; } cv_.Signal(); Release(); // Balanced with StartURLRequest(). @@ -346,8 +331,8 @@ class OCSPRequestSession #ifndef NDEBUG { base::AutoLock autolock(lock_); - if (io_loop_) - DCHECK_EQ(base::MessageLoopForIO::current(), io_loop_); + if (io_task_runner_) + DCHECK(io_task_runner_->BelongsToCurrentThread()); } #endif if (request_) { @@ -356,7 +341,7 @@ class OCSPRequestSession { base::AutoLock autolock(lock_); finished_ = true; - io_loop_ = NULL; + io_task_runner_ = nullptr; } cv_.Signal(); Release(); // Balanced with StartURLRequest(). @@ -371,14 +356,14 @@ class OCSPRequestSession // a reference to this object, and so that thread doesn't need to lock // |lock_| here. DCHECK(!request_); - DCHECK(!io_loop_); + DCHECK(!io_task_runner_); } // Must call this method while holding |lock_|. void CancelLocked() { lock_.AssertAcquired(); - if (io_loop_) { - io_loop_->task_runner()->PostTask( + if (io_task_runner_) { + io_task_runner_->PostTask( FROM_HERE, base::Bind(&OCSPRequestSession::CancelURLRequest, this)); } } @@ -396,8 +381,9 @@ class OCSPRequestSession { base::AutoLock autolock(lock_); - DCHECK(!io_loop_); - io_loop_ = base::MessageLoopForIO::current(); + DCHECK(!io_task_runner_); + DCHECK(base::MessageLoopForIO::IsCurrent()); + io_task_runner_ = base::ThreadTaskRunnerHandle::Get(); g_ocsp_io_loop.Get().AddRequest(this); } @@ -463,11 +449,13 @@ class OCSPRequestSession scoped_refptr<HttpResponseHeaders> response_headers_; std::string data_; // Results of the request - // |lock_| protects |finished_| and |io_loop_|. + // |lock_| protects |finished_| and |io_task_runner_|. mutable base::Lock lock_; base::ConditionVariable cv_; - base::MessageLoop* io_loop_; // Message loop of the IO thread + // TaskRunner for the IO thread. Set when StartURLRequest() is invoked (on the + // IO thread). + scoped_refptr<base::SingleThreadTaskRunner> io_task_runner_; bool finished_; DISALLOW_COPY_AND_ASSIGN(OCSPRequestSession); @@ -518,18 +506,17 @@ class OCSPServerSession { OCSPIOLoop::OCSPIOLoop() : shutdown_(false), - used_(false), - io_loop_(NULL) { + used_(false) { } void OCSPIOLoop::Shutdown() { // Safe to read outside lock since we only write on IO thread anyway. DCHECK(thread_checker_.CalledOnValidThread()); - // Prevent the worker thread from trying to access |io_loop_|. + // Prevent the worker thread from trying to access |io_task_runner_|. { base::AutoLock autolock(lock_); - io_loop_ = NULL; + io_task_runner_ = nullptr; used_ = false; shutdown_ = true; } @@ -544,8 +531,8 @@ void OCSPIOLoop::Shutdown() { void OCSPIOLoop::PostTaskToIOLoop(const base::Location& from_here, const base::Closure& task) { base::AutoLock autolock(lock_); - if (io_loop_) - io_loop_->task_runner()->PostTask(from_here, task); + if (io_task_runner_) + io_task_runner_->PostTask(from_here, task); } void OCSPIOLoop::AddRequest(OCSPRequestSession* request) { @@ -862,30 +849,10 @@ char* GetAlternateOCSPAIAInfo(CERTCertificate *cert) { } // anonymous namespace -void SetMessageLoopForNSSHttpIO() { - // Must have a MessageLoopForIO. - DCHECK(base::MessageLoopForIO::current()); - - bool used = g_ocsp_io_loop.Get().used(); - - // Should not be called when g_ocsp_io_loop has already been used. - DCHECK(!used); -} - void EnsureNSSHttpIOInit() { - g_ocsp_io_loop.Get().StartUsing(); g_ocsp_nss_initialization.Get(); } -void ShutdownNSSHttpIO() { - g_ocsp_io_loop.Get().Shutdown(); -} - -void ResetNSSHttpIOForTesting() { - g_ocsp_io_loop.Get().ReuseForTesting(); -} - -// This function would be called before NSS initialization. void