BASELINE: Update Chromium to 94.0.4606.111

Change-Id: I924781584def20fc800bedf6ff41fdb96c438193
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>

20 files changed, 297 insertions, 19 deletions

diff --git a/chromium/net/tools/cachetool/cachetool.cc b/chromium/net/tools/cachetool/cachetool.cc
index dcf94f74d6c..df1a85c8281 100644
--- a/chromium/net/tools/cachetool/cachetool.cc
+++ b/chromium/net/tools/cachetool/cachetool.cc
@@ -8,13 +8,13 @@
 
 #include "base/at_exit.h"
 #include "base/command_line.h"
+#include "base/cxx17_backports.h"
 #include "base/files/file_path.h"
 #include "base/format_macros.h"
 #include "base/hash/md5.h"
 #include "base/logging.h"
 #include "base/message_loop/message_pump_type.h"
 #include "base/run_loop.h"
-#include "base/stl_util.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_piece.h"
 #include "base/strings/stringprintf.h"
@@ -26,6 +26,7 @@
 #include "net/disk_cache/disk_cache_test_util.h"
 #include "net/http/http_cache.h"
 #include "net/http/http_response_headers.h"
+#include "net/http/http_response_info.h"
 #include "net/http/http_util.h"
 
 using disk_cache::Backend;
diff --git a/chromium/net/tools/cert_verify_tool/verify_using_cert_verify_proc.cc b/chromium/net/tools/cert_verify_tool/verify_using_cert_verify_proc.cc
index a26f07e476b..d17e8bad5d9 100644
--- a/chromium/net/tools/cert_verify_tool/verify_using_cert_verify_proc.cc
+++ b/chromium/net/tools/cert_verify_tool/verify_using_cert_verify_proc.cc
@@ -6,7 +6,7 @@
 
 #include <iostream>
 
-#include "base/stl_util.h"
+#include "base/cxx17_backports.h"
 #include "base/strings/strcat.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_util.h"
@@ -143,8 +143,8 @@ bool VerifyUsingCertVerifyProc(
   net::CertificateList x509_additional_trust_anchors;
   for (const auto& cert : root_der_certs) {
     scoped_refptr<net::X509Certificate> x509_root =
-        net::X509Certificate::CreateFromBytes(cert.der_cert.data(),
-                                              cert.der_cert.size());
+        net::X509Certificate::CreateFromBytes(
+            base::as_bytes(base::make_span(cert.der_cert)));
 
     if (!x509_root)
       PrintCertError("ERROR: X509Certificate::CreateFromBytes failed:", cert);
diff --git a/chromium/net/tools/cert_verify_tool/verify_using_path_builder.h b/chromium/net/tools/cert_verify_tool/verify_using_path_builder.h
index 31f0145e716..1e8e8440c80 100644
--- a/chromium/net/tools/cert_verify_tool/verify_using_path_builder.h
+++ b/chromium/net/tools/cert_verify_tool/verify_using_path_builder.h
@@ -5,7 +5,6 @@
 #ifndef NET_TOOLS_CERT_VERIFY_TOOL_VERIFY_USING_PATH_BUILDER_H_
 #define NET_TOOLS_CERT_VERIFY_TOOL_VERIFY_USING_PATH_BUILDER_H_
 
-#include <string>
 #include <vector>
 
 #include "base/memory/ref_counted.h"
diff --git a/chromium/net/tools/content_decoder_tool/content_decoder_tool_unittest.cc b/chromium/net/tools/content_decoder_tool/content_decoder_tool_unittest.cc
index 4685895f819..de610b33384 100644
--- a/chromium/net/tools/content_decoder_tool/content_decoder_tool_unittest.cc
+++ b/chromium/net/tools/content_decoder_tool/content_decoder_tool_unittest.cc
@@ -9,7 +9,6 @@
 #include <ostream>
 #include <utility>
 
