diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2021-10-26 13:57:00 +0200 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2021-11-02 11:31:01 +0000 |
commit | 1943b3c2a1dcee36c233724fc4ee7613d71b9cf6 (patch) | |
tree | 8c1b5f12357025c197da5427ae02cfdc2f3570d6 /chromium/net/tools | |
parent | 21ba0c5d4bf8fba15dddd97cd693bad2358b77fd (diff) | |
download | qtwebengine-chromium-1943b3c2a1dcee36c233724fc4ee7613d71b9cf6.tar.gz |
BASELINE: Update Chromium to 94.0.4606.111
Change-Id: I924781584def20fc800bedf6ff41fdb96c438193
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Diffstat (limited to 'chromium/net/tools')
20 files changed, 297 insertions, 19 deletions
diff --git a/chromium/net/tools/cachetool/cachetool.cc b/chromium/net/tools/cachetool/cachetool.cc index dcf94f74d6c..df1a85c8281 100644 --- a/chromium/net/tools/cachetool/cachetool.cc +++ b/chromium/net/tools/cachetool/cachetool.cc @@ -8,13 +8,13 @@ #include "base/at_exit.h" #include "base/command_line.h" +#include "base/cxx17_backports.h" #include "base/files/file_path.h" #include "base/format_macros.h" #include "base/hash/md5.h" #include "base/logging.h" #include "base/message_loop/message_pump_type.h" #include "base/run_loop.h" -#include "base/stl_util.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_piece.h" #include "base/strings/stringprintf.h" @@ -26,6 +26,7 @@ #include "net/disk_cache/disk_cache_test_util.h" #include "net/http/http_cache.h" #include "net/http/http_response_headers.h" +#include "net/http/http_response_info.h" #include "net/http/http_util.h" using disk_cache::Backend; diff --git a/chromium/net/tools/cert_verify_tool/verify_using_cert_verify_proc.cc b/chromium/net/tools/cert_verify_tool/verify_using_cert_verify_proc.cc index a26f07e476b..d17e8bad5d9 100644 --- a/chromium/net/tools/cert_verify_tool/verify_using_cert_verify_proc.cc +++ b/chromium/net/tools/cert_verify_tool/verify_using_cert_verify_proc.cc @@ -6,7 +6,7 @@ #include <iostream> -#include "base/stl_util.h" +#include "base/cxx17_backports.h" #include "base/strings/strcat.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_util.h" @@ -143,8 +143,8 @@ bool VerifyUsingCertVerifyProc( net::CertificateList x509_additional_trust_anchors; for (const auto& cert : root_der_certs) { scoped_refptr<net::X509Certificate> x509_root = - net::X509Certificate::CreateFromBytes(cert.der_cert.data(), - cert.der_cert.size()); + net::X509Certificate::CreateFromBytes( + base::as_bytes(base::make_span(cert.der_cert))); if (!x509_root) PrintCertError("ERROR: X509Certificate::CreateFromBytes failed:", cert); diff --git a/chromium/net/tools/cert_verify_tool/verify_using_path_builder.h b/chromium/net/tools/cert_verify_tool/verify_using_path_builder.h index 31f0145e716..1e8e8440c80 100644 --- a/chromium/net/tools/cert_verify_tool/verify_using_path_builder.h +++ b/chromium/net/tools/cert_verify_tool/verify_using_path_builder.h @@ -5,7 +5,6 @@ #ifndef NET_TOOLS_CERT_VERIFY_TOOL_VERIFY_USING_PATH_BUILDER_H_ #define NET_TOOLS_CERT_VERIFY_TOOL_VERIFY_USING_PATH_BUILDER_H_ -#include <string> #include <vector> #include "base/memory/ref_counted.h" diff --git a/chromium/net/tools/content_decoder_tool/content_decoder_tool_unittest.cc b/chromium/net/tools/content_decoder_tool/content_decoder_tool_unittest.cc index 4685895f819..de610b33384 100644 --- a/chromium/net/tools/content_decoder_tool/content_decoder_tool_unittest.cc +++ b/chromium/net/tools/content_decoder_tool/content_decoder_tool_unittest.cc @@ -9,7 +9,6 @@ #include <ostream> #include <utility> -#include "base/bit_cast.h" #include "base/files/file_util.h" #include "base/path_service.h" #include "net/filter/brotli_source_stream.h" diff --git a/chromium/net/tools/crash_cache/crash_cache.cc b/chromium/net/tools/crash_cache/crash_cache.cc index 358e29f5ab5..1b500834982 100644 --- a/chromium/net/tools/crash_cache/crash_cache.cc +++ b/chromium/net/tools/crash_cache/crash_cache.cc @@ -12,12 +12,12 @@ #include "base/at_exit.h" #include "base/check.h" #include "base/command_line.h" +#include "base/cxx17_backports.h" #include "base/files/file_util.h" #include "base/message_loop/message_pump_type.h" #include "base/path_service.h" #include "base/process/kill.h" #include "base/process/launch.h" -#include "base/stl_util.