diff options
| author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2020-10-06 12:48:11 +0200 |
|---|---|---|
| committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2020-10-13 09:33:43 +0000 |
| commit | 7b5b123ac58f58ffde0f4f6e488bcd09aa4decd3 (patch) | |
| tree | fa14ba0ca8d2683ba2efdabd246dc9b18a1229c6 /chromium/net | |
| parent | 79b4f909db1049fca459c07cca55af56a9b54fe3 (diff) | |
| download | qtwebengine-chromium-7b5b123ac58f58ffde0f4f6e488bcd09aa4decd3.tar.gz | |
BASELINE: Update Chromium to 84.0.4147.141
Change-Id: Ib85eb4cfa1cbe2b2b81e5022c8cad5c493969535
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Diffstat (limited to 'chromium/net')
908 files changed, 36594 insertions, 18990 deletions
diff --git a/chromium/net/BUILD.gn b/chromium/net/BUILD.gn index dd1fe1f4a35..9712bc3e46a 100644 --- a/chromium/net/BUILD.gn +++ b/chromium/net/BUILD.gn @@ -139,7 +139,6 @@ component("net") { "base/host_port_pair.cc", "base/host_port_pair.h", "base/interval.h", - "base/interval_set.h", "base/io_buffer.cc", "base/io_buffer.h", "base/ip_address.cc", @@ -446,8 +445,6 @@ component("net") { "base/host_mapping_rules.cc", "base/host_mapping_rules.h", "base/http_user_agent_settings.h", - "base/ip_pattern.cc", - "base/ip_pattern.h", "base/isolation_info.cc", "base/isolation_info.h", "base/load_flags.h", @@ -1327,16 +1324,16 @@ component("net") { "http/http_auth_sspi_win.cc", "http/http_auth_sspi_win.h", "http/url_security_manager_win.cc", - "proxy_resolution/dhcp_pac_file_adapter_fetcher_win.cc", - "proxy_resolution/dhcp_pac_file_adapter_fetcher_win.h", - "proxy_resolution/dhcp_pac_file_fetcher_win.cc", - "proxy_resolution/dhcp_pac_file_fetcher_win.h", - "proxy_resolution/dhcpcsvc_init_win.cc", - "proxy_resolution/dhcpcsvc_init_win.h", - "proxy_resolution/proxy_config_service_win.cc", - "proxy_resolution/proxy_config_service_win.h", - "proxy_resolution/proxy_resolver_winhttp.cc", - "proxy_resolution/proxy_resolver_winhttp.h", + "proxy_resolution/win/dhcp_pac_file_adapter_fetcher_win.cc", + "proxy_resolution/win/dhcp_pac_file_adapter_fetcher_win.h", + "proxy_resolution/win/dhcp_pac_file_fetcher_win.cc", + "proxy_resolution/win/dhcp_pac_file_fetcher_win.h", + "proxy_resolution/win/dhcpcsvc_init_win.cc", + "proxy_resolution/win/dhcpcsvc_init_win.h", + "proxy_resolution/win/proxy_config_service_win.cc", + "proxy_resolution/win/proxy_config_service_win.h", + "proxy_resolution/win/proxy_resolver_winhttp.cc", + "proxy_resolution/win/proxy_resolver_winhttp.h", "proxy_resolution/win/windows_system_proxy_resolution_request.cc", "proxy_resolution/win/windows_system_proxy_resolution_request.h", "proxy_resolution/win/windows_system_proxy_resolution_service.cc", @@ -1442,15 +1439,9 @@ component("net") { # These files are part of the partial implementation of NSS for # cert verification, so keep them in that case. - "cert/cert_verify_proc_nss.cc", - "cert/cert_verify_proc_nss.h", "cert/test_root_certs_nss.cc", "cert/x509_util_nss.cc", "cert/x509_util_nss.h", - "cert_net/nss_ocsp.cc", - "cert_net/nss_ocsp.h", - "cert_net/nss_ocsp_session_url_request.cc", - "cert_net/nss_ocsp_session_url_request.h", ] if (!is_chromecast) { sources += [ @@ -1961,6 +1952,8 @@ bundle_data("test_support_bundle_data") { "data/ssl/certificates/duplicate_cn_2.pem", "data/ssl/certificates/eku-test-root.pem", "data/ssl/certificates/empty_subject_cert.der", + "data/ssl/certificates/ev_test.pem", + "data/ssl/certificates/ev_test_state_only.pem", "data/ssl/certificates/expired_cert.pem", "data/ssl/certificates/explicit-policy-chain.pem", "data/ssl/certificates/foaf.me.chromium-test-cert.der", @@ -2187,10 +2180,10 @@ static_library("test_support") { "test/net_test_suite.h", "test/quic_simple_test_server.cc", "test/quic_simple_test_server.h", + "test/revocation_builder.cc", + "test/revocation_builder.h", "test/scoped_disable_exit_on_dfatal.cc", "test/scoped_disable_exit_on_dfatal.h", - "test/tcp_socket_proxy.cc", - "test/tcp_socket_proxy.h", "test/test_certificate_data.h", "test/test_data_directory.cc", "test/test_data_directory.h", @@ -2271,8 +2264,6 @@ static_library("test_support") { sources += [ "test/spawned_test_server/remote_test_server.cc", "test/spawned_test_server/remote_test_server.h", - "test/spawned_test_server/remote_test_server_config.cc", - "test/spawned_test_server/remote_test_server_config.h", "test/spawned_test_server/remote_test_server_spawner_request.cc", "test/spawned_test_server/remote_test_server_spawner_request.h", ] @@ -2643,6 +2634,7 @@ source_set("quic_test_tools") { "quic/platform/impl/quic_test_output_impl.h", "quic/test_task_runner.cc", "quic/test_task_runner.h", + "third_party/quiche/src/quic/test_tools/test_ticket_crypter.cc", ] deps = [ ":net", @@ -2692,6 +2684,7 @@ source_set("simple_quic_tools") { ":net", "//base", "//base/third_party/dynamic_annotations", + "//net/third_party/quiche:simple_quic_tools_core", "//third_party/protobuf:protobuf_lite", "//url", ] @@ -4128,11 +4121,9 @@ test("net_unittests") { "base/hex_utils_test.cc", "base/host_mapping_rules_unittest.cc", "base/host_port_pair_unittest.cc", - "base/interval_set_test.cc", "base/interval_test.cc", "base/ip_address_unittest.cc", "base/ip_endpoint_unittest.cc", - "base/ip_pattern_unittest.cc", "base/isolation_info_unittest.cc", "base/lookup_string_in_fixed_set_unittest.cc", "base/mime_sniffer_unittest.cc", @@ -4287,6 +4278,7 @@ test("net_unittests") { "http/http_vary_data_unittest.cc", "http/mock_allow_http_auth_preferences.cc", "http/mock_allow_http_auth_preferences.h", + "http/structured_headers_generated_unittest.cc", "http/structured_headers_unittest.cc", "http/transport_security_persister_unittest.cc", "http/transport_security_state_unittest.cc", @@ -4417,7 +4409,6 @@ test("net_unittests") { "test/embedded_test_server/http_request_unittest.cc", "test/embedded_test_server/http_response_unittest.cc", "test/run_all_unittests.cc", - "test/tcp_socket_proxy_unittest.cc", "third_party/nist-pkits/pkits_testcases-inl.h", "third_party/uri_template/uri_template_test.cc", "tools/content_decoder_tool/content_decoder_tool.cc", @@ -4494,9 +4485,9 @@ test("net_unittests") { "http/http_auth_sspi_win_unittest.cc", "http/mock_sspi_library_win.cc", "http/mock_sspi_library_win.h", - "proxy_resolution/dhcp_pac_file_adapter_fetcher_win_unittest.cc", - "proxy_resolution/dhcp_pac_file_fetcher_win_unittest.cc", - "proxy_resolution/proxy_config_service_win_unittest.cc", + "proxy_resolution/win/dhcp_pac_file_adapter_fetcher_win_unittest.cc", + "proxy_resolution/win/dhcp_pac_file_fetcher_win_unittest.cc", + "proxy_resolution/win/proxy_config_service_win_unittest.cc", "proxy_resolution/win/windows_system_proxy_resolution_service_unittest.cc", "ssl/client_cert_store_win_unittest.cc", "ssl/ssl_platform_key_win_unittest.cc", @@ -4643,7 +4634,6 @@ test("net_unittests") { "cert/internal/trust_store_nss_unittest.cc", "cert/nss_cert_database_unittest.cc", "cert/x509_util_nss_unittest.cc", - "cert_net/nss_ocsp_unittest.cc", ] if (!is_chromecast) { sources += [ @@ -4928,6 +4918,26 @@ fuzzer_test("disk_cache_lpm_fuzzer") { ] } +proto_library("backoff_entry_serializer_fuzzer_input") { + proto_in_dir = "//" + sources = [ "base/backoff_entry_serializer_fuzzer_input.proto" ] + link_deps = [ "//testing/libfuzzer/proto:json_proto" ] +} + +fuzzer_test("net_backoff_entry_serializer_fuzzer") { + sources = [ "base/backoff_entry_serializer_fuzzer.cc" ] + deps = [ + ":backoff_entry_serializer_fuzzer_input", + ":net_fuzzer_test_support", + ":test_support", + "//base", + "//net", + "//testing/libfuzzer/proto:json_proto", + "//testing/libfuzzer/proto:json_proto_converter", + "//third_party/libprotobuf-mutator", + ] +} + fuzzer_test("net_data_url_fuzzer") { sources = [ "base/data_url_fuzzer.cc" ] deps = [ @@ -4993,14 +5003,6 @@ fuzzer_test("net_parse_proxy_rules_fuzzer") { dict = "data/fuzzer_dictionaries/net_parse_proxy_bypass_rules_fuzzer.dict" } -fuzzer_test("net_parse_ip_pattern_fuzzer") { - sources = [ "base/parse_ip_pattern_fuzzer.cc" ] - deps = [ - ":net_fuzzer_test_support", - "//net", - ] -} - fuzzer_test("net_get_domain_and_registry_fuzzer") { sources = [ "base/registry_controlled_domains/get_domain_and_registry_fuzzer.cc" ] diff --git a/chromium/net/android/BUILD.gn b/chromium/net/android/BUILD.gn index fd5ad1c21db..8547015246c 100644 --- a/chromium/net/android/BUILD.gn +++ b/chromium/net/android/BUILD.gn @@ -33,7 +33,7 @@ android_library("net_java") { "//base:base_java", "//base:jni_java", "//third_party/android_deps:androidx_annotation_annotation_java", - "//third_party/jsr-305:jsr_305_javalib", + "//third_party/android_deps:com_google_code_findbugs_jsr305_java", ] annotation_processor_deps = [ "//base/android/jni_generator:jni_processor" ] srcjar_deps = [ @@ -169,6 +169,7 @@ android_library("net_javatests") { "javatests/src/org/chromium/net/AndroidNetworkLibraryTestUtil.java", "javatests/src/org/chromium/net/AndroidProxyConfigServiceTestUtil.java", "javatests/src/org/chromium/net/AndroidProxySelectorTest.java", + "javatests/src/org/chromium/net/EmbeddedTestServerTest.java", "javatests/src/org/chromium/net/HttpUtilTest.java", "javatests/src/org/chromium/net/MimeTypeFilterTest.java", "javatests/src/org/chromium/net/NetErrorsTest.java", diff --git a/chromium/net/android/keystore.cc b/chromium/net/android/keystore.cc index a3e577f3a02..b6f2722a9ac 100644 --- a/chromium/net/android/keystore.cc +++ b/chromium/net/android/keystore.cc @@ -9,7 +9,7 @@ #include "base/android/jni_android.h" #include "base/android/jni_array.h" #include "base/android/jni_string.h" -#include "base/logging.h" +#include "base/check.h" #include "net/net_jni_headers/AndroidKeyStore_jni.h" using base::android::AttachCurrentThread; diff --git a/chromium/net/android/network_change_notifier_delegate_android.cc b/chromium/net/android/network_change_notifier_delegate_android.cc index b5fbd2f0389..e6e0dacb401 100644 --- a/chromium/net/android/network_change_notifier_delegate_android.cc +++ b/chromium/net/android/network_change_notifier_delegate_android.cc @@ -5,7 +5,8 @@ #include "net/android/network_change_notifier_delegate_android.h" #include "base/android/jni_array.h" -#include "base/logging.h" +#include "base/check.h" +#include "base/notreached.h" #include "net/android/network_change_notifier_android.h" #include "net/net_jni_headers/NetworkChangeNotifier_jni.h" diff --git a/chromium/net/android/network_library.cc b/chromium/net/android/network_library.cc index 5b9ac4e582e..0df97016a51 100644 --- a/chromium/net/android/network_library.cc +++ b/chromium/net/android/network_library.cc @@ -8,7 +8,7 @@ #include "base/android/jni_array.h" #include "base/android/jni_string.h" #include "base/android/scoped_java_ref.h" -#include "base/logging.h" +#include "base/check_op.h" #include "net/dns/public/dns_protocol.h" #include "net/net_jni_headers/AndroidNetworkLibrary_jni.h" #include "net/net_jni_headers/DnsStatus_jni.h" diff --git a/chromium/net/base/address_family.cc b/chromium/net/base/address_family.cc index deff1157810..6e0bc676252 100644 --- a/chromium/net/base/address_family.cc +++ b/chromium/net/base/address_family.cc @@ -4,7 +4,7 @@ #include "net/base/address_family.h" -#include "base/logging.h" +#include "base/notreached.h" #include "net/base/ip_address.h" #include "net/base/sys_addrinfo.h" diff --git a/chromium/net/base/backoff_entry.cc b/chromium/net/base/backoff_entry.cc index db70d42726e..c0307bf2220 100644 --- a/chromium/net/base/backoff_entry.cc +++ b/chromium/net/base/backoff_entry.cc @@ -8,7 +8,7 @@ #include <cmath> #include <limits> -#include "base/logging.h" +#include "base/check_op.h" #include "base/numerics/safe_math.h" #include "base/rand_util.h" #include "base/time/tick_clock.h" diff --git a/chromium/net/base/backoff_entry_serializer_fuzzer.cc b/chromium/net/base/backoff_entry_serializer_fuzzer.cc new file mode 100644 index 00000000000..d66eacbd443 --- /dev/null +++ b/chromium/net/base/backoff_entry_serializer_fuzzer.cc @@ -0,0 +1,141 @@ +// Copyright 2020 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <stddef.h> +#include <stdint.h> + +#include <memory> + +#include "base/json/json_reader.h" +#include "base/optional.h" +#include "base/strings/string_piece_forward.h" +#include "base/time/time.h" +#include "net/base/backoff_entry.h" +#include "net/base/backoff_entry_serializer.h" +#include "net/base/backoff_entry_serializer_fuzzer_input.pb.h" +#include "testing/libfuzzer/proto/json_proto_converter.h" +#include "testing/libfuzzer/proto/lpm_interface.h" + +namespace net { + +namespace { +struct Environment { + Environment() { logging::SetMinLogLevel(logging::LOG_ERROR); } +}; + +class ProtoTranslator { + public: + explicit ProtoTranslator(const fuzz_proto::FuzzerInput& input) + : input_(input) {} + + BackoffEntry::Policy policy() const { + return PolicyFromProto(input_.policy()); + } + base::Time parse_time() const { return TimeFromProto(input_.parse_time()); } + base::Time serialize_time() const { + return TimeFromProto(input_.serialize_time()); + } + + base::Optional<base::Value> serialized_entry() const { + json_proto::JsonProtoConverter converter; + std::string json_array = converter.Convert(input_.serialized_entry()); + base::Optional<base::Value> value = base::JSONReader::Read(json_array); + return value; + } + + private: + const fuzz_proto::FuzzerInput& input_; + + static BackoffEntry::Policy PolicyFromProto( + const fuzz_proto::BackoffEntryPolicy& policy) { + return BackoffEntry::Policy{ + .num_errors_to_ignore = policy.num_errors_to_ignore(), + .initial_delay_ms = policy.initial_delay_ms(), + .multiply_factor = policy.multiply_factor(), + .jitter_factor = policy.jitter_factor(), + .maximum_backoff_ms = policy.maximum_backoff_ms(), + .entry_lifetime_ms = policy.entry_lifetime_ms(), + .always_use_initial_delay = policy.always_use_initial_delay(), + }; + } + + static base::Time TimeFromProto(uint64_t raw_time) { + return base::Time() + base::TimeDelta::FromMicroseconds(raw_time); + } +}; + +// Tests the "deserialize-reserialize" property. Deserializes a BackoffEntry +// from JSON, reserializes it, and checks that the JSON values match. +void TestDeserialize(const ProtoTranslator& translator) { + // Attempt to convert the json_proto.ArrayValue to a base::Value. + base::Optional<base::Value> value = translator.serialized_entry(); + if (!value) + return; + DCHECK(value->is_list()); + + BackoffEntry::Policy policy = translator.policy(); + + // Attempt to deserialize a BackoffEntry. + std::unique_ptr<BackoffEntry> entry = + BackoffEntrySerializer::DeserializeFromValue(*value, &policy, nullptr, + translator.parse_time()); + if (!entry) + return; + + // Serializing |entry| it should recreate the original JSON input! + std::unique_ptr<base::Value> reserialized = + BackoffEntrySerializer::SerializeToValue(*entry, + translator.serialize_time()); + CHECK(reserialized); + CHECK_EQ(*reserialized, *value); +} + +// Tests the "serialize-deserialize" property. Serializes an arbitrary +// BackoffEntry to JSON, deserializes to another BackoffEntry, and checks +// equality of the two entries. Our notion of equality is *very weak* and needs +// improvement. +void TestSerialize(const ProtoTranslator& translator) { + BackoffEntry::Policy policy = translator.policy(); + + // Serialize the BackoffEntry. + BackoffEntry native_entry(&policy); + std::unique_ptr<base::Value> serialized = + BackoffEntrySerializer::SerializeToValue(native_entry, + translator.serialize_time()); + CHECK(serialized); + + // Deserialize it. + std::unique_ptr<BackoffEntry> deserialized_entry = + BackoffEntrySerializer::DeserializeFromValue( + *serialized, &policy, nullptr, translator.parse_time()); + // Even though SerializeToValue was successful, we're not guaranteed to have a + // |deserialized_entry|. One reason deserialization may fail is if the parsed + // |absolute_release_time_us| is below zero. + if (!deserialized_entry) + return; + + // TODO(dmcardle) Develop a stronger equality check for BackoffEntry. + + // Note that while |BackoffEntry::GetReleaseTime| looks like an accessor, it + // returns a |value that is computed based on a random double, so it's not + // suitable for CHECK_EQ here. See |BackoffEntry::CalculateReleaseTime|. + + CHECK_EQ(native_entry.failure_count(), deserialized_entry->failure_count()); +} +} // namespace + +DEFINE_PROTO_FUZZER(const fuzz_proto::FuzzerInput& input) { + static Environment env; + + // Print the entire |input| protobuf if asked. + if (getenv("LPM_DUMP_NATIVE_INPUT")) { + std::cout << "input: " << input.DebugString(); + } + + ProtoTranslator translator(input); + TestSerialize(translator); + TestDeserialize(translator); +} + +} // namespace net diff --git a/chromium/net/base/backoff_entry_serializer_fuzzer_input.proto b/chromium/net/base/backoff_entry_serializer_fuzzer_input.proto new file mode 100644 index 00000000000..d92f72eca9b --- /dev/null +++ b/chromium/net/base/backoff_entry_serializer_fuzzer_input.proto @@ -0,0 +1,29 @@ +// Copyright 2020 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +syntax = "proto2"; + +package fuzz_proto; + +import "testing/libfuzzer/proto/json.proto"; + +message FuzzerInput { + // Using int64 to match base::Time's internal representation. + required int64 parse_time = 1; + required int64 serialize_time = 2; + required BackoffEntryPolicy policy = 3; + required json_proto.ArrayValue serialized_entry = 4; +} + +// Input for the fuzzer to try serializing a BackoffEntry. +// Keep aligned with |net::BackoffEntry::Policy|. +message BackoffEntryPolicy { + required int64 num_errors_to_ignore = 1; + required int64 initial_delay_ms = 2; + required double multiply_factor = 3; + required double jitter_factor = 4; + required int64 maximum_backoff_ms = 5; + required int64 entry_lifetime_ms = 6; + required bool always_use_initial_delay = 7; +}
\ No newline at end of file diff --git a/chromium/net/base/backoff_entry_serializer_unittest.cc b/chromium/net/base/backoff_entry_serializer_unittest.cc index 748e22681a5..8fcf6549c19 100644 --- a/chromium/net/base/backoff_entry_serializer_unittest.cc +++ b/chromium/net/base/backoff_entry_serializer_unittest.cc @@ -4,7 +4,6 @@ #include "net/base/backoff_entry.h" -#include "base/logging.h" #include "base/macros.h" #include "base/time/tick_clock.h" #include "base/values.h" diff --git a/chromium/net/base/chunked_upload_data_stream.cc b/chromium/net/base/chunked_upload_data_stream.cc index f4db7d73a60..a3a63d9790a 100644 --- a/chromium/net/base/chunked_upload_data_stream.cc +++ b/chromium/net/base/chunked_upload_data_stream.cc @@ -4,7 +4,7 @@ #include "net/base/chunked_upload_data_stream.h" -#include "base/logging.h" +#include "base/check_op.h" #include "base/memory/ptr_util.h" #include "net/base/io_buffer.h" #include "net/base/net_errors.h" diff --git a/chromium/net/base/data_url_fuzzer.cc b/chromium/net/base/data_url_fuzzer.cc index 237c794f16d..39afc0383f7 100644 --- a/chromium/net/base/data_url_fuzzer.cc +++ b/chromium/net/base/data_url_fuzzer.cc @@ -11,7 +11,7 @@ #include <string> -#include "base/logging.h" +#include "base/check_op.h" #include "base/memory/ref_counted.h" #include "net/base/net_errors.h" #include "net/http/http_response_headers.h" diff --git a/chromium/net/base/datagram_buffer.cc b/chromium/net/base/datagram_buffer.cc index 922d8486efe..ecb1e73cabe 100644 --- a/chromium/net/base/datagram_buffer.cc +++ b/chromium/net/base/datagram_buffer.cc @@ -3,6 +3,9 @@ // found in the LICENSE file. #include "net/base/datagram_buffer.h" + +#include <cstring> + #include "net/third_party/quiche/src/quic/platform/api/quic_ptr_util.h" namespace net { diff --git a/chromium/net/base/directory_lister.cc b/chromium/net/base/directory_lister.cc index 046a1b321ee..acab43d83e1 100644 --- a/chromium/net/base/directory_lister.cc +++ b/chromium/net/base/directory_lister.cc @@ -8,11 +8,12 @@ #include <utility> #include "base/bind.h" +#include "base/check.h" #include "base/files/file_enumerator.h" #include "base/files/file_util.h" #include "base/i18n/file_util_icu.h" #include "base/location.h" -#include "base/logging.h" +#include "base/notreached.h" #include "base/task/post_task.h" #include "base/task/thread_pool.h" #include "base/task_runner.h" diff --git a/chromium/net/base/elements_upload_data_stream.cc b/chromium/net/base/elements_upload_data_stream.cc index 5cc6590811f..70b9e2bf66a 100644 --- a/chromium/net/base/elements_upload_data_stream.cc +++ b/chromium/net/base/elements_upload_data_stream.cc @@ -5,7 +5,7 @@ #include "net/base/elements_upload_data_stream.h" #include "base/bind.h" -#include "base/logging.h" +#include "base/check_op.h" #include "net/base/io_buffer.h" #include "net/base/net_errors.h" #include "net/base/upload_bytes_element_reader.h" diff --git a/chromium/net/base/escape.cc b/chromium/net/base/escape.cc index 7675c714c2f..94cee5b9f5d 100644 --- a/chromium/net/base/escape.cc +++ b/chromium/net/base/escape.cc @@ -4,7 +4,7 @@ #include "net/base/escape.h" -#include "base/logging.h" +#include "base/check_op.h" #include "base/stl_util.h" #include "base/strings/string_util.h" #include "base/strings/utf_string_conversion_utils.h" diff --git a/chromium/net/base/features.cc b/chromium/net/base/features.cc index 46b4562c621..b6b6c2dedd5 100644 --- a/chromium/net/base/features.cc +++ b/chromium/net/base/features.cc @@ -11,6 +11,21 @@ namespace features { const base::Feature kAcceptLanguageHeader{"AcceptLanguageHeader", base::FEATURE_ENABLED_BY_DEFAULT}; +const base::Feature kDnsHttpssvc{"DnsHttpssvc", + base::FEATURE_DISABLED_BY_DEFAULT}; + +const base::FeatureParam<bool> kDnsHttpssvcUseHttpssvc{ + &kDnsHttpssvc, "DnsHttpssvcUseHttpssvc", false}; + +const base::FeatureParam<bool> kDnsHttpssvcUseIntegrity{ + &kDnsHttpssvc, "DnsHttpssvcUseIntegrity", false}; + +const base::FeatureParam<int> kDnsHttpssvcExtraTimeMs{ + &kDnsHttpssvc, "DnsHttpssvcExtraTimeMs", 10}; + +const base::FeatureParam<int> kDnsHttpssvcExtraTimePercent{ + &kDnsHttpssvc, "DnsHttpssvcExtraTimePercent", 5}; + const base::Feature kEnableTLS13EarlyData{"EnableTLS13EarlyData", base::FEATURE_DISABLED_BY_DEFAULT}; @@ -90,14 +105,8 @@ const base::Feature kBlockExternalRequestsFromNonSecureInitiators{ base::FEATURE_DISABLED_BY_DEFAULT}; #if BUILDFLAG(BUILTIN_CERT_VERIFIER_FEATURE_SUPPORTED) -const base::Feature kCertVerifierBuiltinFeature { - "CertVerifierBuiltin", -#if defined(OS_CHROMEOS) || defined(OS_LINUX) - base::FEATURE_ENABLED_BY_DEFAULT -#else - base::FEATURE_DISABLED_BY_DEFAULT -#endif -}; +const base::Feature kCertVerifierBuiltinFeature{ + "CertVerifierBuiltin", base::FEATURE_DISABLED_BY_DEFAULT}; #endif const base::Feature kAppendFrameOriginToNetworkIsolationKey{ diff --git a/chromium/net/base/features.h b/chromium/net/base/features.h index 2214b6541c9..b6b2a4cccf7 100644 --- a/chromium/net/base/features.h +++ b/chromium/net/base/features.h @@ -20,6 +20,27 @@ NET_EXPORT extern const base::Feature kAcceptLanguageHeader; // Enables TLS 1.3 early data. NET_EXPORT extern const base::Feature kEnableTLS13EarlyData; +// Enables DNS queries for HTTPSSVC or INTEGRITY records, depending on feature +// parameters. These queries will only be made over DoH. HTTPSSVC responses may +// cause us to upgrade the URL to HTTPS and/or to attempt QUIC. +NET_EXPORT extern const base::Feature kDnsHttpssvc; + +// Determine which kind of record should be queried: HTTPSSVC or INTEGRITY. No +// more than one of these feature parameters should be enabled at once. In the +// event that both are enabled, |kDnsHttpssvcUseIntegrity| takes priority, and +// |kDnsHttpssvcUseHttpssvc| will be ignored. +NET_EXPORT extern const base::FeatureParam<bool> kDnsHttpssvcUseHttpssvc; +NET_EXPORT extern const base::FeatureParam<bool> kDnsHttpssvcUseIntegrity; + +// If we are still waiting for an HTTPSSVC or INTEGRITY query after all the +// other queries in a DnsTask have completed, we will compute a timeout for the +// remaining query. The timeout will be the min of: +// (a) |kDnsHttpssvcExtraTimeMs.Get()| +// (b) |kDnsHttpssvcExtraTimePercent.Get() / 100 * t|, where |t| is the +// number of milliseconds since the first query began. +NET_EXPORT extern const base::FeatureParam<int> kDnsHttpssvcExtraTimeMs; +NET_EXPORT extern const base::FeatureParam<int> kDnsHttpssvcExtraTimePercent; + // Enables optimizing the network quality estimation algorithms in network // quality estimator (NQE). NET_EXPORT extern const base::Feature kNetworkQualityEstimator; diff --git a/chromium/net/base/file_stream_context.h b/chromium/net/base/file_stream_context.h index d7ba39bc317..dcd5b3fae1a 100644 --- a/chromium/net/base/file_stream_context.h +++ b/chromium/net/base/file_stream_context.h @@ -62,8 +62,8 @@ class FileStream::Context { // file_stream_context_{win,posix}.cc. //////////////////////////////////////////////////////////////////////////// - explicit Context(const scoped_refptr<base::TaskRunner>& task_runner); - Context(base::File file, const scoped_refptr<base::TaskRunner>& task_runner); + explicit Context(scoped_refptr<base::TaskRunner> task_runner); + Context(base::File file, scoped_refptr<base::TaskRunner> task_runner); #if defined(OS_WIN) ~Context() override; #elif defined(OS_POSIX) || defined(OS_FUCHSIA) @@ -172,7 +172,7 @@ class FileStream::Context { // Deletes an orphaned context. void DeleteOrphanedContext(); - // The ReadFile call on Windows can execute synchonously at times. + // The ReadFile call on Windows can execute synchronously at times. // http://support.microsoft.com/kb/156932. This ends up blocking the calling // thread which is undesirable. To avoid this we execute the ReadFile call // on a worker thread. @@ -217,10 +217,10 @@ class FileStream::Context { #endif // defined(OS_WIN) base::File file_; - bool async_in_progress_; + bool async_in_progress_ = false; - bool orphaned_; - scoped_refptr<base::TaskRunner> task_runner_; + bool orphaned_ = false; + const scoped_refptr<base::TaskRunner> task_runner_; #if defined(OS_WIN) base::MessagePumpForIO::IOContext io_context_; @@ -228,16 +228,16 @@ class FileStream::Context { scoped_refptr<IOBuffer> in_flight_buf_; // This flag is set to true when we receive a Read request which is queued to // the thread pool. - bool async_read_initiated_; + bool async_read_initiated_ = false; // This flag is set to true when we receive a notification ReadAsyncResult() // on the calling thread which indicates that the asynchronous Read // operation is complete. - bool async_read_completed_; + bool async_read_completed_ = false; // This flag is set to true when we receive an IO completion notification for - // an asynchonously initiated Read operaton. OnIOComplete(). - bool io_complete_for_read_received_; + // an asynchronously initiated Read operation. OnIOComplete(). + bool io_complete_for_read_received_ = false; // Tracks the result of the IO completion operation. Set in OnIOComplete. - int result_; + int result_ = 0; #endif DISALLOW_COPY_AND_ASSIGN(Context); diff --git a/chromium/net/base/file_stream_context_posix.cc b/chromium/net/base/file_stream_context_posix.cc index b15c6511aca..17af1b948ab 100644 --- a/chromium/net/base/file_stream_context_posix.cc +++ b/chromium/net/base/file_stream_context_posix.cc @@ -10,9 +10,9 @@ #include "base/bind.h" #include "base/bind_helpers.h" #include "base/callback.h" +#include "base/check.h" #include "base/files/file_path.h" #include "base/location.h" -#include "base/logging.h" #include "base/posix/eintr_wrapper.h" #include "base/task_runner.h" #include "base/task_runner_util.h" @@ -21,18 +21,12 @@ namespace net { -FileStream::Context::Context(const scoped_refptr<base::TaskRunner>& task_runner) - : async_in_progress_(false), - orphaned_(false), - task_runner_(task_runner) { -} +FileStream::Context::Context(scoped_refptr<base::TaskRunner> task_runner) + : Context(base::File(), std::move(task_runner)) {} FileStream::Context::Context(base::File file, - const scoped_refptr<base::TaskRunner>& task_runner) - : file_(std::move(file)), - async_in_progress_(false), - orphaned_(false), - task_runner_(task_runner) {} + scoped_refptr<base::TaskRunner> task_runner) + : file_(std::move(file)), task_runner_(std::move(task_runner)) {} FileStream::Context::~Context() = default; diff --git a/chromium/net/base/file_stream_context_win.cc b/chromium/net/base/file_stream_context_win.cc index 7ded4baa9e7..b1680d1bdfb 100644 --- a/chromium/net/base/file_stream_context_win.cc +++ b/chromium/net/base/file_stream_context_win.cc @@ -38,25 +38,14 @@ void IncrementOffset(OVERLAPPED* overlapped, DWORD count) { } // namespace -FileStream::Context::Context(const scoped_refptr<base::TaskRunner>& task_runner) - : async_in_progress_(false), - orphaned_(false), - task_runner_(task_runner), - async_read_initiated_(false), - async_read_completed_(false), - io_complete_for_read_received_(false), - result_(0) {} +FileStream::Context::Context(scoped_refptr<base::TaskRunner> task_runner) + : Context(base::File(), std::move(task_runner)) {} FileStream::Context::Context(base::File file, - const scoped_refptr<base::TaskRunner>& task_runner) - : file_(std::move(file)), - async_in_progress_(false), - orphaned_(false), - task_runner_(task_runner), - async_read_initiated_(false), - async_read_completed_(false), - io_complete_for_read_received_(false), - result_(0) { + scoped_refptr<base::TaskRunner> task_runner) + : base::MessagePumpForIO::IOHandler(FROM_HERE), + file_(std::move(file)), + task_runner_(std::move(task_runner)) { if (file_.IsValid()) { DCHECK(file_.async()); OnFileOpened(); diff --git a/chromium/net/base/hash_value.cc b/chromium/net/base/hash_value.cc index db59cfd4f13..c4af8d59c89 100644 --- a/chromium/net/base/hash_value.cc +++ b/chromium/net/base/hash_value.cc @@ -8,7 +8,8 @@ #include <algorithm> #include "base/base64.h" -#include "base/logging.h" +#include "base/check_op.h" +#include "base/notreached.h" #include "base/strings/string_split.h" #include "base/strings/string_util.h" #include "crypto/sha2.h" diff --git a/chromium/net/base/host_port_pair_unittest.cc b/chromium/net/base/host_port_pair_unittest.cc index 4300c2bfee7..1f9a9f90d0b 100644 --- a/chromium/net/base/host_port_pair_unittest.cc +++ b/chromium/net/base/host_port_pair_unittest.cc @@ -4,7 +4,6 @@ #include "net/base/host_port_pair.h" -#include "base/logging.h" #include "net/test/gtest_util.h" #include "testing/gtest/include/gtest/gtest.h" diff --git a/chromium/net/base/interval_set.h b/chromium/net/base/interval_set.h deleted file mode 100644 index 60c6880b375..00000000000 --- a/chromium/net/base/interval_set.h +++ /dev/null @@ -1,858 +0,0 @@ -// Copyright 2015 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. -// -// IntervalSet<T> is a data structure used to represent a sorted set of -// non-empty, non-adjacent, and mutually disjoint intervals. Mutations to an -// interval set preserve these properties, altering the set as needed. For -// example, adding [2, 3) to a set containing only [1, 2) would result in the -// set containing the single interval [1, 3). -// -// Supported operations include testing whether an Interval is contained in the -// IntervalSet, comparing two IntervalSets, and performing IntervalSet union, -// intersection, and difference. -// -// IntervalSet maintains the minimum number of entries needed to represent the -// set of underlying intervals. When the IntervalSet is modified (e.g. due to an -// Add operation), other interval entries may be coalesced, removed, or -// otherwise modified in order to maintain this invariant. The intervals are -// maintained in sorted order, by ascending min() value. -// -// The reader is cautioned to beware of the terminology used here: this library -// uses the terms "min" and "max" rather than "begin" and "end" as is -// conventional for the STL. The terminology [min, max) refers to the half-open -// interval which (if the interval is not empty) contains min but does not -// contain max. An interval is considered empty if min >= max. -// -// T is required to be default- and copy-constructible, to have an assignment -// operator, a difference operator (operator-()), and the full complement of -// comparison operators (<, <=, ==, !=, >=, >). These requirements are inherited -// from Interval<T>. -// -// IntervalSet has constant-time move operations. -// -// This class is thread-compatible if T is thread-compatible. (See -// go/thread-compatible). -// -// Examples: -// IntervalSet<int> intervals; -// intervals.Add(Interval<int>(10, 20)); -// intervals.Add(Interval<int>(30, 40)); -// // intervals contains [10,20) and [30,40). -// intervals.Add(Interval<int>(15, 35)); -// // intervals has been coalesced. It now contains the single range [10,40). -// EXPECT_EQ(1, intervals.Size()); -// EXPECT_TRUE(intervals.Contains(Interval<int>(10, 40))); -// -// intervals.Difference(Interval<int>(10, 20)); -// // intervals should now contain the single range [20, 40). -// EXPECT_EQ(1, intervals.Size()); -// EXPECT_TRUE(intervals.Contains(Interval<int>(20, 40))); - -#ifndef NET_BASE_INTERVAL_SET_H_ -#define NET_BASE_INTERVAL_SET_H_ - -#include <stddef.h> - -#include <algorithm> -#include <ostream> -#include <set> -#include <string> -#include <utility> -#include <vector> - -#include "base/logging.h" -#include "net/base/interval.h" - -namespace net { - -template <typename T> -class IntervalSet { - private: - struct IntervalComparator { - bool operator()(const Interval<T>& a, const Interval<T>& b) const; - }; - typedef std::set<Interval<T>, IntervalComparator> Set; - - public: - typedef typename Set::value_type value_type; - typedef typename Set::const_iterator const_iterator; - typedef typename Set::const_reverse_iterator const_reverse_iterator; - - // Instantiates an empty IntervalSet. - IntervalSet() {} - - // Instantiates an IntervalSet containing exactly one initial half-open - // interval [min, max), unless the given interval is empty, in which case the - // IntervalSet will be empty. - explicit IntervalSet(const Interval<T>& interval) { Add(interval); } - - // Instantiates an IntervalSet containing the half-open interval [min, max). - IntervalSet(const T& min, const T& max) { Add(min, max); } - -// TODO(rtenneti): Implement after suupport for std::initializer_list. -#if 0 - IntervalSet(std::initializer_list<value_type> il) { assign(il); } -#endif - - // Clears this IntervalSet. - void Clear() { intervals_.clear(); } - - // Returns the number of disjoint intervals contained in this IntervalSet. - size_t Size() const { return intervals_.size(); } - - // Returns the smallest interval that contains all intervals in this - // IntervalSet, or the empty interval if the set is empty. - Interval<T> SpanningInterval() const; - - // Adds "interval" to this IntervalSet. Adding the empty interval has no - // effect. - void Add(const Interval<T>& interval); - - // Adds the interval [min, max) to this IntervalSet. Adding the empty interval - // has no effect. - void Add(const T& min, const T& max) { Add(Interval<T>(min, max)); } - - // DEPRECATED(kosak). Use Union() instead. This method merges all of the - // values contained in "other" into this IntervalSet. - void Add(const IntervalSet& other); - - // Returns true if this IntervalSet represents exactly the same set of - // intervals as the ones represented by "other". - bool Equals(const IntervalSet& other) const; - - // Returns true if this IntervalSet is empty. - bool Empty() const { return intervals_.empty(); } - - // Returns true if any interval in this IntervalSet contains the indicated - // value. - bool Contains(const T& value) const; - - // Returns true if there is some interval in this IntervalSet that wholly - // contains the given interval. An interval O "wholly contains" a non-empty - // interval I if O.Contains(p) is true for every p in I. This is the same - // definition used by Interval<T>::Contains(). This method returns false on - // the empty interval, due to a (perhaps unintuitive) convention inherited - // from Interval<T>. - // Example: - // Assume an IntervalSet containing the entries { [10,20), [30,40) }. - // Contains(Interval(15, 16)) returns true, because [10,20) contains - // [15,16). However, Contains(Interval(15, 35)) returns false. - bool Contains(const Interval<T>& interval) const; - - // Returns true if for each interval in "other", there is some (possibly - // different) interval in this IntervalSet which wholly contains it. See - // Contains(const Interval<T>& interval) for the meaning of "wholly contains". - // Perhaps unintuitively, this method returns false if "other" is the empty - // set. The algorithmic complexity of this method is O(other.Size() * - // log(this->Size())), which is not efficient. The method could be rewritten - // to run in O(other.Size() + this->Size()). - bool Contains(const IntervalSet<T>& other) const; - - // Returns true if there is some interval in this IntervalSet that wholly - // contains the interval [min, max). See Contains(const Interval<T>&). - bool Contains(const T& min, const T& max) const { - return Contains(Interval<T>(min, max)); - } - - // Returns true if for some interval in "other", there is some interval in - // this IntervalSet that intersects with it. See Interval<T>::Intersects() - // for the definition of interval intersection. - bool Intersects(const IntervalSet& other) const; - - // Returns an iterator to the Interval<T> in the IntervalSet that contains the - // given value. In other words, returns an iterator to the unique interval - // [min, max) in the IntervalSet that has the property min <= value < max. If - // there is no such interval, this method returns end(). - const_iterator Find(const T& value) const; - - // Returns an iterator to the Interval<T> in the IntervalSet that wholly - // contains the given interval. In other words, returns an iterator to the - // unique interval outer in the IntervalSet that has the property that - // outer.Contains(interval). If there is no such interval, or if interval is - // empty, returns end(). - const_iterator Find(const Interval<T>& interval) const; - - // Returns an iterator to the Interval<T> in the IntervalSet that wholly - // contains [min, max). In other words, returns an iterator to the unique - // interval outer in the IntervalSet that has the property that - // outer.Contains(Interval<T>(min, max)). If there is no such interval, or if - // interval is empty, returns end(). - const_iterator Find(const T& min, const T& max) const { - return Find(Interval<T>(min, max)); - } - - // Returns true if every value within the passed interval is not Contained - // within the IntervalSet. - bool IsDisjoint(const Interval<T>& interval) const; - - // Merges all the values contained in "other" into this IntervalSet. - void Union(const IntervalSet& other); - - // Modifies this IntervalSet so that it contains only those values that are - // currently present both in *this and in the IntervalSet "other". - void Intersection(const IntervalSet& other); - - // Mutates this IntervalSet so that it contains only those values that are - // currently in *this but not in "interval". - void Difference(const Interval<T>& interval); - - // Mutates this IntervalSet so that it contains only those values that are - // currently in *this but not in the interval [min, max). - void Difference(const T& min, const T& max); - - // Mutates this IntervalSet so that it contains only those values that are - // currently in *this but not in the IntervalSet "other". - void Difference(const IntervalSet& other); - - // Mutates this IntervalSet so that it contains only those values that are - // in [min, max) but not currently in *this. - void Complement(const T& min, const T& max); - - // IntervalSet's begin() iterator. The invariants of IntervalSet guarantee - // that for each entry e in the set, e.min() < e.max() (because the entries - // are non-empty) and for each entry f that appears later in the set, - // e.max() < f.min() (because the entries are ordered, pairwise-disjoint, and - // non-adjacent). Modifications to this IntervalSet invalidate these - // iterators. - const_iterator begin() const { return intervals_.begin(); } - - // IntervalSet's end() iterator. - const_iterator end() const { return intervals_.end(); } - - // IntervalSet's rbegin() and rend() iterators. Iterator invalidation - // semantics are the same as those for begin() / end(). - const_reverse_iterator rbegin() const { return intervals_.rbegin(); } - - const_reverse_iterator rend() const { return intervals_.rend(); } - - // Appends the intervals in this IntervalSet to the end of *out. - void Get(std::vector<Interval<T>>* out) const { - out->insert(out->end(), begin(), end()); - } - - // Copies the intervals in this IntervalSet to the given output iterator. - template <typename Iter> - Iter Get(Iter out_iter) const { - return std::copy(begin(), end(), out_iter); - } - - template <typename Iter> - void assign(Iter first, Iter last) { - Clear(); - for (; first != last; ++first) - Add(*first); - } - -// TODO(rtenneti): Implement after suupport for std::initializer_list. -#if 0 - void assign(std::initializer_list<value_type> il) { - assign(il.begin(), il.end()); - } -#endif - - // Returns a human-readable representation of this set. This will typically be - // (though is not guaranteed to be) of the form - // "[a1, b1) [a2, b2) ... [an, bn)" - // where the intervals are in the same order as given by traversal from - // begin() to end(). This representation is intended for human consumption; - // computer programs should not rely on the output being in exactly this form. - std::string ToString() const; - - // Equality for IntervalSet<T>. Delegates to Equals(). - bool operator==(const IntervalSet& other) const { return Equals(other); } - - // Inequality for IntervalSet<T>. Delegates to Equals() (and returns its - // negation). - bool operator!=(const IntervalSet& other) const { return !Equals(other); } - -// TODO(rtenneti): Implement after suupport for std::initializer_list. -#if 0 - IntervalSet& operator=(std::initializer_list<value_type> il) { - assign(il.begin(), il.end()); - return *this; - } -#endif - - // Swap this IntervalSet with *other. This is a constant-time operation. - void Swap(IntervalSet<T>* other) { intervals_.swap(other->intervals_); } - - private: - // Removes overlapping ranges and coalesces adjacent intervals as needed. - void Compact(const typename Set::iterator& begin, - const typename Set::iterator& end); - - // Returns true if this set is valid (i.e. all intervals in it are non-empty, - // non-adjacent, and mutually disjoint). Currently this is used as an - // integrity check by the Intersection() and Difference() methods, but is only - // invoked for debug builds (via DCHECK). - bool Valid() const; - - // Finds the first interval that potentially intersects 'other'. - const_iterator FindIntersectionCandidate(const IntervalSet& other) const; - - // Finds the first interval that potentially intersects 'interval'. - const_iterator FindIntersectionCandidate(const Interval<T>& interval) const; - - // Helper for Intersection() and Difference(): Finds the next pair of - // intervals from 'x' and 'y' that intersect. 'mine' is an iterator - // over x->intervals_. 'theirs' is an iterator over y.intervals_. 