-#include "base/bit_cast.h"
 #include "base/files/file_util.h"
 #include "base/path_service.h"
 #include "net/filter/brotli_source_stream.h"
diff --git a/chromium/net/tools/crash_cache/crash_cache.cc b/chromium/net/tools/crash_cache/crash_cache.cc
index 358e29f5ab5..1b500834982 100644
--- a/chromium/net/tools/crash_cache/crash_cache.cc
+++ b/chromium/net/tools/crash_cache/crash_cache.cc
@@ -12,12 +12,12 @@
 #include "base/at_exit.h"
 #include "base/check.h"
 #include "base/command_line.h"
+#include "base/cxx17_backports.h"
 #include "base/files/file_util.h"
 #include "base/message_loop/message_pump_type.h"
 #include "base/path_service.h"
 #include "base/process/kill.h"
 #include "base/process/launch.h"
-#include "base/stl_util.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_util.h"
 #include "base/strings/utf_string_conversions.h"
diff --git a/chromium/net/tools/dafsa/PRESUBMIT.py b/chromium/net/tools/dafsa/PRESUBMIT.py
index 253fcbbf248..e27e5a16245 100644
--- a/chromium/net/tools/dafsa/PRESUBMIT.py
+++ b/chromium/net/tools/dafsa/PRESUBMIT.py
@@ -2,10 +2,12 @@
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
-
 """Chromium presubmit script for src/net/tools/dafsa."""
 
 
+USE_PYTHON3 = True
+
+
 def _RunMakeDafsaTests(input_api, output_api):
   """Runs unittest for make_dafsa if any related file has been modified."""
   files = ('net/tools/dafsa/make_dafsa.py',
diff --git a/chromium/net/tools/huffman_trie/trie/trie_writer.h b/chromium/net/tools/huffman_trie/trie/trie_writer.h
index 3c824e75f27..9fdc1ee362f 100644
--- a/chromium/net/tools/huffman_trie/trie/trie_writer.h
+++ b/chromium/net/tools/huffman_trie/trie/trie_writer.h
@@ -5,7 +5,6 @@
 #ifndef NET_TOOLS_HUFFMAN_TRIE_TRIE_TRIE_WRITER_H_
 #define NET_TOOLS_HUFFMAN_TRIE_TRIE_TRIE_WRITER_H_
 
-#include <string>
 #include <vector>
 
 #include "net/tools/huffman_trie/bit_writer.h"
diff --git a/chromium/net/tools/quic/quic_client_message_loop_network_helper.h b/chromium/net/tools/quic/quic_client_message_loop_network_helper.h
index 82aeeddae73..a0ba9adbc00 100644
--- a/chromium/net/tools/quic/quic_client_message_loop_network_helper.h
+++ b/chromium/net/tools/quic/quic_client_message_loop_network_helper.h
@@ -11,7 +11,6 @@
 #include <stddef.h>
 
 #include <memory>
-#include <string>
 
 #include "base/command_line.h"
 #include "base/macros.h"
diff --git a/chromium/net/tools/quic/quic_simple_client.h b/chromium/net/tools/quic/quic_simple_client.h
index 3ac2841a68d..5e9d4d1ff05 100644
--- a/chromium/net/tools/quic/quic_simple_client.h
+++ b/chromium/net/tools/quic/quic_simple_client.h
@@ -11,7 +11,6 @@
 #include <stddef.h>
 
 #include <memory>
-#include <string>
 
 #include "base/command_line.h"
 #include "base/macros.h"
diff --git a/chromium/net/tools/quic/quic_simple_server.cc b/chromium/net/tools/quic/quic_simple_server.cc
index f50b948b067..06bfde583d8 100644
--- a/chromium/net/tools/quic/quic_simple_server.cc
+++ b/chromium/net/tools/quic/quic_simple_server.cc
@@ -192,7 +192,10 @@ void QuicSimpleServer::OnReadComplete(int result) {
     // packet whose payload is larger than our receive buffer. Do not act on 0
     // as that indicates that we received a UDP packet with an empty payload.
     // In both cases, the socket should still be usable.
-    if (result != ERR_MSG_TOO_BIG && result != 0) {
+    // Also do not act on ERR_CONNECTION_RESET as this is happening when the
+    // network service restarts on Windows.
+    if (result != ERR_MSG_TOO_BIG && result != ERR_CONNECTION_RESET &&
+        result != 0) {
       Shutdown();
       return;
     }
diff --git a/chromium/net/tools/quic/quic_simple_server_test.cc b/chromium/net/tools/quic/quic_simple_server_test.cc
index d6a1e62d0b3..599a56cada1 100644
--- a/chromium/net/tools/quic/quic_simple_server_test.cc
+++ b/chromium/net/tools/quic/quic_simple_server_test.cc
@@ -6,7 +6,7 @@
 
