BASELINE: Update Chromium to 67.0.3396.47

Change-Id: Idcb1341782e417561a2473eeecc82642dafda5b7
Reviewed-by: Michal Klocek <michal.klocek@qt.io>

4 files changed, 53 insertions, 93 deletions

diff --git a/chromium/net/cert_net/cert_net_fetcher_impl_unittest.cc b/chromium/net/cert_net/cert_net_fetcher_impl_unittest.cc
index 8eec0772d92..e2b4a4c236e 100644
--- a/chromium/net/cert_net/cert_net_fetcher_impl_unittest.cc
+++ b/chromium/net/cert_net/cert_net_fetcher_impl_unittest.cc
@@ -21,6 +21,7 @@
 #include "net/test/embedded_test_server/embedded_test_server.h"
 #include "net/test/gtest_util.h"
 #include "net/test/url_request/url_request_hanging_read_job.h"
+#include "net/traffic_annotation/network_traffic_annotation_test_helper.h"
 #include "net/url_request/url_request_filter.h"
 #include "net/url_request/url_request_job_factory_impl.h"
 #include "net/url_request/url_request_test_util.h"
@@ -52,7 +53,8 @@ class RequestContext : public URLRequestContext {
     storage_.set_cert_transparency_verifier(
         std::make_unique<MultiLogCTVerifier>());
     storage_.set_ct_policy_enforcer(std::make_unique<CTPolicyEnforcer>());
-    storage_.set_proxy_resolution_service(ProxyResolutionService::CreateFixed(no_proxy));
+    storage_.set_proxy_resolution_service(ProxyResolutionService::CreateFixed(
+        ProxyConfigWithAnnotation(no_proxy, TRAFFIC_ANNOTATION_FOR_TESTS)));
     storage_.set_ssl_config_service(new SSLConfigServiceDefaults);
     storage_.set_http_server_properties(
         std::unique_ptr<HttpServerProperties>(new HttpServerPropertiesImpl()));
diff --git a/chromium/net/cert_net/nss_ocsp.cc b/chromium/net/cert_net/nss_ocsp.cc
index 1926cf6af2b..8325fbdee09 100644
--- a/chromium/net/cert_net/nss_ocsp.cc
+++ b/chromium/net/cert_net/nss_ocsp.cc
@@ -33,6 +33,7 @@
 #include "base/synchronization/lock.h"
 #include "base/threading/thread_checker.h"
 #include "base/threading/thread_restrictions.h"
+#include "base/threading/thread_task_runner_handle.h"
 #include "base/time/time.h"
 #include "net/base/elements_upload_data_stream.h"
 #include "net/base/host_port_pair.h"
@@ -71,8 +72,8 @@ class OCSPIOLoop {
   void StartUsing() {
     base::AutoLock autolock(lock_);
     used_ = true;
-    io_loop_ = base::MessageLoopForIO::current();
-    DCHECK(io_loop_);
+    DCHECK(base::MessageLoopForIO::IsCurrent());
+    io_task_runner_ = base::ThreadTaskRunnerHandle::Get();
   }
 
   // Called on IO loop.
@@ -90,23 +91,6 @@ class OCSPIOLoop {
   void AddRequest(OCSPRequestSession* request);
   void RemoveRequest(OCSPRequestSession* request);
 
-  // Clears internal state and calls |StartUsing()|. Should be called only in
-  // the context of testing.
-  void ReuseForTesting() {
-    {
-      base::AutoLock autolock(lock_);
-      DCHECK(base::MessageLoopForIO::current());
-      thread_checker_.DetachFromThread();
-
-      // CalledOnValidThread is the only available API to reassociate
-      // thread_checker_ with the current thread. Result ignored intentionally.
-      ignore_result(thread_checker_.CalledOnValidThread());
-      shutdown_ = false;
-      used_ = false;
-    }
-    StartUsing();
-  }
-
  private:
   friend struct base::LazyInstanceTraitsBase<OCSPIOLoop>;
 
@@ -114,12 +98,14 @@ class OCSPIOLoop {
 
   void CancelAllRequests();
 