'mine' - // and 'theirs' are advanced until an intersecting pair is found. - // Non-intersecting intervals (aka "holes") from x->intervals_ can be - // optionally erased by "on_hole". - template <typename X, typename Func> - static bool FindNextIntersectingPairImpl(X* x, - const IntervalSet& y, - const_iterator* mine, - const_iterator* theirs, - Func on_hole); - - // The variant of the above method that doesn't mutate this IntervalSet. - bool FindNextIntersectingPair(const IntervalSet& other, - const_iterator* mine, - const_iterator* theirs) const { - return FindNextIntersectingPairImpl( - this, other, mine, theirs, - [](const IntervalSet*, const_iterator, const_iterator) {}); - } - - // The variant of the above method that mutates this IntervalSet by erasing - // holes. - bool FindNextIntersectingPairAndEraseHoles(const IntervalSet& other, - const_iterator* mine, - const_iterator* theirs) { - return FindNextIntersectingPairImpl( - this, other, mine, theirs, - [](IntervalSet* x, const_iterator from, const_iterator to) { - x->intervals_.erase(from, to); - }); - } - - // The representation for the intervals. The intervals in this set are - // non-empty, pairwise-disjoint, non-adjacent and ordered in ascending order - // by min(). - Set intervals_; -}; - -template <typename T> -std::ostream& operator<<(std::ostream& out, const IntervalSet<T>& seq); - -template <typename T> -void swap(IntervalSet<T>& x, IntervalSet<T>& y); - -//============================================================================== -// Implementation details: Clients can stop reading here. - -template <typename T> -Interval<T> IntervalSet<T>::SpanningInterval() const { - Interval<T> result; - if (!intervals_.empty()) { - result.SetMin(intervals_.begin()->min()); - result.SetMax(intervals_.rbegin()->max()); - } - return result; -} - -template <typename T> -void IntervalSet<T>::Add(const Interval<T>& interval) { - if (interval.Empty()) - return; - std::pair<typename Set::iterator, bool> ins = intervals_.insert(interval); - if (!ins.second) { - // This interval already exists. - return; - } - // Determine the minimal range that will have to be compacted. We know that - // the IntervalSet was valid before the addition of the interval, so only - // need to start with the interval itself (although Compact takes an open - // range so begin needs to be the interval to the left). We don't know how - // many ranges this interval may cover, so we need to find the appropriate - // interval to end with on the right. - typename Set::iterator begin = ins.first; - if (begin != intervals_.begin()) - --begin; - const Interval<T> target_end(interval.max(), interval.max()); - const typename Set::iterator end = intervals_.upper_bound(target_end); - Compact(begin, end); -} - -template <typename T> -void IntervalSet<T>::Add(const IntervalSet& other) { - for (const_iterator it = other.begin(); it != other.end(); ++it) { - Add(*it); - } -} - -template <typename T> -bool IntervalSet<T>::Equals(const IntervalSet& other) const { - if (intervals_.size() != other.intervals_.size()) - return false; - for (typename Set::iterator i = intervals_.begin(), - j = other.intervals_.begin(); - i != intervals_.end(); ++i, ++j) { - // Simple member-wise equality, since all intervals are non-empty. - if (i->min() != j->min() || i->max() != j->max()) - return false; - } - return true; -} - -template <typename T> -bool IntervalSet<T>::Contains(const T& value) const { - Interval<T> tmp(value, value); - // Find the first interval with min() > value, then move back one step - const_iterator it = intervals_.upper_bound(tmp); - if (it == intervals_.begin()) - return false; - --it; - return it->Contains(value); -} - -template <typename T> -bool IntervalSet<T>::Contains(const Interval<T>& interval) const { - // Find the first interval with min() > value, then move back one step. - const_iterator it = intervals_.upper_bound(interval); - if (it == intervals_.begin()) - return false; - --it; - return it->Contains(interval); -} - -template <typename T> -bool IntervalSet<T>::Contains(const IntervalSet<T>& other) const { - if (!SpanningInterval().Contains(other.SpanningInterval())) { - return false; - } - - for (const_iterator i = other.begin(); i != other.end(); ++i) { - // If we don't contain the interval, can return false now. - if (!Contains(*i)) { - return false; - } - } - return true; -} - -// This method finds the interval that Contains() "value", if such an interval -// exists in the IntervalSet. The way this is done is to locate the "candidate -// interval", the only interval that could *possibly* contain value, and test it -// using Contains(). The candidate interval is the interval with the largest -// min() having min() <= value. -// -// Determining the candidate interval takes a couple of steps. First, since the -// underlying std::set stores intervals, not values, we need to create a "probe -// interval" suitable for use as a search key. The probe interval used is -// [value, value). Now we can restate the problem as finding the largest -// interval in the IntervalSet that is <= the probe interval. -// -// This restatement only works if the set's comparator behaves in a certain way. -// In particular it needs to order first by ascending min(), and then by -// descending max(). The comparator used by this library is defined in exactly -// this way. To see why descending max() is required, consider the following -// example. Assume an IntervalSet containing these intervals: -// -// [0, 5) [10, 20) [50, 60) -// -// Consider searching for the value 15. The probe interval [15, 15) is created, -// and [10, 20) is identified as the largest interval in the set <= the probe -// interval. This is the correct interval needed for the Contains() test, which -// will then return true. -// -// Now consider searching for the value 30. The probe interval [30, 30) is -// created, and again [10, 20] is identified as the largest interval <= the -// probe interval. This is again the correct interval needed for the Contains() -// test, which in this case returns false. -// -// Finally, consider searching for the value 10. The probe interval [10, 10) is -// created. Here the ordering relationship between [10, 10) and [10, 20) becomes -// vitally important. If [10, 10) were to come before [10, 20), then [0, 5) -// would be the largest interval <= the probe, leading to the wrong choice of -// interval for the Contains() test. Therefore [10, 10) needs to come after -// [10, 20). The simplest way to make this work in the general case is to order -// by ascending min() but descending max(). In this ordering, the empty interval -// is larger than any non-empty interval with the same min(). The comparator -// used by this library is careful to induce this ordering. -// -// Another detail involves the choice of which std::set method to use to try to -// find the candidate interval. The most appropriate entry point is -// set::upper_bound(), which finds the smallest interval which is > the probe -// interval. The semantics of upper_bound() are slightly different from what we -// want (namely, to find the largest interval which is <= the probe interval) -// but they are close enough; the interval found by upper_bound() will always be -// one step past the interval we are looking for (if it exists) or at begin() -// (if it does not). Getting to the proper interval is a simple matter of -// decrementing the iterator. -template <typename T> -typename IntervalSet<T>::const_iterator IntervalSet<T>::Find( - const T& value) const { - Interval<T> tmp(value, value); - const_iterator it = intervals_.upper_bound(tmp); - if (it == intervals_.begin()) - return intervals_.end(); - --it; - if (it->Contains(value)) - return it; - else - return intervals_.end(); -} - -// This method finds the interval that Contains() the interval "probe", if such -// an interval exists in the IntervalSet. The way this is done is to locate the -// "candidate interval", the only interval that could *possibly* contain -// "probe", and test it using Contains(). The candidate interval is the largest -// interval that is <= the probe interval. -// -// The search for the candidate interval only works if the comparator used -// behaves in a certain way. In particular it needs to order first by ascending -// min(), and then by descending max(). The comparator used by this library is -// defined in exactly this way. To see why descending max() is required, -// consider the following example. Assume an IntervalSet containing these -// intervals: -// -// [0, 5) [10, 20) [50, 60) -// -// Consider searching for the probe [15, 17). [10, 20) is the largest interval -// in the set which is <= the probe interval. This is the correct interval -// needed for the Contains() test, which will then return true, because [10, 20) -// contains [15, 17). -// -// Now consider searching for the probe [30, 32). Again [10, 20] is the largest -// interval <= the probe interval. This is again the correct interval needed for -// the Contains() test, which in this case returns false, because [10, 20) does -// not contain [30, 32). -// -// Finally, consider searching for the probe [10, 12). Here the ordering -// relationship between [10, 12) and [10, 20) becomes vitally important. If -// [10, 12) were to come before [10, 20), then [0, 5) would be the largest -// interval <= the probe, leading to the wrong choice of interval for the -// Contains() test. Therefore [10, 12) needs to come after [10, 20). The -// simplest way to make this work in the general case is to order by ascending -// min() but descending max(). In this ordering, given two intervals with the -// same min(), the wider one goes before the narrower one. The comparator used -// by this library is careful to induce this ordering. -// -// Another detail involves the choice of which std::set method to use to try to -// find the candidate interval. The most appropriate entry point is -// set::upper_bound(), which finds the smallest interval which is > the probe -// interval. The semantics of upper_bound() are slightly different from what we -// want (namely, to find the largest interval which is <= the probe interval) -// but they are close enough; the interval found by upper_bound() will always be -// one step past the interval we are looking for (if it exists) or at begin() -// (if it does not). Getting to the proper interval is a simple matter of -// decrementing the iterator. -template <typename T> -typename IntervalSet<T>::const_iterator IntervalSet<T>::Find( - const Interval<T>& probe) const { - const_iterator it = intervals_.upper_bound(probe); - if (it == intervals_.begin()) - return intervals_.end(); - --it; - if (it->Contains(probe)) - return it; - else - return intervals_.end(); -} - -template <typename T> -bool IntervalSet<T>::IsDisjoint(const Interval<T>& interval) const { - Interval<T> tmp(interval.min(), interval.min()); - // Find the first interval with min() > interval.min() - const_iterator it = intervals_.upper_bound(tmp); - if (it != intervals_.end() && interval.max() > it->min()) - return false; - if (it == intervals_.begin()) - return true; - --it; - return it->max() <= interval.min(); -} - -template <typename T> -void IntervalSet<T>::Union(const IntervalSet& other) { - intervals_.insert(other.begin(), other.end()); - Compact(intervals_.begin(), intervals_.end()); -} - -template <typename T> -typename IntervalSet<T>::const_iterator -IntervalSet<T>::FindIntersectionCandidate(const IntervalSet& other) const { - return FindIntersectionCandidate(*other.intervals_.begin()); -} - -template <typename T> -typename IntervalSet<T>::const_iterator -IntervalSet<T>::FindIntersectionCandidate(const Interval<T>& interval) const { - // Use upper_bound to efficiently find the first interval in intervals_ - // where min() is greater than interval.min(). If the result - // isn't the beginning of intervals_ then move backwards one interval since - // the interval before it is the first candidate where max() may be - // greater than interval.min(). - // In other words, no interval before that can possibly intersect with any - // of other.intervals_. - const_iterator mine = intervals_.upper_bound(interval); - if (mine != intervals_.begin()) { - --mine; - } - return mine; -} - -template <typename T> -template <typename X, typename Func> -bool IntervalSet<T>::FindNextIntersectingPairImpl(X* x, - const IntervalSet& y, - const_iterator* mine, - const_iterator* theirs, - Func on_hole) { - CHECK(x != nullptr); - if ((*mine == x->intervals_.end()) || (*theirs == y.intervals_.end())) { - return false; - } - while (!(**mine).Intersects(**theirs)) { - const_iterator erase_first = *mine; - // Skip over intervals in 'mine' that don't reach 'theirs'. - while (*mine != x->intervals_.end() && (**mine).max() <= (**theirs).min()) { - ++(*mine); - } - on_hole(x, erase_first, *mine); - // We're done if the end of intervals_ is reached. - if (*mine == x->intervals_.end()) { - return false; - } - // Skip over intervals 'theirs' that don't reach 'mine'. - while (*theirs != y.intervals_.end() && - (**theirs).max() <= (**mine).min()) { - ++(*theirs); - } - // If the end of other.intervals_ is reached, we're done. - if (*theirs == y.intervals_.end()) { - on_hole(x, *mine, x->intervals_.end()); - return false; - } - } - return true; -} - -template <typename T> -void IntervalSet<T>::Intersection(const IntervalSet& other) { - if (!SpanningInterval().Intersects(other.SpanningInterval())) { - intervals_.clear(); - return; - } - - const_iterator mine = FindIntersectionCandidate(other); - // Remove any intervals that cannot possibly intersect with other.intervals_. - intervals_.erase(intervals_.begin(), mine); - const_iterator theirs = other.FindIntersectionCandidate(*this); - - while (FindNextIntersectingPairAndEraseHoles(other, &mine, &theirs)) { - // OK, *mine and *theirs intersect. Now, we find the largest - // span of intervals in other (starting at theirs) - say [a..b] - // - that intersect *mine, and we replace *mine with (*mine - // intersect x) for all x in [a..b] Note that subsequent - // intervals in this can't intersect any intervals in [a..b) -- - // they may only intersect b or subsequent intervals in other. - Interval<T> i(*mine); - intervals_.erase(mine); - mine = intervals_.end(); - Interval<T> intersection; - while (theirs != other.intervals_.end() && - i.Intersects(*theirs, &intersection)) { - std::pair<typename Set::iterator, bool> ins = - intervals_.insert(intersection); - DCHECK(ins.second); - mine = ins.first; - ++theirs; - } - DCHECK(mine != intervals_.end()); - --theirs; - ++mine; - } - DCHECK(Valid()); -} - -template <typename T> -bool IntervalSet<T>::Intersects(const IntervalSet& other) const { - if (!SpanningInterval().Intersects(other.SpanningInterval())) { - return false; - } - - const_iterator mine = FindIntersectionCandidate(other); - if (mine == intervals_.end()) { - return false; - } - const_iterator theirs = other.FindIntersectionCandidate(*mine); - - return FindNextIntersectingPair(other, &mine, &theirs); -} - -template <typename T> -void IntervalSet<T>::Difference(const Interval<T>& interval) { - if (!SpanningInterval().Intersects(interval)) { - return; - } - Difference(IntervalSet<T>(interval)); -} - -template <typename T> -void IntervalSet<T>::Difference(const T& min, const T& max) { - Difference(Interval<T>(min, max)); -} - -template <typename T> -void IntervalSet<T>::Difference(const IntervalSet& other) { - if (!SpanningInterval().Intersects(other.SpanningInterval())) { - return; - } - - const_iterator mine = FindIntersectionCandidate(other); - // If no interval in mine reaches the first interval of theirs then we're - // done. - if (mine == intervals_.end()) { - return; - } - const_iterator theirs = other.FindIntersectionCandidate(*this); - - while (FindNextIntersectingPair(other, &mine, &theirs)) { - // At this point *mine and *theirs overlap. Remove mine from - // intervals_ and replace it with the possibly two intervals that are - // the difference between mine and theirs. - Interval<T> i(*mine); - intervals_.erase(mine++); - Interval<T> lo; - Interval<T> hi; - i.Difference(*theirs, &lo, &hi); - - if (!lo.Empty()) { - // We have a low end. This can't intersect anything else. - std::pair<typename Set::iterator, bool> ins = intervals_.insert(lo); - DCHECK(ins.second); - } - - if (!hi.Empty()) { - std::pair<typename Set::iterator, bool> ins = intervals_.insert(hi); - DCHECK(ins.second); - mine = ins.first; - } - } - DCHECK(Valid()); -} - -template <typename T> -void IntervalSet<T>::Complement(const T& min, const T& max) { - IntervalSet<T> span(min, max); - span.Difference(*this); - intervals_.swap(span.intervals_); -} - -template <typename T> -std::string IntervalSet<T>::ToString() const { - std::ostringstream os; - os << *this; - return os.str(); -} - -// This method compacts the IntervalSet, merging pairs of overlapping intervals -// into a single interval. In the steady state, the IntervalSet does not contain -// any such pairs. However, the way the Union() and Add() methods work is to -// temporarily put the IntervalSet into such a state and then to call Compact() -// to "fix it up" so that it is no longer in that state. -// -// Compact() needs the interval set to allow two intervals [a,b) and [a,c) -// (having the same min() but different max()) to briefly coexist in the set at -// the same time, and be adjacent to each other, so that they can be efficiently -// located and merged into a single interval. This state would be impossible -// with a comparator which only looked at min(), as such a comparator would -// consider such pairs equal. Fortunately, the comparator used by IntervalSet -// does exactly what is needed, ordering first by ascending min(), then by -// descending max(). -template <typename T> -void IntervalSet<T>::Compact(const typename Set::iterator& begin, - const typename Set::iterator& end) { - if (begin == end) - return; - typename Set::iterator next = begin; - typename Set::iterator prev = begin; - typename Set::iterator it = begin; - ++it; - ++next; - while (it != end) { - ++next; - if (prev->max() >= it->min()) { - // Overlapping / coalesced range; merge the two intervals. - T min = prev->min(); - T max = std::max(prev->max(), it->max()); - Interval<T> i(min, max); - intervals_.erase(prev); - intervals_.erase(it); - std::pair<typename Set::iterator, bool> ins = intervals_.insert(i); - DCHECK(ins.second); - prev = ins.first; - } else { - prev = it; - } - it = next; - } -} - -template <typename T> -bool IntervalSet<T>::Valid() const { - const_iterator prev = end(); - for (const_iterator it = begin(); it != end(); ++it) { - // invalid or empty interval. - if (it->min() >= it->max()) - return false; - // Not sorted, not disjoint, or adjacent. - if (prev != end() && prev->max() >= it->min()) - return false; - prev = it; - } - return true; -} - -template <typename T> -inline std::ostream& operator<<(std::ostream& out, const IntervalSet<T>& seq) { -// TODO(rtenneti): Implement << method of IntervalSet. -#if 0 - util::gtl::LogRangeToStream(out, seq.begin(), seq.end(), - util::gtl::LogLegacy()); -#endif // 0 - return out; -} - -template <typename T> -void swap(IntervalSet<T>& x, IntervalSet<T>& y) { - x.Swap(&y); -} - -// This comparator orders intervals first by ascending min() and then by -// descending max(). Readers who are satisified with that explanation can stop -// reading here. The remainder of this comment is for the benefit of future -// maintainers of this library. -// -// The reason for this ordering is that this comparator has to serve two -// masters. First, it has to maintain the intervals in its internal set in the -// order that clients expect to see them. Clients see these intervals via the -// iterators provided by begin()/end() or as a result of invoking Get(). For -// this reason, the comparator orders intervals by ascending min(). -// -// If client iteration were the only consideration, then ordering by ascending -// min() would be good enough. This is because the intervals in the IntervalSet -// are non-empty, non-adjacent, and mutually disjoint; such intervals happen to -// always have disjoint min() values, so such a comparator would never even have -// to look at max() in order to work correctly for this class. -// -// However, in addition to ordering by ascending min(), this comparator also has -// a second responsibility: satisfying the special needs of this library's -// peculiar internal implementation. These needs require the comparator to order -// first by ascending min() and then by descending max(). The best way to -// understand why this is so is to check out the comments associated with the -// Find() and Compact() methods. -template <typename T> -inline bool IntervalSet<T>::IntervalComparator::operator()( - const Interval<T>& a, - const Interval<T>& b) const { - return (a.min() < b.min() || (a.min() == b.min() && a.max() > b.max())); -} - -} // namespace net - -#endif // NET_BASE_INTERVAL_SET_H_ diff --git a/chromium/net/base/interval_set_test.cc b/chromium/net/base/interval_set_test.cc deleted file mode 100644 index ecf2d195757..00000000000 --- a/chromium/net/base/interval_set_test.cc +++ /dev/null @@ -1,978 +0,0 @@ -// Copyright 2015 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/base/interval_set.h" - -#include <stdarg.h> - -#include <iterator> -#include <limits> - -#include "net/test/gtest_util.h" -#include "testing/gtest/include/gtest/gtest.h" - -using std::string; - -namespace net { -namespace test { -namespace { - -using ::testing::ElementsAreArray; - -class IntervalSetTest : public ::testing::Test { - protected: - void SetUp() override { - // Initialize two IntervalSets for union, intersection, and difference - // tests - is.Add(100, 200); - is.Add(300, 400); - is.Add(500, 600); - is.Add(700, 800); - is.Add(900, 1000); - is.Add(1100, 1200); - is.Add(1300, 1400); - is.Add(1500, 1600); - is.Add(1700, 1800); - is.Add(1900, 2000); - is.Add(2100, 2200); - - // Lots of different cases: - other.Add(50, 70); // disjoint, at the beginning - other.Add(2250, 2270); // disjoint, at the end - other.Add(650, 670); // disjoint, in the middle - other.Add(350, 360); // included - other.Add(370, 380); // also included (two at once) - other.Add(470, 530); // overlaps low end - other.Add(770, 830); // overlaps high end - other.Add(870, 900); // meets at low end - other.Add(1200, 1230); // meets at high end - other.Add(1270, 1830); // overlaps multiple ranges - } - - void TearDown() override { - is.Clear(); - EXPECT_TRUE(is.Empty()); - other.Clear(); - EXPECT_TRUE(other.Empty()); - } - IntervalSet<int> is; - IntervalSet<int> other; -}; - -TEST_F(IntervalSetTest, IsDisjoint) { - EXPECT_TRUE(is.IsDisjoint(Interval<int>(0, 99))); - EXPECT_TRUE(is.IsDisjoint(Interval<int>(0, 100))); - EXPECT_TRUE(is.IsDisjoint(Interval<int>(200, 200))); - EXPECT_TRUE(is.IsDisjoint(Interval<int>(200, 299))); - EXPECT_TRUE(is.IsDisjoint(Interval<int>(400, 407))); - EXPECT_TRUE(is.IsDisjoint(Interval<int>(405, 499))); - EXPECT_TRUE(is.IsDisjoint(Interval<int>(2300, 2300))); - EXPECT_TRUE( - is.IsDisjoint(Interval<int>(2300, std::numeric_limits<int>::max()))); - EXPECT_FALSE(is.IsDisjoint(Interval<int>(100, 100))); - EXPECT_FALSE(is.IsDisjoint(Interval<int>(100, 105))); - EXPECT_FALSE(is.IsDisjoint(Interval<int>(199, 300))); - EXPECT_FALSE(is.IsDisjoint(Interval<int>(250, 450))); - EXPECT_FALSE(is.IsDisjoint(Interval<int>(299, 400))); - EXPECT_FALSE(is.IsDisjoint(Interval<int>(250, 2000))); - EXPECT_FALSE( - is.IsDisjoint(Interval<int>(2199, std::numeric_limits<int>::max()))); -} - -// Base helper method for verifying the contents of an interval set. -// Returns true iff <is> contains <count> intervals whose successive -// endpoints match the sequence of args in <ap>: -static bool VA_Check(const IntervalSet<int>& is, size_t count, va_list ap) { - std::vector<Interval<int>> intervals; - is.Get(&intervals); - if (count != intervals.size()) { - LOG(ERROR) << "Expected " << count << " intervals, got " << intervals.size() - << ": " << is.ToString(); - return false; - } - if (count != is.Size()) { - LOG(ERROR) << "Expected " << count << " intervals, got Size " << is.Size() - << ": " << is.ToString(); - return false; - } - bool result = true; - for (size_t i = 0; i < count; i++) { - int min = va_arg(ap, int); - int max = va_arg(ap, int); - if (min != intervals[i].min() || max != intervals[i].max()) { - LOG(ERROR) << "Expected: [" << min << ", " << max << ") got " - << intervals[i] << " in " << is.ToString(); - result = false; - } - } - return result; -} - -static bool Check(const IntervalSet<int>& is, int count, ...) { - va_list ap; - va_start(ap, count); - const bool result = VA_Check(is, count, ap); - va_end(ap); - return result; -} - -// Some helper functions for testing Contains and Find, which are logically the -// same. -static void TestContainsAndFind(const IntervalSet<int>& is, int value) { - EXPECT_TRUE(is.Contains(value)) << "Set does not contain " << value; - auto it = is.Find(value); - EXPECT_NE(it, is.end()) << "No iterator to interval containing " << value; - EXPECT_TRUE(it->Contains(value)) << "Iterator does not contain " << value; -} - -static void TestContainsAndFind(const IntervalSet<int>& is, int min, int max) { - EXPECT_TRUE(is.Contains(min, max)) - << "Set does not contain interval with min " << min << "and max " << max; - auto it = is.Find(min, max); - EXPECT_NE(it, is.end()) << "No iterator to interval with min " << min - << "and max " << max; - EXPECT_TRUE(it->Contains(Interval<int>(min, max))) - << "Iterator does not contain interval with min " << min << "and max " - << max; -} - -static void TestNotContainsAndFind(const IntervalSet<int>& is, int value) { - EXPECT_FALSE(is.Contains(value)) << "Set contains " << value; - auto it = is.Find(value); - EXPECT_EQ(it, is.end()) << "There is iterator to interval containing " - << value; -} - -static void TestNotContainsAndFind(const IntervalSet<int>& is, - int min, - int max) { - EXPECT_FALSE(is.Contains(min, max)) << "Set contains interval with min " - << min << "and max " << max; - auto it = is.Find(min, max); - EXPECT_EQ(it, is.end()) << "There is iterator to interval with min " << min - << "and max " << max; -} - -TEST_F(IntervalSetTest, IntervalSetBasic) { - // Test Add, Get, Contains and Find - IntervalSet<int> iset; - EXPECT_TRUE(iset.Empty()); - EXPECT_EQ(0u, iset.Size()); - iset.Add(100, 200); - EXPECT_FALSE(iset.Empty()); - EXPECT_EQ(1u, iset.Size()); - iset.Add(100, 150); - iset.Add(150, 200); - iset.Add(130, 170); - iset.Add(90, 150); - iset.Add(170, 220); - iset.Add(300, 400); - iset.Add(250, 450); - EXPECT_FALSE(iset.Empty()); - EXPECT_EQ(2u, iset.Size()); - EXPECT_TRUE(Check(iset, 2, 90, 220, 250, 450)); - - // Test two intervals with a.max == b.min, that will just join up. - iset.Clear(); - iset.Add(100, 200); - iset.Add(200, 300); - EXPECT_FALSE(iset.Empty()); - EXPECT_EQ(1u, iset.Size()); - EXPECT_TRUE(Check(iset, 1, 100, 300)); - - // Test adding two sets together. - iset.Clear(); - IntervalSet<int> iset_add; - iset.Add(100, 200); - iset.Add(100, 150); - iset.Add(150, 200); - iset.Add(130, 170); - iset_add.Add(90, 150); - iset_add.Add(170, 220); - iset_add.Add(300, 400); - iset_add.Add(250, 450); - - iset.Add(iset_add); - EXPECT_FALSE(iset.Empty()); - EXPECT_EQ(2u, iset.Size()); - EXPECT_TRUE(Check(iset, 2, 90, 220, 250, 450)); - - // Test Get() (using an output iterator), begin()/end(), and rbegin()/rend() - // to iterate over intervals. - { - std::vector<Interval<int>> expected; - iset.Get(&expected); - - std::vector<Interval<int>> actual1; - iset.Get(back_inserter(actual1)); - ASSERT_EQ(expected.size(), actual1.size()); - - std::vector<Interval<int>> actual2; - std::copy(iset.begin(), iset.end(), back_inserter(actual2)); - ASSERT_EQ(expected.size(), actual2.size()); - - for (size_t i = 0; i < expected.size(); i++) { - EXPECT_EQ(expected[i].min(), actual1[i].min()); - EXPECT_EQ(expected[i].max(), actual1[i].max()); - - EXPECT_EQ(expected[i].min(), actual2[i].min()); - EXPECT_EQ(expected[i].max(), actual2[i].max()); - } - - // Ensure that the rbegin()/rend() iterators correctly yield the intervals - // in reverse order. - EXPECT_THAT(std::vector<Interval<int>>(iset.rbegin(), iset.rend()), - ElementsAreArray(expected.rbegin(), expected.rend())); - } - - TestNotContainsAndFind(iset, 89); - TestContainsAndFind(iset, 90); - TestContainsAndFind(iset, 120); - TestContainsAndFind(iset, 219); - TestNotContainsAndFind(iset, 220); - TestNotContainsAndFind(iset, 235); - TestNotContainsAndFind(iset, 249); - TestContainsAndFind(iset, 250); - TestContainsAndFind(iset, 300); - TestContainsAndFind(iset, 449); - TestNotContainsAndFind(iset, 450); - TestNotContainsAndFind(iset, 451); - - TestNotContainsAndFind(iset, 50, 60); - TestNotContainsAndFind(iset, 50, 90); - TestNotContainsAndFind(iset, 50, 200); - TestNotContainsAndFind(iset, 90, 90); - TestContainsAndFind(iset, 90, 200); - TestContainsAndFind(iset, 100, 200); - TestContainsAndFind(iset, 100, 220); - TestNotContainsAndFind(iset, 100, 221); - TestNotContainsAndFind(iset, 220, 220); - TestNotContainsAndFind(iset, 240, 300); - TestContainsAndFind(iset, 250, 300); - TestContainsAndFind(iset, 260, 300); - TestContainsAndFind(iset, 300, 450); - TestNotContainsAndFind(iset, 300, 451); - - IntervalSet<int> iset_contains; - iset_contains.Add(50, 90); - EXPECT_FALSE(iset.Contains(iset_contains)); - iset_contains.Clear(); - - iset_contains.Add(90, 200); - EXPECT_TRUE(iset.Contains(iset_contains)); - iset_contains.Add(100, 200); - EXPECT_TRUE(iset.Contains(iset_contains)); - iset_contains.Add(100, 220); - EXPECT_TRUE(iset.Contains(iset_contains)); - iset_contains.Add(250, 300); - EXPECT_TRUE(iset.Contains(iset_contains)); - iset_contains.Add(300, 450); - EXPECT_TRUE(iset.Contains(iset_contains)); - iset_contains.Add(300, 451); - EXPECT_FALSE(iset.Contains(iset_contains)); - EXPECT_FALSE(iset.Contains(Interval<int>())); - EXPECT_FALSE(iset.Contains(IntervalSet<int>())); -} - -TEST_F(IntervalSetTest, IntervalSetContainsEmpty) { - const IntervalSet<int> empty; - const IntervalSet<int> other_empty; - EXPECT_FALSE(empty.Contains(empty)); - EXPECT_FALSE(empty.Contains(other_empty)); -// TODO(rtenneti): Implement after suupport for std::initializer_list. -#if 0 - const IntervalSet<int> non_empty({{10, 20}, {40, 50}}); - EXPECT_FALSE(empty.Contains(non_empty)); - EXPECT_FALSE(non_empty.Contains(empty)); -#endif -} - -TEST_F(IntervalSetTest, Equality) { - IntervalSet<int> is_copy = is; - EXPECT_TRUE(is.Equals(is)); - EXPECT_EQ(is, is); - EXPECT_TRUE(is.Equals(is_copy)); - EXPECT_EQ(is, is_copy); - EXPECT_FALSE(is.Equals(other)); - EXPECT_NE(is, other); - EXPECT_FALSE(is.Equals(IntervalSet<int>())); - EXPECT_NE(is, IntervalSet<int>()); - EXPECT_TRUE(IntervalSet<int>().Equals(IntervalSet<int>())); - EXPECT_EQ(IntervalSet<int>(), IntervalSet<int>()); -} - -TEST_F(IntervalSetTest, SpanningInterval) { - // Spanning interval of an empty set is empty: - { - IntervalSet<int> iset; - const Interval<int>& ival = iset.SpanningInterval(); - EXPECT_TRUE(ival.Empty()); - } - - // Spanning interval of a set with one interval is that interval: - { - IntervalSet<int> iset; - iset.Add(100, 200); - const Interval<int>& ival = iset.SpanningInterval(); - EXPECT_EQ(100, ival.min()); - EXPECT_EQ(200, ival.max()); - } - - // Spanning interval of a set with multiple elements is determined - // by the endpoints of the first and last element: - { - const Interval<int>& ival = is.SpanningInterval(); - EXPECT_EQ(100, ival.min()); - EXPECT_EQ(2200, ival.max()); - } - { - const Interval<int>& ival = other.SpanningInterval(); - EXPECT_EQ(50, ival.min()); - EXPECT_EQ(2270, ival.max()); - } -} - -TEST_F(IntervalSetTest, IntervalSetUnion) { - is.Union(other); - EXPECT_TRUE(Check(is, 12, 50, 70, 100, 200, 300, 400, 470, 600, 650, 670, 700, - 830, 870, 1000, 1100, 1230, 1270, 1830, 1900, 2000, 2100, - 2200, 2250, 2270)); -} - -TEST_F(IntervalSetTest, IntervalSetIntersection) { - EXPECT_TRUE(is.Intersects(other)); - EXPECT_TRUE(other.Intersects(is)); - is.Intersection(other); - EXPECT_TRUE(Check(is, 7, 350, 360, 370, 380, 500, 530, 770, 800, 1300, 1400, - 1500, 1600, 1700, 1800)); - EXPECT_TRUE(is.Intersects(other)); - EXPECT_TRUE(other.Intersects(is)); -} - -TEST_F(IntervalSetTest, IntervalSetIntersectionBothEmpty) { - IntervalSet<string> mine, theirs; - EXPECT_FALSE(mine.Intersects(theirs)); - EXPECT_FALSE(theirs.Intersects(mine)); - mine.Intersection(theirs); - EXPECT_TRUE(mine.Empty()); - EXPECT_FALSE(mine.Intersects(theirs)); - EXPECT_FALSE(theirs.Intersects(mine)); -} - -TEST_F(IntervalSetTest, IntervalSetIntersectionEmptyMine) { - IntervalSet<string> mine; - IntervalSet<string> theirs("a", "b"); - EXPECT_FALSE(mine.Intersects(theirs)); - EXPECT_FALSE(theirs.Intersects(mine)); - mine.Intersection(theirs); - EXPECT_TRUE(mine.Empty()); - EXPECT_FALSE(mine.Intersects(theirs)); - EXPECT_FALSE(theirs.Intersects(mine)); -} - -TEST_F(IntervalSetTest, IntervalSetIntersectionEmptyTheirs) { - IntervalSet<string> mine("a", "b"); - IntervalSet<string> theirs; - EXPECT_FALSE(mine.Intersects(theirs)); - EXPECT_FALSE(theirs.Intersects(mine)); - mine.Intersection(theirs); - EXPECT_TRUE(mine.Empty()); - EXPECT_FALSE(mine.Intersects(theirs)); - EXPECT_FALSE(theirs.Intersects(mine)); -} - -TEST_F(IntervalSetTest, IntervalSetIntersectionTheirsBeforeMine) { - IntervalSet<string> mine("y", "z"); - IntervalSet<string> theirs; - theirs.Add("a", "b"); - theirs.Add("c", "d"); - EXPECT_FALSE(mine.Intersects(theirs)); - EXPECT_FALSE(theirs.Intersects(mine)); - mine.Intersection(theirs); - EXPECT_TRUE(mine.Empty()); - EXPECT_FALSE(mine.Intersects(theirs)); - EXPECT_FALSE(theirs.Intersects(mine)); -} - -TEST_F(IntervalSetTest, IntervalSetIntersectionMineBeforeTheirs) { - IntervalSet<string> mine; - mine.Add("a", "b"); - mine.Add("c", "d"); - IntervalSet<string> theirs("y", "z"); - EXPECT_FALSE(mine.Intersects(theirs)); - EXPECT_FALSE(theirs.Intersects(mine)); - mine.Intersection(theirs); - EXPECT_TRUE(mine.Empty()); - EXPECT_FALSE(mine.Intersects(theirs)); - EXPECT_FALSE(theirs.Intersects(mine)); -} - -// TODO(rtenneti): Implement after suupport for std::initializer_list. -#if 0 -TEST_F(IntervalSetTest, - IntervalSetIntersectionTheirsBeforeMineInt64Singletons) { - IntervalSet<int64_t> mine({{10, 15}}); - IntervalSet<int64_t> theirs({{-20, -5}}); - EXPECT_FALSE(mine.Intersects(theirs)); - EXPECT_FALSE(theirs.Intersects(mine)); - mine.Intersection(theirs); - EXPECT_TRUE(mine.Empty()); - EXPECT_FALSE(mine.Intersects(theirs)); - EXPECT_FALSE(theirs.Intersects(mine)); -} - -TEST_F(IntervalSetTest, IntervalSetIntersectionMineBeforeTheirsIntSingletons) { - IntervalSet<int> mine({{10, 15}}); - IntervalSet<int> theirs({{90, 95}}); - EXPECT_FALSE(mine.Intersects(theirs)); - EXPECT_FALSE(theirs.Intersects(mine)); - mine.Intersection(theirs); - EXPECT_TRUE(mine.Empty()); - EXPECT_FALSE(mine.Intersects(theirs)); - EXPECT_FALSE(theirs.Intersects(mine)); -} - -TEST_F(IntervalSetTest, IntervalSetIntersectionTheirsBetweenMine) { - IntervalSet<int64_t> mine({{0, 5}, {40, 50}}); - IntervalSet<int64_t> theirs({{10, 15}}); - EXPECT_FALSE(mine.Intersects(theirs)); - EXPECT_FALSE(theirs.Intersects(mine)); - mine.Intersection(theirs); - EXPECT_TRUE(mine.Empty()); - EXPECT_FALSE(mine.Intersects(theirs)); - EXPECT_FALSE(theirs.Intersects(mine)); -} - -TEST_F(IntervalSetTest, IntervalSetIntersectionMineBetweenTheirs) { - IntervalSet<int> mine({{20, 25}}); - IntervalSet<int> theirs({{10, 15}, {30, 32}}); - EXPECT_FALSE(mine.Intersects(theirs)); - EXPECT_FALSE(theirs.Intersects(mine)); - mine.Intersection(theirs); - EXPECT_TRUE(mine.Empty()); - EXPECT_FALSE(mine.Intersects(theirs)); - EXPECT_FALSE(theirs.Intersects(mine)); -} -#endif // 0 - -TEST_F(IntervalSetTest, IntervalSetIntersectionAlternatingIntervals) { - IntervalSet<int> mine, theirs; - mine.Add(10, 20); - mine.Add(40, 50); - mine.Add(60, 70); - theirs.Add(25, 39); - theirs.Add(55, 59); - theirs.Add(75, 79); - EXPECT_FALSE(mine.Intersects(theirs)); - EXPECT_FALSE(theirs.Intersects(mine)); - mine.Intersection(theirs); - EXPECT_TRUE(mine.Empty()); - EXPECT_FALSE(mine.Intersects(theirs)); - EXPECT_FALSE(theirs.Intersects(mine)); -} - -// TODO(rtenneti): Implement after suupport for std::initializer_list. -#if 0 -TEST_F(IntervalSetTest, - IntervalSetIntersectionAdjacentAlternatingNonIntersectingIntervals) { - // Make sure that intersection with adjacent interval set is empty. - const IntervalSet<int> x1({{0, 10}}); - const IntervalSet<int> y1({{-50, 0}, {10, 95}}); - - IntervalSet<int> result1 = x1; - result1.Intersection(y1); - EXPECT_TRUE(result1.Empty()) << result1; - - const IntervalSet<int16_t> x2({{0, 10}, {20, 30}, {40, 90}}); - const IntervalSet<int16_t> y2( - {{-50, -40}, {-2, 0}, {10, 20}, {32, 40}, {90, 95}}); - - IntervalSet<int16_t> result2 = x2; - result2.Intersection(y2); - EXPECT_TRUE(result2.Empty()) << result2; - - const IntervalSet<int64_t> x3({{-1, 5}, {5, 10}}); - const IntervalSet<int64_t> y3({{-10, -1}, {10, 95}}); - - IntervalSet<int64_t> result3 = x3; - result3.Intersection(y3); - EXPECT_TRUE(result3.Empty()) << result3; -} - -TEST_F(IntervalSetTest, - IntervalSetIntersectionAlternatingIntersectingIntervals) { - const IntervalSet<int> x1({{0, 10}}); - const IntervalSet<int> y1({{-50, 1}, {9, 95}}); - const IntervalSet<int> expected_result1({{0, 1}, {9, 10}}); - - IntervalSet<int> result1 = x1; - result1.Intersection(y1); - EXPECT_EQ(result1, expected_result1); - - const IntervalSet<int16_t> x2({{0, 10}, {20, 30}, {40, 90}}); - const IntervalSet<int16_t> y2( - {{-50, -40}, {-2, 2}, {9, 21}, {32, 41}, {85, 95}}); - const IntervalSet<int16_t> expected_result2( - {{0, 2}, {9, 10}, {20, 21}, {40, 41}, {85, 90}}); - - IntervalSet<int16_t> result2 = x2; - result2.Intersection(y2); - EXPECT_EQ(result2, expected_result2); - - const IntervalSet<int64_t> x3({{-1, 5}, {5, 10}}); - const IntervalSet<int64_t> y3({{-10, 3}, {4, 95}}); - const IntervalSet<int64_t> expected_result3({{-1, 3}, {4, 10}}); - - IntervalSet<int64_t> result3 = x3; - result3.Intersection(y3); - EXPECT_EQ(result3, expected_result3); -} - -#endif // 0 - -TEST_F(IntervalSetTest, IntervalSetIntersectionIdentical) { - IntervalSet<int> copy(is); - EXPECT_TRUE(copy.Intersects(is)); - EXPECT_TRUE(is.Intersects(copy)); - is.Intersection(copy); - EXPECT_EQ(copy, is); -} - -TEST_F(IntervalSetTest, IntervalSetIntersectionSuperset) { - IntervalSet<int> mine(-1, 10000); - EXPECT_TRUE(mine.Intersects(is)); - EXPECT_TRUE(is.Intersects(mine)); - mine.Intersection(is); - EXPECT_EQ(is, mine); -} - -TEST_F(IntervalSetTest, IntervalSetIntersectionSubset) { - IntervalSet<int> copy(is); - IntervalSet<int> theirs(-1, 10000); - EXPECT_TRUE(copy.Intersects(theirs)); - EXPECT_TRUE(theirs.Intersects(copy)); - is.Intersection(theirs); - EXPECT_EQ(copy, is); -} - -TEST_F(IntervalSetTest, IntervalSetIntersectionLargeSet) { - IntervalSet<int> mine, theirs; - // mine: [0, 9), [10, 19), ..., [990, 999) - for (int i = 0; i < 1000; i += 10) { - mine.Add(i, i + 9); - } - - theirs.Add(500, 520); - theirs.Add(535, 545); - theirs.Add(801, 809); - EXPECT_TRUE(mine.Intersects(theirs)); - EXPECT_TRUE(theirs.Intersects(mine)); - mine.Intersection(theirs); - EXPECT_TRUE(Check(mine, 5, 500, 509, 510, 519, 535, 539, 540, 545, 801, 809)); - EXPECT_TRUE(mine.Intersects(theirs)); - EXPECT_TRUE(theirs.Intersects(mine)); -} - -TEST_F(IntervalSetTest, IntervalSetDifference) { - is.Difference(other); - EXPECT_TRUE(Check(is, 10, 100, 200, 300, 350, 360, 370, 380, 400, 530, 600, - 700, 770, 900, 1000, 1100, 1200, 1900, 2000, 2100, 2200)); - IntervalSet<int> copy = is; - is.Difference(copy); - EXPECT_TRUE(is.Empty()); -} - -TEST_F(IntervalSetTest, IntervalSetDifferenceSingleBounds) { - std::vector<Interval<int>> ivals; - other.Get(&ivals); - for (size_t i = 0; i < ivals.size(); ++i) { - is.Difference(ivals[i].min(), ivals[i].max()); - } - EXPECT_TRUE(Check(is, 10, 100, 200, 300, 350, 360, 370, 380, 400, 530, 600, - 700, 770, 900, 1000, 1100, 1200, 1900, 2000, 2100, 2200)); -} - -TEST_F(IntervalSetTest, IntervalSetDifferenceSingleInterval) { - std::vector<Interval<int>> ivals; - other.Get(&ivals); - for (size_t i = 0; i < ivals.size(); ++i) { - is.Difference(ivals[i]); - } - EXPECT_TRUE(Check(is, 10, 100, 200, 300, 350, 360, 370, 380, 400, 530, 600, - 700, 770, 900, 1000, 1100, 1200, 1900, 2000, 2100, 2200)); -} - -TEST_F(IntervalSetTest, IntervalSetDifferenceAlternatingIntervals) { - IntervalSet<int> mine, theirs; - mine.Add(10, 20); - mine.Add(40, 50); - mine.Add(60, 70); - theirs.Add(25, 39); - theirs.Add(55, 59); - theirs.Add(75, 79); - - mine.Difference(theirs); - EXPECT_TRUE(Check(mine, 3, 10, 20, 40, 50, 60, 70)); -} - -TEST_F(IntervalSetTest, IntervalSetDifferenceEmptyMine) { - IntervalSet<string> mine, theirs; - theirs.Add("a", "b"); - - mine.Difference(theirs); - EXPECT_TRUE(mine.Empty()); -} - -TEST_F(IntervalSetTest, IntervalSetDifferenceEmptyTheirs) { - IntervalSet<string> mine, theirs; - mine.Add("a", "b"); - - mine.Difference(theirs); - EXPECT_EQ(1u, mine.Size()); - EXPECT_EQ("a", mine.begin()->min()); - EXPECT_EQ("b", mine.begin()->max()); -} - -TEST_F(IntervalSetTest, IntervalSetDifferenceTheirsBeforeMine) { - IntervalSet<string> mine, theirs; - mine.Add("y", "z"); - theirs.Add("a", "b"); - - mine.Difference(theirs); - EXPECT_EQ(1u, mine.Size()); - EXPECT_EQ("y", mine.begin()->min()); - EXPECT_EQ("z", mine.begin()->max()); -} - -TEST_F(IntervalSetTest, IntervalSetDifferenceMineBeforeTheirs) { - IntervalSet<string> mine, theirs; - mine.Add("a", "b"); - theirs.Add("y", "z"); - - mine.Difference(theirs); - EXPECT_EQ(1u, mine.Size()); - EXPECT_EQ("a", mine.begin()->min()); - EXPECT_EQ("b", mine.begin()->max()); -} - -TEST_F(IntervalSetTest, IntervalSetDifferenceIdentical) { - IntervalSet<string> mine; - mine.Add("a", "b"); - mine.Add("c", "d"); - IntervalSet<string> theirs(mine); - - mine.Difference(theirs); - EXPECT_TRUE(mine.Empty()); -} - -TEST_F(IntervalSetTest, EmptyComplement) { - // The complement of an empty set is the input interval: - IntervalSet<int> iset; - iset.Complement(100, 200); - EXPECT_TRUE(Check(iset, 1, 100, 200)); -} - -TEST(IntervalSetMultipleCompactionTest, OuterCovering) { - IntervalSet<int> iset; - // First add a bunch of disjoint ranges - iset.Add(100, 150); - iset.Add(200, 250); - iset.Add(300, 350); - iset.Add(400, 450); - EXPECT_TRUE(Check(iset, 4, 100, 150, 200, 250, 300, 350, 400, 450)); - // Now add a big range that covers all of these ranges - iset.Add(0, 500); - EXPECT_TRUE(Check(iset, 1, 0, 500)); -} - -TEST(IntervalSetMultipleCompactionTest, InnerCovering) { - IntervalSet<int> iset; - // First add a bunch of disjoint ranges - iset.Add(100, 150); - iset.Add(200, 250); - iset.Add(300, 350); - iset.Add(400, 450); - EXPECT_TRUE(Check(iset, 4, 100, 150, 200, 250, 300, 350, 400, 450)); - // Now add a big range that partially covers the left and right most ranges. - iset.Add(125, 425); - EXPECT_TRUE(Check(iset, 1, 100, 450)); -} - -TEST(IntervalSetMultipleCompactionTest, LeftCovering) { - IntervalSet<int> iset; - // First add a bunch of disjoint ranges - iset.Add(100, 150); - iset.Add(200, 250); - iset.Add(300, 350); - iset.Add(400, 450); - EXPECT_TRUE(Check(iset, 4, 100, 150, 200, 250, 300, 350, 400, 450)); - // Now add a big range that partially covers the left most range. - iset.Add(125, 500); - EXPECT_TRUE(Check(iset, 1, 100, 500)); -} - -TEST(IntervalSetMultipleCompactionTest, RightCovering) { - IntervalSet<int> iset; - // First add a bunch of disjoint ranges - iset.Add(100, 150); - iset.Add(200, 250); - iset.Add(300, 350); - iset.Add(400, 450); - EXPECT_TRUE(Check(iset, 4, 100, 150, 200, 250, 300, 350, 400, 450)); - // Now add a big range that partially covers the right most range. - iset.Add(0, 425); - EXPECT_TRUE(Check(iset, 1, 0, 450)); -} - -// Helper method for testing and verifying the results of a one-interval -// completement case. -static bool CheckOneComplement(int add_min, - int add_max, - int comp_min, - int comp_max, - int count, - ...) { - IntervalSet<int> iset; - iset.Add(add_min, add_max); - iset.Complement(comp_min, comp_max); - bool result = true; - va_list ap; - va_start(ap, count); - if (!VA_Check(iset, count, ap)) { - result = false; - } - va_end(ap); - return result; -} - -TEST_F(IntervalSetTest, SingleIntervalComplement) { - // Verify the complement of a set with one interval (i): - // |----- i -----| - // |----- args -----| - EXPECT_TRUE(CheckOneComplement(0, 10, 50, 150, 1, 50, 150)); - - // |----- i -----| - // |----- args -----| - EXPECT_TRUE(CheckOneComplement(50, 150, 0, 100, 1, 0, 50)); - - // |----- i -----| - // |----- args -----| - EXPECT_TRUE(CheckOneComplement(50, 150, 50, 150, 0)); - - // |---------- i ----------| - // |----- args -----| - EXPECT_TRUE(CheckOneComplement(50, 500, 100, 300, 0)); - - // |----- i -----| - // |---------- args ----------| - EXPECT_TRUE(CheckOneComplement(50, 500, 0, 800, 2, 0, 50, 500, 800)); - - // |----- i -----| - // |----- args -----| - EXPECT_TRUE(CheckOneComplement(50, 150, 100, 300, 1, 150, 300)); - - // |----- i -----| - // |----- args -----| - EXPECT_TRUE(CheckOneComplement(50, 150, 200, 300, 1, 200, 300)); -} - -// Helper method that copies <iset> and takes its complement, -// returning false if Check succeeds. -static bool CheckComplement(const IntervalSet<int>& iset, - int comp_min, - int comp_max, - int count, - ...) { - IntervalSet<int> iset_copy = iset; - iset_copy.Complement(comp_min, comp_max); - bool result = true; - va_list ap; - va_start(ap, count); - if (!VA_Check(iset_copy, count, ap)) { - result = false; - } - va_end(ap); - return result; -} - -TEST_F(IntervalSetTest, MultiIntervalComplement) { - // Initialize a small test set: - IntervalSet<int> iset; - iset.Add(100, 200); - iset.Add(300, 400); - iset.Add(500, 600); - - // |----- i -----| - // |----- comp -----| - EXPECT_TRUE(CheckComplement(iset, 0, 50, 1, 0, 50)); - - // |----- i -----| - // |----- comp -----| - EXPECT_TRUE(CheckComplement(iset, 0, 200, 1, 0, 100)); - EXPECT_TRUE(CheckComplement(iset, 0, 220, 2, 0, 100, 200, 220)); - - // |----- i -----| - // |----- comp -----| - EXPECT_TRUE(CheckComplement(iset, 100, 600, 2, 200, 300, 400, 500)); - - // |---------- i ----------| - // |----- comp -----| - EXPECT_TRUE(CheckComplement(iset, 300, 400, 0)); - EXPECT_TRUE(CheckComplement(iset, 250, 400, 1, 250, 300)); - EXPECT_TRUE(CheckComplement(iset, 300, 450, 1, 400, 450)); - EXPECT_TRUE(CheckComplement(iset, 250, 450, 2, 250, 300, 400, 450)); - - // |----- i -----| - // |---------- comp ----------| - EXPECT_TRUE( - CheckComplement(iset, 0, 700, 4, 0, 100, 200, 300, 400, 500, 600, 700)); - - // |----- i -----| - // |----- comp -----| - EXPECT_TRUE(CheckComplement(iset, 400, 700, 2, 400, 500, 600, 700)); - EXPECT_TRUE(CheckComplement(iset, 350, 700, 2, 400, 500, 600, 700)); - - // |----- i -----| - // |----- comp -----| - EXPECT_TRUE(CheckComplement(iset, 700, 800, 1, 700, 800)); -} - -// Verifies ToString, operator<< don't assert. -// TODO(rtenneti): Implement ToString() method of