 #include <memory>
 
-#include "base/stl_util.h"
+#include "base/cxx17_backports.h"
 #include "net/quic/address_utils.h"
 #include "net/third_party/quiche/src/quic/core/crypto/quic_random.h"
 #include "net/third_party/quiche/src/quic/core/quic_crypto_stream.h"
diff --git a/chromium/net/tools/quic/quic_transport_simple_server.cc b/chromium/net/tools/quic/quic_transport_simple_server.cc
index 6f9095ab9e1..aa3de30146d 100644
--- a/chromium/net/tools/quic/quic_transport_simple_server.cc
+++ b/chromium/net/tools/quic/quic_transport_simple_server.cc
@@ -59,7 +59,7 @@ class QuicTransportSimpleServerSessionHelper
 };
 
 QuicTransportSimpleServer::QuicTransportSimpleServer(
-    int port,
+    uint16_t port,
     std::vector<url::Origin> accepted_origins,
     std::unique_ptr<quic::ProofSource> proof_source)
     : port_(port),
diff --git a/chromium/net/tools/quic/quic_transport_simple_server.h b/chromium/net/tools/quic/quic_transport_simple_server.h
index 8cfa26c6b98..df7481bd17c 100644
--- a/chromium/net/tools/quic/quic_transport_simple_server.h
+++ b/chromium/net/tools/quic/quic_transport_simple_server.h
@@ -26,7 +26,7 @@ class QuicTransportSimpleServer {
  public:
   using ReadErrorCallback = base::OnceCallback<void(int)>;
 
-  QuicTransportSimpleServer(int port,
+  QuicTransportSimpleServer(uint16_t port,
                             std::vector<url::Origin> accepted_origins,
                             std::unique_ptr<quic::ProofSource> proof_source);
   ~QuicTransportSimpleServer();
@@ -49,7 +49,7 @@ class QuicTransportSimpleServer {
   // Passes the most recently read packet into the dispatcher.
   void ProcessReadPacket(int result);
 
-  const int port_;
+  const uint16_t port_;
 
   ReadErrorCallback read_error_callback_;
 
diff --git a/chromium/net/tools/quic/quic_transport_simple_server_bin.cc b/chromium/net/tools/quic/quic_transport_simple_server_bin.cc
index f021d1d5b55..74e602a1744 100644
--- a/chromium/net/tools/quic/quic_transport_simple_server_bin.cc
+++ b/chromium/net/tools/quic/quic_transport_simple_server_bin.cc
@@ -9,7 +9,7 @@
 #include "net/tools/quic/quic_transport_simple_server.h"
 #include "url/gurl.h"
 
-DEFINE_QUIC_COMMAND_LINE_FLAG(int, port, 20557, "The port to listen on.");
+DEFINE_QUIC_COMMAND_LINE_FLAG(uint16_t, port, 20557, "The port to listen on.");
 