SetURLRequestContextForNSSHttpIO(URLRequestContext* request_context) { pthread_mutex_lock(&g_request_context_lock); if (request_context) { @@ -893,6 +860,12 @@ void SetURLRequestContextForNSSHttpIO(URLRequestContext* request_context) { } g_request_context = request_context; pthread_mutex_unlock(&g_request_context_lock); + + if (request_context) { + g_ocsp_io_loop.Get().StartUsing(); + } else { + g_ocsp_io_loop.Get().Shutdown(); + } } } // namespace net diff --git a/chromium/net/cert_net/nss_ocsp.h b/chromium/net/cert_net/nss_ocsp.h index a422cb22e5a..2429f41a00a 100644 --- a/chromium/net/cert_net/nss_ocsp.h +++ b/chromium/net/cert_net/nss_ocsp.h @@ -11,26 +11,13 @@ namespace net { class URLRequestContext; -// Sets the MessageLoop for NSS's HTTP client functions (i.e. OCSP, CA -// certificate and CRL fetches) to the current message loop. This should be -// called before EnsureNSSHttpIOInit() if you want to control the message loop. -NET_EXPORT void SetMessageLoopForNSSHttpIO(); - -// Initializes HTTP client functions for NSS. This must be called before any -// certificate verification functions. This function is thread-safe, and HTTP -// handlers will only ever be initialized once. ShutdownNSSHttpIO() must be -// called on shutdown. +// Initializes HTTP client functions for NSS. This function is thread-safe, +// and HTTP handlers will only ever be initialized once. NET_EXPORT void EnsureNSSHttpIOInit(); -// This should be called once on shutdown to stop issuing URLRequests for NSS -// related HTTP fetches. -NET_EXPORT void ShutdownNSSHttpIO(); - -// Can be called after a call to |ShutdownNSSHttpIO()| to reset internal state -// and associate it with the current thread. -NET_EXPORT void ResetNSSHttpIOForTesting(); - -// Sets the URLRequestContext for HTTP requests issued by NSS. +// Sets the URLRequestContext and MessageLoop for HTTP requests issued by NSS +// (i.e. OCSP, CA certificate and CRL fetches). Must be called again with +// |request_context|=nullptr before the URLRequestContext is destroyed. NET_EXPORT void SetURLRequestContextForNSSHttpIO( URLRequestContext* request_context); diff --git a/chromium/net/cert_net/nss_ocsp_unittest.cc b/chromium/net/cert_net/nss_ocsp_unittest.cc index 45004f55dca..b4c5947a24b 100644 --- a/chromium/net/cert_net/nss_ocsp_unittest.cc +++ b/chromium/net/cert_net/nss_ocsp_unittest.cc @@ -102,11 +102,10 @@ class NssHttpTest : public ::testing::Test { std::move(handler)); SetURLRequestContextForNSSHttpIO(&context_); - EnsureNSSHttpIOInit(); } void TearDown() override { - ShutdownNSSHttpIO(); + SetURLRequestContextForNSSHttpIO(nullptr); if (handler_) URLRequestFilter::GetInstance()->RemoveHostnameHandler("http", kAiaHost); @@ -130,9 +129,8 @@ class NssHttpTest : public ::testing::Test { std::unique_ptr<CertVerifier> verifier_; }; -// Tests that when using NSS to verify certificates, and IO is enabled, -// that a request to fetch missing intermediate certificates is -// made successfully. +// Tests that when using NSS to verify certificates that a request to fetch +// missing intermediate certificates is made successfully. TEST_F(NssHttpTest, TestAia) { scoped_refptr<X509Certificate> test_cert( ImportCertFromFile(GetTestCertsDirectory(), "aia-cert.pem")); @@ -148,7 +146,7 @@ TEST_F(NssHttpTest, TestAia) { TestCompletionCallback test_callback; std::unique_ptr<CertVerifier::Request> request; - int flags = CertVerifier::VERIFY_CERT_IO_ENABLED; + int flags = 0; int error = verifier()->Verify( CertVerifier::RequestParams(test_cert, "aia-host.invalid", flags, std::string(), CertificateList()), |