IntervalSet. -TEST_F(IntervalSetTest, DISABLED_ToString) { - IntervalSet<int> iset; - iset.Add(300, 400); - iset.Add(100, 200); - iset.Add(500, 600); - EXPECT_TRUE(!iset.ToString().empty()); - VLOG(2) << iset.ToString(); - // Order and format of ToString() output is guaranteed. - EXPECT_EQ("[100, 200) [300, 400) [500, 600)", iset.ToString()); - EXPECT_EQ("[1, 2)", IntervalSet<int>(1, 2).ToString()); - EXPECT_EQ("", IntervalSet<int>().ToString()); -} - -TEST_F(IntervalSetTest, ConstructionDiscardsEmptyInterval) { - EXPECT_TRUE(IntervalSet<int>(Interval<int>(2, 2)).Empty()); - EXPECT_TRUE(IntervalSet<int>(2, 2).Empty()); - EXPECT_FALSE(IntervalSet<int>(Interval<int>(2, 3)).Empty()); - EXPECT_FALSE(IntervalSet<int>(2, 3).Empty()); -} - -TEST_F(IntervalSetTest, Swap) { - IntervalSet<int> a, b; - a.Add(300, 400); - b.Add(100, 200); - b.Add(500, 600); - a.Swap(&b); - EXPECT_TRUE(Check(a, 2, 100, 200, 500, 600)); - EXPECT_TRUE(Check(b, 1, 300, 400)); - swap(a, b); - EXPECT_TRUE(Check(a, 1, 300, 400)); - EXPECT_TRUE(Check(b, 2, 100, 200, 500, 600)); -} - -// TODO(rtenneti): Enabled these tests. -#if 0 -static void BM_Difference(int iters) { - // StopBenchmarkTiming(); - IntervalSet<int> difference_set; - int start = 10; - for (int i = 0; i < 1000000; ++i) { - difference_set.Add(start, start+5); - start += 7; - } - - // Create an interval somewhere in the middle of the difference set. - // StartBenchmarkTiming(); - for (int i = 0; i < iters; ++i) { - IntervalSet<int> initial(1000000, 1000020); - initial.Difference(difference_set); - } -} - -BENCHMARK(BM_Difference); - -static void BM_IntersectionSmallAndLarge(int iters, int size) { - // Intersects constant size 'mine' with large 'theirs'. - StopBenchmarkTiming(); - IntervalSet<int> theirs; - for (int i = 0; i < size; ++i) { - theirs.Add(2 * i, 2 * i + 1); - } - - StartBenchmarkTiming(); - for (int i = 0; i < iters; ++i) { - // 'mine' starts in the middle of 'theirs'. - IntervalSet<int> mine(size, size + 10); - mine.Intersection(theirs); - } -} - -BENCHMARK_RANGE(BM_IntersectionSmallAndLarge, 0, 1 << 23); - -static void BM_IntersectionIdentical(int iters, int size) { - // Intersects identical 'mine' and 'theirs'. - StopBenchmarkTiming(); - IntervalSet<int> mine; - for (int i = 0; i < size; ++i) { - mine.Add(2 * i, 2 * i + 1); - } - IntervalSet<int> theirs(mine); - - StartBenchmarkTiming(); - for (int i = 0; i < iters; ++i) { - mine.Intersection(theirs); - } -} - -BENCHMARK_RANGE(BM_IntersectionIdentical, 0, 1 << 23); - -class IntervalSetInitTest : public testing::Test { - protected: - const std::vector<Interval<int>> intervals_{{0, 1}, {2, 4}}; -}; - -TEST_F(IntervalSetInitTest, DirectInit) { - std::initializer_list<Interval<int>> il = {{0, 1}, {2, 3}, {3, 4}}; - IntervalSet<int> s(il); - EXPECT_THAT(s, ElementsAreArray(intervals_)); -} - -TEST_F(IntervalSetInitTest, CopyInit) { - std::initializer_list<Interval<int>> il = {{0, 1}, {2, 3}, {3, 4}}; - IntervalSet<int> s = il; - EXPECT_THAT(s, ElementsAreArray(intervals_)); -} - -TEST_F(IntervalSetInitTest, AssignIterPair) { - IntervalSet<int> s(0, 1000); // Make sure assign clears. - s.assign(intervals_.begin(), intervals_.end()); - EXPECT_THAT(s, ElementsAreArray(intervals_)); -} - -TEST_F(IntervalSetInitTest, AssignInitList) { - IntervalSet<int> s(0, 1000); // Make sure assign clears. - s.assign({{0, 1}, {2, 3}, {3, 4}}); - EXPECT_THAT(s, ElementsAreArray(intervals_)); -} - -TEST_F(IntervalSetInitTest, AssignmentInitList) { - std::initializer_list<Interval<int>> il = {{0, 1}, {2, 3}, {3, 4}}; - IntervalSet<int> s; - s = il; - EXPECT_THAT(s, ElementsAreArray(intervals_)); -} - -TEST_F(IntervalSetInitTest, BracedInitThenBracedAssign) { - IntervalSet<int> s{{0, 1}, {2, 3}, {3, 4}}; - s = {{0, 1}, {2, 4}}; - EXPECT_THAT(s, ElementsAreArray(intervals_)); -} - -#endif // 0 - -} // namespace -} // namespace test -} // namespace net diff --git a/chromium/net/base/interval_test.cc b/chromium/net/base/interval_test.cc index 2ee6dc15f87..25ff71aff03 100644 --- a/chromium/net/base/interval_test.cc +++ b/chromium/net/base/interval_test.cc @@ -11,7 +11,6 @@ #include "net/base/interval.h" -#include "base/logging.h" #include "net/test/gtest_util.h" #include "testing/gtest/include/gtest/gtest.h" diff --git a/chromium/net/base/io_buffer.cc b/chromium/net/base/io_buffer.cc index 429dbc09fb4..b3c61df389d 100644 --- a/chromium/net/base/io_buffer.cc +++ b/chromium/net/base/io_buffer.cc @@ -4,7 +4,7 @@ #include "net/base/io_buffer.h" -#include "base/logging.h" +#include "base/check_op.h" #include "base/numerics/safe_math.h" namespace net { diff --git a/chromium/net/base/ip_address.cc b/chromium/net/base/ip_address.cc index 0f60b548f78..03a4df02dfc 100644 --- a/chromium/net/base/ip_address.cc +++ b/chromium/net/base/ip_address.cc @@ -7,7 +7,9 @@ #include <algorithm> #include <climits> +#include "base/check_op.h" #include "base/containers/stack_container.h" +#include "base/notreached.h" #include "base/stl_util.h" #include "base/strings/strcat.h" #include "base/strings/string_piece.h" diff --git a/chromium/net/base/ip_endpoint.cc b/chromium/net/base/ip_endpoint.cc index e6115c41325..749d872e0b5 100644 --- a/chromium/net/base/ip_endpoint.cc +++ b/chromium/net/base/ip_endpoint.cc @@ -13,9 +13,12 @@ #include <netinet/in.h> #endif +#include <string.h> + #include <tuple> -#include "base/logging.h" +#include "base/check.h" +#include "base/notreached.h" #include "base/strings/string_number_conversions.h" #include "base/sys_byteorder.h" #include "net/base/ip_address.h" diff --git a/chromium/net/base/ip_endpoint_unittest.cc b/chromium/net/base/ip_endpoint_unittest.cc index a2220bfb0a3..f0f7eabb227 100644 --- a/chromium/net/base/ip_endpoint_unittest.cc +++ b/chromium/net/base/ip_endpoint_unittest.cc @@ -12,7 +12,8 @@ #include <netinet/in.h> #endif -#include "base/logging.h" +#include "base/check_op.h" +#include "base/notreached.h" #include "base/strings/string_number_conversions.h" #include "base/sys_byteorder.h" #include "net/base/sockaddr_storage.h" diff --git a/chromium/net/base/ip_pattern.cc b/chromium/net/base/ip_pattern.cc deleted file mode 100644 index cf69d66748b..00000000000 --- a/chromium/net/base/ip_pattern.cc +++ /dev/null @@ -1,185 +0,0 @@ -// Copyright 2014 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/base/ip_pattern.h" - -#include <memory> -#include <string> - -#include "base/logging.h" -#include "base/macros.h" -#include "base/stl_util.h" -#include "base/strings/string_number_conversions.h" -#include "base/strings/string_split.h" -#include "base/strings/string_tokenizer.h" -#include "net/base/ip_address.h" - -namespace net { - -class IPPattern::ComponentPattern { - public: - ComponentPattern(); - void AppendRange(uint32_t min, uint32_t max); - bool Match(uint32_t value) const; - - private: - struct Range { - public: - Range(uint32_t min, uint32_t max) : minimum(min), maximum(max) {} - uint32_t minimum; - uint32_t maximum; - }; - typedef std::vector<Range> RangeVector; - - RangeVector ranges_; - - DISALLOW_COPY_AND_ASSIGN(ComponentPattern); -}; - -IPPattern::ComponentPattern::ComponentPattern() = default; - -void IPPattern::ComponentPattern::AppendRange(uint32_t min, uint32_t max) { - ranges_.push_back(Range(min, max)); -} - -bool IPPattern::ComponentPattern::Match(uint32_t value) const { - // Simple linear search should be fine, as we usually only have very few - // distinct ranges to test. - for (auto range_it = ranges_.begin(); range_it != ranges_.end(); ++range_it) { - if (range_it->maximum >= value && range_it->minimum <= value) - return true; - } - return false; -} - -IPPattern::IPPattern() : is_ipv4_(true) {} - -IPPattern::~IPPattern() = default; - -bool IPPattern::Match(const IPAddress& address) const { - if (ip_mask_.empty()) - return false; - if (address.IsIPv4() != is_ipv4_) - return false; - - auto pattern_it(component_patterns_.begin()); - int fixed_value_index = 0; - // IPv6 |address| vectors have 16 pieces, while our |ip_mask_| has only - // 8, so it is easier to count separately. - int address_index = 0; - for (size_t i = 0; i < ip_mask_.size(); ++i) { - uint32_t value_to_test = address.bytes()[address_index++]; - if (!is_ipv4_) { - value_to_test = (value_to_test << 8) + address.bytes()[address_index++]; - } - if (ip_mask_[i]) { - if (component_values_[fixed_value_index++] != value_to_test) - return false; - continue; - } - if (!(*pattern_it)->Match(value_to_test)) - return false; - ++pattern_it; - } - return true; -} - -bool IPPattern::ParsePattern(const std::string& ip_pattern) { - DCHECK(ip_mask_.empty()); - if (ip_pattern.find(':') != std::string::npos) { - is_ipv4_ = false; - } - - std::vector<base::StringPiece> components = - base::SplitStringPiece(ip_pattern, is_ipv4_ ? "." : ":", - base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL); - if (components.size() != (is_ipv4_ ? 4u : 8u)) { - DVLOG(1) << "Invalid component count: " << ip_pattern; - return false; - } - for (base::StringPiece component : components) { - if (component.empty()) { - DVLOG(1) << "Empty component: " << ip_pattern; - return false; - } - if (component == "*") { - // Let standard code handle this below. - component = is_ipv4_ ? "[0-255]" : "[0-FFFF]"; - } else if (component[0] != '[') { - // This value will just have a specific integer to match. - uint32_t value; - if (!ValueTextToInt(component, &value)) - return false; - ip_mask_.push_back(true); - component_values_.push_back(value); - continue; - } - if (component.back() != ']') { - DVLOG(1) << "Missing close bracket: " << ip_pattern; - return false; - } - // Now we know the size() is at least 2. - if (component.size() == 2) { - DVLOG(1) << "Empty bracket: " << ip_pattern; - return false; - } - // We'll need a pattern to match this bracketed component. - std::unique_ptr<ComponentPattern> component_pattern(new ComponentPattern); - // Trim leading and trailing bracket before calling for parsing. - if (!ParseComponentPattern(component.substr(1, component.size() - 2), - component_pattern.get())) { - return false; - } - ip_mask_.push_back(false); - component_patterns_.push_back(std::move(component_pattern)); - } - return true; -} - -bool IPPattern::ParseComponentPattern(const base::StringPiece& text, - ComponentPattern* pattern) const { - // We're given a comma separated set of ranges, some of which may be simple - // constants. - for (const std::string& range : base::SplitString( - text, ",", base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL)) { - base::StringTokenizer range_pair(range, "-"); - uint32_t min = 0; - range_pair.GetNext(); - if (!ValueTextToInt(range_pair.token_piece(), &min)) - return false; - uint32_t max = min; // Sometimes we have no distinct max. - if (range_pair.GetNext()) { - if (!ValueTextToInt(range_pair.token_piece(), &max)) - return false; - } - if (range_pair.GetNext()) { - // Too many "-" in this range specifier. - DVLOG(1) << "Too many hyphens in range: "; - return false; - } - pattern->AppendRange(min, max); - } - return true; -} - -bool IPPattern::ValueTextToInt(const base::StringPiece& input, - uint32_t* output) const { - bool ok = is_ipv4_ ? base::StringToUint(input, output) : - base::HexStringToUInt(input, output); - if (!ok) { - DVLOG(1) << "Could not convert value to number: " << input; - return false; - } - if (is_ipv4_ && *output > 255u) { - DVLOG(1) << "IPv4 component greater than 255"; - return false; - } - if (!is_ipv4_ && *output > 0xFFFFu) { - DVLOG(1) << "IPv6 component greater than 0xFFFF"; - return false; - } - return ok; -} - -} // namespace net diff --git a/chromium/net/base/ip_pattern.h b/chromium/net/base/ip_pattern.h deleted file mode 100644 index 88ebfe22c67..00000000000 --- a/chromium/net/base/ip_pattern.h +++ /dev/null @@ -1,74 +0,0 @@ -// Copyright 2014 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef NET_BASE_IP_PATTERN_H_ -#define NET_BASE_IP_PATTERN_H_ - -#include <stdint.h> - -#include <memory> -#include <string> -#include <vector> - -#include "base/macros.h" -#include "base/strings/string_piece.h" -#include "net/base/net_export.h" - -namespace net { - -class IPAddress; - -// IPPatterns are used to match IP address resolutions for possible augmentation -// by a MappedIPResolver, which uses IPMappingRules. -class NET_EXPORT IPPattern { - public: - IPPattern(); - ~IPPattern(); - - // Parse a textual pattern (IP_PATTERN as defined in ip_mapping_rules.h) into - // |this| and return true if the parsing was successful. - bool ParsePattern(const std::string& ip_pattern); - // Test to see if the current pattern in |this| matches the given |address| - // and return true if it matches. - bool Match(const IPAddress& address) const; - - bool is_ipv4() const { return is_ipv4_; } - - private: - class ComponentPattern; - using Strings = std::vector<std::string>; - using ComponentPatternList = std::vector<std::unique_ptr<ComponentPattern>>; - - // IPv6 addresses have 8 components, while IPv4 addresses have 4 components. - // ComponentPattern is used to define patterns to match individual components. - bool ParseComponentPattern(const base::StringPiece& text, - ComponentPattern* pattern) const; - // Convert IP component to an int. Assume hex vs decimal for IPV6 vs V4. - bool ValueTextToInt(const base::StringPiece& input, uint32_t* output) const; - - bool is_ipv4_; - // The |ip_mask_| indicates, for each component, if this pattern requires an - // exact match (OCTET in IPv4, or 4 hex digits in IPv6). - // For each true element there is an entry in |component_values_|, and false - // means that an entry from our list of ComponentPattern instances must be - // applied. - std::vector<bool> ip_mask_; - // The vector of fixed values that are requried. - // Other values may be restricted by the component_patterns_; - // The class invariant is: - // ip_mask_.size() == component_patterns_.size() - // + size(our ComponentPattern list) - std::vector<uint32_t> component_values_; - // If only one component position was specified using a range, then this - // list will only have 1 element (i.e., we only have patterns for each element - // of ip_mask_ that is false.) - // We own these elements, and need to destroy them all when we are destroyed. - ComponentPatternList component_patterns_; - - DISALLOW_COPY_AND_ASSIGN(IPPattern); -}; - -} // namespace net - -#endif // NET_BASE_IP_PATTERN_H_ diff --git a/chromium/net/base/ip_pattern_unittest.cc b/chromium/net/base/ip_pattern_unittest.cc deleted file mode 100644 index 7141e7f6620..00000000000 --- a/chromium/net/base/ip_pattern_unittest.cc +++ /dev/null @@ -1,161 +0,0 @@ -// Copyright 2014 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/base/ip_pattern.h" - -#include "net/base/ip_address.h" -#include "testing/gtest/include/gtest/gtest.h" - -namespace net { - -namespace { - -bool IsValidPattern(const std::string& pattern_text) { - IPPattern pattern; - return pattern.ParsePattern(pattern_text); -} - -bool CheckForMatch(const IPPattern& pattern, const std::string& address_text) { - IPAddress address; - EXPECT_TRUE(address.AssignFromIPLiteral(address_text)); - return pattern.Match(address); -} - -TEST(IPPatternTest, EmptyPattern) { - IPPattern pattern; - IPAddress ipv4_address1; - EXPECT_TRUE(ipv4_address1.AssignFromIPLiteral("1.2.3.4")); - IPAddress ipv6_address1; - EXPECT_TRUE(ipv6_address1.AssignFromIPLiteral("1:2:3:4:5:6:7:8")); - - EXPECT_FALSE(pattern.Match(ipv4_address1)); - EXPECT_FALSE(pattern.Match(ipv6_address1)); -} - -TEST(IPPatternTest, PerfectMatchPattern) { - IPPattern pattern_v4; - std::string ipv4_text1("1.2.3.4"); - EXPECT_TRUE(pattern_v4.ParsePattern(ipv4_text1)); - EXPECT_TRUE(pattern_v4.is_ipv4()); - EXPECT_TRUE(CheckForMatch(pattern_v4, ipv4_text1)); - - IPPattern pattern_v6; - std::string ipv6_text1("1:2:3:4:5:6:7:8"); - EXPECT_TRUE(pattern_v6.ParsePattern(ipv6_text1)); - EXPECT_FALSE(pattern_v6.is_ipv4()); - EXPECT_TRUE(CheckForMatch(pattern_v6, ipv6_text1)); - - // Also check that there is no confusion betwene v6 and v4, despite having - // similar values in some sense. - EXPECT_FALSE(CheckForMatch(pattern_v4, ipv6_text1)); - EXPECT_FALSE(CheckForMatch(pattern_v6, ipv4_text1)); -} - -TEST(IPPatternTest, AlternativeMatchPattern) { - IPPattern pattern_v4; - EXPECT_TRUE(pattern_v4.ParsePattern("1.2.[3,5].4")); - EXPECT_TRUE(pattern_v4.is_ipv4()); - EXPECT_FALSE(CheckForMatch(pattern_v4, "1.2.2.4")); - EXPECT_TRUE(CheckForMatch(pattern_v4, "1.2.3.4")); - EXPECT_FALSE(CheckForMatch(pattern_v4, "1.2.4.4")); - EXPECT_TRUE(CheckForMatch(pattern_v4, "1.2.5.4")); - EXPECT_FALSE(CheckForMatch(pattern_v4, "1.2.6.4")); - - IPPattern pattern_v6; - EXPECT_TRUE(pattern_v6.ParsePattern("1:2fab:3:4:5:[6,8]:7:8")); - EXPECT_FALSE(pattern_v6.is_ipv4()); - EXPECT_FALSE(CheckForMatch(pattern_v6, "1:2fab:3:4:5:5:7:8")); - EXPECT_TRUE(CheckForMatch(pattern_v6, "1:2fab:3:4:5:6:7:8")); - EXPECT_FALSE(CheckForMatch(pattern_v6, "1:2fab:3:4:5:7:7:8")); - EXPECT_TRUE(CheckForMatch(pattern_v6, "1:2fab:3:4:5:8:7:8")); - EXPECT_FALSE(CheckForMatch(pattern_v6, "1:2fab:3:4:5:9:7:8")); -} - -TEST(IPPatternTest, RangeMatchPattern) { - IPPattern pattern_v4; - EXPECT_TRUE(pattern_v4.ParsePattern("1.2.[3-5].4")); - EXPECT_TRUE(pattern_v4.is_ipv4()); - EXPECT_FALSE(CheckForMatch(pattern_v4, "1.2.2.4")); - EXPECT_TRUE(CheckForMatch(pattern_v4, "1.2.3.4")); - EXPECT_TRUE(CheckForMatch(pattern_v4, "1.2.4.4")); - EXPECT_TRUE(CheckForMatch(pattern_v4, "1.2.5.4")); - EXPECT_FALSE(CheckForMatch(pattern_v4, "1.2.6.4")); - - IPPattern pattern_v6; - EXPECT_TRUE(pattern_v6.ParsePattern("1:2fab:3:4:5:[6-8]:7:8")); - EXPECT_FALSE(pattern_v6.is_ipv4()); - EXPECT_FALSE(CheckForMatch(pattern_v6, "1:2fab:3:4:5:5:7:8")); - EXPECT_TRUE(CheckForMatch(pattern_v6, "1:2fab:3:4:5:6:7:8")); - EXPECT_TRUE(CheckForMatch(pattern_v6, "1:2fab:3:4:5:7:7:8")); - EXPECT_TRUE(CheckForMatch(pattern_v6, "1:2fab:3:4:5:8:7:8")); - EXPECT_FALSE(CheckForMatch(pattern_v6, "1:2fab:3:4:5:9:7:8")); -} - -TEST(IPPatternTest, WildCardMatchPattern) { - // Use two ranges, and check that only getting both right is a match. - IPPattern pattern_v4; - EXPECT_TRUE(pattern_v4.ParsePattern("1.2.*.4")); - EXPECT_TRUE(pattern_v4.is_ipv4()); - EXPECT_FALSE(CheckForMatch(pattern_v4, "1.2.2.255")); - EXPECT_TRUE(CheckForMatch(pattern_v4, "1.2.255.4")); - EXPECT_TRUE(CheckForMatch(pattern_v4, "1.2.0.4")); - - IPPattern pattern_v6; - EXPECT_TRUE(pattern_v6.ParsePattern("1:2fab:3:4:5:*:7:8")); - EXPECT_FALSE(pattern_v6.is_ipv4()); - EXPECT_FALSE(CheckForMatch(pattern_v6, "1:2fab:3:4:5:5:7:8888")); - EXPECT_TRUE(CheckForMatch(pattern_v6, "1:2fab:3:4:5:FFFF:7:8")); - EXPECT_TRUE(CheckForMatch(pattern_v6, "1:2fab:3:4:5:9999:7:8")); -} - -TEST(IPPatternTest, MultiRangeMatchPattern) { - // Use two ranges, and check that only getting both right is a match. - // This ensures that the right component range is matched against the desired - // component. - IPPattern pattern_v4; - EXPECT_TRUE(pattern_v4.ParsePattern("1.[2-3].3.[4-5]")); - EXPECT_TRUE(pattern_v4.is_ipv4()); - EXPECT_FALSE(CheckForMatch(pattern_v4, "1.4.3.6")); - EXPECT_FALSE(CheckForMatch(pattern_v4, "1.2.3.6")); - EXPECT_FALSE(CheckForMatch(pattern_v4, "1.4.3.4")); - EXPECT_TRUE(CheckForMatch(pattern_v4, "1.2.3.4")); - - IPPattern pattern_v6; - EXPECT_TRUE(pattern_v6.ParsePattern("1:2fab:3:4:[5-7]:6:7:[8-A]")); - EXPECT_FALSE(pattern_v6.is_ipv4()); - EXPECT_FALSE(CheckForMatch(pattern_v6, "1:2fab:3:4:4:5:7:F")); - EXPECT_FALSE(CheckForMatch(pattern_v6, "1:2fab:3:4:5:5:7:F")); - EXPECT_FALSE(CheckForMatch(pattern_v6, "1:2fab:3:4:4:6:7:A")); - EXPECT_TRUE(CheckForMatch(pattern_v6, "1:2fab:3:4:5:6:7:A")); -} - -TEST(IPPatternTest, BytoOrderInIPv6Ranges) { - IPPattern pattern_v6_low_byte; - EXPECT_TRUE(pattern_v6_low_byte.ParsePattern("1:2:3:4:5:6:7:[0-FF]")); - EXPECT_TRUE(CheckForMatch(pattern_v6_low_byte, "1:2:3:4:5:6:7:0088")); - EXPECT_FALSE(CheckForMatch(pattern_v6_low_byte, "1:2:3:4:5:6:7:8800")); - - IPPattern pattern_v6_high_byte; - EXPECT_TRUE(pattern_v6_high_byte.ParsePattern("1:2:3:4:5:6:7:[0-FF00]")); - EXPECT_TRUE(CheckForMatch(pattern_v6_high_byte, "1:2:3:4:5:6:7:0088")); - EXPECT_TRUE(CheckForMatch(pattern_v6_high_byte, "1:2:3:4:5:6:7:FF00")); - EXPECT_FALSE(CheckForMatch(pattern_v6_high_byte, "1:2:3:4:5:6:7:FF01")); -} - -TEST(IPPatternTest, InvalidPatterns) { - EXPECT_FALSE(IsValidPattern("1:2:3:4:5:6:7:8:9")); // Too long. - EXPECT_FALSE(IsValidPattern("1:2:3:4:5:6:7")); // Too Short - EXPECT_FALSE(IsValidPattern("1:2:3:4:5:6:7:H")); // Non-hex. - EXPECT_FALSE(IsValidPattern("1:G:3:4:5:6:7:8")); // Non-hex. - - EXPECT_FALSE(IsValidPattern("1.2.3.4.5")); // Too long - EXPECT_FALSE(IsValidPattern("1.2.3")); // Too short - EXPECT_FALSE(IsValidPattern("1.2.3.A")); // Non-decimal. - EXPECT_FALSE(IsValidPattern("1.A.3.4")); // Non-decimal - EXPECT_FALSE(IsValidPattern("1.256.3.4")); // Out of range -} - -} // namespace - -} // namespace net diff --git a/chromium/net/base/isolation_info.cc b/chromium/net/base/isolation_info.cc index 38a4b65503b..0fda1458378 100644 --- a/chromium/net/base/isolation_info.cc +++ b/chromium/net/base/isolation_info.cc @@ -4,7 +4,7 @@ #include "net/base/isolation_info.h" -#include "base/logging.h" +#include "base/check_op.h" namespace net { diff --git a/chromium/net/base/lookup_string_in_fixed_set.cc b/chromium/net/base/lookup_string_in_fixed_set.cc index a6df9aedf12..b726fb98496 100644 --- a/chromium/net/base/lookup_string_in_fixed_set.cc +++ b/chromium/net/base/lookup_string_in_fixed_set.cc @@ -4,7 +4,7 @@ #include "net/base/lookup_string_in_fixed_set.h" -#include "base/logging.h" +#include "base/check.h" namespace net { diff --git a/chromium/net/base/mime_sniffer.cc b/chromium/net/base/mime_sniffer.cc index 8e361aff8bf..acb1eba68ed 100644 --- a/chromium/net/base/mime_sniffer.cc +++ b/chromium/net/base/mime_sniffer.cc @@ -88,8 +88,9 @@ #include "net/base/mime_sniffer.h" +#include "base/check_op.h" #include "base/containers/span.h" -#include "base/logging.h" +#include "base/notreached.h" #include "base/stl_util.h" #include "base/strings/string_util.h" #include "url/gurl.h" @@ -675,7 +676,6 @@ static bool IsUnknownMimeType(const std::string& mime_type) { static bool SniffCRX(const char* content, size_t size, const GURL& url, - const std::string& type_hint, bool* have_enough_content, std::string* result) { // Technically, the crx magic number is just Cr24, but the bytes after that @@ -812,8 +812,7 @@ bool SniffMimeType(const char* content, // CRX files (Chrome extensions) have a special sniffing algorithm. It is // tighter than the others because we don't have to match legacy behavior. - if (SniffCRX(content, content_size, url, type_hint, - &have_enough_content, result)) + if (SniffCRX(content, content_size, url, &have_enough_content, result)) return true; // Check the file extension and magic numbers to see if this is an Office diff --git a/chromium/net/base/mime_sniffer_perftest.cc b/chromium/net/base/mime_sniffer_perftest.cc index 69b483f835c..9de39b7ef60 100644 --- a/chromium/net/base/mime_sniffer_perftest.cc +++ b/chromium/net/base/mime_sniffer_perftest.cc @@ -7,7 +7,7 @@ #include <vector> #include "base/bits.h" -#include "base/logging.h" +#include "base/check_op.h" #include "base/timer/elapsed_timer.h" #include "testing/gtest/include/gtest/gtest.h" #include "testing/perf/perf_result_reporter.h" diff --git a/chromium/net/base/mime_util.cc b/chromium/net/base/mime_util.cc index e1179bbd564..357006b195f 100644 --- a/chromium/net/base/mime_util.cc +++ b/chromium/net/base/mime_util.cc @@ -9,9 +9,9 @@ #include <unordered_set> #include "base/base64.h" +#include "base/check_op.h" #include "base/containers/span.h" #include "base/lazy_instance.h" -#include "base/logging.h" #include "base/rand_util.h" #include "base/stl_util.h" #include "base/strings/string_number_conversions.h" @@ -160,6 +160,7 @@ static const MimeInfo kPrimaryMappings[] = { {"audio/wav", "wav"}, {"audio/webm", "webm"}, {"audio/x-m4a", "m4a"}, + {"image/avif", "avif"}, {"image/gif", "gif"}, {"image/jpeg", "jpeg,jpg"}, {"image/png", "png"}, @@ -530,31 +531,30 @@ namespace { // From http://www.w3schools.com/media/media_mimeref.asp and // http://plugindoc.mozdev.org/winmime.php -static const char* const kStandardImageTypes[] = { - "image/bmp", - "image/cis-cod", - "image/gif", - "image/ief", - "image/jpeg", - "image/webp", - "image/pict", - "image/pipeg", - "image/png", - "image/svg+xml", - "image/tiff", - "image/vnd.microsoft.icon", - "image/x-cmu-raster", - "image/x-cmx", - "image/x-icon", - "image/x-portable-anymap", - "image/x-portable-bitmap", - "image/x-portable-graymap", - "image/x-portable-pixmap", - "image/x-rgb", - "image/x-xbitmap", - "image/x-xpixmap", - "image/x-xwindowdump" -}; +static const char* const kStandardImageTypes[] = {"image/avif", + "image/bmp", + "image/cis-cod", + "image/gif", + "image/ief", + "image/jpeg", + "image/webp", + "image/pict", + "image/pipeg", + "image/png", + "image/svg+xml", + "image/tiff", + "image/vnd.microsoft.icon", + "image/x-cmu-raster", + "image/x-cmx", + "image/x-icon", + "image/x-portable-anymap", + "image/x-portable-bitmap", + "image/x-portable-graymap", + "image/x-portable-pixmap", + "image/x-rgb", + "image/x-xbitmap", + "image/x-xpixmap", + "image/x-xwindowdump"}; static const char* const kStandardAudioTypes[] = { "audio/aac", "audio/aiff", diff --git a/chromium/net/base/mime_util_unittest.cc b/chromium/net/base/mime_util_unittest.cc index ade41926fd6..42bb9f9e790 100644 --- a/chromium/net/base/mime_util_unittest.cc +++ b/chromium/net/base/mime_util_unittest.cc @@ -33,6 +33,7 @@ TEST(MimeUtilTest, ExtensionTest) { {FILE_PATH_LITERAL("js"), "text/javascript", true}, {FILE_PATH_LITERAL("webm"), "video/webm", true}, {FILE_PATH_LITERAL("weba"), "audio/webm", true}, + {FILE_PATH_LITERAL("avif"), "image/avif", true}, #if defined(OS_CHROMEOS) // These are test cases for testing platform mime types on Chrome OS. {FILE_PATH_LITERAL("epub"), "application/epub+zip", true}, @@ -309,6 +310,7 @@ TEST(MimeUtilTest, TestGetExtensionsForMimeType) { {"message/*", 1, "eml"}, {"MeSsAge/*", 1, "eml"}, {"message/", 0, nullptr, true}, + {"image/avif", 1, "avif"}, {"image/bmp", 1, "bmp"}, {"video/*", 6, "mp4"}, {"video/*", 6, "mpeg"}, diff --git a/chromium/net/base/net_errors.cc b/chromium/net/base/net_errors.cc index 1682fa68e66..25d46b434d0 100644 --- a/chromium/net/base/net_errors.cc +++ b/chromium/net/base/net_errors.cc @@ -4,6 +4,8 @@ #include "net/base/net_errors.h" +#include "base/check_op.h" +#include "base/notreached.h" #include "net/third_party/quiche/src/quic/core/quic_error_codes.h" namespace net { diff --git a/chromium/net/base/net_string_util_icu_alternatives_ios.mm b/chromium/net/base/net_string_util_icu_alternatives_ios.mm index 5cc54f67907..9c30a85a3ce 100644 --- a/chromium/net/base/net_string_util_icu_alternatives_ios.mm +++ b/chromium/net/base/net_string_util_icu_alternatives_ios.mm @@ -4,7 +4,7 @@ #include <CoreFoundation/CoreFoundation.h> -#include "base/logging.h" +#include "base/check.h" #include "base/mac/scoped_cftyperef.h" #include "base/numerics/safe_conversions.h" #include "base/strings/string16.h" diff --git a/chromium/net/base/network_change_notifier_fuchsia_unittest.cc b/chromium/net/base/network_change_notifier_fuchsia_unittest.cc index 0cf0757580a..e5ca7faa080 100644 --- a/chromium/net/base/network_change_notifier_fuchsia_unittest.cc +++ b/chromium/net/base/network_change_notifier_fuchsia_unittest.cc @@ -10,6 +10,7 @@ #include <utility> #include <vector> +#include "base/auto_reset.h" #include "base/bind.h" #include "base/run_loop.h" #include "base/test/task_environment.h" @@ -24,77 +25,77 @@ namespace net { namespace { -const int kDefaultNic = 1; -const int kSecondaryNic = kDefaultNic + 1; +enum : uint32_t { kDefaultInterfaceId = 1, kSecondaryInterfaceId = 2 }; -fuchsia::net::IpAddress CreateIPv6Address(std::vector<uint8_t> addr) { +using IPv4Octets = std::array<uint8_t, 4>; +using IPv6Octets = std::array<uint8_t, 16>; + +constexpr IPv4Octets kIPv4DefaultGatewayNetmask = {0, 0, 0, 0}; +constexpr IPv4Octets kIPv4DefaultGatewayAddress = {192, 168, 0, 1}; + +constexpr IPv4Octets kDefaultIPv4Address = {192, 168, 0, 2}; +constexpr IPv4Octets kDefaultIPv4Netmask = {255, 255, 0, 0}; +constexpr IPv4Octets kSecondaryIPv4Address = {10, 0, 0, 1}; +constexpr IPv4Octets kSecondaryIPv4Netmask = {255, 0, 0, 0}; + +constexpr IPv6Octets kDefaultIPv6Address = {0xfe, 0x80, 0x01}; +constexpr IPv6Octets kDefaultIPv6Netmask = {0xfe, 0x80}; +constexpr IPv6Octets kSecondaryIPv6Address = {0xfe, 0x80, 0x02}; +constexpr IPv6Octets kSecondaryIPv6Netmask = {0xfe, 0x80}; + +fuchsia::net::IpAddress IpAddressFrom(IPv4Octets octets) { fuchsia::net::IpAddress output; - for (size_t i = 0; i < addr.size(); ++i) { - output.ipv6().addr[i] = addr[i]; - } + output.ipv4().addr = octets; return output; } -fuchsia::net::Subnet CreateSubnet(const std::vector<uint8_t>& addr, - uint8_t prefix) { - fuchsia::net::Subnet output; - output.addr = CreateIPv6Address(addr); - output.prefix_len = prefix; +fuchsia::net::IpAddress IpAddressFrom(IPv6Octets octets) { + fuchsia::net::IpAddress output; + output.ipv6().addr = octets; return output; } -fuchsia::net::IpAddress CreateIPv4Address(uint8_t a0, - uint8_t a1, - uint8_t a2, - uint8_t a3) { - fuchsia::net::IpAddress output; - output.ipv4().addr[0] = a0; - output.ipv4().addr[1] = a1; - output.ipv4().addr[2] = a2; - output.ipv4().addr[3] = a3; +fuchsia::net::Subnet SubnetFrom(IPv6Octets octets, uint8_t prefix) { + fuchsia::net::Subnet output; + output.addr = IpAddressFrom(octets); + output.prefix_len = prefix; return output; } -fuchsia::netstack::RouteTableEntry CreateRouteTableEntry(uint32_t nicid, - bool is_default) { - fuchsia::netstack::RouteTableEntry output; - output.nicid = nicid; - - if (is_default) { - output.netmask = CreateIPv4Address(0, 0, 0, 0); - output.destination = CreateIPv4Address(192, 168, 42, 0); - output.gateway = CreateIPv4Address(192, 168, 42, 1); - } else { - output.netmask = CreateIPv4Address(255, 255, 255, 0); - output.destination = CreateIPv4Address(192, 168, 43, 0); - output.gateway = CreateIPv4Address(192, 168, 43, 1); - } +fuchsia::netstack::NetInterface DefaultNetInterface() { + // For most tests a live interface with an IPv4 address and no |features| set + // is sufficient. + fuchsia::netstack::NetInterface interface; + interface.id = kDefaultInterfaceId; + interface.flags = fuchsia::netstack::NetInterfaceFlagUp; + interface.features = 0; + interface.addr = IpAddressFrom(kDefaultIPv4Address); + interface.netmask = IpAddressFrom(kDefaultIPv4Netmask); + interface.broadaddr = IpAddressFrom(kDefaultIPv4Address); + return interface; +} - return output; +fuchsia::netstack::NetInterface SecondaryNetInterface() { + // For most tests a live interface with an IPv4 address and no |features| set + // is sufficient. + fuchsia::netstack::NetInterface interface; + interface.id = kSecondaryInterfaceId; + interface.flags = fuchsia::netstack::NetInterfaceFlagUp; + interface.features = 0; + interface.addr = IpAddressFrom(kSecondaryIPv4Address); + interface.netmask = IpAddressFrom(kSecondaryIPv4Netmask); + interface.broadaddr = IpAddressFrom(kSecondaryIPv4Address); + return interface; } -fuchsia::netstack::NetInterface CreateNetInterface( - uint32_t id, - uint32_t flags, - uint32_t features, - fuchsia::net::IpAddress address, - fuchsia::net::IpAddress netmask, - std::vector<fuchsia::net::Subnet> ipv6) { - fuchsia::netstack::NetInterface output; - output.name = "foo"; - output.id = id; - output.flags = flags; - output.features = features; - output.addr = std::move(address); - output.netmask = std::move(netmask); - - output.addr.Clone(&output.broadaddr); - - for (auto& x : ipv6) { - output.ipv6addrs.push_back(std::move(x)); +std::vector<fuchsia::netstack::NetInterface> CloneNetInterfaces( + const std::vector<fuchsia::netstack::NetInterface>& interfaces) { + std::vector<fuchsia::netstack::NetInterface> interfaces_copy( + interfaces.size()); + for (size_t i = 0; i < interfaces.size(); ++i) { + CHECK_EQ(ZX_OK, interfaces[i].Clone(&interfaces_copy[i])); } - - return output; + return interfaces_copy; } // Partial fake implementation of a Netstack. @@ -107,34 +108,32 @@ class FakeNetstack : public fuchsia::netstack::testing::Netstack_TestBase { } ~FakeNetstack() override = default; - // Adds |interface| to the interface query response list. - void PushInterface(fuchsia::netstack::NetInterface interface) { - interfaces_.push_back(std::move(interface)); - } - - // Sends the accumulated |interfaces_| to the OnInterfacesChanged event. - void NotifyInterfaces() { - binding_.events().OnInterfacesChanged(std::move(interfaces_)); - interfaces_.clear(); - } - - void SetOnGetRouteTableCallback(base::OnceClosure callback) { - on_get_route_table_ = std::move(callback); + // Sets the interfaces reported by the fake Netstack and sends an + // OnInterfacesChanged() event to the client. + void SetInterfaces(std::vector<fuchsia::netstack::NetInterface> interfaces) { + interfaces_ = std::move(interfaces); + binding_.events().OnInterfacesChanged(CloneNetInterfaces(interfaces_)); } private: void GetInterfaces(GetInterfacesCallback callback) override { - callback(std::move(interfaces_)); + callback(CloneNetInterfaces(interfaces_)); } void GetRouteTable(GetRouteTableCallback callback) override { std::vector<fuchsia::netstack::RouteTableEntry> table(2); - table[0] = CreateRouteTableEntry(kDefaultNic, true); - table[1] = CreateRouteTableEntry(kSecondaryNic, false); - callback(std::move(table)); - if (on_get_route_table_) - std::move(on_get_route_table_).Run(); + table[0].nicid = kDefaultInterfaceId; + table[0].netmask = IpAddressFrom(kIPv4DefaultGatewayNetmask); + table[0].destination = IpAddressFrom(kDefaultIPv4Address); + table[0].gateway = IpAddressFrom(kIPv4DefaultGatewayAddress); + + table[1].nicid = kSecondaryInterfaceId; + table[1].netmask = IpAddressFrom(kSecondaryIPv4Netmask); + table[1].destination = IpAddressFrom(kSecondaryIPv4Address); + table[1].gateway = IpAddressFrom(kSecondaryIPv4Address); + + callback(std::move(table)); } void NotImplemented_(const std::string& name) override { @@ -142,11 +141,8 @@ class FakeNetstack : public fuchsia::netstack::testing::Netstack_TestBase { } std::vector<fuchsia::netstack::NetInterface> interfaces_; - fidl::Binding<fuchsia::netstack::Netstack> binding_; - base::OnceClosure on_get_route_table_; - DISALLOW_COPY_AND_ASSIGN(FakeNetstack); }; @@ -163,22 +159,15 @@ class FakeNetstackAsync { ~FakeNetstackAsync() = default; // Asynchronously update the state of the netstack. - void PushInterface(fuchsia::netstack::NetInterface interface) { - netstack_.Post(FROM_HERE, &FakeNetstack::PushInterface, - std::move(interface)); - } - void NotifyInterfaces() { - netstack_.Post(FROM_HERE, &FakeNetstack::NotifyInterfaces); - } - - void SetOnGetRouteTableCallback(base::OnceClosure callback) { - netstack_.Post(FROM_HERE, &FakeNetstack::SetOnGetRouteTableCallback, - std::move(callback)); + void SetInterfaces( + const std::vector<fuchsia::netstack::NetInterface>& interfaces) { + netstack_.Post(FROM_HERE, &FakeNetstack::SetInterfaces, + CloneNetInterfaces(interfaces)); } - // Ensure that any PushInterface() or NotifyInterfaces() have been processed. + // Ensures that any SetInterfaces() or SendOnInterfacesChanged() calls have + // been processed. void FlushNetstackThread() { - // Ensure that pending Push*() and Notify*() calls were processed. thread_.FlushForTesting(); } @@ -189,22 +178,112 @@ class FakeNetstackAsync { DISALLOW_COPY_AND_ASSIGN(FakeNetstackAsync); }; -class MockConnectionTypeObserver - : public NetworkChangeNotifier::ConnectionTypeObserver { +template <class T> +class ResultReceiver { public: - MOCK_METHOD1(OnConnectionTypeChanged, - void(NetworkChangeNotifier::ConnectionType)); + ~ResultReceiver() { EXPECT_EQ(entries_.size(), 0u); } + bool RunAndExpectEntries(std::vector<T> expected_entries) { + if (entries_.size() < expected_entries.size()) { + base::RunLoop loop; + base::AutoReset<size_t> size(&expected_count_, expected_entries.size()); + base::AutoReset<base::OnceClosure> quit(&quit_loop_, loop.QuitClosure()); + loop.Run(); + } + return expected_entries == std::exchange(entries_, {}); + } + void AddEntry(T entry) { + entries_.push_back(entry); + if (quit_loop_ && entries_.size() >= expected_count_) + std::move(quit_loop_).Run(); + } + + protected: + size_t expected_count_ = 0u; + std::vector<T> entries_; + base::OnceClosure quit_loop_; }; -class MockIPAddressObserver : public NetworkChangeNotifier::IPAddressObserver { +// Accumulates the list of ConnectionTypes notified via OnConnectionTypeChanged. +class FakeConnectionTypeObserver + : public NetworkChangeNotifier::ConnectionTypeObserver { public: - MOCK_METHOD0(OnIPAddressChanged, void()); + FakeConnectionTypeObserver() { + NetworkChangeNotifier::AddConnectionTypeObserver(this); + } + ~FakeConnectionTypeObserver() final { + NetworkChangeNotifier::RemoveConnectionTypeObserver(this); + } + + bool RunAndExpectConnectionTypes( + std::vector<NetworkChangeNotifier::ConnectionType> sequence) { + return receiver_.RunAndExpectEntries(sequence); + } + + // ConnectionTypeObserver implementation. + void OnConnectionTypeChanged( + NetworkChangeNotifier::ConnectionType type) final { + receiver_.AddEntry(type); + } + + protected: + ResultReceiver<NetworkChangeNotifier::ConnectionType> receiver_; }; -class MockNetworkChangeObserver +// Accumulates the list of ConnectionTypes notified via OnConnectionTypeChanged. +class FakeNetworkChangeObserver : public NetworkChangeNotifier::NetworkChangeObserver { public: - MOCK_METHOD1(OnNetworkChanged, void(NetworkChangeNotifier::ConnectionType)); + FakeNetworkChangeObserver() { + NetworkChangeNotifier::AddNetworkChangeObserver(this); + } + ~FakeNetworkChangeObserver() final { + NetworkChangeNotifier::RemoveNetworkChangeObserver(this); + } + + bool RunAndExpectNetworkChanges( + std::vector<NetworkChangeNotifier::ConnectionType> sequence) { + return receiver_.RunAndExpectEntries(sequence); + } + + // NetworkChangeObserver implementation. + void OnNetworkChanged(NetworkChangeNotifier::ConnectionType type) final { + receiver_.AddEntry(type); + } + + protected: + ResultReceiver<NetworkChangeNotifier::ConnectionType> receiver_; +}; + +// Accumulates the list of ConnectionTypes notified via OnConnectionTypeChanged. +class FakeIPAddressObserver : public NetworkChangeNotifier::IPAddressObserver { + public: + FakeIPAddressObserver() { NetworkChangeNotifier::AddIPAddressObserver(this); } + ~FakeIPAddressObserver() final { + NetworkChangeNotifier::RemoveIPAddressObserver(this); + EXPECT_EQ(ip_change_count_, 0u); + } + + bool RunAndExpectCallCount(size_t expected_count) { + if (ip_change_count_ < expected_count) { + base::RunLoop loop; + base::AutoReset<size_t> expectation(&expected_count_, expected_count); + base::AutoReset<base::OnceClosure> quit(&quit_loop_, loop.QuitClosure()); + loop.Run(); + } + return std::exchange(ip_change_count_, 0u) == expected_count; + } + + // IPAddressObserver implementation. + void OnIPAddressChanged() final { + ip_change_count_++; + if (quit_loop_ && ip_change_count_ >= expected_count_) + std::move(quit_loop_).Run(); + } + + protected: + size_t expected_count_ = 0u; + size_t ip_change_count_ = 0u; + base::OnceClosure quit_loop_; }; } // namespace @@ -230,35 +309,19 @@ class NetworkChangeNotifierFuchsiaTest : public testing::Test { std::move(netstack_ptr_), required_features, dns_config_notifier_.get())); - NetworkChangeNotifier::AddConnectionTypeObserver(&observer_); - NetworkChangeNotifier::AddIPAddressObserver(&ip_observer_); + type_observer_ = std::make_unique<FakeConnectionTypeObserver>(); + ip_observer_ = std::make_unique<FakeIPAddressObserver>(); } void TearDown() override { // Spin the loops to catch any unintended notifications. netstack_.FlushNetstackThread(); base::RunLoop().RunUntilIdle(); - - if (notifier_) { - NetworkChangeNotifier::RemoveConnectionTypeObserver(&observer_); - NetworkChangeNotifier::RemoveIPAddressObserver(&ip_observer_); - } - } - - // Causes FakeNetstack to emit NotifyInterfaces(), and then runs the loop - // until the GetRouteTable() is called. - void NetstackNotifyInterfacesAndWaitForGetRouteTable() { - base::RunLoop loop; - netstack_.SetOnGetRouteTableCallback(loop.QuitClosure()); - netstack_.NotifyInterfaces(); - loop.Run(); } protected: base::test::SingleThreadTaskEnvironment task_environment_{ base::test::SingleThreadTaskEnvironment::MainThreadType::IO}; - testing::StrictMock<MockConnectionTypeObserver> observer_; - testing::StrictMock<MockIPAddressObserver> ip_observer_; fuchsia::netstack::NetstackPtr netstack_ptr_; FakeNetstackAsync netstack_; @@ -268,6 +331,9 @@ class NetworkChangeNotifierFuchsiaTest : public testing::Test { std::unique_ptr<SystemDnsConfigChangeNotifier> dns_config_notifier_; std::unique_ptr<NetworkChangeNotifierFuchsia> notifier_; + std::unique_ptr<FakeConnectionTypeObserver> type_observer_; + std::unique_ptr<FakeIPAddressObserver> ip_observer_; + private: DISALLOW_COPY_AND_ASSIGN(NetworkChangeNotifierFuchsiaTest); }; @@ -279,337 +345,269 @@ TEST_F(NetworkChangeNotifierFuchsiaTest, InitialState) { } TEST_F(NetworkChangeNotifierFuchsiaTest, NotifyNetworkChangeOnInitialIPChange) { - // Set up expectations on the IPAddressObserver, and attach a mock - // NetworkChangeObserver. - testing::StrictMock<MockNetworkChangeObserver> network_change_observer; - { - testing::InSequence seq; - EXPECT_CALL(network_change_observer, - OnNetworkChanged(NetworkChangeNotifier::CONNECTION_NONE)); - EXPECT_CALL(network_change_observer, - OnNetworkChanged(NetworkChangeNotifier::CONNECTION_WIFI)); - } - EXPECT_CALL(ip_observer_, OnIPAddressChanged()); - - // Set an initial IP address and create the notifier. - netstack_.PushInterface( - CreateNetInterface(kDefaultNic, fuchsia::netstack::NetInterfaceFlagUp, - fuchsia::hardware::ethernet::INFO_FEATURE_WLAN, - CreateIPv4Address(169, 254, 0, 1), - CreateIPv4Address(255, 255, 255, 0), {})); + // Set a live interface with an IP address and create the notifier. + std::vector<fuchsia::netstack::NetInterface> interfaces(1); + interfaces[0] = DefaultNetInterface(); + interfaces[0].features = fuchsia::hardware::ethernet::INFO_FEATURE_WLAN; + + netstack_.SetInterfaces(interfaces); CreateNotifier(); // Add the NetworkChangeNotifier, and change the IP address. This should // trigger a network change notification, since the IP address is out-of-sync. - NetworkChangeNotifier::AddNetworkChangeObserver(&network_change_observer); + FakeNetworkChangeObserver network_change_observer; - netstack_.PushInterface(CreateNetInterface( - kDefaultNic, fuchsia::netstack::NetInterfaceFlagUp, - fuchsia::hardware::ethernet::INFO_FEATURE_WLAN, - CreateIPv4Address(10, 0, 0, 1), CreateIPv4Address(255, 255, 0, 0), {})); - NetstackNotifyInterfacesAndWaitForGetRouteTable(); + interfaces[0].addr = IpAddressFrom(kSecondaryIPv4Address); + netstack_.SetInterfaces(interfaces); - NetworkChangeNotifier::RemoveNetworkChangeObserver(&network_change_observer); + EXPECT_TRUE(network_change_observer.RunAndExpectNetworkChanges( + {NetworkChangeNotifier::CONNECTION_NONE, + NetworkChangeNotifier::CONNECTION_WIFI})); + EXPECT_TRUE(ip_observer_->RunAndExpectCallCount(1)); } TEST_F(NetworkChangeNotifierFuchsiaTest, NoChange) { - netstack_.PushInterface( - CreateNetInterface(kDefaultNic, fuchsia::netstack::NetInterfaceFlagUp, 0, - CreateIPv4Address(169, 254, 0, 1), - CreateIPv4Address(255, 255, 255, 0), {})); + // Set a live interface with an IP address and create the notifier. + std::vector<fuchsia::netstack::NetInterface> interfaces(1); + interfaces[0] = DefaultNetInterface(); + netstack_.SetInterfaces(interfaces); CreateNotifier(); EXPECT_EQ(NetworkChangeNotifier::ConnectionType::CONNECTION_UNKNOWN, notifier_->GetCurrentConnectionType()); - netstack_.PushInterface( - CreateNetInterface(kDefaultNic, fuchsia::netstack::NetInterfaceFlagUp, 0, - CreateIPv4Address(169, 254, 0, 1), - CreateIPv4Address(255, 255, 255, 0), {})); - netstack_.NotifyInterfaces(); + // Leave the set of interfaces unchanged, but re-send OnInterfacesChanged. + netstack_.SetInterfaces(interfaces); } TEST_F(NetworkChangeNotifierFuchsiaTest, NoChangeV6) { - netstack_.PushInterface( - CreateNetInterface(kDefaultNic, fuchsia::netstack::NetInterfaceFlagUp, 0, - CreateIPv6Address({0xfe, 0x80, 0x01}), - CreateIPv6Address({0xfe, 0x80}), {})); + std::vector<fuchsia::netstack::NetInterface> interfaces(1); + interfaces[0] = DefaultNetInterface(); + interfaces[0].addr = IpAddressFrom(kDefaultIPv6Address); + interfaces[0].netmask = IpAddressFrom(kDefaultIPv6Netmask); + + netstack_.SetInterfaces(interfaces); CreateNotifier(); - netstack_.PushInterface( - CreateNetInterface(kDefaultNic, fuchsia::netstack::NetInterfaceFlagUp, 0, - CreateIPv6Address({0xfe, 0x80, 0x01}), - CreateIPv6Address({0xfe, 0x80}), {})); - netstack_.NotifyInterfaces(); + // Leave the set of interfaces unchanged, but re-send OnInterfacesChanged. + netstack_.SetInterfaces(interfaces); } TEST_F(NetworkChangeNotifierFuchsiaTest, MultiInterfaceNoChange) { - netstack_.PushInterface( - CreateNetInterface(kDefaultNic, fuchsia::netstack::NetInterfaceFlagUp, 0, - CreateIPv4Address(169, 254, 0, 1), - CreateIPv4Address(255, 255, 255, 