 DEFINE_QUIC_COMMAND_LINE_FLAG(std::string,
                               accepted_origins,
diff --git a/chromium/net/tools/root_store_tool/BUILD.gn b/chromium/net/tools/root_store_tool/BUILD.gn
new file mode 100644
index 00000000000..bbb0d111f22
--- /dev/null
+++ b/chromium/net/tools/root_store_tool/BUILD.gn
@@ -0,0 +1,26 @@
+# Copyright 2021 The Chromium Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+import("//third_party/protobuf/proto_library.gni")
+
+proto_library("root_store_proto_full") {
+  sources = [ "root_store.proto" ]
+
+  # root_store_tool uses the full protobuf library to parse textproto. This
+  # should not be linked into the browser. If the browser needs this protobuf in
+  # the future, make a separate target with cc_generator_options = "lite".
+  use_protobuf_full = true
+  visibility = [ ":root_store_tool" ]
+}
+
+# TODO(https://crbug.com/1216547): add unit tests
+executable("root_store_tool") {
+  sources = [ "root_store_tool.cc" ]
+  deps = [
+    ":root_store_proto_full",
+    "//base",
+    "//crypto",
+    "//third_party/boringssl",
+  ]
+}
diff --git a/chromium/net/tools/root_store_tool/README.md b/chromium/net/tools/root_store_tool/README.md
new file mode 100644
index 00000000000..d1eac4fa048
--- /dev/null
+++ b/chromium/net/tools/root_store_tool/README.md
@@ -0,0 +1,8 @@
+# Root store tool
+
+This directory contains tools for processing the
+[Chrome Root
+Store](https://www.chromium.org/Home/chromium-security/root-ca-policy) data in
+[`//net/data/ssl/chrome_root_store`](/net/data/ssl/chrome_root_store).
+
+TODO(https://crbug.com/1216547): document how to use these tools.
diff --git a/chromium/net/tools/root_store_tool/root_store.proto b/chromium/net/tools/root_store_tool/root_store.proto
new file mode 100644
index 00000000000..bbefffe4115
--- /dev/null
+++ b/chromium/net/tools/root_store_tool/root_store.proto
@@ -0,0 +1,27 @@
+// Copyright 2021 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+syntax = "proto3";
+
+package chrome_root_store;
+
+// These structures are currently very simple, but more fields may be added in
+// future to support extra metadata about each trust anchor.
+
+message TrustAnchor {
+  // The human-editable textproto version of the root store uses the filename
+  // field for convenience. It is converted to the DER representation as part of
+  // the build process.
+  oneof certificate {
+    bytes der = 1;
+
+    // This filename is a relative path to a PEM file that stores the
+    // certificate.
+    string filename = 2;
+  }
+}
+
+message RootStore {
+  repeated TrustAnchor trust_anchors = 1;
+}
diff --git a/chromium/net/tools/root_store_tool/root_store_tool.cc b/chromium/net/tools/root_store_tool/root_store_tool.cc
new file mode 100644
index 00000000000..70bed922f40
--- /dev/null
+++ b/chromium/net/tools/root_store_tool/root_store_tool.cc
@@ -0,0 +1,216 @@
+// Copyright 2021 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <iostream>
+#include <string>
+
+#include "base/at_exit.h"
+#include "base/base_paths.h"
+#include "base/command_line.h"
+#include "base/files/file_path.h"
+#include "base/files/file_util.h"
+#include "base/logging.h"
+#include "base/path_service.h"
+#include "base/strings/string_piece.h"
+#include "base/strings/string_util.h"
+#include "base/strings/stringprintf.h"
+#include "crypto/openssl_util.h"
+#include "net/tools/root_store_tool/root_store.pb.h"
+#include "third_party/abseil-cpp/absl/types/optional.h"
+#include "third_party/boringssl/src/include/openssl/bio.h"
+#include "third_party/boringssl/src/include/openssl/pem.h"
+#include "third_party/protobuf/src/google/protobuf/text_format.h"
+
+using chrome_root_store::RootStore;
+
+namespace {
+
+absl::optional<std::string> DecodePEM(base::StringPiece pem) {
+  // TODO(https://crbug.com/1216547): net/cert/pem.h has a much nicer API, but