+  // Protects all members below.
   mutable base::Lock lock_;
-  bool shutdown_;  // Protected by |lock_|.
-  std::set<OCSPRequestSession*> requests_;  // Protected by |lock_|.
-  bool used_;  // Protected by |lock_|.
+  bool shutdown_;
+  std::set<OCSPRequestSession*> requests_;
+  bool used_;
   // This should not be modified after |used_|.
-  base::MessageLoopForIO* io_loop_;  // Protected by |lock_|.
+  scoped_refptr<base::SingleThreadTaskRunner> io_task_runner_;
+
   base::ThreadChecker thread_checker_;
 
   DISALLOW_COPY_AND_ASSIGN(OCSPIOLoop);
@@ -199,7 +185,6 @@ class OCSPRequestSession
         buffer_(new IOBuffer(kRecvBufferSize)),
         response_code_(-1),
         cv_(&lock_),
-        io_loop_(NULL),
         finished_(false) {}
 
   void SetPostData(const char* http_data, PRUint32 http_data_len,
@@ -217,9 +202,9 @@ class OCSPRequestSession
 
   void Start() {
     // At this point, it runs on worker thread.
-    // |io_loop_| was initialized to be NULL in constructor, and
-    // set only in StartURLRequest, so no need to lock |lock_| here.
-    DCHECK(!io_loop_);
+    // |io_task_runner_| is only initialized in StartURLRequest, so no need to
+    // lock |lock_| here.
+    DCHECK(!io_task_runner_);
     g_ocsp_io_loop.Get().PostTaskToIOLoop(
         FROM_HERE,
         base::Bind(&OCSPRequestSession::StartURLRequest, this));
@@ -230,7 +215,7 @@ class OCSPRequestSession
   }
 
   void Cancel() {
-    // IO thread may set |io_loop_| to NULL, so protect by |lock_|.
+    // IO thread may reset |io_task_runner_|, so protect by |lock_|.
     base::AutoLock autolock(lock_);
     CancelLocked();
   }
@@ -295,7 +280,7 @@ class OCSPRequestSession
                           const RedirectInfo& redirect_info,
                           bool* defer_redirect) override {
     DCHECK_EQ(request_.get(), request);
-    DCHECK_EQ(base::MessageLoopForIO::current(), io_loop_);
+    DCHECK(io_task_runner_->BelongsToCurrentThread());
 
     if (!redirect_info.new_url.SchemeIs("http")) {
       // Prevent redirects to non-HTTP schemes, including HTTPS. This matches
@@ -306,7 +291,7 @@ class OCSPRequestSession
 
   void OnResponseStarted(URLRequest* request, int net_error) override {
     DCHECK_EQ(request_.get(), request);
-    DCHECK_EQ(base::MessageLoopForIO::current(), io_loop_);
+    DCHECK(io_task_runner_->BelongsToCurrentThread());
     DCHECK_NE(ERR_IO_PENDING, net_error);
 
     int bytes_read = 0;
@@ -321,7 +306,7 @@ class OCSPRequestSession
 
   void OnReadCompleted(URLRequest* request, int bytes_read) override {
     DCHECK_EQ(request_.get(), request);
-    DCHECK_EQ(base::MessageLoopForIO::current(), io_loop_);
+    DCHECK(io_task_runner_->BelongsToCurrentThread());
 
     while (bytes_read > 0) {
       data_.append(buffer_->data(), bytes_read);
@@ -334,7 +319,7 @@ class OCSPRequestSession
       {
         base::AutoLock autolock(lock_);
         finished_ = true;
-        io_loop_ = NULL;
+        io_task_runner_ = nullptr;
       }
       cv_.Signal();
       Release();  // Balanced with StartURLRequest().
@@ -346,8 +331,8 @@ class OCSPRequestSession
 #ifndef NDEBUG
     {
       base::AutoLock autolock(lock_);
-      if (io_loop_)
-        DCHECK_EQ(base::MessageLoopForIO::current(), io_loop_);
+      if (io_task_runner_)
+        DCHECK(io_task_runner_->BelongsToCurrentThread());
     }
 #endif
     if (request_) {
@@ -356,7 +341,7 @@ class OCSPRequestSession
       {
         base::AutoLock autolock(lock_);
         finished_ = true;
-        io_loop_ = NULL;
+        io_task_runner_ = nullptr;
       }
       cv_.Signal();
       Release();  // Balanced with StartURLRequest().
@@ -371,14 +356,14 @@ class OCSPRequestSession
     // a reference to this object, and so that thread doesn't need to lock
     // |lock_| here.
     DCHECK(!request_);
-    DCHECK(!io_loop_);
+    DCHECK(!io_task_runner_);
   }
 