0), {})); - netstack_.PushInterface( - CreateNetInterface(kSecondaryNic, fuchsia::netstack::NetInterfaceFlagUp, - 0, CreateIPv4Address(169, 254, 0, 2), - CreateIPv4Address(255, 255, 255, 0), {})); + std::vector<fuchsia::netstack::NetInterface> interfaces(2); + interfaces[0] = DefaultNetInterface(); + interfaces[1] = SecondaryNetInterface(); + + netstack_.SetInterfaces(interfaces); CreateNotifier(); - netstack_.PushInterface( - CreateNetInterface(kDefaultNic, fuchsia::netstack::NetInterfaceFlagUp, 0, - CreateIPv4Address(169, 254, 0, 1), - CreateIPv4Address(255, 255, 255, 0), {})); - netstack_.PushInterface( - CreateNetInterface(kSecondaryNic, fuchsia::netstack::NetInterfaceFlagUp, - 0, CreateIPv4Address(169, 254, 0, 3), - CreateIPv4Address(255, 255, 255, 0), {})); - netstack_.NotifyInterfaces(); + // Leave the set of interfaces unchanged, but re-send OnInterfacesChanged. + netstack_.SetInterfaces(interfaces); } TEST_F(NetworkChangeNotifierFuchsiaTest, MultiV6IPNoChange) { - std::vector<fuchsia::net::Subnet> addresses; - addresses.push_back(CreateSubnet({0xfe, 0x80, 0x01}, 2)); - netstack_.PushInterface(CreateNetInterface( - kDefaultNic, fuchsia::netstack::NetInterfaceFlagUp, 0, - CreateIPv4Address(169, 254, 0, 1), CreateIPv4Address(255, 255, 255, 0), - std::move(addresses))); + std::vector<fuchsia::netstack::NetInterface> interfaces(1); + interfaces[0] = DefaultNetInterface(); + interfaces[0].ipv6addrs.push_back(SubnetFrom(kDefaultIPv6Address, 2)); + netstack_.SetInterfaces(interfaces); CreateNotifier(); - addresses.push_back(CreateSubnet({0xfe, 0x80, 0x01}, 2)); - netstack_.PushInterface(CreateNetInterface( - kDefaultNic, fuchsia::netstack::NetInterfaceFlagUp, 0, - CreateIPv4Address(169, 254, 0, 1), CreateIPv4Address(255, 255, 255, 0), - std::move(addresses))); - netstack_.NotifyInterfaces(); + // Leave the set of interfaces unchanged, but re-send OnInterfacesChanged. + netstack_.SetInterfaces(interfaces); } TEST_F(NetworkChangeNotifierFuchsiaTest, IpChange) { - EXPECT_CALL(ip_observer_, OnIPAddressChanged()); + std::vector<fuchsia::netstack::NetInterface> interfaces(1); + interfaces[0] = DefaultNetInterface(); - netstack_.PushInterface( - CreateNetInterface(kDefaultNic, fuchsia::netstack::NetInterfaceFlagUp, 0, - CreateIPv4Address(169, 254, 0, 1), - CreateIPv4Address(255, 255, 255, 0), {})); + netstack_.SetInterfaces(interfaces); CreateNotifier(); - EXPECT_EQ(NetworkChangeNotifier::ConnectionType::CONNECTION_UNKNOWN, notifier_->GetCurrentConnectionType()); - netstack_.PushInterface(CreateNetInterface( - kDefaultNic, fuchsia::netstack::NetInterfaceFlagUp, 0, - CreateIPv4Address(10, 0, 0, 1), CreateIPv4Address(255, 255, 0, 0), {})); + interfaces[0].addr = IpAddressFrom(kSecondaryIPv4Address); + netstack_.SetInterfaces(interfaces); - NetstackNotifyInterfacesAndWaitForGetRouteTable(); + // Expect a single OnIPAddressChanged() notification. + EXPECT_TRUE(ip_observer_->RunAndExpectCallCount(1)); } TEST_F(NetworkChangeNotifierFuchsiaTest, IpChangeV6) { - EXPECT_CALL(ip_observer_, OnIPAddressChanged()); + std::vector<fuchsia::netstack::NetInterface> interfaces(1); + interfaces[0] = DefaultNetInterface(); + interfaces[0].addr = IpAddressFrom(kDefaultIPv6Address); + interfaces[0].netmask = IpAddressFrom(kDefaultIPv6Netmask); + interfaces[0].broadaddr = IpAddressFrom(kDefaultIPv6Address); - netstack_.PushInterface( - CreateNetInterface(kDefaultNic, fuchsia::netstack::NetInterfaceFlagUp, 0, - CreateIPv6Address({0xfe, 0x80, 0x01}), - CreateIPv6Address({0xfe, 0x80}), {})); + netstack_.SetInterfaces(interfaces); CreateNotifier(); EXPECT_EQ(NetworkChangeNotifier::ConnectionType::CONNECTION_UNKNOWN, notifier_->GetCurrentConnectionType()); - netstack_.PushInterface( - CreateNetInterface(kDefaultNic, fuchsia::netstack::NetInterfaceFlagUp, 0, - CreateIPv6Address({0xfe, 0x80, 0x02}), - CreateIPv6Address({0xfe, 0x80}), {})); + interfaces[0].addr = IpAddressFrom(kSecondaryIPv6Address); + interfaces[0].netmask = IpAddressFrom(kSecondaryIPv6Netmask); + interfaces[0].broadaddr = IpAddressFrom(kSecondaryIPv6Address); + netstack_.SetInterfaces(interfaces); - NetstackNotifyInterfacesAndWaitForGetRouteTable(); + // Expect a single OnIPAddressChanged() notification. + EXPECT_TRUE(ip_observer_->RunAndExpectCallCount(1)); } TEST_F(NetworkChangeNotifierFuchsiaTest, MultiV6IPChanged) { - EXPECT_CALL(ip_observer_, OnIPAddressChanged()); - - std::vector<fuchsia::net::Subnet> addresses; - addresses.push_back(CreateSubnet({0xfe, 0x80, 0x01}, 2)); - netstack_.PushInterface(CreateNetInterface( - kDefaultNic, fuchsia::netstack::NetInterfaceFlagUp, 0, - CreateIPv4Address(169, 254, 0, 1), CreateIPv4Address(255, 255, 255, 0), - std::move(addresses))); + std::vector<fuchsia::netstack::NetInterface> interfaces(1); + interfaces[0] = DefaultNetInterface(); + interfaces[0].ipv6addrs.push_back(SubnetFrom(kDefaultIPv6Address, 2)); + netstack_.SetInterfaces(interfaces); CreateNotifier(); EXPECT_EQ(NetworkChangeNotifier::ConnectionType::CONNECTION_UNKNOWN, notifier_->GetCurrentConnectionType()); - addresses.push_back(CreateSubnet({0xfe, 0x80, 0x02}, 2)); - netstack_.PushInterface(CreateNetInterface( - kDefaultNic, fuchsia::netstack::NetInterfaceFlagUp, 0, - CreateIPv4Address(10, 0, 0, 1), CreateIPv4Address(255, 255, 0, 0), - std::move(addresses))); + interfaces[0].addr = IpAddressFrom(kSecondaryIPv4Address); + interfaces[0].netmask = IpAddressFrom(kSecondaryIPv4Netmask); + interfaces[0].broadaddr = IpAddressFrom(kSecondaryIPv4Address); + interfaces[0].ipv6addrs[0] = SubnetFrom(kSecondaryIPv6Address, 2); + netstack_.SetInterfaces(interfaces); - NetstackNotifyInterfacesAndWaitForGetRouteTable(); + // Expect a single OnIPAddressChanged() notification. + EXPECT_TRUE(ip_observer_->RunAndExpectCallCount(1)); } TEST_F(NetworkChangeNotifierFuchsiaTest, Ipv6AdditionalIpChange) { - EXPECT_CALL(ip_observer_, OnIPAddressChanged()); - - netstack_.PushInterface( - CreateNetInterface(kDefaultNic, fuchsia::netstack::NetInterfaceFlagUp, 0, - CreateIPv4Address(169, 254, 0, 1), - CreateIPv4Address(255, 255, 255, 0), {})); + std::vector<fuchsia::netstack::NetInterface> interfaces(1); + interfaces[0] = DefaultNetInterface(); + netstack_.SetInterfaces(interfaces); CreateNotifier(); EXPECT_EQ(NetworkChangeNotifier::ConnectionType::CONNECTION_UNKNOWN, notifier_->GetCurrentConnectionType()); - std::vector<fuchsia::net::Subnet> addresses; - addresses.push_back(CreateSubnet({0xfe, 0x80, 0x01}, 2)); - netstack_.PushInterface(CreateNetInterface( - kDefaultNic, fuchsia::netstack::NetInterfaceFlagUp, 0, - CreateIPv4Address(169, 254, 0, 1), CreateIPv4Address(255, 255, 255, 0), - std::move(addresses))); + interfaces[0].ipv6addrs.push_back(SubnetFrom(kDefaultIPv6Address, 2)); + netstack_.SetInterfaces(interfaces); - NetstackNotifyInterfacesAndWaitForGetRouteTable(); + // Expect a single OnIPAddressChanged() notification. + EXPECT_TRUE(ip_observer_->RunAndExpectCallCount(1)); } TEST_F(NetworkChangeNotifierFuchsiaTest, InterfaceDown) { - EXPECT_CALL(ip_observer_, OnIPAddressChanged()); - EXPECT_CALL(observer_, - OnConnectionTypeChanged(NetworkChangeNotifier::CONNECTION_NONE)); - - netstack_.PushInterface( - CreateNetInterface(kDefaultNic, fuchsia::netstack::NetInterfaceFlagUp, 0, - CreateIPv4Address(169, 254, 0, 1), - CreateIPv4Address(255, 255, 255, 0), {})); + std::vector<fuchsia::netstack::NetInterface> interfaces(1); + interfaces[0] = DefaultNetInterface(); + netstack_.SetInterfaces(interfaces); CreateNotifier(); EXPECT_EQ(NetworkChangeNotifier::ConnectionType::CONNECTION_UNKNOWN, notifier_->GetCurrentConnectionType()); - netstack_.PushInterface( - CreateNetInterface(1, 0, 0, CreateIPv4Address(169, 254, 0, 1), - CreateIPv4Address(255, 255, 0, 0), {})); + interfaces[0].flags = 0; + netstack_.SetInterfaces(interfaces); - NetstackNotifyInterfacesAndWaitForGetRouteTable(); + EXPECT_TRUE(type_observer_->RunAndExpectConnectionTypes( + {NetworkChangeNotifier::ConnectionType::CONNECTION_NONE})); + EXPECT_TRUE(ip_observer_->RunAndExpectCallCount(1)); } TEST_F(NetworkChangeNotifierFuchsiaTest, InterfaceUp) { - EXPECT_CALL(ip_observer_, OnIPAddressChanged()); - EXPECT_CALL(observer_, OnConnectionTypeChanged( - NetworkChangeNotifier::CONNECTION_UNKNOWN)); - - netstack_.PushInterface( - CreateNetInterface(1, 0, 0, CreateIPv4Address(169, 254, 0, 1), - CreateIPv4Address(255, 255, 255, 0), {})); + std::vector<fuchsia::netstack::NetInterface> interfaces(1); + interfaces[0] = DefaultNetInterface(); + interfaces[0].flags = 0; + netstack_.SetInterfaces(interfaces); CreateNotifier(); EXPECT_EQ(NetworkChangeNotifier::ConnectionType::CONNECTION_NONE, notifier_->GetCurrentConnectionType()); - netstack_.PushInterface( - CreateNetInterface(kDefaultNic, fuchsia::netstack::NetInterfaceFlagUp, 0, - CreateIPv4Address(169, 254, 0, 1), - CreateIPv4Address(255, 255, 0, 0), {})); + interfaces[0].flags = fuchsia::netstack::NetInterfaceFlagUp; + netstack_.SetInterfaces(interfaces); - NetstackNotifyInterfacesAndWaitForGetRouteTable(); + EXPECT_TRUE(type_observer_->RunAndExpectConnectionTypes( + {NetworkChangeNotifier::ConnectionType::CONNECTION_UNKNOWN})); + EXPECT_TRUE(ip_observer_->RunAndExpectCallCount(1)); } TEST_F(NetworkChangeNotifierFuchsiaTest, InterfaceDeleted) { - EXPECT_CALL(ip_observer_, OnIPAddressChanged()); - EXPECT_CALL(observer_, - OnConnectionTypeChanged(NetworkChangeNotifier::CONNECTION_NONE)); - - netstack_.PushInterface( - CreateNetInterface(kDefaultNic, fuchsia::netstack::NetInterfaceFlagUp, 0, - CreateIPv4Address(169, 254, 0, 1), - CreateIPv4Address(255, 255, 255, 0), {})); + std::vector<fuchsia::netstack::NetInterface> interfaces(1); + interfaces[0] = DefaultNetInterface(); + + netstack_.SetInterfaces(interfaces); CreateNotifier(); EXPECT_EQ(NetworkChangeNotifier::ConnectionType::CONNECTION_UNKNOWN, notifier_->GetCurrentConnectionType()); - // NotifyInterfaces() with no new PushInterfaces() means removing everything. - NetstackNotifyInterfacesAndWaitForGetRouteTable(); + netstack_.SetInterfaces({}); + + EXPECT_TRUE(type_observer_->RunAndExpectConnectionTypes( + {NetworkChangeNotifier::ConnectionType::CONNECTION_NONE})); + EXPECT_TRUE(ip_observer_->RunAndExpectCallCount(1)); } TEST_F(NetworkChangeNotifierFuchsiaTest, InterfaceAdded) { - EXPECT_CALL(ip_observer_, OnIPAddressChanged()); - EXPECT_CALL(observer_, - OnConnectionTypeChanged(NetworkChangeNotifier::CONNECTION_WIFI)); - // Initial interface list is intentionally left empty. CreateNotifier(); - EXPECT_EQ(NetworkChangeNotifier::ConnectionType::CONNECTION_NONE, notifier_->GetCurrentConnectionType()); - netstack_.PushInterface( - CreateNetInterface(kDefaultNic, fuchsia::netstack::NetInterfaceFlagUp, - fuchsia::hardware::ethernet::INFO_FEATURE_WLAN, - CreateIPv4Address(169, 254, 0, 1), - CreateIPv4Address(255, 255, 255, 0), {})); + std::vector<fuchsia::netstack::NetInterface> interfaces(1); + interfaces[0] = DefaultNetInterface(); + interfaces[0].features = fuchsia::hardware::ethernet::INFO_FEATURE_WLAN; - NetstackNotifyInterfacesAndWaitForGetRouteTable(); + netstack_.SetInterfaces(interfaces); + + EXPECT_TRUE(type_observer_->RunAndExpectConnectionTypes( + {NetworkChangeNotifier::ConnectionType::CONNECTION_WIFI})); + EXPECT_TRUE(ip_observer_->RunAndExpectCallCount(1)); } TEST_F(NetworkChangeNotifierFuchsiaTest, SecondaryInterfaceAddedNoop) { - netstack_.PushInterface( - CreateNetInterface(kDefaultNic, fuchsia::netstack::NetInterfaceFlagUp, 0, - CreateIPv4Address(169, 254, 0, 1), - CreateIPv4Address(255, 255, 255, 0), {})); - CreateNotifier(); + std::vector<fuchsia::netstack::NetInterface> interfaces(1); + interfaces[0] = DefaultNetInterface(); - netstack_.PushInterface( - CreateNetInterface(kSecondaryNic, fuchsia::netstack::NetInterfaceFlagUp, - 0, CreateIPv4Address(169, 254, 0, 2), - CreateIPv4Address(255, 255, 255, 0), {})); - netstack_.PushInterface( - CreateNetInterface(kDefaultNic, fuchsia::netstack::NetInterfaceFlagUp, 0, - CreateIPv4Address(169, 254, 0, 1), - CreateIPv4Address(255, 255, 255, 0), {})); + netstack_.SetInterfaces(interfaces); + CreateNotifier(); - netstack_.NotifyInterfaces(); + interfaces.push_back(SecondaryNetInterface()); + netstack_.SetInterfaces(interfaces); } TEST_F(NetworkChangeNotifierFuchsiaTest, SecondaryInterfaceDeletedNoop) { - netstack_.PushInterface( - CreateNetInterface(kDefaultNic, fuchsia::netstack::NetInterfaceFlagUp, 0, - CreateIPv4Address(169, 254, 0, 1), - CreateIPv4Address(255, 255, 255, 0), {})); - netstack_.PushInterface( - CreateNetInterface(kSecondaryNic, fuchsia::netstack::NetInterfaceFlagUp, - 0, CreateIPv4Address(169, 254, 0, 2), - CreateIPv4Address(255, 255, 255, 0), {})); - CreateNotifier(); + std::vector<fuchsia::netstack::NetInterface> interfaces(2); + interfaces[0] = DefaultNetInterface(); + interfaces[1] = SecondaryNetInterface(); - netstack_.PushInterface( - CreateNetInterface(kDefaultNic, fuchsia::netstack::NetInterfaceFlagUp, 0, - CreateIPv4Address(169, 254, 0, 1), - CreateIPv4Address(255, 255, 255, 0), {})); + netstack_.SetInterfaces(interfaces); + CreateNotifier(); - netstack_.NotifyInterfaces(); + interfaces.pop_back(); + netstack_.SetInterfaces(interfaces); } TEST_F(NetworkChangeNotifierFuchsiaTest, FoundWiFi) { - netstack_.PushInterface( - CreateNetInterface(kDefaultNic, fuchsia::netstack::NetInterfaceFlagUp, - fuchsia::hardware::ethernet::INFO_FEATURE_WLAN, - CreateIPv4Address(169, 254, 0, 1), - CreateIPv4Address(255, 255, 255, 0), {})); + std::vector<fuchsia::netstack::NetInterface> interfaces(1); + interfaces[0] = DefaultNetInterface(); + interfaces[0].features = fuchsia::hardware::ethernet::INFO_FEATURE_WLAN; + + netstack_.SetInterfaces(interfaces); CreateNotifier(); EXPECT_EQ(NetworkChangeNotifier::ConnectionType::CONNECTION_WIFI, notifier_->GetCurrentConnectionType()); } TEST_F(NetworkChangeNotifierFuchsiaTest, FindsInterfaceWithRequiredFeature) { - netstack_.PushInterface( - CreateNetInterface(kDefaultNic, fuchsia::netstack::NetInterfaceFlagUp, - fuchsia::hardware::ethernet::INFO_FEATURE_WLAN, - CreateIPv4Address(169, 254, 0, 1), - CreateIPv4Address(255, 255, 255, 0), {})); + std::vector<fuchsia::netstack::NetInterface> interfaces(1); + interfaces[0] = DefaultNetInterface(); + interfaces[0].features = fuchsia::hardware::ethernet::INFO_FEATURE_WLAN; + + netstack_.SetInterfaces(interfaces); CreateNotifier(fuchsia::hardware::ethernet::INFO_FEATURE_WLAN); EXPECT_EQ(NetworkChangeNotifier::ConnectionType::CONNECTION_WIFI, notifier_->GetCurrentConnectionType()); } TEST_F(NetworkChangeNotifierFuchsiaTest, IgnoresInterfaceWithMissingFeature) { - netstack_.PushInterface( - CreateNetInterface(kDefaultNic, fuchsia::netstack::NetInterfaceFlagUp, 0, - CreateIPv4Address(169, 254, 0, 1), - CreateIPv4Address(255, 255, 255, 0), {})); + std::vector<fuchsia::netstack::NetInterface> interfaces(1); + interfaces[0] = DefaultNetInterface(); + + netstack_.SetInterfaces(interfaces); CreateNotifier(fuchsia::hardware::ethernet::INFO_FEATURE_WLAN); EXPECT_EQ(NetworkChangeNotifier::ConnectionType::CONNECTION_NONE, notifier_->GetCurrentConnectionType()); diff --git a/chromium/net/base/network_interfaces_linux.cc b/chromium/net/base/network_interfaces_linux.cc index 3fcbed02b1d..616e77a83be 100644 --- a/chromium/net/base/network_interfaces_linux.cc +++ b/chromium/net/base/network_interfaces_linux.cc @@ -18,7 +18,6 @@ #include "base/files/file_path.h" #include "base/files/scoped_file.h" -#include "base/logging.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_tokenizer.h" #include "base/strings/string_util.h" diff --git a/chromium/net/base/network_isolation_key.cc b/chromium/net/base/network_isolation_key.cc index 51df950d65d..9a3e55e920b 100644 --- a/chromium/net/base/network_isolation_key.cc +++ b/chromium/net/base/network_isolation_key.cc @@ -40,7 +40,7 @@ void SwitchToRegistrableDomainAndRemovePort( DCHECK(!(*origin)->opaque()); std::string registrable_domain = GetDomainAndRegistry( - (*origin)->host(), + origin->value(), net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES); // GetDomainAndRegistry() returns an empty string for IP literals and // effective TLDs. diff --git a/chromium/net/base/parse_ip_pattern_fuzzer.cc b/chromium/net/base/parse_ip_pattern_fuzzer.cc deleted file mode 100644 index 67044e1d9c8..00000000000 --- a/chromium/net/base/parse_ip_pattern_fuzzer.cc +++ /dev/null @@ -1,16 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <stddef.h> -#include <stdint.h> - -#include "net/base/ip_pattern.h" - -// Entry point for LibFuzzer. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - std::string input(data, data + size); - net::IPPattern pattern; - pattern.ParsePattern(input); - return 0; -} diff --git a/chromium/net/base/parse_number.cc b/chromium/net/base/parse_number.cc index 460947f70af..5c2af5137db 100644 --- a/chromium/net/base/parse_number.cc +++ b/chromium/net/base/parse_number.cc @@ -4,7 +4,6 @@ #include "net/base/parse_number.h" -#include "base/logging.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_util.h" diff --git a/chromium/net/base/platform_mime_util_fuchsia.cc b/chromium/net/base/platform_mime_util_fuchsia.cc index 99ababc1bde..3ed266f7e05 100644 --- a/chromium/net/base/platform_mime_util_fuchsia.cc +++ b/chromium/net/base/platform_mime_util_fuchsia.cc @@ -6,7 +6,6 @@ #include <string> -#include "base/logging.h" #include "build/build_config.h" namespace net { diff --git a/chromium/net/base/platform_mime_util_linux.cc b/chromium/net/base/platform_mime_util_linux.cc index 82b7ddf5f9d..5fa126995da 100644 --- a/chromium/net/base/platform_mime_util_linux.cc +++ b/chromium/net/base/platform_mime_util_linux.cc @@ -6,7 +6,6 @@ #include <string> -#include "base/logging.h" #include "build/build_config.h" #if defined(OS_ANDROID) diff --git a/chromium/net/base/port_util.cc b/chromium/net/base/port_util.cc index 63a7c35c39e..a10a4b40381 100644 --- a/chromium/net/base/port_util.cc +++ b/chromium/net/base/port_util.cc @@ -8,7 +8,7 @@ #include <set> #include "base/lazy_instance.h" -#include "base/logging.h" +#include "base/notreached.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_util.h" #include "url/url_constants.h" diff --git a/chromium/net/base/prioritized_dispatcher.cc b/chromium/net/base/prioritized_dispatcher.cc index 79baa33072b..24c327ce9ca 100644 --- a/chromium/net/base/prioritized_dispatcher.cc +++ b/chromium/net/base/prioritized_dispatcher.cc @@ -4,7 +4,7 @@ #include "net/base/prioritized_dispatcher.h" -#include "base/logging.h" +#include "base/check_op.h" namespace net { diff --git a/chromium/net/base/prioritized_dispatcher_unittest.cc b/chromium/net/base/prioritized_dispatcher_unittest.cc index 389d20dbf5e..b2a859de023 100644 --- a/chromium/net/base/prioritized_dispatcher_unittest.cc +++ b/chromium/net/base/prioritized_dispatcher_unittest.cc @@ -9,8 +9,8 @@ #include <memory> #include <string> +#include "base/check.h" #include "base/compiler_specific.h" -#include "base/logging.h" #include "net/base/request_priority.h" #include "testing/gtest/include/gtest/gtest.h" @@ -117,7 +117,7 @@ class PrioritizedDispatcherTest : public testing::Test { dispatcher_->OnJobFinished(); } - // PriorityDispatch::Job interface + // PrioritizedDispatcher::Job interface void Start() override { EXPECT_FALSE(running_); handle_ = PrioritizedDispatcher::Handle(); diff --git a/chromium/net/base/proxy_server.cc b/chromium/net/base/proxy_server.cc index da31a40fbe8..c0118d57e95 100644 --- a/chromium/net/base/proxy_server.cc +++ b/chromium/net/base/proxy_server.cc @@ -6,6 +6,8 @@ #include <algorithm> +#include "base/check_op.h" +#include "base/notreached.h" #include "base/strings/string_util.h" #include "base/trace_event/memory_usage_estimator.h" #include "net/base/url_util.h" diff --git a/chromium/net/base/registry_controlled_domains/registry_controlled_domain.cc b/chromium/net/base/registry_controlled_domains/registry_controlled_domain.cc index 37dc4fd786b..b39132b6e2c 100644 --- a/chromium/net/base/registry_controlled_domains/registry_controlled_domain.cc +++ b/chromium/net/base/registry_controlled_domains/registry_controlled_domain.cc @@ -45,7 +45,8 @@ #include "net/base/registry_controlled_domains/registry_controlled_domain.h" -#include "base/logging.h" +#include "base/check_op.h" +#include "base/notreached.h" #include "base/strings/string_util.h" #include "base/strings/utf_string_conversions.h" #include "net/base/lookup_string_in_fixed_set.h" @@ -351,6 +352,11 @@ std::string GetDomainAndRegistry(const GURL& gurl, .as_string(); } +std::string GetDomainAndRegistry(const url::Origin& origin, + PrivateRegistryFilter filter) { + return GetDomainAndRegistryAsStringPiece(origin.host(), filter).as_string(); +} + std::string GetDomainAndRegistry(base::StringPiece host, PrivateRegistryFilter filter) { url::CanonHostInfo host_info; diff --git a/chromium/net/base/registry_controlled_domains/registry_controlled_domain.h b/chromium/net/base/registry_controlled_domains/registry_controlled_domain.h index 9f86d6fb053..998819ca878 100644 --- a/chromium/net/base/registry_controlled_domains/registry_controlled_domain.h +++ b/chromium/net/base/registry_controlled_domains/registry_controlled_domain.h @@ -183,8 +183,14 @@ enum UnknownRegistryFilter { NET_EXPORT std::string GetDomainAndRegistry(const GURL& gurl, PrivateRegistryFilter filter); -// Like the GURL version, but takes a host (which is canonicalized internally) -// instead of a full GURL. +// Like the GURL version, but takes an Origin. Returns an empty string if the +// Origin is opaque. +NET_EXPORT std::string GetDomainAndRegistry(const url::Origin& origin, + PrivateRegistryFilter filter); + +// Like the GURL / Origin versions, but takes a host (which is canonicalized +// internally). Prefer either the GURL or Origin variants instead of this one +// to avoid needing to re-canonicalize the host. NET_EXPORT std::string GetDomainAndRegistry(base::StringPiece host, PrivateRegistryFilter filter); diff --git a/chromium/net/base/registry_controlled_domains/registry_controlled_domain_unittest.cc b/chromium/net/base/registry_controlled_domains/registry_controlled_domain_unittest.cc index 8a6ad63da6e..d43ec299ab0 100644 --- a/chromium/net/base/registry_controlled_domains/registry_controlled_domain_unittest.cc +++ b/chromium/net/base/registry_controlled_domains/registry_controlled_domain_unittest.cc @@ -38,10 +38,6 @@ namespace registry_controlled_domains { namespace { -std::string GetDomainFromURL(const std::string& url) { - return GetDomainAndRegistry(GURL(url), EXCLUDE_PRIVATE_REGISTRIES); -} - std::string GetDomainFromHost(const std::string& host) { return GetDomainAndRegistry(host, EXCLUDE_PRIVATE_REGISTRIES); } @@ -113,34 +109,47 @@ class RegistryControlledDomainTest : public testing::Test { TEST_F(RegistryControlledDomainTest, TestGetDomainAndRegistry) { UseDomainData(test1::kDafsa); - // Test GURL version of GetDomainAndRegistry(). - EXPECT_EQ("baz.jp", GetDomainFromURL("http://a.baz.jp/file.html")); // 1 - EXPECT_EQ("baz.jp.", GetDomainFromURL("http://a.baz.jp./file.html")); // 1 - EXPECT_EQ("", GetDomainFromURL("http://ac.jp")); // 2 - EXPECT_EQ("", GetDomainFromURL("http://a.bar.jp")); // 3 - EXPECT_EQ("", GetDomainFromURL("http://bar.jp")); // 3 - EXPECT_EQ("", GetDomainFromURL("http://baz.bar.jp")); // 3 4 - EXPECT_EQ("a.b.baz.bar.jp", GetDomainFromURL("http://a.b.baz.bar.jp")); - // 4 - EXPECT_EQ("pref.bar.jp", GetDomainFromURL("http://baz.pref.bar.jp")); // 5 - EXPECT_EQ("b.bar.baz.com.", GetDomainFromURL("http://a.b.bar.baz.com.")); - // 6 - EXPECT_EQ("a.d.c", GetDomainFromURL("http://a.d.c")); // 7 - EXPECT_EQ("a.d.c", GetDomainFromURL("http://.a.d.c")); // 7 - EXPECT_EQ("a.d.c", GetDomainFromURL("http://..a.d.c")); // 7 - EXPECT_EQ("b.c", GetDomainFromURL("http://a.b.c")); // 7 8 - EXPECT_EQ("baz.com", GetDomainFromURL("http://baz.com")); // none - EXPECT_EQ("baz.com.", GetDomainFromURL("http://baz.com.")); // none - - EXPECT_EQ("", GetDomainFromURL(std::string())); - EXPECT_EQ("", GetDomainFromURL("http://")); - EXPECT_EQ("", GetDomainFromURL("file:///C:/file.html")); - EXPECT_EQ("", GetDomainFromURL("http://foo.com..")); - EXPECT_EQ("", GetDomainFromURL("http://...")); - EXPECT_EQ("", GetDomainFromURL("http://192.168.0.1")); - EXPECT_EQ("", GetDomainFromURL("http://localhost")); - EXPECT_EQ("", GetDomainFromURL("http://localhost.")); - EXPECT_EQ("", GetDomainFromURL("http:////Comment")); + struct { + std::string url; + std::string expected_domain_and_registry; + } kTestCases[] = { + {"http://a.baz.jp/file.html", "baz.jp"}, + {"http://a.baz.jp./file.html", "baz.jp."}, + {"http://ac.jp", ""}, + {"http://a.bar.jp", ""}, + {"http://bar.jp", ""}, + {"http://baz.bar.jp", ""}, + {"http://a.b.baz.bar.jp", "a.b.baz.bar.jp"}, + + {"http://baz.pref.bar.jp", "pref.bar.jp"}, + {"http://a.b.bar.baz.com.", "b.bar.baz.com."}, + + {"http://a.d.c", "a.d.c"}, + {"http://.a.d.c", "a.d.c"}, + {"http://..a.d.c", "a.d.c"}, + {"http://a.b.c", "b.c"}, + {"http://baz.com", "baz.com"}, + {"http://baz.com.", "baz.com."}, + + {"", ""}, + {"http://", ""}, + {"file:///C:/file.html", ""}, + {"http://foo.com..", ""}, + {"http://...", ""}, + {"http://192.168.0.1", ""}, + {"http://[2001:0db8:85a3:0000:0000:8a2e:0370:7334]/", ""}, + {"http://localhost", ""}, + {"http://localhost.", ""}, + {"http:////Comment", ""}, + }; + for (const auto& test_case : kTestCases) { + const GURL url(test_case.url); + EXPECT_EQ(test_case.expected_domain_and_registry, + GetDomainAndRegistry(url, EXCLUDE_PRIVATE_REGISTRIES)); + EXPECT_EQ(test_case.expected_domain_and_registry, + GetDomainAndRegistry(url::Origin::Create(url), + EXCLUDE_PRIVATE_REGISTRIES)); + } // Test std::string version of GetDomainAndRegistry(). Uses the same // underpinnings as the GURL version, so this is really more of a check of @@ -165,6 +174,7 @@ TEST_F(RegistryControlledDomainTest, TestGetDomainAndRegistry) { EXPECT_EQ("", GetDomainFromHost("foo.com..")); EXPECT_EQ("", GetDomainFromHost("...")); EXPECT_EQ("", GetDomainFromHost("192.168.0.1")); + EXPECT_EQ("", GetDomainFromHost("[2001:0db8:85a3:0000:0000:8a2e:0370:7334]")); EXPECT_EQ("", GetDomainFromHost("localhost.")); EXPECT_EQ("", GetDomainFromHost(".localhost.")); } diff --git a/chromium/net/base/request_priority.cc b/chromium/net/base/request_priority.cc index 87a6749d740..4492758d37f 100644 --- a/chromium/net/base/request_priority.cc +++ b/chromium/net/base/request_priority.cc @@ -4,7 +4,7 @@ #include "net/base/request_priority.h" -#include "base/logging.h" +#include "base/notreached.h" namespace net { diff --git a/chromium/net/base/scheme_host_port_matcher.cc b/chromium/net/base/scheme_host_port_matcher.cc index fef5260d488..23dfe19c549 100644 --- a/chromium/net/base/scheme_host_port_matcher.cc +++ b/chromium/net/base/scheme_host_port_matcher.cc @@ -5,6 +5,7 @@ #include "net/base/scheme_host_port_matcher.h" #include "base/strings/string_tokenizer.h" +#include "base/strings/string_util.h" namespace net { diff --git a/chromium/net/base/scheme_host_port_matcher_rule.cc b/chromium/net/base/scheme_host_port_matcher_rule.cc index a9063727683..eef28c70a42 100644 --- a/chromium/net/base/scheme_host_port_matcher_rule.cc +++ b/chromium/net/base/scheme_host_port_matcher_rule.cc @@ -5,6 +5,7 @@ #include "net/base/scheme_host_port_matcher_rule.h" #include "base/strings/pattern.h" +#include "base/strings/string_util.h" #include "base/strings/stringprintf.h" #include "net/base/host_port_pair.h" #include "net/base/parse_number.h" diff --git a/chromium/net/base/test_completion_callback_unittest.cc b/chromium/net/base/test_completion_callback_unittest.cc index 40df9d0a255..320ab318551 100644 --- a/chromium/net/base/test_completion_callback_unittest.cc +++ b/chromium/net/base/test_completion_callback_unittest.cc @@ -7,9 +7,10 @@ #include "net/base/test_completion_callback.h" #include "base/bind.h" +#include "base/check_op.h" #include "base/location.h" -#include "base/logging.h" #include "base/macros.h" +#include "base/notreached.h" #include "base/single_thread_task_runner.h" #include "base/threading/thread_task_runner_handle.h" #include "net/base/completion_once_callback.h" diff --git a/chromium/net/base/upload_bytes_element_reader.cc b/chromium/net/base/upload_bytes_element_reader.cc index 45cc5d05476..b2fee1a4f7f 100644 --- a/chromium/net/base/upload_bytes_element_reader.cc +++ b/chromium/net/base/upload_bytes_element_reader.cc @@ -4,7 +4,7 @@ #include "net/base/upload_bytes_element_reader.h" -#include "base/logging.h" +#include "base/check_op.h" #include "net/base/io_buffer.h" #include "net/base/net_errors.h" diff --git a/chromium/net/base/upload_data_stream.cc b/chromium/net/base/upload_data_stream.cc index ed6c705d6ed..edcba234fc5 100644 --- a/chromium/net/base/upload_data_stream.cc +++ b/chromium/net/base/upload_data_stream.cc @@ -4,7 +4,7 @@ #include "net/base/upload_data_stream.h" -#include "base/logging.h" +#include "base/check_op.h" #include "base/values.h" #include "net/base/io_buffer.h" #include "net/base/net_errors.h" diff --git a/chromium/net/base/url_util.cc b/chromium/net/base/url_util.cc index b8e7d082421..b6c36ea1375 100644 --- a/chromium/net/base/url_util.cc +++ b/chromium/net/base/url_util.cc @@ -12,7 +12,7 @@ #include <ws2tcpip.h> #endif -#include "base/logging.h" +#include "base/check_op.h" #include "base/strings/string_util.h" #include "base/strings/stringprintf.h" #include "base/strings/utf_string_conversions.h" @@ -266,6 +266,20 @@ std::string GetSuperdomain(base::StringPiece domain) { return domain.substr(dot_pos + 1).as_string(); } +bool IsSubdomainOf(base::StringPiece subdomain, base::StringPiece superdomain) { + // Subdomain must be identical or have strictly more labels than the + // superdomain. + if (subdomain.length() <= superdomain.length()) + return subdomain == superdomain; + + // Superdomain must be suffix of subdomain, and the last character not + // included in the matching substring must be a dot. + if (!subdomain.ends_with(superdomain)) + return false; + subdomain.remove_suffix(superdomain.length()); + return subdomain.back() == '.'; +} + std::string CanonicalizeHost(base::StringPiece host, url::CanonHostInfo* host_info) { // Try to canonicalize the host. diff --git a/chromium/net/base/url_util.h b/chromium/net/base/url_util.h index ad3b3db64a2..41793202b2b 100644 --- a/chromium/net/base/url_util.h +++ b/chromium/net/base/url_util.h @@ -131,6 +131,13 @@ NET_EXPORT std::string GetHostOrSpecFromURL(const GURL& url); // GetSuperdomain("127.0.0.1") -> "0.0.1" NET_EXPORT std::string GetSuperdomain(base::StringPiece domain); +// Returns whether |subdomain| is a subdomain of (or identical to) +// |superdomain|, if both are hostnames (not IP addresses -- for which this +// function is nonsensical). Does not consider the Public Suffix List. +// Returns true if both input strings are empty. +NET_EXPORT bool IsSubdomainOf(base::StringPiece subdomain, + base::StringPiece superdomain); + // Canonicalizes |host| and returns it. Also fills |host_info| with // IP address information. |host_info| must not be NULL. NET_EXPORT std::string CanonicalizeHost(base::StringPiece host, diff --git a/chromium/net/base/url_util_unittest.cc b/chromium/net/base/url_util_unittest.cc index f8670a2a72e..0990790d13b 100644 --- a/chromium/net/base/url_util_unittest.cc +++ b/chromium/net/base/url_util_unittest.cc @@ -297,6 +297,34 @@ TEST(UrlUtilTest, GetSuperdomain) { } } +TEST(UrlUtilTest, IsSubdomainOf) { + struct { + const char* subdomain; + const char* superdomain; + bool is_subdomain; + } tests[] = { + {"bar.foo.com", "foo.com", true}, + {"barfoo.com", "foo.com", false}, + {"bar.foo.com", "com", true}, + {"bar.foo.com", "other.com", false}, + {"bar.foo.com", "bar.foo.com", true}, + {"bar.foo.com", "baz.foo.com", false}, + {"bar.foo.com", "baz.bar.foo.com", false}, + {"bar.foo.com", "ar.foo.com", false}, + {"foo.com", "foo.com.", false}, + {"bar.foo.com", "foo.com.", false}, + {"", "", true}, + {"a", "", false}, + {"", "a", false}, + {"127.0.0.1", "0.0.1", true}, // Don't do this... + }; + + for (const auto& test : tests) { + EXPECT_EQ(test.is_subdomain, + IsSubdomainOf(test.subdomain, test.superdomain)); + } +} + TEST(UrlUtilTest, CompliantHost) { struct { const char* const host; diff --git a/chromium/net/base/winsock_init.cc b/chromium/net/base/winsock_init.cc index 1f488c96c6b..55c56161201 100644 --- a/chromium/net/base/winsock_init.cc +++ b/chromium/net/base/winsock_init.cc @@ -6,8 +6,8 @@ #include "net/base/winsock_init.h" +#include "base/check.h" #include "base/lazy_instance.h" -#include "base/logging.h" namespace { diff --git a/chromium/net/base/winsock_util.cc b/chromium/net/base/winsock_util.cc index 5522e2719a5..38cc61cf040 100644 --- a/chromium/net/base/winsock_util.cc +++ b/chromium/net/base/winsock_util.cc @@ -4,7 +4,7 @@ #include "net/base/winsock_util.h" -#include "base/logging.h" +#include "base/check.h" #include "net/base/net_errors.h" namespace net { diff --git a/chromium/net/cert/cert_database_mac.cc b/chromium/net/cert/cert_database_mac.cc index c5dedce0668..c9ad52b91e8 100644 --- a/chromium/net/cert/cert_database_mac.cc +++ b/chromium/net/cert/cert_database_mac.cc @@ -7,10 +7,11 @@ #include <Security/Security.h> #include "base/bind.h" +#include "base/check.h" #include "base/location.h" -#include "base/logging.h" #include "base/mac/mac_logging.h" #include "base/message_loop/message_loop_current.h" +#include "base/notreached.h" #include "base/process/process_handle.h" #include "base/single_thread_task_runner.h" #include "base/synchronization/lock.h" diff --git a/chromium/net/cert/cert_status_flags.cc b/chromium/net/cert/cert_status_flags.cc index dce91ddff6e..fbac0dea90d 100644 --- a/chromium/net/cert/cert_status_flags.cc +++ b/chromium/net/cert/cert_status_flags.cc @@ -4,7 +4,8 @@ #include "net/cert/cert_status_flags.h" -#include "base/logging.h" +#include "base/check_op.h" +#include "base/notreached.h" #include "net/base/net_errors.h" namespace net { diff --git a/chromium/net/cert/cert_verifier.cc b/chromium/net/cert/cert_verifier.cc index ec0ee94d430..580c7212d65 100644 --- a/chromium/net/cert/cert_verifier.cc +++ b/chromium/net/cert/cert_verifier.cc @@ -15,7 +15,7 @@ #include "third_party/boringssl/src/include/openssl/sha.h" #if defined(OS_NACL) -#include "base/logging.h" +#include "base/notreached.h" #else #include "net/cert/caching_cert_verifier.h" #include "net/cert/coalescing_cert_verifier.h" @@ -31,6 +31,8 @@ CertVerifier::Config::~Config() = default; CertVerifier::Config& CertVerifier::Config::operator=(const Config&) = default; CertVerifier::Config& CertVerifier::Config::operator=(Config&&) = default; +CertVerifier::RequestParams::RequestParams() = default; + CertVerifier::RequestParams::RequestParams( scoped_refptr<X509Certificate> certificate, const std::string& hostname, @@ -78,14 +80,14 @@ bool CertVerifier::RequestParams::operator<( } // static -std::unique_ptr<CertVerifier> CertVerifier::CreateDefault( +std::unique_ptr<CertVerifier> CertVerifier::CreateDefaultWithoutCaching( scoped_refptr<CertNetFetcher> cert_net_fetcher) { #if defined(OS_NACL) NOTIMPLEMENTED(); return std::unique_ptr<CertVerifier>(); #else scoped_refptr<CertVerifyProc> verify_proc; -#if defined(OS_FUCHSIA) +#if defined(OS_FUCHSIA) || defined(OS_LINUX) || defined(OS_CHROMEOS) verify_proc = CertVerifyProc::CreateBuiltinVerifyProc(std::move(cert_net_fetcher)); #elif BUILDFLAG(BUILTIN_CERT_VERIFIER_FEATURE_SUPPORTED) @@ -101,10 +103,16 @@ std::unique_ptr<CertVerifier> CertVerifier::CreateDefault( CertVerifyProc::CreateSystemVerifyProc(std::move(cert_net_fetcher)); #endif + return std::make_unique<MultiThreadedCertVerifier>(std::move(verify_proc)); +#endif +} + +// static +std::unique_ptr<CertVerifier> CertVerifier::CreateDefault( + scoped_refptr<CertNetFetcher> cert_net_fetcher) { return std::make_unique<CachingCertVerifier>( std::make_unique<CoalescingCertVerifier>( - std::make_unique<MultiThreadedCertVerifier>(std::move(verify_proc)))); -#endif + CreateDefaultWithoutCaching(std::move(cert_net_fetcher)))); } bool operator==(const CertVerifier::Config& lhs, diff --git a/chromium/net/cert/cert_verifier.h b/chromium/net/cert/cert_verifier.h index e688038216e..5c9c3798925 100644 --- a/chromium/net/cert/cert_verifier.h +++ b/chromium/net/cert/cert_verifier.h @@ -115,6 +115,7 @@ class NET_EXPORT CertVerifier { // RFC6962 section 3.3.1. It may be ignored by the CertVerifier. class NET_EXPORT RequestParams { public: + RequestParams(); RequestParams(scoped_refptr<X509Certificate> certificate, const std::string& hostname, int flags, @@ -195,6 +196,11 @@ class NET_EXPORT CertVerifier { // Creates a CertVerifier implementation that verifies certificates using // the preferred underlying cryptographic libraries. |cert_net_fetcher| may // not be used, depending on the platform. + static std::unique_ptr<CertVerifier> CreateDefaultWithoutCaching( + scoped_refptr<CertNetFetcher> cert_net_fetcher); + + // Wraps the result of |CreateDefaultWithoutCaching| in a CachingCertVerifier + // and a CoalescingCertVerifier. static std::unique_ptr<CertVerifier> CreateDefault( scoped_refptr<CertNetFetcher> cert_net_fetcher); }; diff --git a/chromium/net/cert/cert_verify_proc.cc b/chromium/net/cert/cert_verify_proc.cc index 2559be51983..b6502664174 100644 --- a/chromium/net/cert/cert_verify_proc.cc +++ b/chromium/net/cert/cert_verify_proc.cc @@ -52,9 +52,7 @@ #include "net/cert/cert_verify_proc_builtin.h" #endif -#if defined(USE_NSS_CERTS) -#include "net/cert/cert_verify_proc_nss.h" -#elif defined(OS_ANDROID) +#if defined(OS_ANDROID) #include "net/cert/cert_verify_proc_android.h" #elif defined(OS_IOS) #include "net/cert/cert_verify_proc_ios.h" @@ -496,13 +494,11 @@ base::Value CertVerifyParams(X509Certificate* cert, } // namespace -#if !defined(OS_FUCHSIA) +#if !(defined(OS_FUCHSIA) || defined(OS_LINUX) || defined(OS_CHROMEOS)) // static scoped_refptr<CertVerifyProc> CertVerifyProc::CreateSystemVerifyProc( scoped_refptr<CertNetFetcher> cert_net_fetcher) { -#if defined(USE_NSS_CERTS) - return new CertVerifyProcNSS(); -#elif defined(OS_ANDROID) +#if defined(OS_ANDROID) return new CertVerifyProcAndroid(std::move(cert_net_fetcher)); #elif defined(OS_IOS) return new CertVerifyProcIOS(); diff --git a/chromium/net/cert/cert_verify_proc.h b/chromium/net/cert/cert_verify_proc.h index 24deeaf8833..a9bd15e29a3 100644 --- a/chromium/net/cert/cert_verify_proc.h +++ b/chromium/net/cert/cert_verify_proc.h @@ -66,7 +66,7 @@ class NET_EXPORT CertVerifyProc kMaxValue = kChainLengthOne }; -#if !defined(OS_FUCHSIA) +#if !