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_util.h" #include "base/strings/utf_string_conversions.h" diff --git a/chromium/net/tools/dafsa/PRESUBMIT.py b/chromium/net/tools/dafsa/PRESUBMIT.py index 253fcbbf248..e27e5a16245 100644 --- a/chromium/net/tools/dafsa/PRESUBMIT.py +++ b/chromium/net/tools/dafsa/PRESUBMIT.py @@ -2,10 +2,12 @@ # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. - """Chromium presubmit script for src/net/tools/dafsa.""" +USE_PYTHON3 = True + + def _RunMakeDafsaTests(input_api, output_api): """Runs unittest for make_dafsa if any related file has been modified.""" files = ('net/tools/dafsa/make_dafsa.py', diff --git a/chromium/net/tools/huffman_trie/trie/trie_writer.h b/chromium/net/tools/huffman_trie/trie/trie_writer.h index 3c824e75f27..9fdc1ee362f 100644 --- a/chromium/net/tools/huffman_trie/trie/trie_writer.h +++ b/chromium/net/tools/huffman_trie/trie/trie_writer.h @@ -5,7 +5,6 @@ #ifndef NET_TOOLS_HUFFMAN_TRIE_TRIE_TRIE_WRITER_H_ #define NET_TOOLS_HUFFMAN_TRIE_TRIE_TRIE_WRITER_H_ -#include <string> #include <vector> #include "net/tools/huffman_trie/bit_writer.h" diff --git a/chromium/net/tools/quic/quic_client_message_loop_network_helper.h b/chromium/net/tools/quic/quic_client_message_loop_network_helper.h index 82aeeddae73..a0ba9adbc00 100644 --- a/chromium/net/tools/quic/quic_client_message_loop_network_helper.h +++ b/chromium/net/tools/quic/quic_client_message_loop_network_helper.h @@ -11,7 +11,6 @@ #include <stddef.h> #include <memory> -#include <string> #include "base/command_line.h" #include "base/macros.h" diff --git a/chromium/net/tools/quic/quic_simple_client.h b/chromium/net/tools/quic/quic_simple_client.h index 3ac2841a68d..5e9d4d1ff05 100644 --- a/chromium/net/tools/quic/quic_simple_client.h +++ b/chromium/net/tools/quic/quic_simple_client.h @@ -11,7 +11,6 @@ #include <stddef.h> #include <memory> -#include <string> #include "base/command_line.h" #include "base/macros.h" diff --git a/chromium/net/tools/quic/quic_simple_server.cc b/chromium/net/tools/quic/quic_simple_server.cc index f50b948b067..06bfde583d8 100644 --- a/chromium/net/tools/quic/quic_simple_server.cc +++ b/chromium/net/tools/quic/quic_simple_server.cc @@ -192,7 +192,10 @@ void QuicSimpleServer::OnReadComplete(int result) { // packet whose payload is larger than our receive buffer. Do not act on 0 // as that indicates that we received a UDP packet with an empty payload. // In both cases, the socket should still be usable. - if (result != ERR_MSG_TOO_BIG && result != 0) { + // Also do not act on ERR_CONNECTION_RESET as this is happening when the + // network service restarts on Windows. + if (result != ERR_MSG_TOO_BIG && result != ERR_CONNECTION_RESET && + result != 0) { Shutdown(); return; } diff --git a/chromium/net/tools/quic/quic_simple_server_test.cc b/chromium/net/tools/quic/quic_simple_server_test.cc index d6a1e62d0b3..599a56cada1 100644 --- a/chromium/net/tools/quic/quic_simple_server_test.cc +++ b/chromium/net/tools/quic/quic_simple_server_test.cc @@ -6,7 +6,7 @@ #include <memory> -#include "base/stl_util.h" +#include "base/cxx17_backports.h" #include "net/quic/address_utils.h" #include "net/third_party/quiche/src/quic/core/crypto/quic_random.h" #include "net/third_party/quiche/src/quic/core/quic_crypto_stream.h" diff --git a/chromium/net/tools/quic/quic_transport_simple_server.cc b/chromium/net/tools/quic/quic_transport_simple_server.cc index 6f9095ab9e1..aa3de30146d 100644 --- a/chromium/net/tools/quic/quic_transport_simple_server.cc +++ b/chromium/net/tools/quic/quic_transport_simple_server.cc @@ -59,7 +59,7 @@ class QuicTransportSimpleServerSessionHelper }; QuicTransportSimpleServer::QuicTransportSimpleServer( - int port, + uint16_t port, std::vector<url::Origin> accepted_origins, std::unique_ptr<quic::ProofSource> proof_source) : port_(port), diff --git a/chromium/net/tools/quic/quic_transport_simple_server.h b/chromium/net/tools/quic/quic_transport_simple_server.h index 8cfa26c6b98..df7481bd17c 100644 --- a/chromium/net/tools/quic/quic_transport_simple_server.h +++ b/chromium/net/tools/quic/quic_transport_simple_server.h @@ -26,7 +26,7 @@ class QuicTransportSimpleServer { public: using ReadErrorCallback = base::OnceCallback<void(int)>; - QuicTransportSimpleServer(int port, + QuicTransportSimpleServer(uint16_t port, std::vector<url::Origin> accepted_origins, std::unique_ptr<quic::ProofSource> proof_source); ~QuicTransportSimpleServer(); @@ -49,7 +49,7 @@ class QuicTransportSimpleServer { // Passes the most recently read packet into the dispatcher. void ProcessReadPacket(int result); - const int port_; + const uint16_t port_; ReadErrorCallback read_error_callback_; diff --git a/chromium/net/tools/quic/quic_transport_simple_server_bin.cc b/chromium/net/tools/quic/quic_transport_simple_server_bin.cc index f021d1d5b55..74e602a1744 100644 --- a/chromium/net/tools/quic/quic_transport_simple_server_bin.cc +++ b/chromium/net/tools/quic/quic_transport_simple_server_bin.cc @@ -9,7 +9,7 @@ #include "net/tools/quic/quic_transport_simple_server.h" #include "url/gurl.h" -DEFINE_QUIC_COMMAND_LINE_FLAG(int, port, 20557, "The port to listen on."); +DEFINE_QUIC_COMMAND_LINE_FLAG(uint16_t, port, 20557, "The port to listen on."); DEFINE_QUIC_COMMAND_LINE_FLAG(std::string, accepted_origins, diff --git a/chromium/net/tools/root_store_tool/BUILD.gn b/chromium/net/tools/root_store_tool/BUILD.gn new file mode 100644 index 00000000000..bbb0d111f22 --- /dev/null +++ b/chromium/net/tools/root_store_tool/BUILD.gn @@ -0,0 +1,26 @@ +# Copyright 2021 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +import("//third_party/protobuf/proto_library.gni") + +proto_library("root_store_proto_full") { + sources = [ "root_store.proto" ] + + # root_store_tool uses the full protobuf library to parse textproto. This + # should not be linked into the browser. If the browser needs this protobuf in + # the future, make a separate target with cc_generator_options = "lite". + use_protobuf_full = true + visibility = [ ":root_store_tool" ] +} + +# TODO(https://crbug.com/1216547): add unit tests +executable("root_store_tool") { + sources = [ "root_store_tool.cc" ] + deps = [ + ":root_store_proto_full", + "//base", + "//crypto", + "//third_party/boringssl", + ] +} diff --git a/chromium/net/tools/root_store_tool/README.md b/chromium/net/tools/root_store_tool/README.md new file mode 100644 index 00000000000..d1eac4fa048 --- /dev/null +++ b/chromium/net/tools/root_store_tool/README.md @@ -0,0 +1,8 @@ +# Root store tool + +This directory contains tools for processing the +[Chrome Root +Store](https://www.chromium.org/Home/chromium-security/root-ca-policy) data in +[`//net/data/ssl/chrome_root_store`](/net/data/ssl/chrome_root_store). + +TODO(https://crbug.com/1216547): document how to use these tools. diff --git a/chromium/net/tools/root_store_tool/root_store.proto b/chromium/net/tools/root_store_tool/root_store.proto new file mode 100644 index 00000000000..bbefffe4115 --- /dev/null +++ b/chromium/net/tools/root_store_tool/root_store.proto @@ -0,0 +1,27 @@ +// Copyright 2021 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +syntax = "proto3"; + +package chrome_root_store; + +// These structures are currently very simple, but more fields may be added in +// future to support extra metadata about each trust anchor. + +message TrustAnchor { + // The human-editable textproto version of the root store uses the filename + // field for convenience. It is converted to the DER representation as part of + // the build process. + oneof certificate { + bytes der = 1; + + // This filename is a relative path to a PEM file that stores the + // certificate. + string filename = 2; + } +} + +message RootStore { + repeated TrustAnchor trust_anchors = 1; +} diff --git a/chromium/net/tools/root_store_tool/root_store_tool.cc b/chromium/net/tools/root_store_tool/root_store_tool.cc new file