   // Must call this method while holding |lock_|.
   void CancelLocked() {
     lock_.AssertAcquired();
-    if (io_loop_) {
-      io_loop_->task_runner()->PostTask(
+    if (io_task_runner_) {
+      io_task_runner_->PostTask(
           FROM_HERE, base::Bind(&OCSPRequestSession::CancelURLRequest, this));
     }
   }
@@ -396,8 +381,9 @@ class OCSPRequestSession
 
     {
       base::AutoLock autolock(lock_);
-      DCHECK(!io_loop_);
-      io_loop_ = base::MessageLoopForIO::current();
+      DCHECK(!io_task_runner_);
+      DCHECK(base::MessageLoopForIO::IsCurrent());
+      io_task_runner_ = base::ThreadTaskRunnerHandle::Get();
       g_ocsp_io_loop.Get().AddRequest(this);
     }
 
@@ -463,11 +449,13 @@ class OCSPRequestSession
   scoped_refptr<HttpResponseHeaders> response_headers_;
   std::string data_;              // Results of the request
 
-  // |lock_| protects |finished_| and |io_loop_|.
+  // |lock_| protects |finished_| and |io_task_runner_|.
   mutable base::Lock lock_;
   base::ConditionVariable cv_;
 
-  base::MessageLoop* io_loop_;  // Message loop of the IO thread
+  // TaskRunner for the IO thread. Set when StartURLRequest() is invoked (on the
+  // IO thread).
+  scoped_refptr<base::SingleThreadTaskRunner> io_task_runner_;
   bool finished_;
 
   DISALLOW_COPY_AND_ASSIGN(OCSPRequestSession);
@@ -518,18 +506,17 @@ class OCSPServerSession {
 
 OCSPIOLoop::OCSPIOLoop()
     : shutdown_(false),
-      used_(false),
-      io_loop_(NULL) {
+      used_(false) {
 }
 
 void OCSPIOLoop::Shutdown() {
   // Safe to read outside lock since we only write on IO thread anyway.
   DCHECK(thread_checker_.CalledOnValidThread());
 
-  // Prevent the worker thread from trying to access |io_loop_|.
+  // Prevent the worker thread from trying to access |io_task_runner_|.
   {
     base::AutoLock autolock(lock_);
-    io_loop_ = NULL;
+    io_task_runner_ = nullptr;
     used_ = false;
     shutdown_ = true;
   }
@@ -544,8 +531,8 @@ void OCSPIOLoop::Shutdown() {
 void OCSPIOLoop::PostTaskToIOLoop(const base::Location& from_here,
                                   const base::Closure& task) {
   base::AutoLock autolock(lock_);
-  if (io_loop_)
-    io_loop_->task_runner()->PostTask(from_here, task);
+  if (io_task_runner_)
+    io_task_runner_->PostTask(from_here, task);
 }
 
 void OCSPIOLoop::AddRequest(OCSPRequestSession* request) {
@@ -862,30 +849,10 @@ char* GetAlternateOCSPAIAInfo(CERTCertificate *cert) {
 
 }  // anonymous namespace
 
-void SetMessageLoopForNSSHttpIO() {
-  // Must have a MessageLoopForIO.
-  DCHECK(base::MessageLoopForIO::current());
-
-  bool used = g_ocsp_io_loop.Get().used();
-
-  // Should not be called when g_ocsp_io_loop has already been used.
-  DCHECK(!used);
-}
-
 void EnsureNSSHttpIOInit() {
-  g_ocsp_io_loop.Get().StartUsing();
   g_ocsp_nss_initialization.Get();
 }
 
-void ShutdownNSSHttpIO() {
-  g_ocsp_io_loop.Get().Shutdown();
-}
-
-void ResetNSSHttpIOForTesting() {
-  g_ocsp_io_loop.Get().ReuseForTesting();
-}
-
-// This function would be called before NSS initialization.
 void SetURLRequestContextForNSSHttpIO(URLRequestContext* request_context) {
   pthread_mutex_lock(&g_request_context_lock);
   if (request_context) {
@@ -893,6 +860,12 @@ void SetURLRequestContextForNSSHttpIO(URLRequestContext* request_context) {
   }
   g_request_context = request_context;
   pthread_mutex_unlock(&g_request_context_lock);
+
+  if (request_context) {
+    g_ocsp_io_loop.Get().StartUsing();
+  } else {
+    g_ocsp_io_loop.Get().Shutdown();
+  }
 }
 