+  // it would require some build refactoring to avoid a circular dependency.
+  // This is assuming that the chrome trust store code goes in
+  // net/cert/internal, which it may not.
+  bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem.data(), pem.size()));
+  if (!bio) {
+    return absl::nullopt;
+  }
+  char* name;
+  char* header;
+  unsigned char* data;
+  long len;
+  if (!PEM_read_bio(bio.get(), &name, &header, &data, &len)) {
+    LOG(ERROR) << "Could not find PEM block.";
+    return absl::nullopt;
+  }
+  bssl::UniquePtr<char> scoped_name(name);
+  bssl::UniquePtr<char> scoped_header(header);
+  bssl::UniquePtr<unsigned char> scoped_data(data);
+  if (strcmp(name, "CERTIFICATE") != 0) {
+    LOG(ERROR) << "Found PEM block of type " << name
+               << " instead of CERTIFICATE";
+    return absl::nullopt;
+  }
+  return std::string(data, data + len);
+}
+
+absl::optional<RootStore> ReadTextRootStore(
+    const base::FilePath& root_store_dir) {
+  base::FilePath root_store_path =
+      root_store_dir.AppendASCII("root_store.textproto");
+  std::string root_store_text;
+  if (!base::ReadFileToString(root_store_path, &root_store_text)) {
+    LOG(ERROR) << "Could not read " << root_store_path;
+    return absl::nullopt;
+  }
+
+  RootStore root_store;
+  if (!google::protobuf::TextFormat::ParseFromString(root_store_text,
+                                                     &root_store)) {
+    LOG(ERROR) << "Could not parse " << root_store_path;
+    return absl::nullopt;
+  }
+
+  // Replace the filenames with the actual certificate contents.
+  base::FilePath certs_dir = root_store_dir.AppendASCII("certs");
+  for (auto& anchor : *root_store.mutable_trust_anchors()) {
+    base::FilePath pem_path = certs_dir.AppendASCII(anchor.filename());
+
+    if (!base::PathExists(pem_path)) {
+      LOG(ERROR) << "Error file does not exist: " << pem_path;
+      return absl::nullopt;
+    }
+
+    if (base::DirectoryExists(pem_path)) {
+      LOG(ERROR) << "Error path is a directory: " << pem_path;
+      return absl::nullopt;
+    }
+
+    if (!base::PathIsReadable(pem_path)) {
+      LOG(ERROR) << "Error file is not readable: " << pem_path;
+      return absl::nullopt;
+    }
+
+    std::string pem;
+    if (!base::ReadFileToString(pem_path, &pem)) {
+      LOG(ERROR) << "Error reading " << pem_path;
+      return absl::nullopt;
+    }
+    absl::optional<std::string> der = DecodePEM(pem);
+    if (!der) {
+      LOG(ERROR) << "Error decoding " << pem_path;
+      return absl::nullopt;
+    }
+    anchor.clear_filename();
+    anchor.set_der(*der);
+  }
+  return std::move(root_store);
+}
+
+}  // namespace
+
+int main(int argc, char** argv) {
+  base::AtExitManager at_exit_manager;
+  base::CommandLine::Init(argc, argv);
+
+  logging::LoggingSettings settings;
+  settings.logging_dest =
+      logging::LOG_TO_SYSTEM_DEBUG_LOG | logging::LOG_TO_STDERR;
+  logging::InitLogging(settings);
+
+  crypto::EnsureOpenSSLInit();
+
+  base::CommandLine& command_line = *base::CommandLine::ForCurrentProcess();
+  base::FilePath proto_path = command_line.GetSwitchValuePath("write-proto");
+  base::FilePath cpp_path = command_line.GetSwitchValuePath("write-cpp");
+  if ((proto_path.empty() && cpp_path.empty()) ||
+      command_line.HasSwitch("help")) {
+    std::cerr << "Usage: root_store_tool "
+                 "[--root-store-dir=<relative-path>]
+                 "[--write-proto=PROTO_FILE] "
+                 "[--write-cpp=CPP_FILE]"
+              << std::endl;
+    return 1;
+  }
+
+  // Find root store directory. Assumptions:
+  //  - Root store directory is relative to base::DIR_SOURCE_ROOT
+  //
+  //  - $(ROOT_STORE_DIR)/root_store.textproto contains the textproto definition
+  //    of the root store
+  //
+  //  - Any certificate files referenced in
+  //    $(ROOT_STORE_DIR)/root_store.textproto exist in the