(defined(OS_FUCHSIA) || defined(OS_LINUX) || defined(OS_CHROMEOS)) // Creates and returns a CertVerifyProc that uses the system verifier. // |cert_net_fetcher| may not be used, depending on the implementation. static scoped_refptr<CertVerifyProc> CreateSystemVerifyProc( diff --git a/chromium/net/cert/cert_verify_proc_android.cc b/chromium/net/cert/cert_verify_proc_android.cc index e649d0ab907..712ab2b7587 100644 --- a/chromium/net/cert/cert_verify_proc_android.cc +++ b/chromium/net/cert/cert_verify_proc_android.cc @@ -7,9 +7,10 @@ #include <string> #include <vector> -#include "base/logging.h" +#include "base/check_op.h" #include "base/metrics/histogram_functions.h" #include "base/metrics/histogram_macros.h" +#include "base/notreached.h" #include "base/strings/string_piece.h" #include "crypto/sha2.h" #include "net/android/cert_verify_result_android.h" diff --git a/chromium/net/cert/cert_verify_proc_nss.cc b/chromium/net/cert/cert_verify_proc_nss.cc deleted file mode 100644 index f2e8e5d9d99..00000000000 --- a/chromium/net/cert/cert_verify_proc_nss.cc +++ /dev/null @@ -1,1053 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/cert/cert_verify_proc_nss.h" - -#include <cert.h> -#include <nss.h> -#include <prerror.h> -#include <secerr.h> -#include <sechash.h> -#include <sslerr.h> - -#include <memory> -#include <string> -#include <vector> - -#include "base/compiler_specific.h" -#include "base/logging.h" -#include "base/macros.h" -#include "base/stl_util.h" -#include "build/build_config.h" -#include "crypto/nss_util.h" -#include "crypto/scoped_nss_types.h" -#include "crypto/sha2.h" -#include "net/base/net_errors.h" -#include "net/cert/asn1_util.h" -#include "net/cert/cert_status_flags.h" -#include "net/cert/cert_verifier.h" -#include "net/cert/cert_verify_result.h" -#include "net/cert/crl_set.h" -#include "net/cert/ev_root_ca_metadata.h" -#include "net/cert/known_roots.h" -#include "net/cert/known_roots_nss.h" -#include "net/cert/x509_certificate.h" -#include "net/cert/x509_util_nss.h" -#include "net/cert_net/nss_ocsp.h" - -#include <dlfcn.h> - -namespace net { - -namespace { - -using CacheOCSPResponseFunction = SECStatus (*)(CERTCertDBHandle* handle, - CERTCertificate* cert, - PRTime time, - const SECItem* encodedResponse, - void* pwArg); - -typedef std::unique_ptr< - CERTCertificatePolicies, - crypto::NSSDestroyer<CERTCertificatePolicies, - CERT_DestroyCertificatePoliciesExtension>> - ScopedCERTCertificatePolicies; - -typedef std::unique_ptr< - CERTCertList, - crypto::NSSDestroyer<CERTCertList, CERT_DestroyCertList>> - ScopedCERTCertList; - -// ScopedCERTValOutParam manages destruction of values in the CERTValOutParam -// array that cvout points to. cvout must be initialized as passed to -// CERT_PKIXVerifyCert, so that the array must be terminated with -// cert_po_end type. -// When it goes out of scope, it destroys values of cert_po_trustAnchor -// and cert_po_certList types, but doesn't release the array itself. -class ScopedCERTValOutParam { - public: - explicit ScopedCERTValOutParam(CERTValOutParam* cvout) : cvout_(cvout) {} - - ~ScopedCERTValOutParam() { - Clear(); - } - - // Free the internal resources, but do not release the array itself. - void Clear() { - if (cvout_ == NULL) - return; - for (CERTValOutParam *p = cvout_; p->type != cert_po_end; p++) { - switch (p->type) { - case cert_po_trustAnchor: - if (p->value.pointer.cert) { - CERT_DestroyCertificate(p->value.pointer.cert); - p->value.pointer.cert = NULL; - } - break; - case cert_po_certList: - if (p->value.pointer.chain) { - CERT_DestroyCertList(p->value.pointer.chain); - p->value.pointer.chain = NULL; - } - break; - default: - break; - } - } - } - - private: - CERTValOutParam* cvout_; - - DISALLOW_COPY_AND_ASSIGN(ScopedCERTValOutParam); -}; - -// Map PORT_GetError() return values to our network error codes. -int MapSecurityError(int err) { - switch (err) { - case PR_DIRECTORY_LOOKUP_ERROR: // DNS lookup error. - return ERR_NAME_NOT_RESOLVED; - case SEC_ERROR_INVALID_ARGS: - return ERR_INVALID_ARGUMENT; - case SSL_ERROR_BAD_CERT_DOMAIN: - return ERR_CERT_COMMON_NAME_INVALID; - case SEC_ERROR_INVALID_TIME: - case SEC_ERROR_EXPIRED_CERTIFICATE: - case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: - return ERR_CERT_DATE_INVALID; - case SEC_ERROR_UNKNOWN_ISSUER: - case SEC_ERROR_UNTRUSTED_ISSUER: - case SEC_ERROR_CA_CERT_INVALID: - case SEC_ERROR_BAD_SIGNATURE: - case SEC_ERROR_APPLICATION_CALLBACK_ERROR: // Rejected by - // chain_verify_callback. - return ERR_CERT_AUTHORITY_INVALID; - // TODO(port): map ERR_CERT_NO_REVOCATION_MECHANISM. - case SEC_ERROR_OCSP_BAD_HTTP_RESPONSE: - case SEC_ERROR_OCSP_SERVER_ERROR: - return ERR_CERT_UNABLE_TO_CHECK_REVOCATION; - case SEC_ERROR_REVOKED_CERTIFICATE: - case SEC_ERROR_UNTRUSTED_CERT: // Treat as revoked. - return ERR_CERT_REVOKED; - case SEC_ERROR_CERT_NOT_IN_NAME_SPACE: - return ERR_CERT_NAME_CONSTRAINT_VIOLATION; - case SEC_ERROR_BAD_DER: - case SEC_ERROR_CERT_NOT_VALID: - // TODO(port): add an ERR_CERT_WRONG_USAGE error code. - case SEC_ERROR_CERT_USAGES_INVALID: - case SEC_ERROR_INADEQUATE_KEY_USAGE: // Key usage. - case SEC_ERROR_INADEQUATE_CERT_TYPE: // Extended key usage and whether - // the certificate is a CA. - case SEC_ERROR_POLICY_VALIDATION_FAILED: - case SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID: - case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION: - case SEC_ERROR_EXTENSION_VALUE_INVALID: - return ERR_CERT_INVALID; - case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED: - return ERR_CERT_WEAK_SIGNATURE_ALGORITHM; - default: - LOG(WARNING) << "Unknown error " << err << " mapped to net::ERR_FAILED"; - return ERR_FAILED; - } -} - -// Map PORT_GetError() return values to our cert status flags. -CertStatus MapCertErrorToCertStatus(int err) { - int net_error = MapSecurityError(err); - return MapNetErrorToCertStatus(net_error); -} - -// Extracts the certificate chain from |cert_list| (and optionally |root_cert|) -// into an X509Certificate. If this fails, returns nullptr. -// Note that cert_list[0] is the end entity certificate. -scoped_refptr<X509Certificate> GetCertChainInfo(CERTCertList* cert_list, - CERTCertificate* root_cert) { - if (!cert_list) - return nullptr; - - CERTCertificate* verified_cert = NULL; - std::vector<CERTCertificate*> verified_chain; - size_t i = 0; - for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list); - !CERT_LIST_END(node, cert_list); - node = CERT_LIST_NEXT(node), ++i) { - if (i == 0) { - verified_cert = node->cert; - } else { - // Because of an NSS bug, CERT_PKIXVerifyCert may chain a self-signed - // certificate of a root CA to another certificate of the same root CA - // key. Detect that error and ignore the root CA certificate. - // See https://bugzilla.mozilla.org/show_bug.cgi?id=721288. - if (node->cert->isRoot) { - // NOTE: isRoot doesn't mean the certificate is a trust anchor. It - // means the certificate is self-signed. Here we assume isRoot only - // implies the certificate is self-issued. - CERTCertListNode* next_node = CERT_LIST_NEXT(node); - CERTCertificate* next_cert; - if (!CERT_LIST_END(next_node, cert_list)) { - next_cert = next_node->cert; - } else { - next_cert = root_cert; - } - // Test that |node->cert| is actually a self-signed certificate - // whose key is equal to |next_cert|, and not a self-issued - // certificate signed by another key of the same CA. - if (next_cert && SECITEM_ItemsAreEqual(&node->cert->derPublicKey, - &next_cert->derPublicKey)) { - continue; - } - } - verified_chain.push_back(node->cert); - } - } - - if (root_cert) - verified_chain.push_back(root_cert); - - return x509_util::CreateX509CertificateFromCERTCertificate(verified_cert, - verified_chain); -} - -// Returns true if the given certificate is one of the additional trust anchors. -bool IsAdditionalTrustAnchor(CERTCertList* additional_trust_anchors, - CERTCertificate* root) { - if (!additional_trust_anchors || !root) - return false; - for (CERTCertListNode* node = CERT_LIST_HEAD(additional_trust_anchors); - !CERT_LIST_END(node, additional_trust_anchors); - node = CERT_LIST_NEXT(node)) { - if (CERT_CompareCerts(node->cert, root)) - return true; - } - return false; -} - -enum CRLSetResult { - kCRLSetOk, - kCRLSetRevoked, - kCRLSetUnknown, -}; - -// CheckRevocationWithCRLSet attempts to check each element of |cert_list| -// against |crl_set|. It returns: -// kCRLSetRevoked: if any element of the chain is known to have been revoked. -// kCRLSetUnknown: if there is no fresh information about the leaf -// certificate in the chain or if the CRLSet has expired. -// -// Only the leaf certificate is considered for coverage because some -// intermediates have CRLs with no revocations (after filtering) and -// those CRLs are pruned from the CRLSet at generation time. This means -// that some EV sites would otherwise take the hit of an OCSP lookup for -// no reason. -// kCRLSetOk: otherwise. -CRLSetResult CheckRevocationWithCRLSet(const CERTCertList* cert_list, - CERTCertificate* root, - CRLSet* crl_set) { - std::vector<CERTCertificate*> certs; - - if (cert_list) { - for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list); - !CERT_LIST_END(node, cert_list); - node = CERT_LIST_NEXT(node)) { - certs.push_back(node->cert); - } - } - if (root) - certs.push_back(root); - - // Set to true if any errors are found, which will cause such chains to not be - // treated as covered by the CRLSet. - bool error = false; - // Set to the coverage state of the previous certificate. As the certificates - // are iterated over from root to leaf, at the end of the iteration, this - // indicates the coverage state of the leaf certificate. - bool last_covered = false; - - // We iterate from the root certificate down to the leaf, keeping track of - // the issuer's SPKI at each step. - std::string issuer_spki_hash; - for (auto i = certs.rbegin(); i != certs.rend(); ++i) { - CERTCertificate* cert = *i; - - base::StringPiece der(reinterpret_cast<char*>(cert->derCert.data), - cert->derCert.len); - - base::StringPiece spki, subject; - if (!asn1::ExtractSPKIFromDERCert(der, &spki) || - !asn1::ExtractSubjectFromDERCert(der, &subject)) { - NOTREACHED(); - error = true; - continue; - } - const std::string spki_hash = crypto::SHA256HashString(spki); - - base::StringPiece serial_number = base::StringPiece( - reinterpret_cast<char*>(cert->serialNumber.data), - cert->serialNumber.len); - - CRLSet::Result result = crl_set->CheckSPKI(spki_hash); - - if (result != CRLSet::REVOKED) - result = crl_set->CheckSubject(subject, spki_hash); - if (result != CRLSet::REVOKED && !issuer_spki_hash.empty()) - result = crl_set->CheckSerial(serial_number, issuer_spki_hash); - - issuer_spki_hash = spki_hash; - - switch (result) { - case CRLSet::REVOKED: - return kCRLSetRevoked; - case CRLSet::UNKNOWN: - last_covered = false; - continue; - case CRLSet::GOOD: - last_covered = true; - continue; - default: - NOTREACHED(); - error = true; - continue; - } - } - - if (error || !last_covered || crl_set->IsExpired()) - return kCRLSetUnknown; - return kCRLSetOk; -} - -// Arguments for CheckChainRevocationWithCRLSet that are curried within the -// CERTChainVerifyCallback's isChainValidArg. -struct CheckChainRevocationArgs { - // The CRLSet to evaluate against. - CRLSet* crl_set = nullptr; - - ScopedCERTCertList chain; - - // The next callback to invoke, if the CRLSet does not report any errors. - CERTChainVerifyCallback* next_callback = nullptr; - - // Indicates that the application callback failure was due to a CRLSet - // revocation, rather than due to |next_callback| rejecting it. This is - // used to map the error back to the proper caller-visible error code. - bool was_revoked = false; -}; - -SECStatus CheckChainRevocationWithCRLSet(void* is_chain_valid_arg, - const CERTCertList* current_chain, - PRBool* chain_ok) { - CHECK(is_chain_valid_arg); - - CheckChainRevocationArgs* args = - static_cast<CheckChainRevocationArgs*>(is_chain_valid_arg); - - args->was_revoked = false; - args->chain.reset(); - - CRLSetResult crlset_result = kCRLSetUnknown; - if (args->crl_set) { - crlset_result = - CheckRevocationWithCRLSet(current_chain, nullptr, args->crl_set); - } - - if (crlset_result == kCRLSetRevoked) { - // Record the current chain; as an application callback, libpkix will try - // to build a better chain, if possible, or otherwise unwind the path graph - // and forget that it found a potentially-valid, but application-rejected - // chain. For ease with later functions, this is implemented by duplicating - // the CERTCertList, which will take ownership of the certs inside it. - args->chain.reset(CERT_NewCertList()); - for (CERTCertListNode* node = CERT_LIST_HEAD(current_chain); - !CERT_LIST_END(node, current_chain); node = CERT_LIST_NEXT(node)) { - if (CERT_AddCertToListTail(args->chain.get(), - CERT_DupCertificate(node->cert)) != - SECSuccess) { - args->chain.reset(); - break; - } - } - args->was_revoked = true; - *chain_ok = PR_FALSE; - return SECSuccess; - } - - *chain_ok = PR_TRUE; - if (!args->next_callback || !args->next_callback->isChainValid) - return SECSuccess; - - return (*args->next_callback->isChainValid)( - args->next_callback->isChainValidArg, current_chain, chain_ok); -} - -// Forward declarations. -SECStatus RetryPKIXVerifyCertWithWorkarounds(CERTCertificate* cert_handle, - int num_policy_oids, - std::vector<CERTValInParam>* cvin, - CERTValOutParam* cvout); -SECOidTag GetFirstCertPolicy(CERTCertificate* cert_handle); - -// Call CERT_PKIXVerifyCert for the cert_handle. -// Verification results are stored in an array of CERTValOutParam. -// If |hard_fail| is true, and no policy_oids are supplied (eg: EV is NOT being -// checked), then the failure to obtain valid CRL/OCSP information for all -// certificates that contain CRL/OCSP URLs will cause the certificate to be -// treated as if it was revoked. Since failures may be caused by transient -// network failures or by malicious attackers, in general, hard_fail should be -// false. -// If policy_oids is not NULL and num_policy_oids is positive, policies -// are also checked. -// additional_trust_anchors is an optional list of certificates that can be -// trusted as anchors when building a certificate chain. -// Caller must initialize cvout before calling this function. -SECStatus PKIXVerifyCert(CERTCertificate* cert_handle, - bool check_revocation, - bool hard_fail, - const SECOidTag* policy_oids, - int num_policy_oids, - CERTCertList* additional_trust_anchors, - CERTChainVerifyCallback* chain_verify_callback, - CERTValOutParam* cvout) { - bool use_crl = check_revocation; - bool use_ocsp = check_revocation; - - PRUint64 revocation_method_flags = - CERT_REV_M_DO_NOT_TEST_USING_THIS_METHOD | - CERT_REV_M_ALLOW_NETWORK_FETCHING | - CERT_REV_M_IGNORE_IMPLICIT_DEFAULT_SOURCE | - CERT_REV_M_IGNORE_MISSING_FRESH_INFO | - CERT_REV_M_STOP_TESTING_ON_FRESH_INFO; - PRUint64 revocation_method_independent_flags = - CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST; - if (check_revocation && policy_oids && num_policy_oids > 0) { - // EV verification requires revocation checking. Consider the certificate - // revoked if we don't have revocation info. - // TODO(wtc): Add a bool parameter to expressly specify we're doing EV - // verification or we want strict revocation flags. - revocation_method_flags |= CERT_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE; - revocation_method_independent_flags |= - CERT_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE; - } else if (check_revocation && hard_fail) { - revocation_method_flags |= CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO; - revocation_method_independent_flags |= - CERT_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE; - } else { - revocation_method_flags |= CERT_REV_M_SKIP_TEST_ON_MISSING_SOURCE; - revocation_method_independent_flags |= - CERT_REV_MI_NO_OVERALL_INFO_REQUIREMENT; - } - PRUint64 method_flags[2]; - method_flags[cert_revocation_method_crl] = revocation_method_flags; - method_flags[cert_revocation_method_ocsp] = revocation_method_flags; - - if (use_crl) { - method_flags[cert_revocation_method_crl] |= - CERT_REV_M_TEST_USING_THIS_METHOD; - } - if (use_ocsp) { - method_flags[cert_revocation_method_ocsp] |= - CERT_REV_M_TEST_USING_THIS_METHOD; - } - - CERTRevocationMethodIndex preferred_revocation_methods[1]; - if (use_ocsp) { - preferred_revocation_methods[0] = cert_revocation_method_ocsp; - } else { - preferred_revocation_methods[0] = cert_revocation_method_crl; - } - - CERTRevocationFlags revocation_flags; - revocation_flags.leafTests.number_of_defined_methods = - base::size(method_flags); - revocation_flags.leafTests.cert_rev_flags_per_method = method_flags; - revocation_flags.leafTests.number_of_preferred_methods = - base::size(preferred_revocation_methods); - revocation_flags.leafTests.preferred_methods = preferred_revocation_methods; - revocation_flags.leafTests.cert_rev_method_independent_flags = - revocation_method_independent_flags; - - revocation_flags.chainTests.number_of_defined_methods = - base::size(method_flags); - revocation_flags.chainTests.cert_rev_flags_per_method = method_flags; - revocation_flags.chainTests.number_of_preferred_methods = - base::size(preferred_revocation_methods); - revocation_flags.chainTests.preferred_methods = preferred_revocation_methods; - revocation_flags.chainTests.cert_rev_method_independent_flags = - revocation_method_independent_flags; - - - std::vector<CERTValInParam> cvin; - cvin.reserve(7); - CERTValInParam in_param; - in_param.type = cert_pi_revocationFlags; - in_param.value.pointer.revocation = &revocation_flags; - cvin.push_back(in_param); - if (policy_oids && num_policy_oids > 0) { - in_param.type = cert_pi_policyOID; - in_param.value.arraySize = num_policy_oids; - in_param.value.array.oids = policy_oids; - cvin.push_back(in_param); - } - if (additional_trust_anchors) { - in_param.type = cert_pi_trustAnchors; - in_param.value.pointer.chain = additional_trust_anchors; - cvin.push_back(in_param); - in_param.type = cert_pi_useOnlyTrustAnchors; - in_param.value.scalar.b = PR_FALSE; - cvin.push_back(in_param); - } - if (chain_verify_callback) { - in_param.type = cert_pi_chainVerifyCallback; - in_param.value.pointer.chainVerifyCallback = chain_verify_callback; - cvin.push_back(in_param); - } - in_param.type = cert_pi_end; - cvin.push_back(in_param); - - SECStatus rv = CERT_PKIXVerifyCert(cert_handle, certificateUsageSSLServer, - cvin.data(), cvout, nullptr); - if (rv != SECSuccess) { - rv = RetryPKIXVerifyCertWithWorkarounds(cert_handle, num_policy_oids, &cvin, - cvout); - } - return rv; -} - -// PKIXVerifyCert calls this function to work around some bugs in -// CERT_PKIXVerifyCert. All the arguments of this function are either the -// arguments or local variables of PKIXVerifyCert. -SECStatus RetryPKIXVerifyCertWithWorkarounds(CERTCertificate* cert_handle, - int num_policy_oids, - std::vector<CERTValInParam>* cvin, - CERTValOutParam* cvout) { - // We call this function when the first CERT_PKIXVerifyCert call in - // PKIXVerifyCert failed, so we initialize |rv| to SECFailure. - SECStatus rv = SECFailure; - int nss_error = PORT_GetError(); - CERTValInParam in_param; - - // If we get SEC_ERROR_UNKNOWN_ISSUER, we may be missing an intermediate - // CA certificate, so we retry with cert_pi_useAIACertFetch. - // cert_pi_useAIACertFetch has several bugs in its error handling and - // error reporting (NSS bug 528743), so we don't use it by default. - // Note: When building a certificate chain, CERT_PKIXVerifyCert may - // incorrectly pick a CA certificate with the same subject name as the - // missing intermediate CA certificate, and fail with the - // SEC_ERROR_BAD_SIGNATURE error (NSS bug 524013), so we also retry with - // cert_pi_useAIACertFetch on SEC_ERROR_BAD_SIGNATURE. - if ((nss_error == SEC_ERROR_UNKNOWN_ISSUER || - nss_error == SEC_ERROR_BAD_SIGNATURE)) { - DCHECK_EQ(cvin->back().type, cert_pi_end); - cvin->pop_back(); - in_param.type = cert_pi_useAIACertFetch; - in_param.value.scalar.b = PR_TRUE; - cvin->push_back(in_param); - in_param.type = cert_pi_end; - cvin->push_back(in_param); - rv = CERT_PKIXVerifyCert(cert_handle, certificateUsageSSLServer, - &(*cvin)[0], cvout, NULL); - if (rv == SECSuccess) - return rv; - int new_nss_error = PORT_GetError(); - if (new_nss_error == SEC_ERROR_INVALID_ARGS || - new_nss_error == SEC_ERROR_UNKNOWN_AIA_LOCATION_TYPE || - new_nss_error == SEC_ERROR_BAD_INFO_ACCESS_LOCATION || - new_nss_error == SEC_ERROR_BAD_HTTP_RESPONSE || - new_nss_error == SEC_ERROR_BAD_LDAP_RESPONSE || - !IS_SEC_ERROR(new_nss_error)) { - // Use the original error code because of cert_pi_useAIACertFetch's - // bad error reporting. - PORT_SetError(nss_error); - return rv; - } - nss_error = new_nss_error; - } - - // If an intermediate CA certificate has requireExplicitPolicy in its - // policyConstraints extension, CERT_PKIXVerifyCert fails with - // SEC_ERROR_POLICY_VALIDATION_FAILED because we didn't specify any - // certificate policy (NSS bug 552775). So we retry with the certificate - // policy found in the server certificate. - if (nss_error == SEC_ERROR_POLICY_VALIDATION_FAILED && - num_policy_oids == 0) { - SECOidTag policy = GetFirstCertPolicy(cert_handle); - if (policy != SEC_OID_UNKNOWN) { - DCHECK_EQ(cvin->back().type, cert_pi_end); - cvin->pop_back(); - in_param.type = cert_pi_policyOID; - in_param.value.arraySize = 1; - in_param.value.array.oids = &policy; - cvin->push_back(in_param); - in_param.type = cert_pi_end; - cvin->push_back(in_param); - rv = CERT_PKIXVerifyCert(cert_handle, certificateUsageSSLServer, - &(*cvin)[0], cvout, NULL); - if (rv != SECSuccess) { - // Use the original error code. - PORT_SetError(nss_error); - } - } - } - - return rv; -} - -// Decodes the certificatePolicies extension of the certificate. Returns -// NULL if the certificate doesn't have the extension or the extension can't -// be decoded. The returned value must be freed with a -// CERT_DestroyCertificatePoliciesExtension call. -CERTCertificatePolicies* DecodeCertPolicies( - CERTCertificate* cert_handle) { - SECItem policy_ext; - SECStatus rv = CERT_FindCertExtension(cert_handle, - SEC_OID_X509_CERTIFICATE_POLICIES, - &policy_ext); - if (rv != SECSuccess) - return NULL; - CERTCertificatePolicies* policies = - CERT_DecodeCertificatePoliciesExtension(&policy_ext); - SECITEM_FreeItem(&policy_ext, PR_FALSE); - return policies; -} - -// Returns the OID tag for the first certificate policy in the certificate's -// certificatePolicies extension. Returns SEC_OID_UNKNOWN if the certificate -// has no certificate policy. -SECOidTag GetFirstCertPolicy(CERTCertificate* cert_handle) { - ScopedCERTCertificatePolicies policies(DecodeCertPolicies(cert_handle)); - if (!policies.get()) - return SEC_OID_UNKNOWN; - - CERTPolicyInfo* policy_info = policies->policyInfos[0]; - if (!policy_info) - return SEC_OID_UNKNOWN; - if (policy_info->oid != SEC_OID_UNKNOWN) - return policy_info->oid; - - // The certificate policy is unknown to NSS. We need to create a dynamic - // OID tag for the policy. - SECOidData od; - od.oid.len = policy_info->policyID.len; - od.oid.data = policy_info->policyID.data; - od.offset = SEC_OID_UNKNOWN; - // NSS doesn't allow us to pass an empty description, so I use a hardcoded, - // default description here. The description doesn't need to be unique for - // each OID. - od.desc = "a certificate policy"; - od.mechanism = CKM_INVALID_MECHANISM; - od.supportedExtension = INVALID_CERT_EXTENSION; - return SECOID_AddEntry(&od); -} - -HashValue CertPublicKeyHashSHA256(CERTCertificate* cert) { - HashValue hash(HASH_VALUE_SHA256); - SECStatus rv = HASH_HashBuf(HASH_AlgSHA256, hash.data(), - cert->derPublicKey.data, cert->derPublicKey.len); - DCHECK_EQ(rv, SECSuccess); - return hash; -} - -void AppendPublicKeyHashesAndTestKnownRoot(CERTCertList* cert_list, - CERTCertificate* root_cert, - HashValueVector* hashes, - bool* known_root) { - *known_root = false; - - if (!cert_list) - return; - - // First, traverse the list to build the list of public key hashes, in order - // of leaf to root. - for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list); - !CERT_LIST_END(node, cert_list); node = CERT_LIST_NEXT(node)) { - hashes->push_back(CertPublicKeyHashSHA256(node->cert)); - } - if (root_cert) { - hashes->push_back(CertPublicKeyHashSHA256(root_cert)); - } - - // Second, as an optimization, work from the hashes from the last (presumed - // root) to the leaf, checking against the built-in list. - for (auto it = hashes->rbegin(); it != hashes->rend() && !*known_root; ++it) { - *known_root = GetNetTrustAnchorHistogramIdForSPKI(*it) != 0; - } - - // Third, see if a root_cert was provided, and if so, if it matches a - // built-in root (it should, if provided). - if (root_cert && !*known_root) { - *known_root = IsKnownRoot(root_cert); - } - - // Finally, if all else has failed and nothing short-circuited, walk the - // remainder of the chain. As it's unlikely to reach this point, this just - // walks from the leaf and is not optimized, favoring readability. - for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list); - !*known_root && !CERT_LIST_END(node, cert_list); - node = CERT_LIST_NEXT(node)) { - *known_root = IsKnownRoot(node->cert); - } -} - -// Returns true if |cert_handle| contains a policy OID that is an EV policy -// OID according to |metadata|, storing the resulting policy OID in -// |*ev_policy_oid|. A true return is not sufficient to establish that a -// certificate is EV, but a false return is sufficient to establish the -// certificate cannot be EV. -bool IsEVCandidate(EVRootCAMetadata* metadata, - CERTCertificate* cert_handle, - SECOidTag* ev_policy_oid) { - *ev_policy_oid = SEC_OID_UNKNOWN; - DCHECK(cert_handle); - ScopedCERTCertificatePolicies policies(DecodeCertPolicies(cert_handle)); - if (!policies.get()) - return false; - - CERTPolicyInfo** policy_infos = policies->policyInfos; - while (*policy_infos != NULL) { - CERTPolicyInfo* policy_info = *policy_infos++; - // If the Policy OID is unknown, that implicitly means it has not been - // registered as an EV policy. - if (policy_info->oid == SEC_OID_UNKNOWN) - continue; - if (metadata->IsEVPolicyOID(policy_info->oid)) { - *ev_policy_oid = policy_info->oid; - - // De-prioritize the CA/Browser forum Extended Validation policy - // (2.23.140.1.1). See crbug.com/705285. - if (!EVRootCAMetadata::IsCaBrowserForumEvOid(policy_info->oid)) - break; - } - } - - return *ev_policy_oid != SEC_OID_UNKNOWN; -} - -// Studied Mozilla's code (esp. security/manager/ssl/src/nsIdentityChecking.cpp -// and nsNSSCertHelper.cpp) to learn how to verify EV certificate. -// TODO(wtc): A possible optimization is that we get the trust anchor from -// the first PKIXVerifyCert call. We look up the EV policy for the trust -// anchor. If the trust anchor has no EV policy, we know the cert isn't EV. -// Otherwise, we pass just that EV policy (as opposed to all the EV policies) -// to the second PKIXVerifyCert call. -bool VerifyEV(CERTCertificate* cert_handle, - int flags, - CRLSet* crl_set, - bool rev_checking_enabled, - EVRootCAMetadata* metadata, - SECOidTag ev_policy_oid, - CERTCertList* additional_trust_anchors, - CERTChainVerifyCallback* chain_verify_callback) { - CERTValOutParam cvout[3]; - int cvout_index = 0; - cvout[cvout_index].type = cert_po_certList; - cvout[cvout_index].value.pointer.chain = NULL; - int cvout_cert_list_index = cvout_index; - cvout_index++; - cvout[cvout_index].type = cert_po_trustAnchor; - cvout[cvout_index].value.pointer.cert = NULL; - int cvout_trust_anchor_index = cvout_index; - cvout_index++; - cvout[cvout_index].type = cert_po_end; - ScopedCERTValOutParam scoped_cvout(cvout); - - SECStatus status = PKIXVerifyCert( - cert_handle, - rev_checking_enabled, - true, /* hard fail is implied in EV. */ - &ev_policy_oid, - 1, - additional_trust_anchors, - chain_verify_callback, - cvout); - if (status != SECSuccess) - return false; - - CERTCertificate* root_ca = - cvout[cvout_trust_anchor_index].value.pointer.cert; - if (root_ca == NULL) - return false; - - // This second PKIXVerifyCert call could have found a different certification - // path and one or more of the certificates on this new path, that weren't on - // the old path, might have been revoked. - CRLSetResult crl_set_result = CheckRevocationWithCRLSet( - cvout[cvout_cert_list_index].value.pointer.chain, - cvout[cvout_trust_anchor_index].value.pointer.cert, crl_set); - if (crl_set_result == kCRLSetRevoked) - return false; - - SHA256HashValue fingerprint; - crypto::SHA256HashString( - base::StringPiece(reinterpret_cast<const char*>(root_ca->derCert.data), - root_ca->derCert.len), - fingerprint.data, sizeof(fingerprint.data)); - return metadata->HasEVPolicyOID(fingerprint, ev_policy_oid); -} - -// Convert a CertificateList to an NSS CERTCertList. If any certs couldn't be -// converted, they are silently ignored. -ScopedCERTCertList CertificateListToCERTCertListIgnoringErrors( - const CertificateList& list) { - ScopedCERTCertList result(CERT_NewCertList()); - for (size_t i = 0; i < list.size(); ++i) { - ScopedCERTCertificate cert = - x509_util::CreateCERTCertificateFromX509Certificate(list[i].get()); - if (cert) - CERT_AddCertToListTail(result.get(), cert.release()); - else - LOG(WARNING) << "ignoring cert: " << list[i]->subject().GetDisplayName(); - } - return result; -} - -} // namespace - -CertVerifyProcNSS::CertVerifyProcNSS() = default; - -CertVerifyProcNSS::~CertVerifyProcNSS() = default; - -bool CertVerifyProcNSS::SupportsAdditionalTrustAnchors() const { - return true; -} - -NO_SANITIZE("cfi-icall") -int CertVerifyProcNSS::VerifyInternalImpl( - X509Certificate* cert, - const std::string& hostname, - const std::string& ocsp_response, - int flags, - CRLSet* crl_set, - const CertificateList& additional_trust_anchors, - CERTChainVerifyCallback* chain_verify_callback, - CertVerifyResult* verify_result) { - crypto::EnsureNSSInit(); - EnsureNSSHttpIOInit(); - - // Convert the whole input chain into NSS certificates. Even though only the - // target cert is explicitly referred to in this function, creating NSS - // certificates for the intermediates is required for PKIXVerifyCert to find - // them during chain building. - ScopedCERTCertificateList input_chain = - x509_util::CreateCERTCertificateListFromX509Certificate( - cert, x509_util::InvalidIntermediateBehavior::kIgnore); - if (input_chain.empty()) { - verify_result->cert_status |= CERT_STATUS_INVALID; - return ERR_CERT_INVALID; - } - CERTCertificate* cert_handle = input_chain[0].get(); - - static CacheOCSPResponseFunction cache_ocsp_response_from_side_channel = - reinterpret_cast<CacheOCSPResponseFunction>( - dlsym(RTLD_DEFAULT, "CERT_CacheOCSPResponseFromSideChannel")); - if (!ocsp_response.empty() && cache_ocsp_response_from_side_channel) { - // Note: NSS uses a thread-safe global hash table, so this call will - // affect any concurrent verification operations on |cert| or copies of - // the same certificate. This is an unavoidable limitation of NSS's OCSP - // API. - SECItem ocsp_response_item; - ocsp_response_item.data = reinterpret_cast<unsigned char*>( - const_cast<char*>(ocsp_response.data())); - ocsp_response_item.len = ocsp_response.size(); - cache_ocsp_response_from_side_channel(CERT_GetDefaultCertDB(), cert_handle, - PR_Now(), &ocsp_response_item, - nullptr); - } - - // Setup a callback to call into CheckChainRevocationWithCRLSet with the - // current CRLSet. If the CRLSet revokes a given chain, |was_revoked| - // will be set to true. - // The same callback and args are used for every invocation of - // PKIXVerifyCert, as CheckChainRevocationWithCRLSet handles resetting - // |was_revoked| as necessary. - CheckChainRevocationArgs check_chain_revocation_args; - check_chain_revocation_args.crl_set = crl_set; - check_chain_revocation_args.next_callback = chain_verify_callback; - - CERTChainVerifyCallback crlset_callback; - memset(&crlset_callback, 0, sizeof(crlset_callback)); - crlset_callback.isChainValid = &CheckChainRevocationWithCRLSet; - crlset_callback.isChainValidArg = - static_cast<void*>(&check_chain_revocation_args); - - // Make sure that the cert is valid now. - SECCertTimeValidity validity = CERT_CheckCertValidTimes( - cert_handle, PR_Now(), PR_TRUE); - if (validity != secCertTimeValid) - verify_result->cert_status |= CERT_STATUS_DATE_INVALID; - - CERTValOutParam cvout[3]; - int cvout_index = 0; - cvout[cvout_index].type = cert_po_certList; - cvout[cvout_index].value.pointer.chain = NULL; - int cvout_cert_list_index = cvout_index; - cvout_index++; - cvout[cvout_index].type = cert_po_trustAnchor; - cvout[cvout_index].value.pointer.cert = NULL; - int cvout_trust_anchor_index = cvout_index; - cvout_index++; - cvout[cvout_index].type = cert_po_end; - ScopedCERTValOutParam scoped_cvout(cvout); - - EVRootCAMetadata* metadata = EVRootCAMetadata::GetInstance(); - SECOidTag ev_policy_oid = SEC_OID_UNKNOWN; - bool is_ev_candidate = - IsEVCandidate(metadata, cert_handle, &ev_policy_oid); - bool check_revocation = (flags & VERIFY_REV_CHECKING_ENABLED); - if (check_revocation) - verify_result->cert_status |= CERT_STATUS_REV_CHECKING_ENABLED; - - ScopedCERTCertList trust_anchors; - if (!additional_trust_anchors.empty()) { - trust_anchors = - CertificateListToCERTCertListIgnoringErrors(additional_trust_anchors); - } - - SECStatus status = - PKIXVerifyCert(cert_handle, check_revocation, false, NULL, 0, - trust_anchors.get(), &crlset_callback, cvout); - - bool known_root = false; - HashValueVector hashes; - if (status == SECSuccess) { - AppendPublicKeyHashesAndTestKnownRoot( - cvout[cvout_cert_list_index].value.pointer.chain, - cvout[cvout_trust_anchor_index].value.pointer.cert, &hashes, - &known_root); - } else if (status == SECFailure && - PORT_GetError() == SEC_ERROR_APPLICATION_CALLBACK_ERROR && - check_chain_revocation_args.was_revoked) { - AppendPublicKeyHashesAndTestKnownRoot( - check_chain_revocation_args.chain.get(), nullptr, &hashes, &known_root); - // Restore the error (which may have been erased). - PORT_SetError(SEC_ERROR_APPLICATION_CALLBACK_ERROR); - } - - if (status == SECSuccess && - (flags & VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS) && !known_root) { - // TODO(rsleevi): Optimize this by supplying the constructed chain to - // libpkix via cvin. Omitting for now, due to lack of coverage in upstream - // NSS tests for that feature. - scoped_cvout.Clear(); - verify_result->cert_status |= CERT_STATUS_REV_CHECKING_ENABLED; - status = PKIXVerifyCert(cert_handle, true, true, NULL, 0, - trust_anchors.get(), &crlset_callback, cvout); - if (status == SECSuccess) { - AppendPublicKeyHashesAndTestKnownRoot( - cvout[cvout_cert_list_index].value.pointer.chain, - cvout[cvout_trust_anchor_index].value.pointer.cert, &hashes, - &known_root); - } else if (status == SECFailure && - PORT_GetError() == SEC_ERROR_APPLICATION_CALLBACK_ERROR && - check_chain_revocation_args.was_revoked) { - AppendPublicKeyHashesAndTestKnownRoot( - check_chain_revocation_args.chain.get(), nullptr, &hashes, - &known_root); - // Restore the error (which may have been erased). - PORT_SetError(SEC_ERROR_APPLICATION_CALLBACK_ERROR); - } - } - - if (status == SECSuccess || - (status == SECFailure && - PORT_GetError() == SEC_ERROR_APPLICATION_CALLBACK_ERROR && - check_chain_revocation_args.was_revoked)) { - verify_result->public_key_hashes = hashes; - verify_result->is_issued_by_known_root = known_root; - - if (status == SECFailure) { - verify_result->verified_cert = - GetCertChainInfo(check_chain_revocation_args.chain.get(), nullptr); - // Restore the error (which may have been erased). - PORT_SetError(SEC_ERROR_APPLICATION_CALLBACK_ERROR); - } else { - verify_result->verified_cert = - GetCertChainInfo(cvout[cvout_cert_list_index].value.pointer.chain, - cvout[cvout_trust_anchor_index].value.pointer.cert); - verify_result->is_issued_by_additional_trust_anchor = - IsAdditionalTrustAnchor( - trust_anchors.get(), - cvout[cvout_trust_anchor_index].value.pointer.cert); - } - if (!verify_result->verified_cert) - verify_result->cert_status |= CERT_STATUS_INVALID; - } - - CRLSetResult crl_set_result = kCRLSetUnknown; - if (status == SECSuccess) { - // Reverify the returned chain; NSS should have already called - // CheckChainRevocationWithCRLSet prior to returning, but given the - // edge cases (self-signed certs that are trusted; cached chains; - // unreadable code), this is more about defense in depth than - // functional necessity. - crl_set_result = CheckRevocationWithCRLSet( - cvout[cvout_cert_list_index].value.pointer.chain, - cvout[cvout_trust_anchor_index].value.pointer.cert, crl_set); - if (crl_set_result == kCRLSetRevoked) { - PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE); - status = SECFailure; - } - } else if (PORT_GetError() == SEC_ERROR_APPLICATION_CALLBACK_ERROR && - check_chain_revocation_args.was_revoked) { - // If a CRLSet was supplied, and the error was an application callback - // error, then it was directed through the CRLSet code and that - // particular chain was revoked. - PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE); - } - - if (status != SECSuccess) { - int err = PORT_GetError(); - LOG(ERROR) << "CERT_PKIXVerifyCert for " << hostname - << " failed err=" << err; - // CERT_PKIXVerifyCert rerports the wrong error code for - // expired certificates (NSS bug 491174) - if (err == SEC_ERROR_CERT_NOT_VALID && - (verify_result->cert_status & CERT_STATUS_DATE_INVALID)) - err = SEC_ERROR_EXPIRED_CERTIFICATE; - CertStatus cert_status = MapCertErrorToCertStatus(err); - if (cert_status) { - verify_result->cert_status |= cert_status; - return MapCertStatusToNetError(verify_result->cert_status); - } - // |err| is not a certificate error. - return MapSecurityError(err); - } - - if (IsCertStatusError(verify_result->cert_status)) - return MapCertStatusToNetError(verify_result->cert_status); - - if (is_ev_candidate) { - check_revocation |= crl_set_result != kCRLSetOk; - if (check_revocation) - verify_result->cert_status |= CERT_STATUS_REV_CHECKING_ENABLED; - - // TODO(mattm): This is weird, VerifyEV might verify a different path but - // the non-EV path is what actually gets returned just with the EV bit - // added. - if (VerifyEV(cert_handle, flags, crl_set, check_revocation, metadata, - ev_policy_oid, trust_anchors.get(), &crlset_callback)) { - verify_result->cert_status |= CERT_STATUS_IS_EV; - } - } - - LogNameNormalizationMetrics(".NSS", verify_result->verified_cert.get(), - verify_result->is_issued_by_known_root); - - return OK; -} - -int CertVerifyProcNSS::VerifyInternal( - X509Certificate* cert, - const std::string& hostname, - const std::string& ocsp_response, - const std::string& sct_list, - int flags, - CRLSet* crl_set, - const CertificateList& additional_trust_anchors, - CertVerifyResult* verify_result, - const NetLogWithSource& net_log) { - return VerifyInternalImpl(cert, hostname, ocsp_response, flags, crl_set, - additional_trust_anchors, - NULL, // chain_verify_callback - verify_result); -} - -} // namespace net diff --git a/chromium/net/cert/cert_verify_proc_nss.h b/chromium/net/cert/cert_verify_proc_nss.h deleted file mode 100644 index d8268120bf6..00000000000 --- a/chromium/net/cert/cert_verify_proc_nss.h +++ /dev/null @@ -1,51 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef NET_CERT_CERT_VERIFY_PROC_NSS_H_ -#define NET_CERT_CERT_VERIFY_PROC_NSS_H_ - -#include <certt.h> - -#include "net/base/net_export.h" -#include "net/cert/cert_verify_proc.h" - -namespace net { - -// Performs certificate path construction and validation using NSS's libpkix. -class NET_EXPORT_PRIVATE CertVerifyProcNSS : public CertVerifyProc { - public: - CertVerifyProcNSS(); - - bool SupportsAdditionalTrustAnchors() const override; - - protected: - ~CertVerifyProcNSS() override; - - // Like VerifyInternal, but adds a |chain_verify_callback| to override trust - // decisions. See the documentation for CERTChainVerifyCallback and - // CERTChainVerifyCallbackFunc in NSS's lib/certdb/certt.h. - int VerifyInternalImpl(X509Certificate* cert, - const std::string& hostname, - const std::string& ocsp_response, - int flags, - CRLSet* crl_set, - const CertificateList& additional_trust_anchors, - CERTChainVerifyCallback* chain_verify_callback, - CertVerifyResult* verify_result); - - private: - int VerifyInternal(X509Certificate* cert, - const std::string& hostname, - const std::string& ocsp_response, - const std::string& sct_list, - int flags, - CRLSet* crl_set, - const CertificateList& additional_trust_anchors, - CertVerifyResult* verify_result, - const NetLogWithSource& net_log) override; -}; - -} // namespace net - -#endif // NET_CERT_CERT_VERIFY_PROC_NSS_H_ diff --git a/chromium/net/cert/cert_verify_proc_unittest.cc b/chromium/net/cert/cert_verify_proc_unittest.cc index 05dd62cd12e..e8cbe147cee 100644 --- a/chromium/net/cert/cert_verify_proc_unittest.cc +++ b/chromium/net/cert/cert_verify_proc_unittest.cc @@ -39,7 +39,6 @@ #include "net/cert/x509_certificate.h" #include "net/cert/x509_util.h" #include "net/cert_net/cert_net_fetcher_url_request.h" -#include "net/cert_net/nss_ocsp_session_url_request.h" #include "net/der/input.h" #include "net/der/parser.h" #include "net/log/test_net_log.h" @@ -51,6 +50,7 @@ #include "net/test/embedded_test_server/http_request.h" #include "net/test/embedded_test_server/http_response.h" #include "net/test/gtest_util.h" +#include "net/test/revocation_builder.h" #include "net/test/test_certificate_data.h" #include "net/test/test_data_directory.h" #include "net/url_request/url_request_context.h" @@ -60,10 +60,7 @@ #include "testing/gtest/include/gtest/gtest.h" #include "third_party/boringssl/src/include/openssl/mem.h" -#if defined(USE_NSS_CERTS) -#include "net/cert/cert_verify_proc_nss.h" -#include "net/cert_net/nss_ocsp.h" -#elif defined(OS_ANDROID) +#if defined(OS_ANDROID) #include "base/android/build_info.h" #include "net/cert/cert_verify_proc_android.h" #elif defined(OS_IOS) @@ -146,7 +143,6 @@ int MockCertVerifyProc::VerifyInternal( // The type is erased by CreateCertVerifyProc(), however needs to be known for // some of the test expectations. enum CertVerifyProcType { - CERT_VERIFY_PROC_NSS, CERT_VERIFY_PROC_ANDROID, CERT_VERIFY_PROC_IOS, CERT_VERIFY_PROC_MAC, @@ -169,8 +165,6 @@ bool IsMacAtLeastOS10_12() { std::string VerifyProcTypeToName( const testing::TestParamInfo<CertVerifyProcType>& params) { switch (params.param) { - case CERT_VERIFY_PROC_NSS: - return "CertVerifyProcNSS"; case CERT_VERIFY_PROC_ANDROID: return "CertVerifyProcAndroid"; case CERT_VERIFY_PROC_IOS: @@ -190,10 +184,7 @@ scoped_refptr<CertVerifyProc> CreateCertVerifyProc( CertVerifyProcType type, scoped_refptr<CertNetFetcher> cert_net_fetcher) { switch (type) { -#if defined(USE_NSS_CERTS) - case CERT_VERIFY_PROC_NSS: - return new CertVerifyProcNSS(); -#elif defined(OS_ANDROID) +#if defined(OS_ANDROID) case CERT_VERIFY_PROC_ANDROID: return new CertVerifyProcAndroid(std::move(cert_net_fetcher)); #elif defined(OS_IOS) @@ -222,9 +213,7 @@ scoped_refptr<CertVerifyProc> CreateCertVerifyProc( // now this is gated on having CertVerifyProcBuiltin understand the roots added // via TestRootCerts. const std::vector<CertVerifyProcType> kAllCertVerifiers = { -#if defined(USE_NSS_CERTS) - CERT_VERIFY_PROC_NSS, CERT_VERIFY_PROC_BUILTIN -#elif defined(OS_ANDROID) +#if defined(OS_ANDROID) CERT_VERIFY_PROC_ANDROID #elif defined(OS_IOS) CERT_VERIFY_PROC_IOS @@ -232,7 +221,7 @@ const std::vector<CertVerifyProcType> kAllCertVerifiers = { CERT_VERIFY_PROC_MAC, CERT_VERIFY_PROC_BUILTIN #elif defined(OS_WIN) CERT_VERIFY_PROC_WIN -#elif defined(OS_FUCHSIA) +#elif defined(OS_FUCHSIA) || defined(OS_LINUX) || defined(OS_CHROMEOS) CERT_VERIFY_PROC_BUILTIN #else #error Unsupported platform @@ -245,7 +234,6 @@ const std::vector<CertVerifyProcType> kAllCertVerifiers = { bool ScopedTestRootCanTrustTargetCert(CertVerifyProcType verify_proc_type) { return verify_proc_type == CERT_VERIFY_PROC_MAC || verify_proc_type == CERT_VERIFY_PROC_IOS || - verify_proc_type == CERT_VERIFY_PROC_NSS || verify_proc_type == CERT_VERIFY_PROC_ANDROID; } @@ -256,7 +244,6 @@ bool ScopedTestRootCanTrustIntermediateCert( CertVerifyProcType verify_proc_type) { return verify_proc_type == CERT_VERIFY_PROC_MAC || verify_proc_type == CERT_VERIFY_PROC_IOS || - verify_proc_type == CERT_VERIFY_PROC_NSS || verify_proc_type == CERT_VERIFY_PROC_BUILTIN || verify_proc_type == CERT_VERIFY_PROC_ANDROID; } @@ -432,36 +419,31 @@ class CertVerifyProcInternalTest } bool SupportsCRLSet() const { - return verify_proc_type() == CERT_VERIFY_PROC_NSS || - verify_proc_type() == CERT_VERIFY_PROC_WIN || + return verify_proc_type() == CERT_VERIFY_PROC_WIN || verify_proc_type() == CERT_VERIFY_PROC_MAC || verify_proc_type() == CERT_VERIFY_PROC_BUILTIN; } bool SupportsCRLSetsInPathBuilding() const { return verify_proc_type() == CERT_VERIFY_PROC_WIN || - verify_proc_type() == CERT_VERIFY_PROC_NSS || verify_proc_type() == CERT_VERIFY_PROC_BUILTIN; } bool SupportsEV() const { // TODO(crbug.com/117478): Android and iOS do not support EV. - return verify_proc_type() == CERT_VERIFY_PROC_NSS || - verify_proc_type() == CERT_VERIFY_PROC_WIN || + return verify_proc_type() == CERT_VERIFY_PROC_WIN || verify_proc_type() == CERT_VERIFY_PROC_MAC || verify_proc_type() == CERT_VERIFY_PROC_BUILTIN; } bool SupportsSoftFailRevChecking() const { - return verify_proc_type() == CERT_VERIFY_PROC_NSS || - verify_proc_type() == CERT_VERIFY_PROC_WIN || + return verify_proc_type() == CERT_VERIFY_PROC_WIN || verify_proc_type() == CERT_VERIFY_PROC_MAC || verify_proc_type() == CERT_VERIFY_PROC_BUILTIN; } bool SupportsRevCheckingRequiredLocalAnchors() const { - return verify_proc_type() == CERT_VERIFY_PROC_NSS || - verify_proc_type() == CERT_VERIFY_PROC_WIN || + return verify_proc_type() == CERT_VERIFY_PROC_WIN || verify_proc_type() == CERT_VERIFY_PROC_BUILTIN; } @@ -1650,10 +1632,7 @@ TEST_P(CertVerifyProcInternalTest, WrongKeyPurpose) { if (verify_proc_type() != CERT_VERIFY_PROC_BUILTIN) EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_INVALID); - // TODO(wtc): fix http://crbug.com/75520 to get all the certificate errors - // from NSS. - if (verify_proc_type() != CERT_VERIFY_PROC_NSS && - verify_proc_type() != CERT_VERIFY_PROC_ANDROID) { + if (verify_proc_type() != CERT_VERIFY_PROC_ANDROID) { // The certificate is issued by an unknown CA. EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID); } @@ -2634,15 +2613,9 @@ TEST_P(CertVerifyProcInternalTest, ValidityDayBeforeNotBefore) { int error = Verify(chain.get(), "www.example.com", flags, CRLSet::BuiltinCRLSet().get(), CertificateList(), &verify_result); - if (verify_proc_type() == CERT_VERIFY_PROC_NSS) { - // NSS seems to give a 24 hour buffer before the notBefore date where it - // will accept a certificate that isn't actually valid yet. ¯\_(ツ)_/¯ - EXPECT_THAT(error, IsOk()); - } else { - // Current time is before certificate's notBefore. Verification should fail. - EXPECT_THAT(error, IsError(ERR_CERT_DATE_INVALID)); - EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_DATE_INVALID); - } + // Current time is before certificate's notBefore. Verification should fail. + EXPECT_THAT(error, IsError(ERR_CERT_DATE_INVALID)); + EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_DATE_INVALID); } TEST_P(CertVerifyProcInternalTest, ValidityJustBeforeNotBefore) { @@ -2663,15 +2636,9 @@ TEST_P(CertVerifyProcInternalTest, ValidityJustBeforeNotBefore) { int error = Verify(chain.get(), "www.example.com", flags, CRLSet::BuiltinCRLSet().get(), CertificateList(), &verify_result); - if (verify_proc_type() == CERT_VERIFY_PROC_NSS) { - // NSS seems to give a 24 hour buffer before the notBefore date where it - // will accept a certificate that isn't actually valid yet. ¯\_(ツ)_/¯ - EXPECT_THAT(error, IsOk()); - } else { - // Current time is before certificate's notBefore. Verification should fail. - EXPECT_THAT(error, IsError(ERR_CERT_DATE_INVALID)); - EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_DATE_INVALID); - } + // Current time is before certificate's notBefore. Verification should fail. + EXPECT_THAT(error, IsError(ERR_CERT_DATE_INVALID)); + EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_DATE_INVALID); } TEST_P(CertVerifyProcInternalTest, ValidityJustAfterNotBefore) { @@ -2826,8 +2793,6 @@ class CertVerifyProcNameNormalizationTest : public CertVerifyProcInternalTest { std::string HistogramName() const { std::string prefix("Net.CertVerifier.NameNormalizationPrivateRoots."); switch (verify_proc_type()) { - case CERT_VERIFY_PROC_NSS: - return prefix + "NSS"; case CERT_VERIFY_PROC_ANDROID: return prefix + "Android"; case CERT_VERIFY_PROC_IOS: @@ -2883,7 +2848,6 @@ TEST_P(CertVerifyProcNameNormalizationTest, StringType) { CertificateList(), &verify_result); switch (verify_proc_type()) { - case CERT_VERIFY_PROC_NSS: case CERT_VERIFY_PROC_IOS: case CERT_VERIFY_PROC_MAC: case CERT_VERIFY_PROC_WIN: @@ -2914,7 +2878,6 @@ TEST_P(CertVerifyProcNameNormalizationTest, CaseFolding) { CertificateList(), &verify_result); switch (verify_proc_type()) { - case CERT_VERIFY_PROC_NSS: case CERT_VERIFY_PROC_WIN: EXPECT_THAT(error, IsError(ERR_CERT_AUTHORITY_INVALID)); break; @@ -3069,8 +3032,8 @@ class CertVerifyProcInternalWithNetFetchingTest GURL CreateAndServeCrl(CertBuilder* crl_issuer, const std::vector<uint64_t>& revoked_serials, DigestAlgorithm digest = DigestAlgorithm::Sha256) { - std::string crl = - CertBuilder::CreateCrl(crl_issuer, revoked_serials, digest); + std::string crl = BuildCrl(crl_issuer->GetSubject(), crl_issuer->GetKey(), + revoked_serials, digest); std::string crl_path = MakeRandomPath(".crl"); return RegisterSimpleTestServerHandler(crl_path, HTTP_OK, "application/pkix-crl", crl); @@ -3119,9 +3082,6 @@ class CertVerifyProcInternalWithNetFetchingTest std::make_unique<ProxyConfigServiceFixed>(ProxyConfigWithAnnotation())); *context = url_request_context_builder.Build(); -#if defined(USE_NSS_CERTS) - SetURLRequestContextForNSSHttpIO(context->get()); -#endif *cert_net_fetcher = base::MakeRefCounted<net::CertNetFetcherURLRequest>(); (*cert_net_fetcher)->SetURLRequestContext(context->get()); initialization_complete_event->Signal(); @@ -3130,9 +3090,6 @@ class CertVerifyProcInternalWithNetFetchingTest static void ShutdownOnNetworkThread( std::unique_ptr<URLRequestContext>* context, scoped_refptr<net::CertNetFetcherURLRequest>* cert_net_fetcher) { -#if defined(USE_NSS_CERTS) - SetURLRequestContextForNSSHttpIO(nullptr); -#endif (*cert_net_fetcher)->Shutdown(); cert_net_fetcher->reset(); context->reset(); @@ -3489,13 +3446,7 @@ TEST_P(CertVerifyProcInternalWithNetFetchingTest, RevocationHardFailNoCrls) { Verify(chain.get(), kHostname, flags, CRLSet::BuiltinCRLSet().get(), CertificateList(), &verify_result); - if (verify_proc_type() == CERT_VERIFY_PROC_NSS) { - // NSS doesn't have an error code for lack of revocation methods, it just - // gets mapped to REVOKED. - EXPECT_THAT(error, IsError(ERR_CERT_REVOKED)); - } else { - EXPECT_THAT(error, IsError(ERR_CERT_NO_REVOCATION_MECHANISM)); - } + EXPECT_THAT(error, IsError(ERR_CERT_NO_REVOCATION_MECHANISM)); EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_REV_CHECKING_ENABLED); } @@ -3692,12 +3643,7 @@ TEST_P(CertVerifyProcInternalWithNetFetchingTest, CertificateList(), &verify_result); // Should fail since no revocation information was available for the leaf. - if (verify_proc_type() == CERT_VERIFY_PROC_NSS) { - // NSS just returns REVOKED for hard-fail checking errors. - EXPECT_THAT(error, IsError(ERR_CERT_REVOKED)); - } else { - EXPECT_THAT(error, IsError(ERR_CERT_UNABLE_TO_CHECK_REVOCATION)); - } + EXPECT_THAT(error, IsError(ERR_CERT_UNABLE_TO_CHECK_REVOCATION)); EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_REV_CHECKING_ENABLED); } @@ -3738,12 +3684,7 @@ TEST_P(CertVerifyProcInternalWithNetFetchingTest, // Should fail since no revocation information was available for the // intermediate. - if (verify_proc_type() == CERT_VERIFY_PROC_NSS) { - // NSS just returns REVOKED for hard-fail checking errors. - EXPECT_THAT(error, IsError(ERR_CERT_REVOKED)); - } else { - EXPECT_THAT(error, IsError(ERR_CERT_UNABLE_TO_CHECK_REVOCATION)); - } + EXPECT_THAT(error, IsError(ERR_CERT_UNABLE_TO_CHECK_REVOCATION)); EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_REV_CHECKING_ENABLED); } diff --git a/chromium/net/cert/crl_set.cc b/chromium/net/cert/crl_set.cc index 882c039204c..25ae54e4294 100644 --- a/chromium/net/cert/crl_set.cc +++ b/chromium/net/cert/crl_set.cc @@ -301,6 +301,15 @@ bool CRLSet::Parse(base::StringPiece data, scoped_refptr<CRLSet>* out_crl_set) { return true; } +// static +bool CRLSet::ParseAndStoreUnparsedData(std::string data, + scoped_refptr<CRLSet>* out_crl_set) { + if (!Parse(data, out_crl_set)) + return false; + (*out_crl_set)->unparsed_crl_set_ = std::move(data); + return true; +} + CRLSet::Result CRLSet::CheckSPKI(const base::StringPiece& spki_hash) const { if (std::binary_search(blocked_spkis_.begin(), blocked_spkis_.end(), spki_hash)) @@ -369,6 +378,10 @@ uint32_t CRLSet::sequence() const { return sequence_; } +const std::string& CRLSet::unparsed_crl_set() const { + return unparsed_crl_set_; +} + const CRLSet::CRLList& CRLSet::CrlsForTesting() const { return crls_; } @@ -398,10 +411,10 @@ scoped_refptr<CRLSet> CRLSet::ForTesting( bool is_expired, const SHA256HashValue* issuer_spki, const std::string& serial_number, - const std::string common_name, + const std::string utf8_common_name, const std::vector<std::string> acceptable_spki_hashes_for_cn) { std::string subject_hash; - if (!common_name.empty()) { + if (!utf8_common_name.empty()) { CBB cbb, top_level, set, inner_seq, oid, cn; uint8_t* x501_data; size_t x501_len; @@ -415,10 +428,10 @@ scoped_refptr<CRLSet> CRLSet::ForTesting( !CBB_add_asn1(&set, &inner_seq, CBS_ASN1_SEQUENCE) || !CBB_add_asn1(&inner_seq, &oid, CBS_ASN1_OBJECT) || !CBB_add_bytes(&oid, kCommonNameOID, sizeof(kCommonNameOID)) || - !CBB_add_asn1(&inner_seq, &cn, CBS_ASN1_PRINTABLESTRING) || - !CBB_add_bytes(&cn, - reinterpret_cast<const uint8_t*>(common_name.data()), - common_name.size()) || + !CBB_add_asn1(&inner_seq, &cn, CBS_ASN1_UTF8STRING) || + !CBB_add_bytes( + &cn, reinterpret_cast<const uint8_t*>(utf8_common_name.data()), + utf8_common_name.size()) || !CBB_finish(&cbb, &x501_data, &x501_len)) { CBB_cleanup(&cbb); return nullptr; diff --git a/chromium/net/cert/crl_set.h b/chromium/net/cert/crl_set.h index 06d173dc362..f73e8cdc5bd 100644 --- a/chromium/net/cert/crl_set.h +++ b/chromium/net/cert/crl_set.h @@ -35,6 +35,9 @@ class NET_EXPORT CRLSet : public base::RefCountedThreadSafe<CRLSet> { // Parses the bytes in |data| and, on success, puts a new CRLSet in // |out_crl_set| and returns true. static bool Parse(base::StringPiece data, scoped_refptr<CRLSet>* out_crl_set); + // Same as the above, but stores the string |data| in the resulting CRLSet. + static bool ParseAndStoreUnparsedData(std::string data, + scoped_refptr<CRLSet>* out_crl_set); // CheckSPKI checks whether the given SPKI has been listed as blocked. // spki_hash: the SHA256 of the SubjectPublicKeyInfo of the certificate. @@ -46,9 +49,8 @@ class NET_EXPORT CRLSet : public base::RefCountedThreadSafe<CRLSet> { // value // issuer_spki_hash: the SHA256 of the SubjectPublicKeyInfo of the CRL // signer - Result CheckSerial( - const base::StringPiece& serial_number, - const base::StringPiece& issuer_spki_hash) const; + Result CheckSerial(const base::StringPiece& serial_number, + const base::StringPiece& issuer_spki_hash) const; // CheckSubject returns the information contained in the set for a given, // encoded subject name and SPKI hash. The subject name is encoded as a DER @@ -70,6 +72,8 @@ class NET_EXPORT CRLSet : public base::RefCountedThreadSafe<CRLSet> { // numbers. uint32_t sequence() const; + const std::string& unparsed_crl_set() const; + // CRLList contains a map of (issuer SPKI hash, revoked serial numbers) // pairs. typedef std::unordered_map<std::string, std::vector<std::string>> CRLList; @@ -93,15 +97,15 @@ class NET_EXPORT CRLSet : public base::RefCountedThreadSafe<CRLSet> { // IsExpired on the result will return true. If |issuer_spki| is not NULL, // the CRLSet will cover certificates issued by that SPKI. If |serial_number| // is not empty, then that DER-encoded serial number will be considered to - // have been revoked by |issuer_spki|. If |common_name| is not empty then the - // CRLSet will consider certificates with a subject consisting only of that - // common name to be revoked unless they match an SPKI hash from - // |acceptable_spki_hashes_for_cn|. + // have been revoked by |issuer_spki|. If |utf8_common_name| is not empty + // then the CRLSet will consider certificates with a subject consisting only + // of that common name as a UTF8String to be revoked unless they match an + // SPKI hash from |acceptable_spki_hashes_for_cn|. static scoped_refptr<CRLSet> ForTesting( bool is_expired, const SHA256HashValue* issuer_spki, const std::string& serial_number, - const std::string common_name, + const std::string utf8_common_name, const std::vector<std::string> acceptable_spki_hashes_for_cn); private: @@ -127,6 +131,12 @@ class NET_EXPORT CRLSet : public base::RefCountedThreadSafe<CRLSet> { // limited_subjects_ is a map from the SHA256 hash of an X.501 subject name // to a list of allowed SPKI hashes for certificates with that subject name. std::unordered_map<std::string, std::vector<std::string>> limited_subjects_; + + // A string that holds the unparsed version of the CRLSet. Only populated in + // the case that the OOP CertVerifier is enabled. + // TODO(crbug.com/1046728): temporary until the network service doesn't need + // to know about CRLSets. + std::string unparsed_crl_set_; }; } // namespace net diff --git a/chromium/net/cert/ct_sct_to_string.cc b/chromium/net/cert/ct_sct_to_string.cc index 4d7449252b4..adbb712af75 100644 --- a/chromium/net/cert/ct_sct_to_string.cc +++ b/chromium/net/cert/ct_sct_to_string.cc @@ -4,6 +4,8 @@ #include "net/cert/ct_sct_to_string.h" +#include "base/logging.h" + namespace net { namespace ct { diff --git a/chromium/net/cert/internal/cert_error_params.cc b/chromium/net/cert/internal/cert_error_params.cc index f454572012a..d1d2bb6ca99 100644 --- a/chromium/net/cert/internal/cert_error_params.cc +++ b/chromium/net/cert/internal/cert_error_params.cc @@ -6,7 +6,7 @@ #include <memory> -#include "base/logging.h" +#include "base/check.h" #include "base/strings/string_number_conversions.h" #include "net/der/input.h" diff --git a/chromium/net/cert/internal/cert_errors.cc b/chromium/net/cert/internal/cert_errors.cc index fc44c0d4f37..cea2115ee8e 100644 --- a/chromium/net/cert/internal/cert_errors.cc +++ b/chromium/net/cert/internal/cert_errors.cc @@ -4,7 +4,6 @@ #include "net/cert/internal/cert_errors.h" -#include "base/logging.h" #include "base/strings/strcat.h" #include "base/strings/string_split.h" #include "base/strings/stringprintf.h" diff --git a/chromium/net/cert/internal/cert_issuer_source_aia.cc b/chromium/net/cert/internal/cert_issuer_source_aia.cc index 7989df79f40..7892006f4e5 100644 --- a/chromium/net/cert/internal/cert_issuer_source_aia.cc +++ b/chromium/net/cert/internal/cert_issuer_source_aia.cc @@ -4,6 +4,7 @@ #include "net/cert/internal/cert_issuer_source_aia.h" +#include "base/logging.h" #include "base/strings/string_piece.h" #include "net/cert/cert_net_fetcher.h" #include "net/cert/internal/cert_errors.h" diff --git a/chromium/net/cert/internal/general_names.cc b/chromium/net/cert/internal/general_names.cc index 7e132363f88..f8bd9875deb 100644 --- a/chromium/net/cert/internal/general_names.cc +++ b/chromium/net/cert/internal/general_names.cc @@ -4,7 +4,7 @@ #include "net/cert/internal/general_names.h" -#include "base/logging.h" +#include "base/check_op.h" #include "base/strings/string_util.h" #include "net/cert/internal/cert_error_params.h" #include "net/cert/internal/cert_errors.h" diff --git a/chromium/net/cert/internal/name_constraints.cc b/chromium/net/cert/internal/name_constraints.cc index 7e7864b1468..a6ed9c56c51 100644 --- a/chromium/net/cert/internal/name_constraints.cc +++ b/chromium/net/cert/internal/name_constraints.cc @@ -8,7 +8,7 @@ #include <memory> -#include "base/logging.h" +#include "base/check.h" #include "base/numerics/clamped_math.h" #include "base/strings/string_util.h" #include "net/cert/internal/cert_errors.h" diff --git a/chromium/net/cert/internal/ocsp_unittest.cc b/chromium/net/cert/internal/ocsp_unittest.cc index 61426791ca3..79fc0d43111 100644 --- a/chromium/net/cert/internal/ocsp_unittest.cc +++ b/chromium/net/cert/internal/ocsp_unittest.cc @@ -5,7 +5,6 @@ #include "net/cert/internal/ocsp.h" #include "base/base64.h" -#include "base/logging.h" #include "base/strings/string_util.h" #include "net/cert/internal/test_helpers.h" #include "net/der/encode_values.h" diff --git a/chromium/net/cert/internal/parse_certificate.cc b/chromium/net/cert/internal/parse_certificate.cc index 8939403eac9..2c2c13f742a 100644 --- a/chromium/net/cert/internal/parse_certificate.cc +++ b/chromium/net/cert/internal/parse_certificate.cc @@ -124,48 +124,6 @@ WARN_UNUSED_RESULT bool ParseVersion(const der::Input& in, return !parser.HasMore(); } -// Parses a DER-encoded "Validity" as specified by RFC 5280. Returns true on -// success and sets the results in |not_before| and |not_after|: -// -// Validity ::= SEQUENCE { -// notBefore Time, -// notAfter Time } -// -// Note that upon success it is NOT guaranteed that |*not_before <= *not_after|. -bool ParseValidity(const der::Input& validity_tlv, - der::GeneralizedTime* not_before, - der::GeneralizedTime* not_after) { - der::Parser parser(validity_tlv); - - // Validity ::= SEQUENCE { - der::Parser validity_parser; - if (!parser.ReadSequence(&validity_parser)) - return false; - - // notBefore Time, - if (!ReadUTCOrGeneralizedTime(&validity_parser, not_before)) - return false; - - // notAfter Time } - if (!ReadUTCOrGeneralizedTime(&validity_parser, not_after)) - return false; - - // By definition the input was a single Validity sequence, so there shouldn't - // be unconsumed data. - if (parser.HasMore()) - return false; - - // The Validity type does not have an extension point. - if (validity_parser.HasMore()) - return false; - - // Note that RFC 5280 doesn't require notBefore to be <= - // notAfter, so that will not be considered a "parsing" error here. Instead it - // will be considered an expired certificate later when testing against the - // current timestamp. - return true; -} - // Returns true if every bit in |bits| is zero (including empty). WARN_UNUSED_RESULT bool BitStringIsAllZeros(const der::BitString& bits) { // Note that it is OK to read from the unused bits, since BitString parsing @@ -343,6 +301,40 @@ bool ReadUTCOrGeneralizedTime(der::Parser* parser, der::GeneralizedTime* out) { return false; } +bool ParseValidity(const der::Input& validity_tlv, + der::GeneralizedTime* not_before, + der::GeneralizedTime* not_after) { + der::Parser parser(validity_tlv); + + // Validity ::= SEQUENCE { + der::Parser validity_parser; + if (!parser.ReadSequence(&validity_parser)) + return false; + + // notBefore Time, + if (!ReadUTCOrGeneralizedTime(&validity_parser, not_before)) + return false; + + // notAfter Time } + if (!ReadUTCOrGeneralizedTime(&validity_parser, not_after)) + return false; + + // By definition the input was a single Validity sequence, so there shouldn't + // be unconsumed data. + if (parser.HasMore()) + return false; + + // The Validity type does not have an extension point. + if (validity_parser.HasMore()) + return false; + + // Note that RFC 5280 doesn't require notBefore to be <= + // notAfter, so that will not be considered a "parsing" error here. Instead it + // will be considered an expired certificate later when testing against the + // current timestamp. + return true; +} + bool ParseCertificate(const der::Input& certificate_tlv, der::Input* out_tbs_certificate_tlv, der::Input* out_signature_algorithm_tlv, diff --git a/chromium/net/cert/internal/parse_certificate.h b/chromium/net/cert/internal/parse_certificate.h index fea939d6b49..d865a43d2a2 100644 --- a/chromium/net/cert/internal/parse_certificate.h +++ b/chromium/net/cert/internal/parse_certificate.h @@ -72,6 +72,19 @@ NET_EXPORT bool ReadUTCOrGeneralizedTime(der::Parser* parser, der::GeneralizedTime* out) WARN_UNUSED_RESULT; +// Parses a DER-encoded "Validity" as specified by RFC 5280. Returns true on +// success and sets the results in |not_before| and |not_after|: +// +// Validity ::= SEQUENCE { +// notBefore Time, +// notAfter Time } +// +// Note that upon success it is NOT guaranteed that |*not_before <= *not_after|. +NET_EXPORT bool ParseValidity(const der::Input& validity_tlv, + der::GeneralizedTime* not_before, + der::GeneralizedTime* not_after) + WARN_UNUSED_RESULT; + struct NET_EXPORT ParseCertificateOptions { // If set to true, then parsing will skip checks on the certificate's serial // number. The only requirement will be that the serial number is an INTEGER, diff --git a/chromium/net/cert/internal/parse_name.cc b/chromium/net/cert/internal/parse_name.cc index 94b82a43715..1ecba7d0acf 100644 --- a/chromium/net/cert/internal/parse_name.cc +++ b/chromium/net/cert/internal/parse_name.cc @@ -4,6 +4,8 @@ #include "net/cert/internal/parse_name.h" +#include "base/check_op.h" +#include "base/notreached.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_util.h" #include "base/strings/utf_string_conversion_utils.h" diff --git a/chromium/net/cert/internal/revocation_checker.cc b/chromium/net/cert/internal/revocation_checker.cc index 458f00797ac..75610951b9e 100644 --- a/chromium/net/cert/internal/revocation_checker.cc +++ b/chromium/net/cert/internal/revocation_checker.cc @@ -6,6 +6,7 @@ #include <string> +#include "base/logging.h" #include "base/strings/string_piece.h" #include "crypto/sha2.h" #include "net/cert/cert_net_fetcher.h" diff --git a/chromium/net/cert/internal/simple_path_builder_delegate.cc b/chromium/net/cert/internal/simple_path_builder_delegate.cc index 713baa6797c..e4259ee6eb3 100644 --- a/chromium/net/cert/internal/simple_path_builder_delegate.cc +++ b/chromium/net/cert/internal/simple_path_builder_delegate.cc @@ -4,7 +4,6 @@ #include "net/cert/internal/simple_path_builder_delegate.h" -#include "base/logging.h" #include "net/cert/internal/cert_error_params.h" #include "net/cert/internal/cert_errors.h" #include "net/cert/internal/signature_algorithm.h" diff --git a/chromium/net/cert/internal/trust_store.cc b/chromium/net/cert/internal/trust_store.cc index 1ef02d7bfc2..20d3c8d3054 100644 --- a/chromium/net/cert/internal/trust_store.cc +++ b/chromium/net/cert/internal/trust_store.cc @@ -4,6 +4,8 @@ #include "net/cert/internal/trust_store.h" +#include "base/notreached.h" + namespace net { CertificateTrust CertificateTrust::ForTrustAnchor() { diff --git a/chromium/net/cert/internal/trust_store_nss.cc b/chromium/net/cert/internal/trust_store_nss.cc index 3481480dfa5..e4cf9e3a94a 100644 --- a/chromium/net/cert/internal/trust_store_nss.cc +++ b/chromium/net/cert/internal/trust_store_nss.cc @@ -56,25 +56,6 @@ void TrustStoreNSS::SyncGetIssuersOf(const ParsedCertificate* cert, for (CERTCertListNode* node = CERT_LIST_HEAD(found_certs); !CERT_LIST_END(node, found_certs); node = CERT_LIST_NEXT(node)) { -#if !defined(OS_CHROMEOS) - // TODO(mattm): use CERT_GetCertIsTemp when minimum NSS version is >= 3.31. - if (node->cert->istemp) { - // Ignore temporary NSS certs on platforms other than Chrome OS. This - // ensures that during the trial when CertVerifyProcNSS and - // CertVerifyProcBuiltin are being used simultaneously, the builtin - // verifier does not get to "cheat" by using AIA fetched certs from - // CertVerifyProcNSS. - // TODO(https://crbug.com/951479): remove this when CertVerifyProcBuiltin - // becomes the default. - // This is not done for Chrome OS because temporary NSS certs are - // currently used there to implement policy-provided untrusted authority - // certificates, and no trials are being done on Chrome OS. - // TODO(https://crbug.com/978854): remove the Chrome OS exception when - // certificates are passed. - continue; - } -#endif // !defined(OS_CHROMEOS) - CertErrors parse_errors; scoped_refptr<ParsedCertificate> cur_cert = ParsedCertificate::Create( x509_util::CreateCryptoBuffer(node->cert->derCert.data, diff --git a/chromium/net/cert/internal/trust_store_nss_unittest.cc b/chromium/net/cert/internal/trust_store_nss_unittest.cc index 7a3d616e1a0..b0a5433dc7b 100644 --- a/chromium/net/cert/internal/trust_store_nss_unittest.cc +++ b/chromium/net/cert/internal/trust_store_nss_unittest.cc @@ -298,26 +298,16 @@ TEST_P(TrustStoreNSSTestWithSlotFilterType, CertsNotPresent) { EXPECT_TRUE(TrustStoreContains(newroot_, ParsedCertificateList())); } -#if !defined(OS_CHROMEOS) -// TrustStoreNSS should not return temporary certs. (See -// https://crbug.com/951166) -TEST_P(TrustStoreNSSTestWithSlotFilterType, TempCertNotPresent) { - ScopedCERTCertificate temp_nss_cert(x509_util::CreateCERTCertificateFromBytes( - newintermediate_->der_cert().UnsafeData(), - newintermediate_->der_cert().Length())); - EXPECT_TRUE(TrustStoreContains(target_, ParsedCertificateList())); -} -#else // !defined(OS_CHROMEOS) // TrustStoreNSS should return temporary certs on Chrome OS, because on Chrome // OS temporary certs are used to supply policy-provided untrusted authority // certs. (See https://crbug.com/978854) +// On other platforms it's not required but doesn't hurt anything. TEST_P(TrustStoreNSSTestWithSlotFilterType, TempCertPresent) { ScopedCERTCertificate temp_nss_cert(x509_util::CreateCERTCertificateFromBytes( newintermediate_->der_cert().UnsafeData(), newintermediate_->der_cert().Length())); EXPECT_TRUE(TrustStoreContains(target_, {newintermediate_})); } -#endif // !defined(OS_CHROMEOS) // Independent of the specified slot-based filtering mode, built-in root certs // should always be trusted. diff --git a/chromium/net/cert/internal/verify_certificate_chain.cc b/chromium/net/cert/internal/verify_certificate_chain.cc index 8089e721f9c..d9d34bdb11e 100644 --- a/chromium/net/cert/internal/verify_certificate_chain.cc +++ b/chromium/net/cert/internal/verify_certificate_chain.cc @@ -6,7 +6,7 @@ #include <algorithm> -#include "base/logging.h" +#include "base/check.h" #include "net/cert/internal/cert_error_params.h" #include "net/cert/internal/cert_errors.h" #include "net/cert/internal/common_cert_errors.h" diff --git a/chromium/net/cert/internal/verify_name_match.cc b/chromium/net/cert/internal/verify_name_match.cc index 68194e702ef..c887e941d9f 100644 --- a/chromium/net/cert/internal/verify_name_match.cc +++ b/chromium/net/cert/internal/verify_name_match.cc @@ -4,7 +4,8 @@ #include "net/cert/internal/verify_name_match.h" -#include "base/logging.h" +#include "base/check.h" +#include "base/notreached.h" #include "base/strings/string_util.h" #include "net/cert/internal/cert_error_params.h" #include "net/cert/internal/cert_errors.h" diff --git a/chromium/net/cert/internal/verify_signed_data.cc b/chromium/net/cert/internal/verify_signed_data.cc index 668e8cbac0c..9c6e235a40a 100644 --- a/chromium/net/cert/internal/verify_signed_data.cc +++ b/chromium/net/cert/internal/verify_signed_data.cc @@ -5,7 +5,6 @@ #include "net/cert/internal/verify_signed_data.h" #include "base/compiler_specific.h" -#include "base/logging.h" #include "base/numerics/safe_math.h" #include "crypto/openssl_util.h" #include "net/cert/internal/cert_errors.h" diff --git a/chromium/net/cert/jwk_serializer.cc b/chromium/net/cert/jwk_serializer.cc index 870099e3caf..768dab0050f 100644 --- a/chromium/net/cert/jwk_serializer.cc +++ b/chromium/net/cert/jwk_serializer.cc @@ -5,7 +5,6 @@ #include "net/cert/jwk_serializer.h" #include "base/base64url.h" -#include "base/logging.h" #include "base/strings/string_util.h" #include "base/values.h" #include "crypto/openssl_util.h" diff --git a/chromium/net/cert/merkle_audit_proof.cc b/chromium/net/cert/merkle_audit_proof.cc index 95fd197675e..585ffbbe2b7 100644 --- a/chromium/net/cert/merkle_audit_proof.cc +++ b/chromium/net/cert/merkle_audit_proof.cc @@ -4,7 +4,7 @@ #include "net/cert/merkle_audit_proof.h" -#include "base/logging.h" +#include "base/check_op.h" namespace net { namespace ct { diff --git a/chromium/net/cert/merkle_audit_proof_unittest.cc b/chromium/net/cert/merkle_audit_proof_unittest.cc index 1c3d3f96dfa..d4b988029d7 100644 --- a/chromium/net/cert/merkle_audit_proof_unittest.cc +++ b/chromium/net/cert/merkle_audit_proof_unittest.cc @@ -4,7 +4,7 @@ #include "net/cert/merkle_audit_proof.h" -#include "base/logging.h" +#include "base/check.h" #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" diff --git a/chromium/net/cert/multi_log_ct_verifier.cc b/chromium/net/cert/multi_log_ct_verifier.cc index a541cec6d89..dfd44a4e33f 100644 --- a/chromium/net/cert/multi_log_ct_verifier.cc +++ b/chromium/net/cert/multi_log_ct_verifier.cc @@ -6,6 +6,7 @@ #include <vector> +#include "base/logging.h" #include "base/metrics/histogram_macros.h" #include "base/values.h" #include "net/base/net_errors.h" diff --git a/chromium/net/cert/multi_threaded_cert_verifier.cc b/chromium/net/cert/multi_threaded_cert_verifier.cc index 91b1c5948a4..8b0ff51d732 100644 --- a/chromium/net/cert/multi_threaded_cert_verifier.cc +++ b/chromium/net/cert/multi_threaded_cert_verifier.cc @@ -6,6 +6,7 @@ #include "base/bind.h" #include "base/bind_helpers.h" +#include "base/check_op.h" #include "base/memory/weak_ptr.h" #include "base/task/post_task.h" #include "base/task/thread_pool.h" @@ -33,8 +34,8 @@ class MultiThreadedCertVerifierScopedAllowBaseSyncPrimitives namespace { -// Used to pass the result of CertVerifierJob::DoVerifyOnWorkerThread() to -// CertVerifierJob::OnJobCompleted(). +// Used to pass the result of DoVerifyOnWorkerThread() to +// MultiThreadedCertVerifier::InternalRequest::OnJobComplete(). struct ResultHelper { int error; CertVerifyResult result; @@ -56,8 +57,7 @@ int GetFlagsForConfig(const CertVerifier::Config& config) { return flags; } -// DoVerifyOnWorkerThread runs the verification synchronously on a worker -// thread. +// Runs the verification synchronously on a worker thread. std::unique_ptr<ResultHelper> DoVerifyOnWorkerThread( const scoped_refptr<CertVerifyProc>& verify_proc, const scoped_refptr<X509Certificate>& cert, @@ -83,11 +83,15 @@ std::unique_ptr<ResultHelper> DoVerifyOnWorkerThread( return verify_result; } +} // namespace + // Helper to allow callers to cancel pending CertVerifier::Verify requests. // Note that because the CertVerifyProc is blocking, it's not actually // possible to cancel the in-progress request; instead, this simply guarantees // that the provided callback will not be invoked if the Request is deleted. -class InternalRequest : public CertVerifier::Request { +class MultiThreadedCertVerifier::InternalRequest + : public CertVerifier::Request, + public base::LinkNode<InternalRequest> { public: InternalRequest(CompletionOnceCallback callback, CertVerifyResult* caller_result); @@ -98,6 +102,8 @@ class InternalRequest : public CertVerifier::Request { const CertVerifier::RequestParams& params, const NetLogWithSource& caller_net_log); + void ResetCallback() { callback_.Reset(); } + private: // This is a static method with a |self| weak pointer instead of a regular // method, so that PostTask will still run it even if the weakptr is no @@ -111,16 +117,25 @@ class InternalRequest : public CertVerifier::Request { base::WeakPtrFactory<InternalRequest> weak_factory_{this}; }; -InternalRequest::InternalRequest(CompletionOnceCallback callback, - CertVerifyResult* caller_result) +MultiThreadedCertVerifier::InternalRequest::InternalRequest( + CompletionOnceCallback callback, + CertVerifyResult* caller_result) : callback_(std::move(callback)), caller_result_(caller_result) {} -InternalRequest::~InternalRequest() = default; +MultiThreadedCertVerifier::InternalRequest::~InternalRequest() { + if (callback_) { + // This InternalRequest was eagerly cancelled as the callback is still + // valid, so |this| needs to be removed from MultiThreadedCertVerifier's + // list. + RemoveFromList(); + } +} -void InternalRequest::Start(const scoped_refptr<CertVerifyProc>& verify_proc, - const CertVerifier::Config& config, - const CertVerifier::RequestParams& params, - const NetLogWithSource& caller_net_log) { +void MultiThreadedCertVerifier::InternalRequest::Start( + const scoped_refptr<CertVerifyProc>& verify_proc, + const CertVerifier::Config& config, + const CertVerifier::RequestParams& params, + const NetLogWithSource& caller_net_log) { const NetLogWithSource net_log(NetLogWithSource::Make( caller_net_log.net_log(), NetLogSourceType::CERT_VERIFIER_TASK)); net_log.BeginEvent(NetLogEventType::CERT_VERIFIER_TASK); @@ -140,12 +155,12 @@ void InternalRequest::Start(const scoped_refptr<CertVerifyProc>& verify_proc, params.hostname(), params.ocsp_response(), params.sct_list(), flags, config.crl_set, config.additional_trust_anchors, net_log), - base::BindOnce(&InternalRequest::OnJobComplete, + base::BindOnce(&MultiThreadedCertVerifier::InternalRequest::OnJobComplete, weak_factory_.GetWeakPtr())); } // static -void InternalRequest::OnJobComplete( +void MultiThreadedCertVerifier::InternalRequest::OnJobComplete( base::WeakPtr<InternalRequest> self, std::unique_ptr<ResultHelper> verify_result) { // Always log the EndEvent, even if the Request has been destroyed. @@ -155,13 +170,23 @@ void InternalRequest::OnJobComplete( if (!self) return; + DCHECK(verify_result); + + // If the MultiThreadedCertVerifier has been deleted, the callback will have + // been reset to null. + if (!self->callback_) + return; + + // If ~MultiThreadedCertVerifier has not Reset() our callback, then this + // InternalRequest will not have been removed from MultiThreadedCertVerifier's + // list yet. + self->RemoveFromList(); + *self->caller_result_ = verify_result->result; // Note: May delete |self|. std::move(self->callback_).Run(verify_result->error); } -} // namespace - MultiThreadedCertVerifier::MultiThreadedCertVerifier( scoped_refptr<CertVerifyProc> verify_proc) : verify_proc_(std::move(verify_proc)) { @@ -171,6 +196,13 @@ MultiThreadedCertVerifier::MultiThreadedCertVerifier( MultiThreadedCertVerifier::~MultiThreadedCertVerifier() { DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); + // Reset the callbacks for each InternalRequest to fulfill the respective + // net::CertVerifier contract. + while (!request_list_.empty()) { + base::LinkNode<InternalRequest>* curr = request_list_.head(); + curr->value()->ResetCallback(); + curr->RemoveFromList(); + } } int MultiThreadedCertVerifier::Verify(const RequestParams& params, @@ -188,11 +220,18 @@ int MultiThreadedCertVerifier::Verify(const RequestParams& params, std::unique_ptr<InternalRequest> request = std::make_unique<InternalRequest>(std::move(callback), verify_result); request->Start(verify_proc_, config_, params, net_log); + request_list_.Append(request.get()); *out_req = std::move(request); return ERR_IO_PENDING; } void MultiThreadedCertVerifier::SetConfig(const CertVerifier::Config& config) { + LOG_IF(DFATAL, verify_proc_ && + !verify_proc_->SupportsAdditionalTrustAnchors() && + !config.additional_trust_anchors.empty()) + << "Attempted to set a CertVerifier::Config with additional trust " + "anchors, but |verify_proc_| does not support additional trust " + "anchors."; config_ = config; if (!config_.crl_set) config_.crl_set = CRLSet::BuiltinCRLSet(); diff --git a/chromium/net/cert/multi_threaded_cert_verifier.h b/chromium/net/cert/multi_threaded_cert_verifier.h index 28c7bf736b7..ef8225bc878 100644 --- a/chromium/net/cert/multi_threaded_cert_verifier.h +++ b/chromium/net/cert/multi_threaded_cert_verifier.h @@ -11,6 +11,7 @@ #include <map> #include <memory> +#include "base/containers/linked_list.h" #include "base/macros.h" #include "base/memory/ref_counted.h" #include "base/threading/thread_checker.h" @@ -40,9 +41,13 @@ class NET_EXPORT_PRIVATE MultiThreadedCertVerifier : public CertVerifier { void SetConfig(const CertVerifier::Config& config) override; private: + class InternalRequest; + Config config_; scoped_refptr<CertVerifyProc> verify_proc_; + base::LinkedList<InternalRequest> request_list_; + THREAD_CHECKER(thread_checker_); DISALLOW_COPY_AND_ASSIGN(MultiThreadedCertVerifier); diff --git a/chromium/net/cert/multi_threaded_cert_verifier_unittest.cc b/chromium/net/cert/multi_threaded_cert_verifier_unittest.cc index d070395e9c6..89c394541a9 100644 --- a/chromium/net/cert/multi_threaded_cert_verifier_unittest.cc +++ b/chromium/net/cert/multi_threaded_cert_verifier_unittest.cc @@ -77,7 +77,8 @@ class MultiThreadedCertVerifierTest : public TestWithTaskEnvironment { public: MultiThreadedCertVerifierTest() : mock_verify_proc_(base::MakeRefCounted<MockCertVerifyProc>()), - verifier_(mock_verify_proc_) { + verifier_( + std::make_unique<MultiThreadedCertVerifier>(mock_verify_proc_)) { EXPECT_CALL(*mock_verify_proc_, SupportsAdditionalTrustAnchors()) .WillRepeatedly(Return(true)); EXPECT_CALL(*mock_verify_proc_, VerifyInternal(_, _, _, _, _, _, _, _, _)) @@ -88,7 +89,7 @@ class MultiThreadedCertVerifierTest : public TestWithTaskEnvironment { protected: scoped_refptr<MockCertVerifyProc> mock_verify_proc_; - MultiThreadedCertVerifier verifier_; + std::unique_ptr<MultiThreadedCertVerifier> verifier_; }; // Tests that the callback of a canceled request is never made. @@ -102,7 +103,7 @@ TEST_F(MultiThreadedCertVerifierTest, CancelRequest) { CertVerifyResult verify_result; std::unique_ptr<CertVerifier::Request> request; - error = verifier_.Verify( + error = verifier_->Verify( CertVerifier::RequestParams(test_cert, "www.example.com", 0, /*ocsp_response=*/std::string(), /*sct_list=*/std::string()), @@ -116,7 +117,7 @@ TEST_F(MultiThreadedCertVerifierTest, CancelRequest) { // worker thread) is likely to complete by the end of this test. TestCompletionCallback callback; for (int i = 0; i < 5; ++i) { - error = verifier_.Verify( + error = verifier_->Verify( CertVerifier::RequestParams(test_cert, "www2.example.com", 0, /*ocsp_response=*/std::string(), /*sct_list=*/std::string()), @@ -127,6 +128,30 @@ TEST_F(MultiThreadedCertVerifierTest, CancelRequest) { } } +// Tests that the callback of a request is never made if the |verifier_| itself +// is deleted. +TEST_F(MultiThreadedCertVerifierTest, DeleteVerifier) { + base::FilePath certs_dir = GetTestCertsDirectory(); + scoped_refptr<X509Certificate> test_cert( + ImportCertFromFile(certs_dir, "ok_cert.pem")); + ASSERT_NE(static_cast<X509Certificate*>(nullptr), test_cert.get()); + + int error; + CertVerifyResult verify_result; + std::unique_ptr<CertVerifier::Request> request; + + error = verifier_->Verify( + CertVerifier::RequestParams(test_cert, "www.example.com", 0, + /*ocsp_response=*/std::string(), + /*sct_list=*/std::string()), + &verify_result, base::BindOnce(&FailTest), &request, NetLogWithSource()); + ASSERT_THAT(error, IsError(ERR_IO_PENDING)); + ASSERT_TRUE(request); + verifier_.reset(); + + RunUntilIdle(); +} + // Tests that a canceled request is not leaked. TEST_F(MultiThreadedCertVerifierTest, CancelRequestThenQuit) { base::FilePath certs_dir = GetTestCertsDirectory(); @@ -147,7 +172,7 @@ TEST_F(MultiThreadedCertVerifierTest, CancelRequestThenQuit) { // can't post the reply back to the origin thread. See // https://crbug.com/522514 ANNOTATE_SCOPED_MEMORY_LEAK; - error = verifier_.Verify( + error = verifier_->Verify( CertVerifier::RequestParams(test_cert, "www.example.com", 0, /*ocsp_response=*/std::string(), /*sct_list=*/std::string()), @@ -156,7 +181,7 @@ TEST_F(MultiThreadedCertVerifierTest, CancelRequestThenQuit) { ASSERT_THAT(error, IsError(ERR_IO_PENDING)); EXPECT_TRUE(request); request.reset(); - // Destroy |verifier| by going out of scope. + // Destroy |verifier_| by going out of scope. } // Tests propagation of configuration options into CertVerifyProc flags @@ -183,7 +208,7 @@ TEST_F(MultiThreadedCertVerifierTest, ConvertsConfigToFlags) { CertVerifier::Config config; config.*test_config.config_ptr = true; - verifier_.SetConfig(config); + verifier_->SetConfig(config); EXPECT_CALL( *mock_verify_proc_, @@ -194,7 +219,7 @@ TEST_F(MultiThreadedCertVerifierTest, ConvertsConfigToFlags) { CertVerifyResult verify_result; TestCompletionCallback callback; std::unique_ptr<CertVerifier::Request> request; - int error = verifier_.Verify( + int error = verifier_->Verify( CertVerifier::RequestParams(test_cert, "www.example.com", 0, /*ocsp_response=*/std::string(), /*sct_list=*/std::string()), diff --git a/chromium/net/cert/nss_cert_database_unittest.cc b/chromium/net/cert/nss_cert_database_unittest.cc index d3b6bddac09..842f298cee8 100644 --- a/chromium/net/cert/nss_cert_database_unittest.cc +++ b/chromium/net/cert/nss_cert_database_unittest.cc @@ -23,8 +23,9 @@ #include "crypto/scoped_test_nss_db.h" #include "net/base/hash_value.h" #include "net/base/net_errors.h" +#include "net/cert/cert_net_fetcher.h" #include "net/cert/cert_status_flags.h" -#include "net/cert/cert_verify_proc_nss.h" +#include "net/cert/cert_verify_proc.h" #include "net/cert/cert_verify_result.h" #include "net/cert/crl_set.h" #include "net/cert/x509_certificate.h" @@ -562,7 +563,8 @@ TEST_F(CertDatabaseNSSTest, ImportServerCert) { scoped_refptr<X509Certificate> x509_found_server_cert = x509_util::CreateX509CertificateFromCERTCertificate(found_server_cert); ASSERT_TRUE(x509_found_server_cert); - scoped_refptr<CertVerifyProc> verify_proc(new CertVerifyProcNSS()); + scoped_refptr<CertVerifyProc> verify_proc( + CertVerifyProc::CreateBuiltinVerifyProc(/*cert_net_fetcher=*/nullptr)); int flags = 0; CertVerifyResult verify_result; int error = verify_proc->Verify( @@ -594,7 +596,8 @@ TEST_F(CertDatabaseNSSTest, ImportServerCert_SelfSigned) { scoped_refptr<X509Certificate> x509_puny_cert = x509_util::CreateX509CertificateFromCERTCertificate(puny_cert); ASSERT_TRUE(x509_puny_cert); - scoped_refptr<CertVerifyProc> verify_proc(new CertVerifyProcNSS()); + scoped_refptr<CertVerifyProc> verify_proc( + CertVerifyProc::CreateBuiltinVerifyProc(/*cert_net_fetcher=*/nullptr)); int flags = 0; CertVerifyResult verify_result; int error = verify_proc->Verify( @@ -627,15 +630,17 @@ TEST_F(CertDatabaseNSSTest, ImportServerCert_SelfSigned_Trusted) { scoped_refptr<X509Certificate> x509_puny_cert = x509_util::CreateX509CertificateFromCERTCertificate(puny_cert); ASSERT_TRUE(x509_puny_cert); - scoped_refptr<CertVerifyProc> verify_proc(new CertVerifyProcNSS()); + scoped_refptr<CertVerifyProc> verify_proc( + CertVerifyProc::CreateBuiltinVerifyProc(/*cert_net_fetcher=*/nullptr)); int flags = 0; CertVerifyResult verify_result; int error = verify_proc->Verify( x509_puny_cert.get(), "xn--wgv71a119e.com", /*ocsp_response=*/std::string(), /*sct_list=*/std::string(), flags, crl_set_.get(), empty_cert_list_, &verify_result, NetLogWithSource()); - EXPECT_THAT(error, IsOk()); - EXPECT_EQ(0U, verify_result.cert_status); + // New verifier does not support server cert trust records. + EXPECT_THAT(error, IsError(ERR_CERT_AUTHORITY_INVALID)); + EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, verify_result.cert_status); } TEST_F(CertDatabaseNSSTest, ImportCaAndServerCert) { @@ -663,7 +668,8 @@ TEST_F(CertDatabaseNSSTest, ImportCaAndServerCert) { scoped_refptr<X509Certificate> x509_server_cert = x509_util::CreateX509CertificateFromCERTCertificate(certs[0].get()); ASSERT_TRUE(x509_server_cert); - scoped_refptr<CertVerifyProc> verify_proc(new CertVerifyProcNSS()); + scoped_refptr<CertVerifyProc> verify_proc( + CertVerifyProc::CreateBuiltinVerifyProc(/*cert_net_fetcher=*/nullptr)); int flags = 0; CertVerifyResult verify_result; int error = verify_proc->Verify( @@ -704,15 +710,19 @@ TEST_F(CertDatabaseNSSTest, ImportCaAndServerCert_DistrustServer) { scoped_refptr<X509Certificate> x509_server_cert = x509_util::CreateX509CertificateFromCERTCertificate(certs[0].get()); ASSERT_TRUE(x509_server_cert); - scoped_refptr<CertVerifyProc> verify_proc(new CertVerifyProcNSS()); + scoped_refptr<CertVerifyProc> verify_proc( + CertVerifyProc::CreateBuiltinVerifyProc(/*cert_net_fetcher=*/nullptr)); int flags = 0; CertVerifyResult verify_result; int error = verify_proc->Verify( x509_server_cert.get(), "127.0.0.1", /*ocsp_response=*/std::string(), /*sct_list=*/std::string(), flags, crl_set_.get(), empty_cert_list_, &verify_result, NetLogWithSource()); - EXPECT_THAT(error, IsError(ERR_CERT_REVOKED)); - EXPECT_EQ(CERT_STATUS_REVOKED, verify_result.cert_status); + // This hits the "Cannot verify a chain of length 1" error in the new + // verifier, since path building stops at the leaf which has a distrust + // record. + EXPECT_THAT(error, IsError(ERR_CERT_INVALID)); + EXPECT_EQ(CERT_STATUS_INVALID, verify_result.cert_status); } TEST_F(CertDatabaseNSSTest, TrustIntermediateCa) { @@ -754,7 +764,8 @@ TEST_F(CertDatabaseNSSTest, TrustIntermediateCa) { scoped_refptr<X509Certificate> x509_server_cert = x509_util::CreateX509CertificateFromCERTCertificate(certs[0].get()); ASSERT_TRUE(x509_server_cert); - scoped_refptr<CertVerifyProc> verify_proc(new CertVerifyProcNSS()); + scoped_refptr<CertVerifyProc> verify_proc( + CertVerifyProc::CreateBuiltinVerifyProc(/*cert_net_fetcher=*/nullptr)); int flags = 0; CertVerifyResult verify_result; int error = verify_proc->Verify( @@ -788,8 +799,8 @@ TEST_F(CertDatabaseNSSTest, TrustIntermediateCa) { /*sct_list=*/std::string(), flags, crl_set_.get(), empty_cert_list_, &verify_result2, NetLogWithSource()); - EXPECT_THAT(error, IsError(ERR_CERT_REVOKED)); - EXPECT_EQ(CERT_STATUS_REVOKED, verify_result2.cert_status); + EXPECT_THAT(error, IsError(ERR_CERT_AUTHORITY_INVALID)); + EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, verify_result2.cert_status); } TEST_F(CertDatabaseNSSTest, TrustIntermediateCa2) { @@ -822,7 +833,8 @@ TEST_F(CertDatabaseNSSTest, TrustIntermediateCa2) { scoped_refptr<X509Certificate> x509_server_cert = x509_util::CreateX509CertificateFromCERTCertificate(certs[0].get()); ASSERT_TRUE(x509_server_cert); - scoped_refptr<CertVerifyProc> verify_proc(new CertVerifyProcNSS()); + scoped_refptr<CertVerifyProc> verify_proc( + CertVerifyProc::CreateBuiltinVerifyProc(/*cert_net_fetcher=*/nullptr)); int flags = 0; CertVerifyResult verify_result; int error = verify_proc->Verify( @@ -887,7 +899,8 @@ TEST_F(CertDatabaseNSSTest, TrustIntermediateCa3) { scoped_refptr<X509Certificate> x509_server_cert = x509_util::CreateX509CertificateFromCERTCertificate(certs[0].get()); ASSERT_TRUE(x509_server_cert); - scoped_refptr<CertVerifyProc> verify_proc(new CertVerifyProcNSS()); + scoped_refptr<CertVerifyProc> verify_proc( + CertVerifyProc::CreateBuiltinVerifyProc(/*cert_net_fetcher=*/nullptr)); int flags = 0; CertVerifyResult verify_result; int error = verify_proc->Verify( @@ -952,15 +965,16 @@ TEST_F(CertDatabaseNSSTest, TrustIntermediateCa4) { scoped_refptr<X509Certificate> x509_server_cert = x509_util::CreateX509CertificateFromCERTCertificate(certs[0].get()); ASSERT_TRUE(x509_server_cert); - scoped_refptr<CertVerifyProc> verify_proc(new CertVerifyProcNSS()); + scoped_refptr<CertVerifyProc> verify_proc( + CertVerifyProc::CreateBuiltinVerifyProc(/*cert_net_fetcher=*/nullptr)); int flags = 0; CertVerifyResult verify_result; int error = verify_proc->Verify( x509_server_cert.get(), "127.0.0.1", /*ocsp_response=*/std::string(), /*sct_list=*/std::string(), flags, crl_set_.get(), empty_cert_list_, &verify_result, NetLogWithSource()); - EXPECT_THAT(error, IsError(ERR_CERT_REVOKED)); - EXPECT_EQ(CERT_STATUS_REVOKED, verify_result.cert_status); + EXPECT_THAT(error, IsError(ERR_CERT_AUTHORITY_INVALID)); + EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, verify_result.cert_status); // Without explicit distrust of the intermediate, verification should succeed. EXPECT_TRUE(cert_db_->SetCertTrust( diff --git a/chromium/net/cert/nss_profile_filter_chromeos.cc b/chromium/net/cert/nss_profile_filter_chromeos.cc index 3cbd0c3a281..2b9913a1c70 100644 --- a/chromium/net/cert/nss_profile_filter_chromeos.cc +++ b/chromium/net/cert/nss_profile_filter_chromeos.cc @@ -7,6 +7,7 @@ #include <memory> #include <utility> +#include "base/logging.h" #include "base/strings/string_piece.h" #include "base/strings/stringprintf.h" #include "net/cert/x509_certificate.h" diff --git a/chromium/net/cert/root_cert_list_generated.h b/chromium/net/cert/root_cert_list_generated.h index 8491a2446fc..354469a69ca 100644 --- a/chromium/net/cert/root_cert_list_generated.h +++ b/chromium/net/cert/root_cert_list_generated.h @@ -241,6 +241,13 @@ const struct RootCertData { 388, true}, {{ + 0x11, 0x34, 0xFD, 0x81, 0x56, 0x1A, 0x28, 0x18, 0xEC, 0xCF, 0xFF, + 0xC2, 0xE4, 0x40, 0xA0, 0xCE, 0xF9, 0xA4, 0x0E, 0x29, 0x26, 0xC0, + 0x82, 0x99, 0x80, 0x4D, 0x73, 0x8B, 0x0A, 0x97, 0xF6, 0x3D, + }, + 515, + true}, + {{ 0x12, 0x23, 0x12, 0xC0, 0x81, 0x94, 0x91, 0x06, 0xB7, 0x04, 0x9F, 0x3F, 0xEB, 0xF1, 0x99, 0xC0, 0x10, 0xAD, 0xA1, 0x3E, 0x32, 0x81, 0xCD, 0x35, 0x8A, 0x41, 0xE7, 0xBD, 0x09, 0xC8, 0x29, 0xD7, @@ -409,6 +416,13 @@ const struct RootCertData { 416, true}, {{ + 0x1F, 0x3C, 0x9F, 0xD4, 0xFD, 0xBB, 0x50, 0xA0, 0x55, 0xBC, 0xCA, + 0x7F, 0xE5, 0xA5, 0x81, 0xA9, 0x20, 0x99, 0xCE, 0xF1, 0xE9, 0xE4, + 0x76, 0xD6, 0xBA, 0xEF, 0x0C, 0x91, 0x08, 0x31, 0xC7, 0xB3, + }, + 519, + true}, + {{ 0x1F, 0x42, 0x24, 0xCE, 0xC8, 0x4F, 0xC9, 0x9C, 0xED, 0x88, 0x1F, 0xF6, 0xFC, 0xFD, 0x3E, 0x21, 0xF8, 0xC5, 0x19, 0xC5, 0x47, 0xAA, 0x6A, 0x5D, 0xD3, 0xDE, 0x24, 0x73, 0x02, 0xCE, 0x50, 0xD1, @@ -1060,6 +1074,13 @@ const struct RootCertData { 51, true}, {{ + 0x45, 0x3B, 0x74, 0x80, 0x9B, 0x69, 0x01, 0x96, 0x27, 0xF2, 0xF8, + 0x43, 0x00, 0x1D, 0xB5, 0x95, 0x0C, 0xDD, 0x1D, 0x45, 0x37, 0x10, + 0x53, 0xE7, 0xF3, 0xDF, 0xDB, 0xC3, 0x71, 0x41, 0x13, 0xC6, + }, + 518, + true}, + {{ 0x46, 0x3D, 0xBB, 0x9B, 0x0A, 0x26, 0xED, 0x26, 0x16, 0x39, 0x7B, 0x64, 0x31, 0x25, 0xFB, 0xD2, 0x9B, 0x66, 0xCF, 0x3A, 0x46, 0xFD, 0xB4, 0x38, 0x4B, 0x20, 0x9E, 0x78, 0x23, 0x7A, 0x1A, 0xFF, @@ -1163,7 +1184,7 @@ const struct RootCertData { 0x19, 0x3E, 0xCD, 0x2F, 0x06, 0xB4, 0x90, 0x0C, 0x1C, 0xFD, }, 184, - false}, + true}, {{ 0x4B, 0xA2, 0x49, 0x96, 0xDD, 0xEE, 0x6F, 0x8E, 0x1F, 0xCE, 0xC0, 0xAA, 0x9E, 0xCC, 0xFD, 0x3A, 0xA5, 0x47, 0x7B, 0x3E, 0xF8, 0xF5, @@ -1212,7 +1233,7 @@ const struct RootCertData { 0x7E, 0xFC, 0xBE, 0x8D, 0xC6, 0x20, 0x16, 0x28, 0xF8, 0xAF, }, 100, - false}, + true}, {{ 0x4E, 0xF7, 0xDA, 0xCF, 0x77, 0xED, 0xB7, 0x51, 0xF7, 0x04, 0x03, 0x5F, 0xB5, 0xC6, 0xC4, 0x42, 0x35, 0x1E, 0xC7, 0x22, 0x0A, 0xF9, @@ -1499,7 +1520,7 @@ const struct RootCertData { 0x40, 0xF6, 0x14, 0xDC, 0xC2, 0xA4, 0x5A, 0xB9, 0x4D, 0x31, }, 98, - false}, + true}, {{ 0x65, 0x9C, 0xB3, 0x68, 0xAC, 0x56, 0x99, 0x8B, 0xD0, 0x7A, 0xF2, 0xCA, 0xFC, 0x5F, 0xB9, 0x3F, 0x8E, 0x79, 0x47, 0x4A, 0xCC, 0xC2, @@ -1527,7 +1548,7 @@ const struct RootCertData { 0x3A, 0x30, 0x3A, 0xE7, 0x55, 0x5D, 0x1B, 0xDA, 0x3E, 0xE4, }, 198, - false}, + true}, {{ 0x67, 0x6B, 0x9F, 0xF3, 0x03, 0xED, 0xE1, 0x80, 0xFB, 0x95, 0xA4, 0x73, 0x6F, 0xB4, 0xD3, 0x15, 0x30, 0x32, 0xC0, 0x14, 0x44, 0x4F, @@ -1667,7 +1688,7 @@ const struct RootCertData { 0xEF, 0xED, 0xDD, 0x21, 0x18, 0xE1, 0x14, 0xDB, 0x47, 0x3E, }, 202, - false}, + true}, {{ 0x6D, 0xBF, 0xAE, 0x00, 0xD3, 0x7B, 0x9C, 0xD7, 0x3F, 0x8F, 0xB4, 0x7D, 0xE6, 0x59, 0x17, 0xAF, 0x00, 0xE0, 0xDD, 0xDF, 0x42, 0xDB, @@ -1774,6 +1795,13 @@ const struct RootCertData { 437, true}, {{ + 0x79, 0xCA, 0xAF, 0x53, 0x47, 0xE6, 0xE4, 0xA9, 0x4C, 0x8E, 0x78, + 0xA9, 0x84, 0x96, 0xFC, 0x74, 0x02, 0x0F, 0x80, 0x9E, 0xDE, 0x13, + 0xF2, 0x20, 0xFA, 0xB6, 0x10, 0x4C, 0x8D, 0xED, 0x32, 0x9F, + }, + 516, + true}, + {{ 0x7A, 0xED, 0xDD, 0xF3, 0x6B, 0x18, 0xF8, 0xAC, 0xB7, 0x37, 0x9F, 0xE1, 0xCE, 0x18, 0x32, 0x12, 0xB2, 0x35, 0x0D, 0x07, 0x88, 0xAB, 0xE0, 0xE8, 0x24, 0x57, 0xBE, 0x9B, 0xAD, 0xAD, 0x6D, 0x54, @@ -2024,7 +2052,7 @@ const struct RootCertData { 0x3A, 0x00, 0xFA, 0xE2, 0xE5, 0x2F, 0x3C, 0x85, 0x39, 0x89, }, 145, - false}, + true}, {{ 0x8A, 0x42, 0xEE, 0xAD, 0xBC, 0x8B, 0x21, 0xA3, 0x5C, 0x4B, 0x3A, 0xAD, 0xD7, 0xDF, 0xBC, 0xBD, 0x2E, 0xD1, 0xB1, 0xDA, 0x12, 0xE8, @@ -2521,7 +2549,7 @@ const struct RootCertData { 0x02, 0x8A, 0x5A, 0xD0, 0xEF, 0xE1, 0xA8, 0xE5, 0x3A, 0xC7, }, 67, - false}, + true}, {{ 0xA6, 0xF1, 0xF9, 0xBF, 0x8A, 0x0A, 0x9D, 0xDC, 0x08, 0x0F, 0xB4, 0x9B, 0x1E, 0xFC, 0x3D, 0x1A, 0x1C, 0x2C, 0x32, 0xDC, 0x0E, 0x13, @@ -3062,6 +3090,13 @@ const struct RootCertData { 358, true}, {{ + 0xC9, 0x42, 0x26, 0x2C, 0x0C, 0x7C, 0x0A, 0x95, 0xBB, 0x15, 0x2B, + 0x71, 0xC4, 0x25, 0x56, 0xDD, 0xBE, 0x9A, 0x04, 0xFA, 0x83, 0x78, + 0x37, 0x35, 0x50, 0xD2, 0xB7, 0xCE, 0x27, 0xD9, 0x52, 0xA3, + }, + 520, + true}, + {{ 0xC9, 0x54, 0xC2, 0xC0, 0xB1, 0x89, 0x82, 0x5B, 0xB6, 0x5D, 0xDB, 0x3D, 0xDC, 0xA0, 0x80, 0xB7, 0xDB, 0xCF, 0xE6, 0xB1, 0x7C, 0xAD, 0xE1, 0x02, 0x2B, 0xAD, 0xA8, 0x18, 0x33, 0x66, 0x77, 0xD0, @@ -3403,7 +3438,7 @@ const struct RootCertData { 0x52, 0x8F, 0xC7, 0xC7, 0x52, 0x01, 0xC1, 0xFF, 0x28, 0xE6, }, 197, - false}, + true}, {{ 0xEC, 0xA0, 0xF1, 