mode 100644 index 00000000000..70bed922f40 --- /dev/null +++ b/chromium/net/tools/root_store_tool/root_store_tool.cc @@ -0,0 +1,216 @@ +// Copyright 2021 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <iostream> +#include <string> + +#include "base/at_exit.h" +#include "base/base_paths.h" +#include "base/command_line.h" +#include "base/files/file_path.h" +#include "base/files/file_util.h" +#include "base/logging.h" +#include "base/path_service.h" +#include "base/strings/string_piece.h" +#include "base/strings/string_util.h" +#include "base/strings/stringprintf.h" +#include "crypto/openssl_util.h" +#include "net/tools/root_store_tool/root_store.pb.h" +#include "third_party/abseil-cpp/absl/types/optional.h" +#include "third_party/boringssl/src/include/openssl/bio.h" +#include "third_party/boringssl/src/include/openssl/pem.h" +#include "third_party/protobuf/src/google/protobuf/text_format.h" + +using chrome_root_store::RootStore; + +namespace { + +absl::optional<std::string> DecodePEM(base::StringPiece pem) { + // TODO(https://crbug.com/1216547): net/cert/pem.h has a much nicer API, but + // it would require some build refactoring to avoid a circular dependency. + // This is assuming that the chrome trust store code goes in + // net/cert/internal, which it may not. + bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem.data(), pem.size())); + if (!bio) { + return absl::nullopt; + } + char* name; + char* header; + unsigned char* data; + long len; + if (!PEM_read_bio(bio.get(), &name, &header, &data, &len)) { + LOG(ERROR) << "Could not find PEM block."; + return absl::nullopt; + } + bssl::UniquePtr<char> scoped_name(name); + bssl::UniquePtr<char> scoped_header(header); + bssl::UniquePtr<unsigned char> scoped_data(data); + if (strcmp(name, "CERTIFICATE") != 0) { + LOG(ERROR) << "Found PEM block of type " << name + << " instead of CERTIFICATE"; + return absl::nullopt; + } + return std::string(data, data + len); +} + +absl::optional<RootStore> ReadTextRootStore( + const base::FilePath& root_store_dir) { + base::FilePath root_store_path = + root_store_dir.AppendASCII("root_store.textproto"); + std::string root_store_text; + if (!base::ReadFileToString(root_store_path, &root_store_text)) { + LOG(ERROR) << "Could not read " << root_store_path; + return absl::nullopt; + } + + RootStore root_store; + if (!google::protobuf::TextFormat::ParseFromString(root_store_text, + &root_store)) { + LOG(ERROR) << "Could not parse " << root_store_path; + return absl::nullopt; + } + + // Replace the filenames with the actual certificate contents. + base::FilePath certs_dir = root_store_dir.AppendASCII("certs"); + for (auto& anchor : *root_store.mutable_trust_anchors()) { + base::FilePath pem_path = certs_dir.AppendASCII(anchor.filename()); + + if (!base::PathExists(pem_path)) { + LOG(ERROR) << "Error file does not exist: " << pem_path; + return absl::nullopt; + } + + if (base::DirectoryExists(pem_path)) { + LOG(ERROR) << "Error path is a directory: " << pem_path; + return absl::nullopt; + } + + if (!base::PathIsReadable(pem_path)) { + LOG(ERROR) << "Error file is not readable: " << pem_path; + return absl::nullopt; + } + + std::string pem; + if (!base::ReadFileToString(pem_path, &pem)) { + LOG(ERROR) << "Error reading " << pem_path; + return absl::nullopt; + } + absl::optional<std::string> der = DecodePEM(pem); + if (!der) { + LOG(ERROR) << "Error decoding " << pem_path; + return absl::nullopt; + } + anchor.clear_filename(); + anchor.set_der(*der); + } + return std::move(root_store); +} + +} // namespace + +int main(int argc, char** argv) { + base::AtExitManager at_exit_manager; + base::CommandLine::Init(argc, argv); + + logging::LoggingSettings settings; + settings.logging_dest = + logging::LOG_TO_SYSTEM_DEBUG_LOG | logging::LOG_TO_STDERR; + logging::InitLogging(settings); + + crypto::EnsureOpenSSLInit(); + + base::CommandLine& command_line = *base::CommandLine::ForCurrentProcess(); + base::FilePath proto_path = command_line.GetSwitchValuePath("write-proto"); + base::FilePath cpp_path = command_line.GetSwitchValuePath("write-cpp"); + if ((proto_path.empty() && cpp_path.empty()) || + command_line.HasSwitch("help")) { + std::cerr << "Usage: root_store_tool " + "[--root-store-dir=<relative-path>] + "[--write-proto=PROTO_FILE] " + "[--write-cpp=CPP_FILE]" + << std::endl; + return 1; + } + + // Find root store directory. Assumptions: + // - Root store directory is relative to base::DIR_SOURCE_ROOT + // + // - $(ROOT_STORE_DIR)/root_store.textproto contains the textproto definition + // of the root store + // + // - Any certificate files referenced in + // $(ROOT_STORE_DIR)/root_store.textproto exist in the + // $(ROOT_STORE_DIR)/certs/ subdirectory. + base::FilePath root_store_dir = + command_line.GetSwitchValuePath("root-store-dir"); + base::FilePath source_root; + CHECK(base::PathService::Get(base::DIR_SOURCE_ROOT, &source_root)); + if (root_store_dir.empty()) { + root_store_dir = source_root.AppendASCII("net") + .AppendASCII("data") + .AppendASCII("ssl") + .AppendASCII("chrome_root_store") + .AppendASCII("base"); + } else { + root_store_dir = source_root.Append(root_store_dir); + } + absl::optional<RootStore> root_store = ReadTextRootStore(root_store_dir); + if (!root_store) { + return 1; + } + + // TODO(https://crbug.com/1216547): Figure out how to use the serialized + // proto to support component update. + // components/resources/ssl/ssl_error_assistant/push_proto.py + // does it through a GCS bucket (I think) so that might be an option. + if (!proto_path.empty()) { + std::string serialized; + if (!root_store->SerializeToString(&serialized)) { + LOG(ERROR) << "Error serializing root store proto" + << root_store->DebugString(); + return 1; + } + if (!base::WriteFile(proto_path, serialized)) { + PLOG(ERROR) << "Error writing serialized proto root store"; + return 1; + } + } + + if (!cpp_path.empty()) { + // Root store should have at least one trust anchors. + CHECK_GT(root_store->trust_anchors_size(), 0); + + std::string string_to_write = + "// This file is auto-generated, DO NOT EDIT.\n\n" + "const ChromeRootCertInfo kChromeRootCertList[] = {\n"; + + for (auto& anchor : root_store->trust_anchors()) { + // Every trust anchor at this point should have a DER. + CHECK(!anchor.der().empty()); + std::string der = anchor.der(); + + // Begin struct. Assumed type of ChromeRootCertInfo: + // + // struct { + // base::span<const uint8_t> der; + // }; + string_to_write += " {{{"; + + // Convert each character to hex representation, escaped. + for (auto c : der) { + base::StringAppendF(&string_to_write, "0x%02xu,", + static_cast<uint8_t>(c)); + } + + // End struct + string_to_write += "}}},\n"; + } + string_to_write += "};"; + if (!base::WriteFile(cpp_path, string_to_write)) { + PLOG(ERROR) << "Error writing cpp include file"; + } + } + + return 0; +} diff --git a/chromium/net/tools/tld_cleanup/tld_cleanup_util.cc b/chromium/net/tools/tld_cleanup/tld_cleanup_util.cc index ba870b4ac42..cfbfb474aaf 100644 --- a/chromium/net/tools/tld_cleanup/tld_cleanup_util.cc +++ b/chromium/net/tools/tld_cleanup/tld_cleanup_util.cc @@ -4,9 +4,9 @@ #include "net/tools/tld_cleanup/tld_cleanup_util.h" +#include "base/cxx17_backports.h" #include "base/files/file_util.h" #include "base/logging.h" -#include "base/stl_util.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_util.h" #include "url/gurl.h" diff --git a/chromium/net/tools/transport_security_state_generator/input_file_parsers.cc b/chromium/net/tools/transport_security_state_generator/input_file_parsers.cc index 7f0ed49b323..be69b564c4f 100644 --- a/chromium/net/tools/transport_security_state_generator/input_file_parsers.cc +++ b/chromium/net/tools/transport_security_state_generator/input_file_parsers.cc @@ -345,7 +345,7 @@ bool ParseJSON(base::StringPiece json, return false; } - for (const auto& entry_value : parsed.DictItems()) { + for (auto entry_value : parsed.DictItems()) { if (!base::Contains(valid_keys, entry_value.first)) { LOG(ERROR) << "The entry for " << entry->hostname << " contains an unknown " << entry_value.first << " field"; |