+  //    $(ROOT_STORE_DIR)/certs/ subdirectory.
+  base::FilePath root_store_dir =
+      command_line.GetSwitchValuePath("root-store-dir");
+  base::FilePath source_root;
+  CHECK(base::PathService::Get(base::DIR_SOURCE_ROOT, &source_root));
+  if (root_store_dir.empty()) {
+    root_store_dir = source_root.AppendASCII("net")
+                         .AppendASCII("data")
+                         .AppendASCII("ssl")
+                         .AppendASCII("chrome_root_store")
+                         .AppendASCII("base");
+  } else {
+    root_store_dir = source_root.Append(root_store_dir);
+  }
+  absl::optional<RootStore> root_store = ReadTextRootStore(root_store_dir);
+  if (!root_store) {
+    return 1;
+  }
+
+  // TODO(https://crbug.com/1216547): Figure out how to use the serialized
+  // proto to support component update.
+  // components/resources/ssl/ssl_error_assistant/push_proto.py
+  // does it through a GCS bucket (I think) so that might be an option.
+  if (!proto_path.empty()) {
+    std::string serialized;
+    if (!root_store->SerializeToString(&serialized)) {
+      LOG(ERROR) << "Error serializing root store proto"
+                 << root_store->DebugString();
+      return 1;
+    }
+    if (!base::WriteFile(proto_path, serialized)) {
+      PLOG(ERROR) << "Error writing serialized proto root store";
+      return 1;
+    }
+  }
+
+  if (!cpp_path.empty()) {
+    // Root store should have at least one trust anchors.
+    CHECK_GT(root_store->trust_anchors_size(), 0);
+
+    std::string string_to_write =
+        "// This file is auto-generated, DO NOT EDIT.\n\n"
+        "const ChromeRootCertInfo kChromeRootCertList[] = {\n";
+
+    for (auto& anchor : root_store->trust_anchors()) {
+      // Every trust anchor at this point should have a DER.
+      CHECK(!anchor.der().empty());
+      std::string der = anchor.der();
+
+      // Begin struct. Assumed type of ChromeRootCertInfo:
+      //
+      // struct {
+      //   base::span<const uint8_t> der;
+      // };
+      string_to_write += "    {{{";
+
+      // Convert each character to hex representation, escaped.
+      for (auto c : der) {
+        base::StringAppendF(&string_to_write, "0x%02xu,",
+                            static_cast<uint8_t>(c));
+      }
+
+      // End struct
+      string_to_write += "}}},\n";
+    }
+    string_to_write += "};";
+    if (!base::WriteFile(cpp_path, string_to_write)) {
+      PLOG(ERROR) << "Error writing cpp include file";
+    }
+  }
+
+  return 0;
+}
diff --git a/chromium/net/tools/tld_cleanup/tld_cleanup_util.cc b/chromium/net/tools/tld_cleanup/tld_cleanup_util.cc
index ba870b4ac42..cfbfb474aaf 100644
--- a/chromium/net/tools/tld_cleanup/tld_cleanup_util.cc
+++ b/chromium/net/tools/tld_cleanup/tld_cleanup_util.cc
@@ -4,9 +4,9 @@
 
 #include "net/tools/tld_cleanup/tld_cleanup_util.h"
 
+#include "base/cxx17_backports.h"
 #include "base/files/file_util.h"
 #include "base/logging.h"
-#include "base/stl_util.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_util.h"
 #include "url/gurl.h"
diff --git a/chromium/net/tools/transport_security_state_generator/input_file_parsers.cc b/chromium/net/tools/transport_security_state_generator/input_file_parsers.cc
index 7f0ed49b323..be69b564c4f 100644
--- a/chromium/net/tools/transport_security_state_generator/input_file_parsers.cc
+++ b/chromium/net/tools/transport_security_state_generator/input_file_parsers.cc
@@ -345,7 +345,7 @@ bool ParseJSON(base::StringPiece json,
       return false;
     }
 
-    for (const auto& entry_value : parsed.DictItems()) {
+    for (auto entry_value : parsed.DictItems()) {
       if (!base::Contains(valid_keys, entry_value.first)) {
         LOG(ERROR) << "The entry for " << entry->hostname
                    << " contains an unknown " << entry_value.first << " field";