 }  // namespace net
diff --git a/chromium/net/cert_net/nss_ocsp.h b/chromium/net/cert_net/nss_ocsp.h
index a422cb22e5a..2429f41a00a 100644
--- a/chromium/net/cert_net/nss_ocsp.h
+++ b/chromium/net/cert_net/nss_ocsp.h
@@ -11,26 +11,13 @@ namespace net {
 
 class URLRequestContext;
 
-// Sets the MessageLoop for NSS's HTTP client functions (i.e. OCSP, CA
-// certificate and CRL fetches) to the current message loop.  This should be
-// called before EnsureNSSHttpIOInit() if you want to control the message loop.
-NET_EXPORT void SetMessageLoopForNSSHttpIO();
-
-// Initializes HTTP client functions for NSS.  This must be called before any
-// certificate verification functions.  This function is thread-safe, and HTTP
-// handlers will only ever be initialized once.  ShutdownNSSHttpIO() must be
-// called on shutdown.
+// Initializes HTTP client functions for NSS.  This function is thread-safe,
+// and HTTP handlers will only ever be initialized once.
 NET_EXPORT void EnsureNSSHttpIOInit();
 
-// This should be called once on shutdown to stop issuing URLRequests for NSS
-// related HTTP fetches.
-NET_EXPORT void ShutdownNSSHttpIO();
-
-// Can be called after a call to |ShutdownNSSHttpIO()| to reset internal state
-// and associate it with the current thread.
-NET_EXPORT void ResetNSSHttpIOForTesting();
-
-// Sets the URLRequestContext for HTTP requests issued by NSS.
+// Sets the URLRequestContext and MessageLoop for HTTP requests issued by NSS
+// (i.e. OCSP, CA certificate and CRL fetches).  Must be called again with
+// |request_context|=nullptr before the URLRequestContext is destroyed.
 NET_EXPORT void SetURLRequestContextForNSSHttpIO(
     URLRequestContext* request_context);
 
diff --git a/chromium/net/cert_net/nss_ocsp_unittest.cc b/chromium/net/cert_net/nss_ocsp_unittest.cc
index 45004f55dca..b4c5947a24b 100644
--- a/chromium/net/cert_net/nss_ocsp_unittest.cc
+++ b/chromium/net/cert_net/nss_ocsp_unittest.cc
@@ -102,11 +102,10 @@ class NssHttpTest : public ::testing::Test {
                                                             std::move(handler));
 
     SetURLRequestContextForNSSHttpIO(&context_);
-    EnsureNSSHttpIOInit();
   }
 
   void TearDown() override {
-    ShutdownNSSHttpIO();
+    SetURLRequestContextForNSSHttpIO(nullptr);
 
     if (handler_)
       URLRequestFilter::GetInstance()->RemoveHostnameHandler("http", kAiaHost);
@@ -130,9 +129,8 @@ class NssHttpTest : public ::testing::Test {
   std::unique_ptr<CertVerifier> verifier_;
 };
 
-// Tests that when using NSS to verify certificates, and IO is enabled,
-// that a request to fetch missing intermediate certificates is
-// made successfully.
+// Tests that when using NSS to verify certificates that a request to fetch
+// missing intermediate certificates is made successfully.
 TEST_F(NssHttpTest, TestAia) {
   scoped_refptr<X509Certificate> test_cert(
       ImportCertFromFile(GetTestCertsDirectory(), "aia-cert.pem"));
@@ -148,7 +146,7 @@ TEST_F(NssHttpTest, TestAia) {
   TestCompletionCallback test_callback;
   std::unique_ptr<CertVerifier::Request> request;
 
-  int flags = CertVerifier::VERIFY_CERT_IO_ENABLED;
+  int flags = 0;
   int error = verifier()->Verify(
       CertVerifier::RequestParams(test_cert, "aia-host.invalid", flags,
                                   std::string(), CertificateList()),