0x81, 0x40, 0x2C, 0xE7, 0xA8, 0x65, 0x2B, 0x31, 0xB4, 0xD0, 0x36, 0xDF, 0x24, 0x7E, 0x3A, 0x30, 0xB7, 0xF4, 0x1A, @@ -3608,6 +3643,13 @@ const struct RootCertData { 123, true}, {{ + 0xFD, 0xE8, 0x99, 0x9A, 0x5E, 0x42, 0x73, 0x19, 0x83, 0x5C, 0x89, + 0xA1, 0x7D, 0x64, 0xA2, 0xDC, 0xD1, 0x3A, 0x85, 0x1C, 0x09, 0x16, + 0xC4, 0xC5, 0x47, 0xB6, 0xD8, 0xF7, 0xA6, 0x43, 0x7D, 0x94, + }, + 517, + true}, + {{ 0xFE, 0xA2, 0xB7, 0xD6, 0x45, 0xFB, 0xA7, 0x3D, 0x75, 0x3C, 0x1E, 0xC9, 0xA7, 0x87, 0x0C, 0x40, 0xE1, 0xF7, 0xB0, 0xC5, 0x61, 0xE9, 0x27, 0xB9, 0x85, 0xBF, 0x71, 0x18, 0x66, 0xE3, 0x6F, 0x22, diff --git a/chromium/net/cert/test_root_certs_android.cc b/chromium/net/cert/test_root_certs_android.cc index 6160fa379c6..c1812db05b0 100644 --- a/chromium/net/cert/test_root_certs_android.cc +++ b/chromium/net/cert/test_root_certs_android.cc @@ -5,7 +5,6 @@ #include "net/cert/test_root_certs.h" #include "base/location.h" -#include "base/logging.h" #include "net/android/network_library.h" #include "net/cert/x509_certificate.h" #include "third_party/boringssl/src/include/openssl/pool.h" diff --git a/chromium/net/cert/test_root_certs_mac.cc b/chromium/net/cert/test_root_certs_mac.cc index 6d0df0a0cc9..bdd5be3a529 100644 --- a/chromium/net/cert/test_root_certs_mac.cc +++ b/chromium/net/cert/test_root_certs_mac.cc @@ -6,7 +6,6 @@ #include <Security/Security.h> -#include "base/logging.h" #include "net/cert/internal/cert_errors.h" #include "net/cert/x509_certificate.h" #include "net/cert/x509_util.h" diff --git a/chromium/net/cert/test_root_certs_unittest.cc b/chromium/net/cert/test_root_certs_unittest.cc index 6cb28d8a6fb..f65174ddf68 100644 --- a/chromium/net/cert/test_root_certs_unittest.cc +++ b/chromium/net/cert/test_root_certs_unittest.cc @@ -39,7 +39,7 @@ const char kRootCertificateFile[] = "root_ca_cert.pem"; const char kGoodCertificateFile[] = "ok_cert.pem"; scoped_refptr<CertVerifyProc> CreateCertVerifyProc() { -#if defined(OS_FUCHSIA) +#if defined(OS_FUCHSIA) || defined(OS_LINUX) || defined(OS_CHROMEOS) return CertVerifyProc::CreateBuiltinVerifyProc(/*cert_net_fetcher=*/nullptr); #elif BUILDFLAG(BUILTIN_CERT_VERIFIER_FEATURE_SUPPORTED) if (base::FeatureList::IsEnabled(features::kCertVerifierBuiltinFeature)) { diff --git a/chromium/net/cert/test_root_certs_win.cc b/chromium/net/cert/test_root_certs_win.cc index d581099a244..1b6e8f5968c 100644 --- a/chromium/net/cert/test_root_certs_win.cc +++ b/chromium/net/cert/test_root_certs_win.cc @@ -6,8 +6,8 @@ #include <stdint.h> +#include "base/check.h" #include "base/lazy_instance.h" -#include "base/logging.h" #include "base/numerics/safe_conversions.h" #include "base/win/win_util.h" #include "net/cert/x509_certificate.h" diff --git a/chromium/net/cert/x509_cert_types.cc b/chromium/net/cert/x509_cert_types.cc index 783f409347f..c0896298860 100644 --- a/chromium/net/cert/x509_cert_types.cc +++ b/chromium/net/cert/x509_cert_types.cc @@ -7,7 +7,6 @@ #include <cstdlib> #include <cstring> -#include "base/logging.h" #include "base/strings/string_piece.h" #include "base/time/time.h" #include "net/base/parse_number.h" diff --git a/chromium/net/cert/x509_util.cc b/chromium/net/cert/x509_util.cc index 6a823ab9f6b..90b848da6ab 100644 --- a/chromium/net/cert/x509_util.cc +++ b/chromium/net/cert/x509_util.cc @@ -9,6 +9,7 @@ #include <memory> #include "base/lazy_instance.h" +#include "base/logging.h" #include "base/strings/string_split.h" #include "base/strings/string_util.h" #include "base/time/time.h" @@ -144,7 +145,22 @@ bool AddName(CBB* cbb, base::StringPiece name) { return true; } -bool AddTime(CBB* cbb, base::Time time) { +class BufferPoolSingleton { + public: + BufferPoolSingleton() : pool_(CRYPTO_BUFFER_POOL_new()) {} + CRYPTO_BUFFER_POOL* pool() { return pool_; } + + private: + // The singleton is leaky, so there is no need to use a smart pointer. + CRYPTO_BUFFER_POOL* pool_; +}; + +base::LazyInstance<BufferPoolSingleton>::Leaky g_buffer_pool_singleton = + LAZY_INSTANCE_INITIALIZER; + +} // namespace + +bool CBBAddTime(CBB* cbb, base::Time time) { der::GeneralizedTime generalized_time; if (!der::EncodeTimeAsGeneralizedTime(time, &generalized_time)) return false; @@ -164,21 +180,6 @@ bool AddTime(CBB* cbb, base::Time time) { der::EncodeGeneralizedTime(generalized_time, out) && CBB_flush(cbb); } -class BufferPoolSingleton { - public: - BufferPoolSingleton() : pool_(CRYPTO_BUFFER_POOL_new()) {} - CRYPTO_BUFFER_POOL* pool() { return pool_; } - - private: - // The singleton is leaky, so there is no need to use a smart pointer. - CRYPTO_BUFFER_POOL* pool_; -}; - -base::LazyInstance<BufferPoolSingleton>::Leaky g_buffer_pool_singleton = - LAZY_INSTANCE_INITIALIZER; - -} // namespace - bool GetTLSServerEndPointChannelBinding(const X509Certificate& certificate, std::string* token) { static const char kChannelBindingPrefix[] = "tls-server-end-point:"; @@ -296,8 +297,8 @@ bool CreateSelfSignedCert(EVP_PKEY* key, !AddRSASignatureAlgorithm(&tbs_cert, alg) || // signature !AddName(&tbs_cert, subject) || // issuer !CBB_add_asn1(&tbs_cert, &validity, CBS_ASN1_SEQUENCE) || - !AddTime(&validity, not_valid_before) || - !AddTime(&validity, not_valid_after) || + !CBBAddTime(&validity, not_valid_before) || + !CBBAddTime(&validity, not_valid_after) || !AddName(&tbs_cert, subject) || // subject !EVP_marshal_public_key(&tbs_cert, key)) { // subjectPublicKeyInfo return false; diff --git a/chromium/net/cert/x509_util.h b/chromium/net/cert/x509_util.h index a3557d7a452..a225771c38c 100644 --- a/chromium/net/cert/x509_util.h +++ b/chromium/net/cert/x509_util.h @@ -36,6 +36,9 @@ namespace x509_util { // Supported digest algorithms for signing certificates. enum DigestAlgorithm { DIGEST_SHA256 }; +// Adds a RFC 5280 Time value to the given CBB. +NET_EXPORT bool CBBAddTime(CBB* cbb, base::Time time); + // Generate a 'tls-server-end-point' channel binding based on the specified // certificate. Channel bindings are based on RFC 5929. NET_EXPORT_PRIVATE bool GetTLSServerEndPointChannelBinding( diff --git a/chromium/net/cert/x509_util_mac.cc b/chromium/net/cert/x509_util_mac.cc index e36e161b5f8..e34a326a733 100644 --- a/chromium/net/cert/x509_util_mac.cc +++ b/chromium/net/cert/x509_util_mac.cc @@ -6,7 +6,7 @@ #include <CommonCrypto/CommonDigest.h> -#include "base/logging.h" +#include "base/check_op.h" #include "base/strings/sys_string_conversions.h" #include "net/cert/x509_certificate.h" #include "third_party/apple_apsl/cssmapplePriv.h" diff --git a/chromium/net/cert/x509_util_win.cc b/chromium/net/cert/x509_util_win.cc index f28a007e2b0..0b2170c1ff7 100644 --- a/chromium/net/cert/x509_util_win.cc +++ b/chromium/net/cert/x509_util_win.cc @@ -4,6 +4,7 @@ #include "net/cert/x509_util_win.h" +#include "base/logging.h" #include "crypto/scoped_capi_types.h" #include "crypto/sha2.h" #include "net/cert/x509_certificate.h" diff --git a/chromium/net/cert_net/cert_net_fetcher_url_request.cc b/chromium/net/cert_net/cert_net_fetcher_url_request.cc index a136c2ca614..426fd7733f9 100644 --- a/chromium/net/cert_net/cert_net_fetcher_url_request.cc +++ b/chromium/net/cert_net/cert_net_fetcher_url_request.cc @@ -63,7 +63,7 @@ #include "base/bind.h" #include "base/callback_helpers.h" -#include "base/logging.h" +#include "base/check_op.h" #include "base/macros.h" #include "base/memory/ptr_util.h" #include "base/numerics/safe_math.h" @@ -71,11 +71,14 @@ #include "base/synchronization/waitable_event.h" #include "base/threading/thread_task_runner_handle.h" #include "base/timer/timer.h" +#include "net/base/isolation_info.h" #include "net/base/load_flags.h" #include "net/cert/cert_net_fetcher.h" +#include "net/cookies/site_for_cookies.h" #include "net/traffic_annotation/network_traffic_annotation.h" #include "net/url_request/redirect_info.h" #include "net/url_request/url_request_context.h" +#include "url/origin.h" // TODO(eroman): Add support for POST parameters. // TODO(eroman): Add controls for bypassing the cache. @@ -469,9 +472,9 @@ void Job::StartURLRequest(URLRequestContext* context) { // Start the URLRequest. read_buffer_ = base::MakeRefCounted<IOBuffer>(kReadBufferSizeInBytes); - net::NetworkTrafficAnnotationTag traffic_annotation = - net::DefineNetworkTrafficAnnotation("certificate_verifier_url_request", - R"( + NetworkTrafficAnnotationTag traffic_annotation = + DefineNetworkTrafficAnnotation("certificate_verifier_url_request", + R"( semantics { sender: "Certificate Verifier" description: @@ -506,9 +509,24 @@ void Job::StartURLRequest(URLRequestContext* context) { if (request_params_->http_method == HTTP_METHOD_POST) url_request_->set_method("POST"); url_request_->set_allow_credentials(false); + // Disable secure DNS for hostname lookups triggered by certificate network // fetches to prevent deadlock. url_request_->SetDisableSecureDns(true); + + // Create IsolationInfo based on the origin of the requested URL. + // TODO(https://crbug.com/1016890): Cert validation needs to either be + // double-keyed or based on a static database, to protect it from being used + // as a cross-site user tracking vector. For now, just treat it as if it were + // a subresource request of the origin used for the request. This allows the + // result to still be cached in the HTTP cache, and lets URLRequest DCHECK + // that all requests have non-empty IsolationInfos. + url::Origin origin = url::Origin::Create(request_params_->url); + url_request_->set_isolation_info( + IsolationInfo::Create(IsolationInfo::RedirectMode::kUpdateNothing, + origin /* top_frame_origin */, + origin /* frame_origin */, SiteForCookies())); + url_request_->Start(); // Start a timer to limit how long the job runs for. diff --git a/chromium/net/cert_net/nss_ocsp.cc b/chromium/net/cert_net/nss_ocsp.cc deleted file mode 100644 index 5734fddb929..00000000000 --- a/chromium/net/cert_net/nss_ocsp.cc +++ /dev/null @@ -1,586 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/cert_net/nss_ocsp.h" - -#include <certt.h> -#include <certdb.h> -#include <nspr.h> -#include <nss.h> -#include <ocsp.h> -#include <pthread.h> -#include <secerr.h> - -#include <algorithm> -#include <memory> -#include <string> -#include <utility> - -#include "base/bind.h" -#include "base/callback.h" -#include "base/compiler_specific.h" -#include "base/lazy_instance.h" -#include "base/location.h" -#include "base/logging.h" -#include "base/macros.h" -#include "base/metrics/histogram_macros.h" -#include "base/no_destructor.h" -#include "base/stl_util.h" -#include "base/strings/string_util.h" -#include "base/strings/stringprintf.h" -#include "base/synchronization/condition_variable.h" -#include "base/synchronization/lock.h" -#include "base/threading/thread_restrictions.h" -#include "base/threading/thread_task_runner_handle.h" -#include "base/time/time.h" -#include "net/base/host_port_pair.h" -#include "url/gurl.h" - -namespace net { - -namespace { - -// Protects |g_request_session_delegate_factory|. -pthread_mutex_t g_request_session_delegate_factory_lock = - PTHREAD_MUTEX_INITIALIZER; - -std::unique_ptr<OCSPRequestSessionDelegateFactory>& -GetRequestSessionDelegateFactoryPtr() { - static base::NoDestructor<std::unique_ptr<OCSPRequestSessionDelegateFactory>> - wrapper; - return *wrapper.get(); -} -// The default timeout for network fetches in NSS is 60 seconds. Choose a -// saner upper limit for OCSP/CRL/AIA fetches. -const int kNetworkFetchTimeoutInSecs = 15; - -class OCSPRequestSession; - -// All OCSP handlers should be called in the context of -// CertVerifier's thread (i.e. worker pool, not on the I/O thread). -// It supports blocking mode only. - -SECStatus OCSPCreateSession(const char* host, PRUint16 portnum, - SEC_HTTP_SERVER_SESSION* pSession); -SECStatus OCSPKeepAliveSession(SEC_HTTP_SERVER_SESSION session, - PRPollDesc **pPollDesc); -SECStatus OCSPFreeSession(SEC_HTTP_SERVER_SESSION session); - -SECStatus OCSPCreate(SEC_HTTP_SERVER_SESSION session, - const char* http_protocol_variant, - const char* path_and_query_string, - const char* http_request_method, - const PRIntervalTime timeout, - SEC_HTTP_REQUEST_SESSION* pRequest); -SECStatus OCSPSetPostData(SEC_HTTP_REQUEST_SESSION request, - const char* http_data, - const PRUint32 http_data_len, - const char* http_content_type); -SECStatus OCSPAddHeader(SEC_HTTP_REQUEST_SESSION request, - const char* http_header_name, - const char* http_header_value); -SECStatus OCSPTrySendAndReceive(SEC_HTTP_REQUEST_SESSION request, - PRPollDesc** pPollDesc, - PRUint16* http_response_code, - const char** http_response_content_type, - const char** http_response_headers, - const char** http_response_data, - PRUint32* http_response_data_len); -SECStatus OCSPFree(SEC_HTTP_REQUEST_SESSION request); - -char* GetAlternateOCSPAIAInfo(CERTCertificate *cert); - -class OCSPNSSInitialization { - private: - friend struct base::LazyInstanceTraitsBase<OCSPNSSInitialization>; - - OCSPNSSInitialization(); - // This class is only instantiated as a leaky LazyInstance, so its destructor - // is never called. - ~OCSPNSSInitialization() = delete; - - SEC_HttpClientFcn client_fcn_; - - DISALLOW_COPY_AND_ASSIGN(OCSPNSSInitialization); -}; - -base::LazyInstance<OCSPNSSInitialization>::Leaky g_ocsp_nss_initialization = - LAZY_INSTANCE_INITIALIZER; - -// Concrete class for SEC_HTTP_REQUEST_SESSION. -// NSS defines a C API to allow embedders to provide an HTTP abstraction, -// the SEC_HTTP_REQUEST_SESSION. This class provides a C++ abstraction -// used to implement that, but is not a direct 1:1 mapping. -class NET_EXPORT OCSPRequestSession { - public: - // Creates a new OCSPRequestSession. - // |url| should be constructed from the |host| and |portnum| provided in - // SEC_HttpServer_CreateSessionFcn and the |path_and_query_string| provided - // in SEC_HttpRequest_CreateFcn, together representing the full URL to - // query. The only supported |http_protocol_variant| is http, which should - // be the scheme. - // |http_request_method| and |timeout| correspond to their - // SEC_HttpRequest_CreateFcn equivalents. - // |delegate| should normally be an OCSPRequestSessionDelegateFactory obtained - // from GetOCSPRequestSessionDelegateFactoryPtr(). - OCSPRequestSession(const GURL& url, - const char* http_request_method, - base::TimeDelta timeout, - scoped_refptr<OCSPRequestSessionDelegate> delegate) - : delegate_(std::move(delegate)) { - params_.url = url; - params_.http_request_method = http_request_method; - params_.timeout = timeout; - } - ~OCSPRequestSession() = default; - - // Implements the functionality of SEC_HttpRequest_SetPostDataFcn - void SetPostData(const char* http_data, - PRUint32 http_data_len, - const char* http_content_type) { - // |upload_content_| should not be modified if the load has already started. - params_.upload_content.assign(http_data, http_data_len); - params_.upload_content_type.assign(http_content_type); - } - - // Implements the functionality of SEC_HttpRequest_AddHeaderFcn - void AddHeader(const char* http_header_name, const char* http_header_value) { - params_.extra_request_headers.SetHeader(http_header_name, - http_header_value); - } - - // Begins communication with the OCSP endpoint, then blocks the thread until - // the result is available or an error has occurred. Used by - // SEC_HttpRequest_TrySendAndReceiveFcn. - bool StartAndWait() { - DCHECK(!finished_); - result_ = delegate_->StartAndWait(¶ms_); - finished_ = true; - return result_ != nullptr; - } - - // Returns true if the OCSP response has been received (or an error occurred). - bool Finished() const { return finished_; } - - const std::string& http_request_method() const { - return params_.http_request_method; - } - - base::TimeDelta timeout() const { return params_.timeout; } - - PRUint16 http_response_code() const { - DCHECK(finished_); - return result_->response_code; - } - - const std::string& http_response_content_type() const { - DCHECK(finished_); - return result_->response_content_type; - } - - const std::string& http_response_headers() const { - DCHECK(finished_); - return result_->response_headers->raw_headers(); - } - - const std::string& http_response_data() const { - DCHECK(finished_); - return result_->data; - } - - private: - OCSPRequestSessionParams params_; - std::unique_ptr<OCSPRequestSessionResult> result_; - scoped_refptr<OCSPRequestSessionDelegate> delegate_; - bool finished_ = false; - - DISALLOW_COPY_AND_ASSIGN(OCSPRequestSession); -}; - -// Concrete class for SEC_HTTP_SERVER_SESSION. -class OCSPServerSession { - public: - OCSPServerSession(const char* host, PRUint16 port) - : host_and_port_(host, port) {} - ~OCSPServerSession() = default; - - // Caller is in charge of deleting the returned pointer. - OCSPRequestSession* CreateRequest(const char* http_protocol_variant, - const char* path_and_query_string, - const char* http_request_method, - const PRIntervalTime timeout) { - // We dont' support "https" because we haven't thought about - // whether it's safe to re-enter this code from talking to an OCSP - // responder over SSL. - if (strcmp(http_protocol_variant, "http") != 0) { - PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); - return NULL; - } - - std::string url_string(base::StringPrintf( - "%s://%s%s", - http_protocol_variant, - host_and_port_.ToString().c_str(), - path_and_query_string)); - VLOG(1) << "URL [" << url_string << "]"; - GURL url(url_string); - - // NSS does not expose public functions to adjust the fetch timeout when - // using libpkix, so hardcode the upper limit for network fetches. - base::TimeDelta actual_timeout = std::min( - base::TimeDelta::FromSeconds(kNetworkFetchTimeoutInSecs), - base::TimeDelta::FromMilliseconds(PR_IntervalToMilliseconds(timeout))); - - scoped_refptr<OCSPRequestSessionDelegate> request_session_delegate; - pthread_mutex_lock(&g_request_session_delegate_factory_lock); - OCSPRequestSessionDelegateFactory* request_session_delegate_factory = - GetRequestSessionDelegateFactoryPtr().get(); - if (request_session_delegate_factory != nullptr) { - request_session_delegate = - request_session_delegate_factory->CreateOCSPRequestSessionDelegate(); - } - pthread_mutex_unlock(&g_request_session_delegate_factory_lock); - - if (request_session_delegate == nullptr) - return nullptr; - return new OCSPRequestSession(url, http_request_method, actual_timeout, - std::move(request_session_delegate)); - } - - private: - HostPortPair host_and_port_; - - DISALLOW_COPY_AND_ASSIGN(OCSPServerSession); -}; - -OCSPNSSInitialization::OCSPNSSInitialization() { - // NSS calls the functions in the function table to download certificates - // or CRLs or talk to OCSP responders over HTTP. These functions must - // set an NSS/NSPR error code when they fail. Otherwise NSS will get the - // residual error code from an earlier failed function call. - client_fcn_.version = 1; - SEC_HttpClientFcnV1Struct *ft = &client_fcn_.fcnTable.ftable1; - ft->createSessionFcn = OCSPCreateSession; - ft->keepAliveSessionFcn = OCSPKeepAliveSession; - ft->freeSessionFcn = OCSPFreeSession; - ft->createFcn = OCSPCreate; - ft->setPostDataFcn = OCSPSetPostData; - ft->addHeaderFcn = OCSPAddHeader; - ft->trySendAndReceiveFcn = OCSPTrySendAndReceive; - ft->cancelFcn = nullptr; - ft->freeFcn = OCSPFree; - SECStatus status = SEC_RegisterDefaultHttpClient(&client_fcn_); - if (status != SECSuccess) { - NOTREACHED() << "Error initializing OCSP: " << PR_GetError(); - } - - // Work around NSS bugs 524013 and 564334. NSS incorrectly thinks the - // CRLs for Network Solutions Certificate Authority have bad signatures, - // which causes certificates issued by that CA to be reported as revoked. - // By using OCSP for those certificates, which don't have AIA extensions, - // we can work around these bugs. See http://crbug.com/41730. - CERT_StringFromCertFcn old_callback = nullptr; - status = CERT_RegisterAlternateOCSPAIAInfoCallBack( - GetAlternateOCSPAIAInfo, &old_callback); - if (status == SECSuccess) { - DCHECK(!old_callback); - } else { - NOTREACHED() << "Error initializing OCSP: " << PR_GetError(); - } -} - - -// OCSP Http Client functions. -// Our Http Client functions operate in blocking mode. -SECStatus OCSPCreateSession(const char* host, PRUint16 portnum, - SEC_HTTP_SERVER_SESSION* pSession) { - VLOG(1) << "OCSP create session: host=" << host << " port=" << portnum; - pthread_mutex_lock(&g_request_session_delegate_factory_lock); - bool factory_configured = GetRequestSessionDelegateFactoryPtr() != nullptr; - pthread_mutex_unlock(&g_request_session_delegate_factory_lock); - if (!factory_configured) { - LOG(ERROR) - << "No OCSPRequestSessionDelegateFactory for NSS HTTP handler. host: " - << host; - // The application failed to call SetOCSPRequestSessionDelegateFactory or - // has already called SetOCSPRequestSessionDelegateFactory(nullptr). - // PR_NOT_IMPLEMENTED_ERROR is not an accurate error code for these error - // conditions, but is close enough. - PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); - return SECFailure; - } - *pSession = new OCSPServerSession(host, portnum); - return SECSuccess; -} - -SECStatus OCSPKeepAliveSession(SEC_HTTP_SERVER_SESSION session, - PRPollDesc **pPollDesc) { - VLOG(1) << "OCSP keep alive"; - if (pPollDesc) - *pPollDesc = NULL; - return SECSuccess; -} - -SECStatus OCSPFreeSession(SEC_HTTP_SERVER_SESSION session) { - VLOG(1) << "OCSP free session"; - delete reinterpret_cast<OCSPServerSession*>(session); - return SECSuccess; -} - -SECStatus OCSPCreate(SEC_HTTP_SERVER_SESSION session, - const char* http_protocol_variant, - const char* path_and_query_string, - const char* http_request_method, - const PRIntervalTime timeout, - SEC_HTTP_REQUEST_SESSION* pRequest) { - VLOG(1) << "OCSP create protocol=" << http_protocol_variant - << " path_and_query=" << path_and_query_string - << " http_request_method=" << http_request_method - << " timeout=" << timeout; - OCSPServerSession* ocsp_session = - reinterpret_cast<OCSPServerSession*>(session); - - OCSPRequestSession* req = ocsp_session->CreateRequest(http_protocol_variant, - path_and_query_string, - http_request_method, - timeout); - SECStatus rv = SECFailure; - if (req) { - rv = SECSuccess; - } - *pRequest = req; - return rv; -} - -SECStatus OCSPSetPostData(SEC_HTTP_REQUEST_SESSION request, - const char* http_data, - const PRUint32 http_data_len, - const char* http_content_type) { - VLOG(1) << "OCSP set post data len=" << http_data_len; - OCSPRequestSession* req = reinterpret_cast<OCSPRequestSession*>(request); - - req->SetPostData(http_data, http_data_len, http_content_type); - return SECSuccess; -} - -SECStatus OCSPAddHeader(SEC_HTTP_REQUEST_SESSION request, - const char* http_header_name, - const char* http_header_value) { - VLOG(1) << "OCSP add header name=" << http_header_name - << " value=" << http_header_value; - OCSPRequestSession* req = reinterpret_cast<OCSPRequestSession*>(request); - - req->AddHeader(http_header_name, http_header_value); - return SECSuccess; -} - -// Sets response of |req| in the output parameters. -// It is helper routine for OCSP trySendAndReceiveFcn. -// |http_response_data_len| could be used as input parameter. If it has -// non-zero value, it is considered as maximum size of |http_response_data|. -SECStatus OCSPSetResponse(OCSPRequestSession* req, - PRUint16* http_response_code, - const char** http_response_content_type, - const char** http_response_headers, - const char** http_response_data, - PRUint32* http_response_data_len) { - DCHECK(req->Finished()); - const std::string& data = req->http_response_data(); - if (http_response_data_len && *http_response_data_len) { - if (*http_response_data_len < data.size()) { - LOG(ERROR) << "response body too large: " << *http_response_data_len - << " < " << data.size(); - *http_response_data_len = data.size(); - PORT_SetError(SEC_ERROR_BAD_HTTP_RESPONSE); - return SECFailure; - } - } - VLOG(1) << "OCSP response " - << " response_code=" << req->http_response_code() - << " content_type=" << req->http_response_content_type() - << " header=" << req->http_response_headers() - << " data_len=" << data.size(); - if (http_response_code) - *http_response_code = req->http_response_code(); - if (http_response_content_type) - *http_response_content_type = req->http_response_content_type().c_str(); - if (http_response_headers) - *http_response_headers = req->http_response_headers().c_str(); - if (http_response_data) - *http_response_data = data.data(); - if (http_response_data_len) - *http_response_data_len = data.size(); - return SECSuccess; -} - -SECStatus OCSPTrySendAndReceive(SEC_HTTP_REQUEST_SESSION request, - PRPollDesc** pPollDesc, - PRUint16* http_response_code, - const char** http_response_content_type, - const char** http_response_headers, - const char** http_response_data, - PRUint32* http_response_data_len) { - if (http_response_data_len) { - // We must always set an output value, even on failure. The output value 0 - // means the failure was unrelated to the acceptable response data length. - *http_response_data_len = 0; - } - - VLOG(1) << "OCSP try send and receive"; - OCSPRequestSession* req = reinterpret_cast<OCSPRequestSession*>(request); - // We support blocking mode only. - if (pPollDesc) - *pPollDesc = NULL; - - if (!req->StartAndWait() || - req->http_response_code() == static_cast<PRUint16>(-1)) { - // If the response code is -1, the request failed and there is no response. - PORT_SetError(SEC_ERROR_BAD_HTTP_RESPONSE); // Simple approximation. - return SECFailure; - } - - return OCSPSetResponse( - req, http_response_code, - http_response_content_type, - http_response_headers, - http_response_data, - http_response_data_len); -} - -SECStatus OCSPFree(SEC_HTTP_REQUEST_SESSION request) { - VLOG(1) << "OCSP free"; - OCSPRequestSession* req = reinterpret_cast<OCSPRequestSession*>(request); - delete req; - return SECSuccess; -} - -// Data for GetAlternateOCSPAIAInfo. - -// CN=Network Solutions Certificate Authority,O=Network Solutions L.L.C.,C=US -// -// There are two CAs with this name. Their key IDs are listed next. -const unsigned char network_solutions_ca_name[] = { - 0x30, 0x62, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, - 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x21, 0x30, 0x1f, 0x06, - 0x03, 0x55, 0x04, 0x0a, 0x13, 0x18, 0x4e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x20, 0x53, 0x6f, 0x6c, 0x75, 0x74, 0x69, - 0x6f, 0x6e, 0x73, 0x20, 0x4c, 0x2e, 0x4c, 0x2e, 0x43, 0x2e, - 0x31, 0x30, 0x30, 0x2e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, - 0x27, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x20, 0x53, - 0x6f, 0x6c, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x20, 0x43, - 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, - 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79 -}; -const unsigned int network_solutions_ca_name_len = - base::size(network_solutions_ca_name); - -// This CA is an intermediate CA, subordinate to UTN-USERFirst-Hardware. -const unsigned char network_solutions_ca_key_id[] = { - 0x3c, 0x41, 0xe2, 0x8f, 0x08, 0x08, 0xa9, 0x4c, 0x25, 0x89, - 0x8d, 0x6d, 0xc5, 0x38, 0xd0, 0xfc, 0x85, 0x8c, 0x62, 0x17 -}; -const unsigned int network_solutions_ca_key_id_len = - base::size(network_solutions_ca_key_id); - -// This CA is a root CA. It is also cross-certified by -// UTN-USERFirst-Hardware. -const unsigned char network_solutions_ca_key_id2[] = { - 0x21, 0x30, 0xc9, 0xfb, 0x00, 0xd7, 0x4e, 0x98, 0xda, 0x87, - 0xaa, 0x2a, 0xd0, 0xa7, 0x2e, 0xb1, 0x40, 0x31, 0xa7, 0x4c -}; -const unsigned int network_solutions_ca_key_id2_len = - base::size(network_solutions_ca_key_id2); - -// An entry in our OCSP responder table. |issuer| and |issuer_key_id| are -// the key. |ocsp_url| is the value. -struct OCSPResponderTableEntry { - SECItem issuer; - SECItem issuer_key_id; - const char *ocsp_url; -}; - -const OCSPResponderTableEntry g_ocsp_responder_table[] = { - { - { - siBuffer, - const_cast<unsigned char*>(network_solutions_ca_name), - network_solutions_ca_name_len - }, - { - siBuffer, - const_cast<unsigned char*>(network_solutions_ca_key_id), - network_solutions_ca_key_id_len - }, - "http://ocsp.netsolssl.com" - }, - { - { - siBuffer, - const_cast<unsigned char*>(network_solutions_ca_name), - network_solutions_ca_name_len - }, - { - siBuffer, - const_cast<unsigned char*>(network_solutions_ca_key_id2), - network_solutions_ca_key_id2_len - }, - "http://ocsp.netsolssl.com" - } -}; - -char* GetAlternateOCSPAIAInfo(CERTCertificate *cert) { - if (cert && !cert->isRoot && cert->authKeyID) { - for (const auto& responder : g_ocsp_responder_table) { - if (SECITEM_CompareItem(&responder.issuer, &cert->derIssuer) == - SECEqual && - SECITEM_CompareItem(&responder.issuer_key_id, - &cert->authKeyID->keyID) == SECEqual) { - return PORT_Strdup(responder.ocsp_url); - } - } - } - - return NULL; -} - -} // anonymous namespace - -OCSPRequestSessionParams::OCSPRequestSessionParams() = default; -OCSPRequestSessionParams::~OCSPRequestSessionParams() = default; - -OCSPRequestSessionResult::OCSPRequestSessionResult() = default; -OCSPRequestSessionResult::~OCSPRequestSessionResult() = default; - -OCSPRequestSessionDelegate::~OCSPRequestSessionDelegate() = default; - -OCSPRequestSessionDelegateFactory::OCSPRequestSessionDelegateFactory() = - default; -OCSPRequestSessionDelegateFactory::~OCSPRequestSessionDelegateFactory() = - default; - -void EnsureNSSHttpIOInit() { - g_ocsp_nss_initialization.Get(); -} - -void SetOCSPRequestSessionDelegateFactory( - std::unique_ptr<OCSPRequestSessionDelegateFactory> new_factory) { - std::unique_ptr<OCSPRequestSessionDelegateFactory> factory_to_be_destructed; - - pthread_mutex_lock(&g_request_session_delegate_factory_lock); - std::unique_ptr<OCSPRequestSessionDelegateFactory>& current_factory = - GetRequestSessionDelegateFactoryPtr(); - // The same NSS-using process should only ever use one concrete - // OCSPRequestSessionDelegateFactory for the lifetime of that process. If this - // DCHECK triggers, two different instances are trying to be used in the - // same process, and that underlying issue should be fixed, rather than - // trying to silence this by calling with nullptr first to reset the old - // instance. - DCHECK(!new_factory || !current_factory.get()); - - factory_to_be_destructed = - std::exchange(current_factory, std::move(new_factory)); - pthread_mutex_unlock(&g_request_session_delegate_factory_lock); -} - -} // namespace net diff --git a/chromium/net/cert_net/nss_ocsp.h b/chromium/net/cert_net/nss_ocsp.h deleted file mode 100644 index cb33ff3ee8d..00000000000 --- a/chromium/net/cert_net/nss_ocsp.h +++ /dev/null @@ -1,84 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef NET_CERT_NET_NSS_OCSP_H_ -#define NET_CERT_NET_NSS_OCSP_H_ - -#include <nspr.h> - -#include "base/memory/ref_counted.h" -#include "base/time/time.h" -#include "net/base/net_export.h" -#include "net/http/http_request_headers.h" -#include "net/http/http_response_headers.h" -#include "url/gurl.h" - -namespace net { - -struct NET_EXPORT OCSPRequestSessionParams { - OCSPRequestSessionParams(); - ~OCSPRequestSessionParams(); - - GURL url; // The URL to initially fetch - std::string http_request_method; - base::TimeDelta timeout; - HttpRequestHeaders extra_request_headers; - - // HTTP POST payload. - std::string upload_content; - std::string upload_content_type; // MIME type of POST payload -}; - -struct NET_EXPORT OCSPRequestSessionResult { - OCSPRequestSessionResult(); - ~OCSPRequestSessionResult(); - - int response_code = -1; // HTTP status code for the request - std::string response_content_type; - scoped_refptr<HttpResponseHeaders> response_headers; - std::string data; // Results of the request -}; - -// This interface should be implemented to provide synchronous loading of OCSP -// requests specified by OCSPRequestSessionParams. Returns an instance of -// OCSPRequestSessionResult. -class NET_EXPORT OCSPRequestSessionDelegate - : public base::RefCountedThreadSafe<OCSPRequestSessionDelegate> { - public: - REQUIRE_ADOPTION_FOR_REFCOUNTED_TYPE(); - - // Starts the load using the parameters specified in |params|, and then blocks - // the thread until the result is received. Returns the result, or nullptr on - // error. - virtual std::unique_ptr<OCSPRequestSessionResult> StartAndWait( - const OCSPRequestSessionParams* params) = 0; - - protected: - friend class base::RefCountedThreadSafe<OCSPRequestSessionDelegate>; - - virtual ~OCSPRequestSessionDelegate(); -}; - -class NET_EXPORT OCSPRequestSessionDelegateFactory { - public: - OCSPRequestSessionDelegateFactory(); - - // Not thread-safe, but can be called on different threads with the use of - // mutual exclusion. - virtual scoped_refptr<OCSPRequestSessionDelegate> - CreateOCSPRequestSessionDelegate() = 0; - - virtual ~OCSPRequestSessionDelegateFactory(); -}; - -// Sets the factory that creates OCSPRequestSessions. -NET_EXPORT void SetOCSPRequestSessionDelegateFactory( - std::unique_ptr<OCSPRequestSessionDelegateFactory> factory); - -// Initializes HTTP client functions for NSS. This function is thread-safe, -// and HTTP handlers will only ever be initialized once. -NET_EXPORT void EnsureNSSHttpIOInit(); -} // namespace net - -#endif // NET_CERT_NET_NSS_OCSP_H_ diff --git a/chromium/net/cert_net/nss_ocsp_session_url_request.cc b/chromium/net/cert_net/nss_ocsp_session_url_request.cc deleted file mode 100644 index f158374b497..00000000000 --- a/chromium/net/cert_net/nss_ocsp_session_url_request.cc +++ /dev/null @@ -1,390 +0,0 @@ -// Copyright (c) 2019 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/cert_net/nss_ocsp_session_url_request.h" - -#include "base/memory/scoped_refptr.h" -#include "base/memory/weak_ptr.h" -#include "base/message_loop/message_loop_current.h" -#include "base/synchronization/condition_variable.h" -#include "base/synchronization/lock.h" -#include "base/threading/sequenced_task_runner_handle.h" -#include "net/base/elements_upload_data_stream.h" -#include "net/base/load_flags.h" -#include "net/base/upload_bytes_element_reader.h" -#include "net/cert_net/nss_ocsp.h" -#include "net/url_request/redirect_info.h" -#include "net/url_request/url_request_context.h" -#include "url/gurl.h" - -namespace net { - -namespace { -// Size of the IOBuffer that used for reading the result. -const int kRecvBufferSize = 4096; - -// The maximum size in bytes for the response body when fetching an OCSP/CRL -// URL. -const int kMaxResponseSizeInBytes = 5 * 1024 * 1024; -} // namespace - -class OCSPRequestSessionDelegateURLRequest; - -class NET_EXPORT OCSPIOLoop { - public: - // This class is only instantiated in a base::NoDestructor, so its destructor - // is never called. - ~OCSPIOLoop() = delete; - - // Called on IO task runner. - void StartUsing(); - - // Called on IO task runner. - void Shutdown(); - - // Called from worker thread. - void PostTaskToIOLoop(const base::Location& from_here, - base::OnceClosure task); - - // Returns true if and only if StartUsing() has been called, Shutdown() has - // not been called, and this is currently running on the OCSP IO task runner. - bool RunsTasksInCurrentSequence(); - - // Adds a request to cancel if |this|->Shutdown() is called during the - // request. - void AddRequest(OCSPRequestSessionDelegateURLRequest* request_delegate); - - // Remove the request from tracking when the request has finished. - void RemoveRequest(OCSPRequestSessionDelegateURLRequest* request_delegate); - - private: - friend class base::NoDestructor<OCSPIOLoop>; - - OCSPIOLoop(); - - void CancelAllRequests(); - - // Protects all members below. - mutable base::Lock lock_; - std::set<OCSPRequestSessionDelegateURLRequest*> request_delegates_; - scoped_refptr<base::SequencedTaskRunner> io_task_runner_; - - DISALLOW_COPY_AND_ASSIGN(OCSPIOLoop); -}; - -OCSPIOLoop* GetOCSPIOLoop() { - static base::NoDestructor<OCSPIOLoop> ocsp_io_loop; - return ocsp_io_loop.get(); -} - -class OCSPRequestSessionDelegateFactoryURLRequest - : public OCSPRequestSessionDelegateFactory { - public: - OCSPRequestSessionDelegateFactoryURLRequest( - URLRequestContext* request_context) - : request_context_(request_context), weak_ptr_factory_(this) { - weak_ptr_ = weak_ptr_factory_.GetWeakPtr(); - } - - scoped_refptr<OCSPRequestSessionDelegate> CreateOCSPRequestSessionDelegate() - override; - - ~OCSPRequestSessionDelegateFactoryURLRequest() override = default; - - URLRequestContext* request_context() const { return request_context_; } - - private: - URLRequestContext* request_context_; - - base::WeakPtr<OCSPRequestSessionDelegateFactoryURLRequest> weak_ptr_; - base::WeakPtrFactory<OCSPRequestSessionDelegateFactoryURLRequest> - weak_ptr_factory_; -}; - -class OCSPRequestSessionDelegateURLRequest : public OCSPRequestSessionDelegate, - public URLRequest::Delegate { - public: - OCSPRequestSessionDelegateURLRequest( - base::WeakPtr<OCSPRequestSessionDelegateFactoryURLRequest> - delegate_factory) - : buffer_(base::MakeRefCounted<IOBuffer>(kRecvBufferSize)), - delegate_factory_(std::move(delegate_factory)), - cv_(&lock_) {} - - // OCSPRequestSessionDelegate overrides. - std::unique_ptr<OCSPRequestSessionResult> StartAndWait( - const OCSPRequestSessionParams* params) override { - GetOCSPIOLoop()->PostTaskToIOLoop( - FROM_HERE, - base::BindOnce(&OCSPRequestSessionDelegateURLRequest::StartLoad, this, - params)); - - // Wait with a timeout. - base::TimeDelta timeout = params->timeout; - base::AutoLock autolock(lock_); - while (!finished_) { - base::TimeTicks last_time = base::TimeTicks::Now(); - cv_.TimedWait(timeout); - // Check elapsed time - base::TimeDelta elapsed_time = base::TimeTicks::Now() - last_time; - timeout -= elapsed_time; - if (timeout < base::TimeDelta()) { - VLOG(1) << "OCSP Timed out"; - if (!finished_) { - // Safe to call CancelLoad even if the request successfully finished - // after our timeout, because if the request has finished it will be - // reset and CancelLoad will be a no-op. - GetOCSPIOLoop()->PostTaskToIOLoop( - FROM_HERE, - base::BindOnce(&OCSPRequestSessionDelegateURLRequest::CancelLoad, - this)); - } - break; - } - } - - if (!finished_) - return nullptr; - return std::move(result_); - } - - void CancelLoad() { - DCHECK(GetOCSPIOLoop()->RunsTasksInCurrentSequence()); - if (request_) { - FinishLoad(); - } - } - - // URLRequest::Delegate overrides - void OnReceivedRedirect(URLRequest* request, - const RedirectInfo& redirect_info, - bool* defer_redirect) override { - DCHECK_EQ(request_.get(), request); - DCHECK(GetOCSPIOLoop()->RunsTasksInCurrentSequence()); - - if (!redirect_info.new_url.SchemeIs("http")) { - // Prevent redirects to non-HTTP schemes, including HTTPS. This matches - // the initial check in OCSPServerSession::CreateRequest(). - CancelLoad(); - } - } - - void OnResponseStarted(URLRequest* request, int net_error) override { - DCHECK_EQ(request_.get(), request); - DCHECK(GetOCSPIOLoop()->RunsTasksInCurrentSequence()); - DCHECK_NE(ERR_IO_PENDING, net_error); - - int bytes_read = 0; - if (net_error == OK) { - result_->response_code = request_->GetResponseCode(); - result_->response_headers = request_->response_headers(); - result_->response_headers->GetMimeType(&result_->response_content_type); - bytes_read = request_->Read(buffer_.get(), kRecvBufferSize); - } - OnReadCompleted(request_.get(), bytes_read); - } - - void OnReadCompleted(URLRequest* request, int bytes_read) override { - DCHECK(!finished_); - DCHECK_EQ(request_.get(), request); - DCHECK(GetOCSPIOLoop()->RunsTasksInCurrentSequence()); - - while (bytes_read > 0) { - result_->data.append(buffer_->data(), bytes_read); - bytes_read = request_->Read(buffer_.get(), kRecvBufferSize); - } - - // Check max size. - if (result_->data.size() > kMaxResponseSizeInBytes) { - // Reset the result to indicate error. - result_.reset(); - FinishLoad(); - } - - // If we are done reading, return results. - if (bytes_read != ERR_IO_PENDING) { - FinishLoad(); - } - } - - private: - friend class base::RefCountedThreadSafe<OCSPRequestSessionDelegateURLRequest>; - - ~OCSPRequestSessionDelegateURLRequest() override { - // When this destructor is called, there should be only one thread that has - // a reference to this object, and so that thread doesn't need to lock - // |lock_| here. - DCHECK(finished_); - DCHECK(!request_); - } - - // Runs on the OCSP IO task runner. - void StartLoad(const OCSPRequestSessionParams* params) { - DCHECK(GetOCSPIOLoop()->RunsTasksInCurrentSequence()); - if (request_) { - NOTREACHED(); - FinishLoad(); // Will return a nullptr as the result. - return; - } - if (!delegate_factory_) { - return; - } - - GetOCSPIOLoop()->AddRequest(this); - - net::NetworkTrafficAnnotationTag traffic_annotation = - net::DefineNetworkTrafficAnnotation("ocsp_start_url_request", R"( - semantics { - sender: "OCSP" - description: - "Verifying the revocation status of a certificate via OCSP." - trigger: - "This may happen in response to visiting a website that uses " - "https://" - data: - "Identifier for the certificate whose revocation status is being " - "checked. See https://tools.ietf.org/html/rfc6960#section-2.1 for " - "more details." - destination: OTHER - destination_other: - "The URI specified in the certificate." - } - policy { - cookies_allowed: NO - setting: "This feature cannot be disabled by settings." - policy_exception_justification: "Not implemented." - })"); - request_ = delegate_factory_->request_context()->CreateRequest( - params->url, DEFAULT_PRIORITY, this, traffic_annotation); - request_->SetLoadFlags(LOAD_DISABLE_CACHE); - request_->set_allow_credentials(false); - // Disable secure DNS for hostname lookups triggered by certificate network - // fetches to prevent deadlock. - request_->SetDisableSecureDns(true); - - if (!params->extra_request_headers.IsEmpty()) - request_->SetExtraRequestHeaders(params->extra_request_headers); - - if (params->http_request_method == "POST") { - DCHECK(!params->upload_content.empty()); - DCHECK(!params->upload_content_type.empty()); - - request_->set_method("POST"); - request_->SetExtraRequestHeaderByName(HttpRequestHeaders::kContentType, - params->upload_content_type, true); - - std::unique_ptr<UploadElementReader> reader(new UploadBytesElementReader( - params->upload_content.data(), params->upload_content.size())); - request_->set_upload( - ElementsUploadDataStream::CreateWithReader(std::move(reader), 0)); - } - - request_->Start(); - result_ = std::make_unique<OCSPRequestSessionResult>(); - AddRef(); // Release after |request_| deleted. - } - - void FinishLoad() { - DCHECK(GetOCSPIOLoop()->RunsTasksInCurrentSequence()); - { - base::AutoLock autolock(lock_); - finished_ = true; - } - delegate_factory_.reset(); - request_.reset(); - GetOCSPIOLoop()->RemoveRequest(this); - - cv_.Signal(); - - Release(); // Balanced with StartLoad(). - } - - std::unique_ptr<URLRequest> request_; // The actual request this wraps - scoped_refptr<IOBuffer> buffer_; // Read buffer - base::WeakPtr<OCSPRequestSessionDelegateFactoryURLRequest> delegate_factory_; - - std::unique_ptr<OCSPRequestSessionResult> result_; - bool finished_ = false; - - // |lock_| protects |finished_|. - mutable base::Lock lock_; - base::ConditionVariable cv_; -}; - -OCSPIOLoop::OCSPIOLoop() = default; - -void OCSPIOLoop::StartUsing() { - base::AutoLock autolock(lock_); - DCHECK(base::MessageLoopCurrentForIO::IsSet()); - io_task_runner_ = base::SequencedTaskRunnerHandle::Get(); -} - -void OCSPIOLoop::Shutdown() { - // Safe to read outside lock since we only write on IO thread anyway. - DCHECK(io_task_runner_->RunsTasksInCurrentSequence()); - - // Prevent the worker thread from trying to access |io_task_runner_|. - { - base::AutoLock autolock(lock_); - io_task_runner_ = nullptr; - } - - CancelAllRequests(); - - SetOCSPRequestSessionDelegateFactory(nullptr); -} - -void OCSPIOLoop::PostTaskToIOLoop(const base::Location& from_here, - base::OnceClosure task) { - base::AutoLock autolock(lock_); - if (io_task_runner_) - io_task_runner_->PostTask(from_here, std::move(task)); -} - -void OCSPIOLoop::AddRequest( - OCSPRequestSessionDelegateURLRequest* request_delegate) { - DCHECK(!base::Contains(request_delegates_, request_delegate)); - request_delegates_.insert(request_delegate); -} - -void OCSPIOLoop::RemoveRequest( - OCSPRequestSessionDelegateURLRequest* request_delegate) { - DCHECK(base::Contains(request_delegates_, request_delegate)); - request_delegates_.erase(request_delegate); -} - -bool OCSPIOLoop::RunsTasksInCurrentSequence() { - base::AutoLock autolock(lock_); - return io_task_runner_ && io_task_runner_->RunsTasksInCurrentSequence(); -} - -void OCSPIOLoop::CancelAllRequests() { - // CancelLoad() always removes the request from the requests_ - // set synchronously. - while (!request_delegates_.empty()) - (*request_delegates_.begin())->CancelLoad(); -} - -scoped_refptr<OCSPRequestSessionDelegate> -OCSPRequestSessionDelegateFactoryURLRequest:: - CreateOCSPRequestSessionDelegate() { - return base::MakeRefCounted<OCSPRequestSessionDelegateURLRequest>(weak_ptr_); -} - -void SetURLRequestContextForNSSHttpIO(URLRequestContext* request_context) { - if (request_context) { - SetOCSPRequestSessionDelegateFactory( - std::make_unique<OCSPRequestSessionDelegateFactoryURLRequest>( - request_context)); - } else { - SetOCSPRequestSessionDelegateFactory(nullptr); - } - - if (request_context) { - GetOCSPIOLoop()->StartUsing(); - } else { - GetOCSPIOLoop()->Shutdown(); - } -} -} // namespace net diff --git a/chromium/net/cert_net/nss_ocsp_session_url_request.h b/chromium/net/cert_net/nss_ocsp_session_url_request.h deleted file mode 100644 index c5f8f2a3909..00000000000 --- a/chromium/net/cert_net/nss_ocsp_session_url_request.h +++ /dev/null @@ -1,27 +0,0 @@ -// Copyright (c) 2019 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef NET_CERT_NET_NSS_OCSP_SESSION_URL_REQUEST_H_ -#define NET_CERT_NET_NSS_OCSP_SESSION_URL_REQUEST_H_ - -#include "net/base/net_export.h" -#include "net/url_request/url_request_context.h" - -namespace net { - -class URLRequestContext; - -// Sets the URLRequestContext and MessageLoop for HTTP requests issued by NSS -// (i.e. OCSP, CA certificate and CRL fetches). Must be called again with -// |request_context|=nullptr before the URLRequestContext is destroyed. -// Must be called from IO task runner. -// This will call SetOCSPRequestSessionDelegateFactory in nss_ocsp.h with a new -// factory instance using |request_context|, or call -// SetOCSPRequestSessionFactory with nullptr if |request_context|=nullptr. -NET_EXPORT void SetURLRequestContextForNSSHttpIO( - URLRequestContext* request_context); - -} // namespace net - -#endif // NET_CERT_NET_NSS_OCSP_SESSION_URL_REQUEST_H_ diff --git a/chromium/net/cert_net/nss_ocsp_unittest.cc b/chromium/net/cert_net/nss_ocsp_unittest.cc deleted file mode 100644 index 35317b573d7..00000000000 --- a/chromium/net/cert_net/nss_ocsp_unittest.cc +++ /dev/null @@ -1,168 +0,0 @@ -// Copyright (c) 2013 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/cert_net/nss_ocsp.h" -#include "net/cert_net/nss_ocsp_session_url_request.h" - -#include <string> -#include <utility> - -#include "base/files/file_path.h" -#include "base/files/file_util.h" -#include "base/logging.h" -#include "base/macros.h" -#include "base/memory/ref_counted.h" -#include "net/base/net_errors.h" -#include "net/base/test_completion_callback.h" -#include "net/cert/cert_status_flags.h" -#include "net/cert/cert_verifier.h" -#include "net/cert/cert_verify_proc.h" -#include "net/cert/cert_verify_proc_nss.h" -#include "net/cert/cert_verify_result.h" -#include "net/cert/multi_threaded_cert_verifier.h" -#include "net/cert/test_root_certs.h" -#include "net/cert/x509_certificate.h" -#include "net/log/net_log_with_source.h" -#include "net/test/cert_test_util.h" -#include "net/test/gtest_util.h" -#include "net/test/test_data_directory.h" -#include "net/test/test_with_task_environment.h" -#include "net/url_request/url_request_filter.h" -#include "net/url_request/url_request_interceptor.h" -#include "net/url_request/url_request_test_job.h" -#include "net/url_request/url_request_test_util.h" -#include "testing/gmock/include/gmock/gmock.h" -#include "testing/gtest/include/gtest/gtest.h" - -using net::test::IsError; -using net::test::IsOk; - -namespace net { - -namespace { - -// Matches the caIssuers hostname from the generated certificate. -const char kAiaHost[] = "aia-test.invalid"; -// Returning a single DER-encoded cert, so the mime-type must be -// application/pkix-cert per RFC 5280. -const char kAiaHeaders[] = "HTTP/1.1 200 OK\0" - "Content-type: application/pkix-cert\0" - "\0"; - -class AiaResponseHandler : public URLRequestInterceptor { - public: - AiaResponseHandler(const std::string& headers, const std::string& cert_data) - : headers_(headers), cert_data_(cert_data), request_count_(0) {} - ~AiaResponseHandler() override = default; - - // URLRequestInterceptor implementation: - URLRequestJob* MaybeInterceptRequest( - URLRequest* request, - NetworkDelegate* network_delegate) const override { - EXPECT_TRUE(request->disable_secure_dns()); - ++const_cast<AiaResponseHandler*>(this)->request_count_; - - return new URLRequestTestJob(request, network_delegate, headers_, - cert_data_, true); - } - - int request_count() const { return request_count_; } - - private: - std::string headers_; - std::string cert_data_; - int request_count_; - - DISALLOW_COPY_AND_ASSIGN(AiaResponseHandler); -}; - -} // namespace - -class NssHttpTest : public TestWithTaskEnvironment { - public: - NssHttpTest() - : context_(false), - handler_(NULL), - verify_proc_(new CertVerifyProcNSS), - verifier_(new MultiThreadedCertVerifier(verify_proc_.get())) {} - ~NssHttpTest() override = default; - - void SetUp() override { - std::string file_contents; - ASSERT_TRUE(base::ReadFileToString( - GetTestCertsDirectory().AppendASCII("aia-intermediate.der"), - &file_contents)); - ASSERT_FALSE(file_contents.empty()); - - // Ownership of |handler| is transferred to the URLRequestFilter, but - // hold onto the original pointer in order to access |request_count()|. - std::unique_ptr<AiaResponseHandler> handler( - new AiaResponseHandler(kAiaHeaders, file_contents)); - handler_ = handler.get(); - - URLRequestFilter::GetInstance()->AddHostnameInterceptor("http", kAiaHost, - std::move(handler)); - - SetURLRequestContextForNSSHttpIO(&context_); - } - - void TearDown() override { - SetURLRequestContextForNSSHttpIO(nullptr); - - if (handler_) - URLRequestFilter::GetInstance()->RemoveHostnameHandler("http", kAiaHost); - } - - CertVerifier* verifier() const { - return verifier_.get(); - } - - int request_count() const { - return handler_->request_count(); - } - - protected: - const CertificateList empty_cert_list_; - - private: - TestURLRequestContext context_; - AiaResponseHandler* handler_; - scoped_refptr<CertVerifyProc> verify_proc_; - std::unique_ptr<CertVerifier> verifier_; -}; - -// Tests that when using NSS to verify certificates that a request to fetch -// missing intermediate certificates is made successfully. -TEST_F(NssHttpTest, TestAia) { - scoped_refptr<X509Certificate> test_cert( - ImportCertFromFile(GetTestCertsDirectory(), "aia-cert.pem")); - ASSERT_TRUE(test_cert.get()); - - scoped_refptr<X509Certificate> test_root( - ImportCertFromFile(GetTestCertsDirectory(), "aia-root.pem")); - ASSERT_TRUE(test_root.get()); - - ScopedTestRoot scoped_root(test_root.get()); - - CertVerifyResult verify_result; - TestCompletionCallback test_callback; - std::unique_ptr<CertVerifier::Request> request; - - int flags = 0; - int error = verifier()->Verify( - CertVerifier::RequestParams(test_cert, "aia-host.invalid", flags, - /*ocsp_response=*/std::string(), - /*sct_list=*/std::string()), - &verify_result, test_callback.callback(), &request, NetLogWithSource()); - ASSERT_THAT(error, IsError(ERR_IO_PENDING)); - - error = test_callback.WaitForResult(); - - EXPECT_THAT(error, IsOk()); - - // Ensure that NSS made an AIA request for the missing intermediate. - EXPECT_LT(0, request_count()); -} - -} // namespace net diff --git a/chromium/net/cookies/canonical_cookie.cc b/chromium/net/cookies/canonical_cookie.cc index fb17243ed6a..e87937435d9 100644 --- a/chromium/net/cookies/canonical_cookie.cc +++ b/chromium/net/cookies/canonical_cookie.cc @@ -115,20 +115,99 @@ uint32_t GetWarningBitmask( return 1u << static_cast<uint32_t>(reason); } +// Captures Strict -> Lax context downgrade with Strict cookie +bool IsBreakingStrictToLaxDowngrade( + CookieOptions::SameSiteCookieContext::ContextType context, + CookieOptions::SameSiteCookieContext::ContextType schemeful_context, + CookieEffectiveSameSite effective_same_site, + bool is_cookie_being_set) { + if (context == + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT && + schemeful_context == + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX && + effective_same_site == CookieEffectiveSameSite::STRICT_MODE) { + // This downgrade only applies when a SameSite=Strict cookie is being sent. + // A Strict -> Lax downgrade will not affect a Strict cookie which is being + // set because it will be set in either context. + return !is_cookie_being_set; + } + + return false; +} + +// Captures Strict -> Cross-site context downgrade with {Strict, Lax} cookie +// Captures Strict -> Lax Unsafe context downgrade with {Strict, Lax} cookie. +// This is treated as a cross-site downgrade due to the Lax Unsafe context +// behaving like cross-site. +bool IsBreakingStrictToCrossDowngrade( + CookieOptions::SameSiteCookieContext::ContextType context, + CookieOptions::SameSiteCookieContext::ContextType schemeful_context, + CookieEffectiveSameSite effective_same_site) { + bool breaking_schemeful_context = + schemeful_context == + CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE || + schemeful_context == CookieOptions::SameSiteCookieContext::ContextType:: + SAME_SITE_LAX_METHOD_UNSAFE; + + bool strict_lax_enforcement = + effective_same_site == CookieEffectiveSameSite::STRICT_MODE || + effective_same_site == CookieEffectiveSameSite::LAX_MODE || + // Treat LAX_MODE_ALLOW_UNSAFE the same as LAX_MODE for the purposes of + // our SameSite enforcement check. + effective_same_site == CookieEffectiveSameSite::LAX_MODE_ALLOW_UNSAFE; + + if (context == + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT && + breaking_schemeful_context && strict_lax_enforcement) { + return true; + } + + return false; +} + +// Captures Lax -> Cross context downgrade with {Strict, Lax} cookies. +// Ignores Lax Unsafe context. +bool IsBreakingLaxToCrossDowngrade( + CookieOptions::SameSiteCookieContext::ContextType context, + CookieOptions::SameSiteCookieContext::ContextType schemeful_context, + CookieEffectiveSameSite effective_same_site, + bool is_cookie_being_set) { + bool lax_enforcement = + effective_same_site == CookieEffectiveSameSite::LAX_MODE || + // Treat LAX_MODE_ALLOW_UNSAFE the same as LAX_MODE for the purposes of + // our SameSite enforcement check. + effective_same_site == CookieEffectiveSameSite::LAX_MODE_ALLOW_UNSAFE; + + if (context == + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX && + schemeful_context == + CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE) { + // For SameSite=Strict cookies this downgrade only applies when it is being + // set. A Lax -> Cross downgrade will not affect a Strict cookie which is + // being sent because it wouldn't be sent in either context. + return effective_same_site == CookieEffectiveSameSite::STRICT_MODE + ? is_cookie_being_set + : lax_enforcement; + } + + return false; +} + void ApplySameSiteCookieWarningToStatus( CookieSameSite samesite, CookieEffectiveSameSite effective_samesite, bool is_secure, CookieOptions::SameSiteCookieContext same_site_context, - CanonicalCookie::CookieInclusionStatus* status) { + CanonicalCookie::CookieInclusionStatus* status, + bool is_cookie_being_set) { if (samesite == CookieSameSite::UNSPECIFIED && - same_site_context.context < + same_site_context.GetContextForCookieInclusion() < CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX) { status->AddWarningReason(CanonicalCookie::CookieInclusionStatus:: WARN_SAMESITE_UNSPECIFIED_CROSS_SITE_CONTEXT); } if (effective_samesite == CookieEffectiveSameSite::LAX_MODE_ALLOW_UNSAFE && - same_site_context.context == + same_site_context.GetContextForCookieInclusion() == CookieOptions::SameSiteCookieContext::ContextType:: SAME_SITE_LAX_METHOD_UNSAFE) { // This warning is more specific so remove the previous, more general, @@ -143,34 +222,49 @@ void ApplySameSiteCookieWarningToStatus( status->AddWarningReason( CanonicalCookie::CookieInclusionStatus::WARN_SAMESITE_NONE_INSECURE); } + + // Add a warning if the cookie would be accessible in + // |same_site_context|::context but not in + // |same_site_context|::schemeful_context. + if (IsBreakingStrictToLaxDowngrade(same_site_context.context(), + same_site_context.schemeful_context(), + effective_samesite, is_cookie_being_set)) { + status->AddWarningReason(CanonicalCookie::CookieInclusionStatus:: + WARN_STRICT_LAX_DOWNGRADE_STRICT_SAMESITE); + } else if (IsBreakingStrictToCrossDowngrade( + same_site_context.context(), + same_site_context.schemeful_context(), effective_samesite)) { + // Which warning to apply depends on the SameSite value. + if (effective_samesite == CookieEffectiveSameSite::STRICT_MODE) { + status->AddWarningReason(CanonicalCookie::CookieInclusionStatus:: + WARN_STRICT_CROSS_DOWNGRADE_STRICT_SAMESITE); + } else { + // LAX_MODE or LAX_MODE_ALLOW_UNSAFE. + status->AddWarningReason(CanonicalCookie::CookieInclusionStatus:: + WARN_STRICT_CROSS_DOWNGRADE_LAX_SAMESITE); + } + + } else if (IsBreakingLaxToCrossDowngrade( + same_site_context.context(), + same_site_context.schemeful_context(), effective_samesite, + is_cookie_being_set)) { + // Which warning to apply depends on the SameSite value. + if (effective_samesite == CookieEffectiveSameSite::STRICT_MODE) { + status->AddWarningReason(CanonicalCookie::CookieInclusionStatus:: + WARN_LAX_CROSS_DOWNGRADE_STRICT_SAMESITE); + } else { + // LAX_MODE or LAX_MODE_ALLOW_UNSAFE. + // This warning applies to both set/send. + status->AddWarningReason(CanonicalCookie::CookieInclusionStatus:: + WARN_LAX_CROSS_DOWNGRADE_LAX_SAMESITE); + } + } + // If there are reasons to exclude the cookie other than the new SameSite // rules, don't warn about the cookie at all. status->MaybeClearSameSiteWarning(); } -// This function is used to indicate if the same-site context of a cookie should -// recorded for the histograms SameSiteDifferentSchemeRequest and -// SameSiteDifferentSchemeResponse. It returns true if the context is -// cross-scheme but not cross-site and there is an effective same-site. It -// should be removed when the histrograms are removed. -// TODO(https://crbug.com/1066231) -bool ShouldLogCrossSchemeForHistograms( - const CookieOptions::SameSiteCookieContext& context, - const CookieEffectiveSameSite effective_same_site) { - bool correct_context = - context.cross_schemeness != - CookieOptions::SameSiteCookieContext::CrossSchemeness::NONE && - context.context != - CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE; - - bool correct_effective_same_site = - effective_same_site == CookieEffectiveSameSite::LAX_MODE || - effective_same_site == CookieEffectiveSameSite::STRICT_MODE || - effective_same_site == CookieEffectiveSameSite::LAX_MODE_ALLOW_UNSAFE; - - return correct_context && correct_effective_same_site; -} - } // namespace // Keep defaults here in sync with content/public/common/cookie_manager.mojom. @@ -421,11 +515,32 @@ std::unique_ptr<CanonicalCookie> CanonicalCookie::CreateSanitizedCookie( return cc; } +std::string CanonicalCookie::DomainWithoutDot() const { + return cookie_util::CookieDomainAsHost(domain_); +} + bool CanonicalCookie::IsEquivalentForSecureCookieMatching( - const CanonicalCookie& ecc) const { - return (name_ == ecc.Name() && (ecc.IsDomainMatch(DomainWithoutDot()) || - IsDomainMatch(ecc.DomainWithoutDot())) && - ecc.IsOnPath(Path())); + const CanonicalCookie& secure_cookie) const { + // Names must be the same + bool same_name = name_ == secure_cookie.Name(); + + // They should domain-match in one direction or the other. (See RFC 6265bis + // section 5.1.3.) + // TODO(chlily): This does not check for the IP address case. This is bad due + // to https://crbug.com/1069935. + bool domain_match = + IsSubdomainOf(DomainWithoutDot(), secure_cookie.DomainWithoutDot()) || + IsSubdomainOf(secure_cookie.DomainWithoutDot(), DomainWithoutDot()); + + bool path_match = secure_cookie.IsOnPath(Path()); + + bool equivalent_for_secure_cookie_matching = + same_name && domain_match && path_match; + + // IsEquivalent() is a stricter check than this. + DCHECK(!IsEquivalent(secure_cookie) || equivalent_for_secure_cookie_matching); + + return equivalent_for_secure_cookie_matching; } bool CanonicalCookie::IsOnPath(const std::string& url_path) const { @@ -498,24 +613,24 @@ CanonicalCookie::CookieInclusionStatus CanonicalCookie::IncludeForRequestURL( } UMA_HISTOGRAM_ENUMERATION( "Cookie.RequestSameSiteContext", - options.same_site_cookie_context().context, + options.same_site_cookie_context().GetContextForCookieInclusion(), CookieOptions::SameSiteCookieContext::ContextType::COUNT); switch (effective_same_site) { case CookieEffectiveSameSite::STRICT_MODE: - if (options.same_site_cookie_context().context < + if (options.same_site_cookie_context().GetContextForCookieInclusion() < CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT) { status.AddExclusionReason( CookieInclusionStatus::EXCLUDE_SAMESITE_STRICT); } break; case CookieEffectiveSameSite::LAX_MODE: - if (options.same_site_cookie_context().context < + if (options.same_site_cookie_context().GetContextForCookieInclusion() < CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX) { // Log metrics for a cookie that would have been included under the // "Lax-allow-unsafe" intervention, had it been new enough. if (SameSite() == CookieSameSite::UNSPECIFIED && - options.same_site_cookie_context().context == + options.same_site_cookie_context().GetContextForCookieInclusion() == CookieOptions::SameSiteCookieContext::ContextType:: SAME_SITE_LAX_METHOD_UNSAFE) { UMA_HISTOGRAM_CUSTOM_TIMES( @@ -533,13 +648,14 @@ CanonicalCookie::CookieInclusionStatus CanonicalCookie::IncludeForRequestURL( // TODO(crbug.com/990439): Add a browsertest for this behavior. case CookieEffectiveSameSite::LAX_MODE_ALLOW_UNSAFE: DCHECK(SameSite() == CookieSameSite::UNSPECIFIED); - if (options.same_site_cookie_context().context < + if (options.same_site_cookie_context().GetContextForCookieInclusion() < CookieOptions::SameSiteCookieContext::ContextType:: SAME_SITE_LAX_METHOD_UNSAFE) { // TODO(chlily): Do we need a separate CookieInclusionStatus for this? status.AddExclusionReason( CookieInclusionStatus::EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX); - } else if (options.same_site_cookie_context().context == + } else if (options.same_site_cookie_context() + .GetContextForCookieInclusion() == CookieOptions::SameSiteCookieContext::ContextType:: SAME_SITE_LAX_METHOD_UNSAFE) { // Log metrics for cookies that activate the "Lax-allow-unsafe" @@ -567,25 +683,20 @@ CanonicalCookie::CookieInclusionStatus CanonicalCookie::IncludeForRequestURL( // TODO(chlily): Apply warning if SameSite-by-default is enabled but // access_semantics is LEGACY? - ApplySameSiteCookieWarningToStatus( - SameSite(), effective_same_site, IsSecure(), - options.same_site_cookie_context(), &status); + ApplySameSiteCookieWarningToStatus(SameSite(), effective_same_site, + IsSecure(), + options.same_site_cookie_context(), + &status, false /* is_cookie_being_set */); if (status.IsInclude()) { UMA_HISTOGRAM_ENUMERATION("Cookie.IncludedRequestEffectiveSameSite", effective_same_site, CookieEffectiveSameSite::COUNT); + } - if (ShouldLogCrossSchemeForHistograms(options.same_site_cookie_context(), - effective_same_site)) { - // TODO(https://crbug.com/1066231) - UMA_HISTOGRAM_ENUMERATION( - "Cookie.SameSiteDifferentSchemeRequest", - options.same_site_cookie_context().ConvertToMetricsValue(), - CookieOptions::SameSiteCookieContext::MetricCount()); - AddSameSiteCrossSchemeWarning(&status, - options.same_site_cookie_context()); - } + if (status.ShouldRecordDowngradeMetrics()) { + UMA_HISTOGRAM_ENUMERATION("Cookie.SameSiteContextDowngradeRequest", + status.GetBreakingDowngradeMetricsEnumValue(url)); } // TODO(chlily): Log metrics. @@ -633,7 +744,7 @@ void CanonicalCookie::IsSetPermittedInContext( // This intentionally checks for `< SAME_SITE_LAX`, as we allow // `SameSite=Strict` cookies to be set for top-level navigations that // qualify for receipt of `SameSite=Lax` cookies. - if (options.same_site_cookie_context().context < + if (options.same_site_cookie_context().GetContextForCookieInclusion() < CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX) { DVLOG(net::cookie_util::kVlogSetCookies) << "Trying to set a `SameSite=Strict` cookie from a " @@ -644,7 +755,7 @@ void CanonicalCookie::IsSetPermittedInContext( break; case CookieEffectiveSameSite::LAX_MODE: case CookieEffectiveSameSite::LAX_MODE_ALLOW_UNSAFE: - if (options.same_site_cookie_context().context < + if (options.same_site_cookie_context().GetContextForCookieInclusion() < CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX) { if (SameSite() == CookieSameSite::UNSPECIFIED) { DVLOG(net::cookie_util::kVlogSetCookies) @@ -665,26 +776,15 @@ void CanonicalCookie::IsSetPermittedInContext( break; } - ApplySameSiteCookieWarningToStatus( - SameSite(), effective_same_site, IsSecure(), - options.same_site_cookie_context(), status); + ApplySameSiteCookieWarningToStatus(SameSite(), effective_same_site, + IsSecure(), + options.same_site_cookie_context(), status, + true /* is_cookie_being_set */); if (status->IsInclude()) { UMA_HISTOGRAM_ENUMERATION("Cookie.IncludedResponseEffectiveSameSite", effective_same_site, CookieEffectiveSameSite::COUNT); - - if (ShouldLogCrossSchemeForHistograms(options.same_site_cookie_context(), - effective_same_site)) { - // TODO(crbug.com/1034014): Change enum to one with less confusing - // phrasing. - // TODO(https://crbug.com/1066231) - UMA_HISTOGRAM_ENUMERATION( - "Cookie.SameSiteDifferentSchemeResponse", - options.same_site_cookie_context().ConvertToMetricsValue(), - CookieOptions::SameSiteCookieContext::MetricCount()); - AddSameSiteCrossSchemeWarning(status, options.same_site_cookie_context()); - } } // TODO(chlily): Log metrics. @@ -776,55 +876,6 @@ std::string CanonicalCookie::BuildCookieLine( return cookie_line; } -void net::CanonicalCookie::AddSameSiteCrossSchemeWarning( - CookieInclusionStatus* status, - CookieOptions::SameSiteCookieContext same_site_context) const { - if (same_site_context.cross_schemeness == - CookieOptions::SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE) { - switch (same_site_context.context) { - case CookieOptions::SameSiteCookieContext::ContextType:: - SAME_SITE_LAX_METHOD_UNSAFE: - status->AddWarningReason( - CookieInclusionStatus:: - WARN_SAMESITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_SECURE_URL); - break; - case CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX: - status->AddWarningReason( - CookieInclusionStatus::WARN_SAMESITE_LAX_CROSS_SCHEME_SECURE_URL); - break; - case CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT: - status->AddWarningReason( - CookieInclusionStatus:: - WARN_SAMESITE_STRICT_CROSS_SCHEME_SECURE_URL); - break; - default: - break; - } - } else if (same_site_context.cross_schemeness == - CookieOptions::SameSiteCookieContext::CrossSchemeness:: - SECURE_INSECURE) { - switch (same_site_context.context) { - case CookieOptions::SameSiteCookieContext::ContextType:: - SAME_SITE_LAX_METHOD_UNSAFE: - status->AddWarningReason( - CookieInclusionStatus:: - WARN_SAMESITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_INSECURE_URL); - break; - case CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX: - status->AddWarningReason( - CookieInclusionStatus::WARN_SAMESITE_LAX_CROSS_SCHEME_INSECURE_URL); - break; - case CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT: - status->AddWarningReason( - CookieInclusionStatus:: - WARN_SAMESITE_STRICT_CROSS_SCHEME_INSECURE_URL); - break; - default: - break; - } - } -} - // static CanonicalCookie::CookiePrefix CanonicalCookie::GetCookiePrefix( const std::string& name) { @@ -922,12 +973,6 @@ bool CanonicalCookie::IsRecentlyCreated(base::TimeDelta age_threshold) const { return (base::Time::Now() - creation_date_) <= age_threshold; } -std::string CanonicalCookie::DomainWithoutDot() const { - if (domain_.empty() || domain_[0] != '.') - return domain_; - return domain_.substr(1); -} - CanonicalCookie::CookieInclusionStatus::CookieInclusionStatus() : exclusion_reasons_(0u), warning_reasons_(0u) {} @@ -986,6 +1031,33 @@ void CanonicalCookie::CookieInclusionStatus::MaybeClearSameSiteWarning() { RemoveWarningReason(CanonicalCookie::CookieInclusionStatus:: WARN_SAMESITE_UNSPECIFIED_LAX_ALLOW_UNSAFE); } + + uint32_t context_reasons_mask = + GetExclusionBitmask(EXCLUDE_SAMESITE_STRICT) | + GetExclusionBitmask(EXCLUDE_SAMESITE_LAX) | + GetExclusionBitmask(EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX); + if (exclusion_reasons_ & ~context_reasons_mask) { + RemoveWarningReason(CanonicalCookie::CookieInclusionStatus:: + WARN_STRICT_LAX_DOWNGRADE_STRICT_SAMESITE); + RemoveWarningReason(CanonicalCookie::CookieInclusionStatus:: + WARN_STRICT_CROSS_DOWNGRADE_STRICT_SAMESITE); + RemoveWarningReason(CanonicalCookie::CookieInclusionStatus:: + WARN_STRICT_CROSS_DOWNGRADE_LAX_SAMESITE); + RemoveWarningReason(CanonicalCookie::CookieInclusionStatus:: + WARN_LAX_CROSS_DOWNGRADE_STRICT_SAMESITE); + RemoveWarningReason(CanonicalCookie::CookieInclusionStatus:: + WARN_LAX_CROSS_DOWNGRADE_LAX_SAMESITE); + } +} + +bool CanonicalCookie::CookieInclusionStatus::ShouldRecordDowngradeMetrics() + const { + uint32_t context_reasons_mask = + GetExclusionBitmask(EXCLUDE_SAMESITE_STRICT) | + GetExclusionBitmask(EXCLUDE_SAMESITE_LAX) | + GetExclusionBitmask(EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX); + + return (exclusion_reasons_ & ~context_reasons_mask) == 0u; } bool CanonicalCookie::CookieInclusionStatus::ShouldWarn() const { @@ -997,24 +1069,27 @@ bool CanonicalCookie::CookieInclusionStatus::HasWarningReason( return warning_reasons_ & GetWarningBitmask(reason); } -bool net::CanonicalCookie::CookieInclusionStatus::HasCrossSchemeWarning( +bool net::CanonicalCookie::CookieInclusionStatus::HasDowngradeWarning( CookieInclusionStatus::WarningReason* reason) const { if (!ShouldWarn()) return false; - const CookieInclusionStatus::WarningReason cross_scheme_warnings[] = { - WARN_SAMESITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_SECURE_URL, - WARN_SAMESITE_LAX_CROSS_SCHEME_SECURE_URL, - WARN_SAMESITE_STRICT_CROSS_SCHEME_SECURE_URL, - WARN_SAMESITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_INSECURE_URL, - WARN_SAMESITE_LAX_CROSS_SCHEME_INSECURE_URL, - WARN_SAMESITE_STRICT_CROSS_SCHEME_INSECURE_URL}; - for (const auto warning : cross_scheme_warnings) { - if (HasWarningReason(warning)) { - if (reason) - *reason = warning; - return true; - } + const CookieInclusionStatus::WarningReason kDowngradeWarnings[] = { + WARN_STRICT_LAX_DOWNGRADE_STRICT_SAMESITE, + WARN_STRICT_CROSS_DOWNGRADE_STRICT_SAMESITE, + WARN_STRICT_CROSS_DOWNGRADE_LAX_SAMESITE, + WARN_LAX_CROSS_DOWNGRADE_STRICT_SAMESITE, + WARN_LAX_CROSS_DOWNGRADE_LAX_SAMESITE, + }; + + for (auto warning : kDowngradeWarnings) { + if (!HasWarningReason(warning)) + continue; + + if (reason) + *reason = warning; + + return true; } return false; @@ -1030,6 +1105,46 @@ void CanonicalCookie::CookieInclusionStatus::RemoveWarningReason( warning_reasons_ &= ~(GetWarningBitmask(reason)); } +CanonicalCookie::CookieInclusionStatus::ContextDowngradeMetricValues +CanonicalCookie::CookieInclusionStatus::GetBreakingDowngradeMetricsEnumValue( + const GURL& url) const { + bool url_is_secure = url.SchemeIsCryptographic(); + + // Start the |reason| as something other than the downgrade warnings. + WarningReason reason = WarningReason::NUM_WARNING_REASONS; + + // Don't bother checking the return value because the default switch case + // will handle if no reason was found. + HasDowngradeWarning(&reason); + + switch (reason) { + case WarningReason::WARN_STRICT_LAX_DOWNGRADE_STRICT_SAMESITE: + return url_is_secure + ? ContextDowngradeMetricValues::STRICT_LAX_STRICT_SECURE + : ContextDowngradeMetricValues::STRICT_LAX_STRICT_INSECURE; + case WarningReason::WARN_STRICT_CROSS_DOWNGRADE_STRICT_SAMESITE: + return url_is_secure + ? ContextDowngradeMetricValues::STRICT_CROSS_STRICT_SECURE + : ContextDowngradeMetricValues::STRICT_CROSS_STRICT_INSECURE; + case WarningReason::WARN_STRICT_CROSS_DOWNGRADE_LAX_SAMESITE: + return url_is_secure + ? ContextDowngradeMetricValues::STRICT_CROSS_LAX_SECURE + : ContextDowngradeMetricValues::STRICT_CROSS_LAX_INSECURE; + case WarningReason::WARN_LAX_CROSS_DOWNGRADE_STRICT_SAMESITE: + return url_is_secure + ? ContextDowngradeMetricValues::LAX_CROSS_STRICT_SECURE + : ContextDowngradeMetricValues::LAX_CROSS_STRICT_INSECURE; + case WarningReason::WARN_LAX_CROSS_DOWNGRADE_LAX_SAMESITE: + return url_is_secure + ? ContextDowngradeMetricValues::LAX_CROSS_LAX_SECURE + : ContextDowngradeMetricValues::LAX_CROSS_LAX_INSECURE; + default: + return url_is_secure + ? ContextDowngradeMetricValues::NO_DOWNGRADE_SECURE + : ContextDowngradeMetricValues::NO_DOWNGRADE_INSECURE; + } +} + std::string CanonicalCookie::CookieInclusionStatus::GetDebugString() const { std::string out; @@ -1081,21 +1196,16 @@ std::string CanonicalCookie::CookieInclusionStatus::GetDebugString() const { base::StrAppend(&out, {"WARN_SAMESITE_NONE_INSECURE, "}); if (HasWarningReason(WARN_SAMESITE_UNSPECIFIED_LAX_ALLOW_UNSAFE)) base::StrAppend(&out, {"WARN_SAMESITE_UNSPECIFIED_LAX_ALLOW_UNSAFE, "}); - if (HasWarningReason(WARN_SAMESITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_SECURE_URL)) - base::StrAppend( - &out, {"WARN_SAMESITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_SECURE_URL, "}); - if (HasWarningReason(WARN_SAMESITE_LAX_CROSS_SCHEME_SECURE_URL)) - base::StrAppend(&out, {"WARN_SAMESITE_LAX_CROSS_SCHEME_SECURE_URL, "}); - if (HasWarningReason(WARN_SAMESITE_STRICT_CROSS_SCHEME_SECURE_URL)) - base::StrAppend(&out, {"WARN_SAMESITE_STRICT_CROSS_SCHEME_SECURE_URL, "}); - if (HasWarningReason( - WARN_SAMESITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_INSECURE_URL)) - base::StrAppend( - &out, {"WARN_SAMESITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_INSECURE_URL, "}); - if (HasWarningReason(WARN_SAMESITE_LAX_CROSS_SCHEME_INSECURE_URL)) - base::StrAppend(&out, {"WARN_SAMESITE_LAX_CROSS_SCHEME_INSECURE_URL, "}); - if (HasWarningReason(WARN_SAMESITE_STRICT_CROSS_SCHEME_INSECURE_URL)) - base::StrAppend(&out, {"WARN_SAMESITE_STRICT_CROSS_SCHEME_INSECURE_URL, "}); + if (HasWarningReason(WARN_STRICT_LAX_DOWNGRADE_STRICT_SAMESITE)) + base::StrAppend(&out, {"WARN_STRICT_LAX_DOWNGRADE_STRICT_SAMESITE, "}); + if (HasWarningReason(WARN_STRICT_CROSS_DOWNGRADE_STRICT_SAMESITE)) + base::StrAppend(&out, {"WARN_STRICT_CROSS_DOWNGRADE_STRICT_SAMESITE, "}); + if (HasWarningReason(WARN_STRICT_CROSS_DOWNGRADE_LAX_SAMESITE)) + base::StrAppend(&out, {"WARN_STRICT_CROSS_DOWNGRADE_LAX_SAMESITE, "}); + if (HasWarningReason(WARN_LAX_CROSS_DOWNGRADE_STRICT_SAMESITE)) + base::StrAppend(&out, {"WARN_LAX_CROSS_DOWNGRADE_STRICT_SAMESITE, "}); + if (HasWarningReason(WARN_LAX_CROSS_DOWNGRADE_LAX_SAMESITE)) + base::StrAppend(&out, {"WARN_LAX_CROSS_DOWNGRADE_LAX_SAMESITE, "}); // Strip trailing comma and space. out.erase(out.end() - 2, out.end()); diff --git a/chromium/net/cookies/canonical_cookie.h b/chromium/net/cookies/canonical_cookie.h index 8bd8b2eaccb..10b66c661b2 100644 --- a/chromium/net/cookies/canonical_cookie.h +++ b/chromium/net/cookies/canonical_cookie.h @@ -106,6 +106,10 @@ class NET_EXPORT CanonicalCookie { const std::string& Name() const { return name_; } const std::string& Value() const { return value_; } + // We represent the cookie's host-only-flag as the absence of a leading dot in + // Domain(). See IsDomainCookie() and IsHostCookie() below. + // If you want the "cookie's domain" as described in RFC 6265bis, use + // DomainWithoutDot(). const std::string& Domain() const { return domain_; } const std::string& Path() const { return path_; } const base::Time& CreationDate() const { return creation_date_; } @@ -124,6 +128,10 @@ class NET_EXPORT CanonicalCookie { return !domain_.empty() && domain_[0] == '.'; } bool IsHostCookie() const { return !IsDomainCookie(); } + // Returns the cookie's domain, with the leading dot removed, if present. + // This corresponds to the "cookie's domain" as described in RFC 6265bis. + std::string DomainWithoutDot() const; + bool IsExpired(const base::Time& current) const { return !expiry_date_.is_null() && current >= expiry_date_; } @@ -137,7 +145,7 @@ class NET_EXPORT CanonicalCookie { bool IsEquivalent(const CanonicalCookie& ecc) const { // It seems like it would make sense to take secure, httponly, and samesite // into account, but the RFC doesn't specify this. - // NOTE: Keep this logic in-sync with TrimDuplicateCookiesForHost(). + // NOTE: Keep this logic in-sync with TrimDuplicateCookiesForKey(). return (name_ == ecc.Name() && domain_ == ecc.Domain() && path_ == ecc.Path()); } @@ -149,18 +157,40 @@ class NET_EXPORT CanonicalCookie { } // Checks a looser set of equivalency rules than 'IsEquivalent()' in order - // to support the stricter 'Secure' behaviors specified in + // to support the stricter 'Secure' behaviors specified in Step 12 of + // https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-05#section-5.4 + // which originated from the proposal in // https://tools.ietf.org/html/draft-ietf-httpbis-cookie-alone#section-3 // - // Returns 'true' if this cookie's name matches |ecc|, and this cookie is - // a domain-match for |ecc| (or vice versa), and |ecc|'s path is "on" this - // cookie's path (as per 'IsOnPath()'). + // Returns 'true' if this cookie's name matches |secure_cookie|, and this + // cookie is a domain-match for |secure_cookie| (or vice versa), and + // |secure_cookie|'s path is "on" this cookie's path (as per 'IsOnPath()'). // // Note that while the domain-match cuts both ways (e.g. 'example.com' // matches 'www.example.com' in either direction), the path-match is // unidirectional (e.g. '/login/en' matches '/login' and '/', but // '/login' and '/' do not match '/login/en'). - bool IsEquivalentForSecureCookieMatching(const CanonicalCookie& ecc) const; + // + // Conceptually: + // If new_cookie.IsEquivalentForSecureCookieMatching(secure_cookie) is true, + // this means that new_cookie would "shadow" secure_cookie: they would would + // be indistinguishable when serialized into a Cookie header. This is + // important because, if an attacker is attempting to set new_cookie, it + // should not be allowed to mislead the server into using new_cookie's value + // instead of secure_cookie's. + // + // The reason for the asymmetric path comparison ("cookie1=bad; path=/a/b" + // from an insecure source is not allowed if "cookie1=good; secure; path=/a" + // exists, but "cookie2=bad; path=/a" from an insecure source is allowed if + // "cookie2=good; secure; path=/a/b" exists) is because cookies in the Cookie + // header are serialized with longer path first. (See CookieSorter in + // cookie_monster.cc.) That is, they would be serialized as "Cookie: + // cookie1=bad; cookie1=good" in one case, and "Cookie: cookie2=good; + // cookie2=bad" in the other case. The first scenario is not allowed because + // the attacker injects the bad value, whereas the second scenario is ok + // because the good value is still listed first. + bool IsEquivalentForSecureCookieMatching( + const CanonicalCookie& secure_cookie) const; void SetSourceScheme(CookieSourceScheme source_scheme) { source_scheme_ = source_scheme; @@ -170,12 +200,28 @@ class NET_EXPORT CanonicalCookie { } void SetCreationDate(const base::Time& date) { creation_date_ = date; } - // Returns true if the given |url_path| path-matches the cookie-path as - // described in section 5.1.4 in RFC 6265. + // Returns true if the given |url_path| path-matches this cookie's cookie-path + // as described in section 5.1.4 in RFC 6265. This returns true if |path_| and + // |url_path| are identical, or if |url_path| is a subdirectory of |path_|. bool IsOnPath(const std::string& url_path) const; - // Returns true if the cookie domain matches the given |host| as described in - // section 5.1.3 of RFC 6265. + // This returns true if this cookie's |domain_| indicates that it can be + // accessed by |host|. + // + // In the case where |domain_| has no leading dot, this is a host cookie and + // will only domain match if |host| is identical to |domain_|. + // + // In the case where |domain_| has a leading dot, this is a domain cookie. It + // will match |host| if |domain_| is a suffix of |host|, or if |domain_| is + // exactly equal to |host| plus a leading dot. + // + // Note that this isn't quite the same as the "domain-match" algorithm in RFC + // 6265bis, since our implementation uses the presence of a leading dot in the + // |domain_| string in place of the spec's host-only-flag. That is, if + // |domain_| has no leading dot, then we only consider it matching if |host| + // is identical (which reflects the intended behavior when the cookie has a + // host-only-flag), whereas the RFC also treats them as domain-matching if + // |domain_| is a subdomain of |host|. bool IsDomainMatch(const std::string& host) const; // Returns if the cookie should be included (and if not, why) for the given @@ -265,12 +311,6 @@ class NET_EXPORT CanonicalCookie { COOKIE_PREFIX_LAST }; - // Applies the appropriate warning for the given cross-scheme - // SameSiteCookieContext. - void AddSameSiteCrossSchemeWarning( - CookieInclusionStatus* status, - const CookieOptions::SameSiteCookieContext context) const; - // Returns the CookiePrefix (or COOKIE_PREFIX_NONE if none) that // applies to the given cookie |name|. static CookiePrefix GetCookiePrefix(const std::string& name); @@ -304,9 +344,6 @@ class NET_EXPORT CanonicalCookie { // Returns whether the cookie was created at most |age_threshold| ago. bool IsRecentlyCreated(base::TimeDelta age_threshold) const; - // Returns the cookie's domain, with the leading dot removed, if present. - std::string DomainWithoutDot() const; - std::string name_; std::string value_; std::string domain_; @@ -379,20 +416,82 @@ class NET_EXPORT CanonicalCookie::CookieInclusionStatus { // enough to activate the Lax-allow-unsafe intervention. WARN_SAMESITE_UNSPECIFIED_LAX_ALLOW_UNSAFE = 2, - // The following warnings indicate that a SameSite cookie is being sent/set - // across schemes and with what same-site context. - // See CookieOptions::SameSiteCookieContext. - WARN_SAMESITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_SECURE_URL = 3, - WARN_SAMESITE_LAX_CROSS_SCHEME_SECURE_URL = 4, - WARN_SAMESITE_STRICT_CROSS_SCHEME_SECURE_URL = 5, - WARN_SAMESITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_INSECURE_URL = 6, - WARN_SAMESITE_LAX_CROSS_SCHEME_INSECURE_URL = 7, - WARN_SAMESITE_STRICT_CROSS_SCHEME_INSECURE_URL = 8, + // The following warnings indicate that an included cookie with an effective + // SameSite is experiencing a SameSiteCookieContext::|context| -> + // SameSiteCookieContext::|schemeful_context| downgrade that will prevent + // its access schemefully. + // This situation means that a cookie is accessible when the + // SchemefulSameSite feature is disabled but not when it's enabled, + // indicating changed behavior and potential breakage. + // + // For example, a Strict to Lax downgrade for an effective SameSite=Strict + // cookie: + // This cookie would be accessible in the Strict context as its SameSite + // value is Strict. However its context for schemeful same-site becomes Lax. + // A strict cookie cannot be accessed in a Lax context and therefore the + // behavior has changed. + // As a counterexample, a Strict to Lax downgrade for an effective + // SameSite=Lax cookie: A Lax cookie can be accessed in both Strict and Lax + // contexts so there is no behavior change (and we don't warn about it). + // + // The warnings are in the following format: + // WARN_{context}_{schemeful_context}_DOWNGRADE_{samesite_value}_SAMESITE + // + // Of the following 5 SameSite warnings, there will be, at most, a single + // active one. + + // Strict to Lax downgrade for an effective SameSite=Strict cookie. + // This warning is only applicable for cookies being sent because a Strict + // cookie will be set in both Strict and Lax Contexts so the downgrade will + // not affect it. + WARN_STRICT_LAX_DOWNGRADE_STRICT_SAMESITE = 3, + // Strict to Cross-site downgrade for an effective SameSite=Strict cookie. + // This also applies to Strict to Lax Unsafe downgrades due to Lax Unsafe + // behaving like Cross-site. + WARN_STRICT_CROSS_DOWNGRADE_STRICT_SAMESITE = 4, + // Strict to Cross-site downgrade for an effective SameSite=Lax cookie. + // This also applies to Strict to Lax Unsafe downgrades due to Lax Unsafe + // behaving like Cross-site. + WARN_STRICT_CROSS_DOWNGRADE_LAX_SAMESITE = 5, + // Lax to Cross-site downgrade for an effective SameSite=Strict cookie. + // This warning is only applicable for cookies being set because a Strict + // cookie will not be sent in a Lax context so the downgrade would not + // affect it. + WARN_LAX_CROSS_DOWNGRADE_STRICT_SAMESITE = 6, + // Lax to Cross-site downgrade for an effective SameSite=Lax cookie. + WARN_LAX_CROSS_DOWNGRADE_LAX_SAMESITE = 7, // This should be kept last. NUM_WARNING_REASONS }; + // These enums encode the context downgrade warnings + the secureness of the + // url sending/setting the cookie. They're used for metrics only. The format + // is {context}_{schemeful_context}_{samesite_value}_{securness}. + // NO_DOWNGRADE_{securness} indicates that a cookie didn't have a breaking + // context downgrade and was A) included B) excluded only due to insufficient + // same-site context. I.e. the cookie wasn't excluded due to other reasons + // such as third-party cookie blocking. Keep this in line with + // SameSiteCookieContextBreakingDowngradeWithSecureness in enums.xml. + enum ContextDowngradeMetricValues { + NO_DOWNGRADE_INSECURE = 0, + NO_DOWNGRADE_SECURE = 1, + + STRICT_LAX_STRICT_INSECURE = 2, + STRICT_CROSS_STRICT_INSECURE = 3, + STRICT_CROSS_LAX_INSECURE = 4, + LAX_CROSS_STRICT_INSECURE = 5, + LAX_CROSS_LAX_INSECURE = 6, + + STRICT_LAX_STRICT_SECURE = 7, + STRICT_CROSS_STRICT_SECURE = 8, + STRICT_CROSS_LAX_SECURE = 9, + LAX_CROSS_STRICT_SECURE = 10, + LAX_CROSS_LAX_SECURE = 11, + + // Keep last. + kMaxValue = LAX_CROSS_LAX_SECURE + }; // Makes a status that says include and should not warn. CookieInclusionStatus(); @@ -422,16 +521,23 @@ class NET_EXPORT CanonicalCookie::CookieInclusionStatus { // warning about it (clear the warning). void MaybeClearSameSiteWarning(); + // Whether to record the breaking downgrade metrics if the cookie is included + // or if it's only excluded because of insufficient same-site context. + bool ShouldRecordDowngradeMetrics() const; + // Whether the cookie should be warned about. bool ShouldWarn() const; // Whether the given reason for warning is present. bool HasWarningReason(WarningReason reason) const; - // Whether a cross-scheme warning is present. - // If the function returns true and |reason| is valid then |reason| will - // contain which warning was found. - bool HasCrossSchemeWarning( + // Whether a schemeful downgrade warning is present. + // A schemeful downgrade means that an included cookie with an effective + // SameSite is experiencing a SameSiteCookieContext::|context| -> + // SameSiteCookieContext::|schemeful_context| downgrade that will prevent its + // access schemefully. If the function returns true and |reason| is valid then + // |reason| will contain which warning was found. + bool HasDowngradeWarning( CookieInclusionStatus::WarningReason* reason = nullptr) const; // Add an warning reason. @@ -451,6 +557,9 @@ class NET_EXPORT CanonicalCookie::CookieInclusionStatus { warning_reasons_ = warning_reasons; } + ContextDowngradeMetricValues GetBreakingDowngradeMetricsEnumValue( + const GURL& url) const; + // Get exclusion reason(s) and warning in string format. std::string GetDebugString() const; diff --git a/chromium/net/cookies/canonical_cookie_unittest.cc b/chromium/net/cookies/canonical_cookie_unittest.cc index 493af3f415b..68548deed97 100644 --- a/chromium/net/cookies/canonical_cookie_unittest.cc +++ b/chromium/net/cookies/canonical_cookie_unittest.cc @@ -396,6 +396,7 @@ TEST(CanonicalCookieTest, IsEquivalent) { creation_time, expiration_time, base::Time(), secure, httponly, same_site, COOKIE_PRIORITY_MEDIUM); EXPECT_FALSE(cookie->IsEquivalent(*other_cookie)); + // The path comparison is asymmetric EXPECT_FALSE(cookie->IsEquivalentForSecureCookieMatching(*other_cookie)); EXPECT_TRUE(other_cookie->IsEquivalentForSecureCookieMatching(*cookie)); @@ -408,6 +409,56 @@ TEST(CanonicalCookieTest, IsEquivalent) { EXPECT_FALSE(other_cookie->IsEquivalentForSecureCookieMatching(*cookie)); } +TEST(CanonicalCookieTest, IsEquivalentForSecureCookieMatching) { + struct { + struct { + const char* name; + const char* domain; + const char* path; + } cookie, secure_cookie; + bool equivalent; + bool is_symmetric; // Whether the reverse comparison has the same result. + } kTests[] = { + // Equivalent to itself + {{"A", "a.foo.com", "/"}, {"A", "a.foo.com", "/"}, true, true}, + {{"A", ".a.foo.com", "/"}, {"A", ".a.foo.com", "/"}, true, true}, + // Names are different + {{"A", "a.foo.com", "/"}, {"B", "a.foo.com", "/"}, false, true}, + // Host cookie and domain cookie with same hostname match + {{"A", "a.foo.com", "/"}, {"A", ".a.foo.com", "/"}, true, true}, + // Subdomains and superdomains match + {{"A", "a.foo.com", "/"}, {"A", ".foo.com", "/"}, true, true}, + {{"A", ".a.foo.com", "/"}, {"A", ".foo.com", "/"}, true, true}, + {{"A", "a.foo.com", "/"}, {"A", "foo.com", "/"}, true, true}, + {{"A", ".a.foo.com", "/"}, {"A", "foo.com", "/"}, true, true}, + // Different domains don't match + {{"A", "a.foo.com", "/"}, {"A", "b.foo.com", "/"}, false, true}, + {{"A", "a.foo.com", "/"}, {"A", "ba.foo.com", "/"}, false, true}, + // Path attribute matches if it is a subdomain, but not vice versa. + {{"A", "a.foo.com", "/sub"}, {"A", "a.foo.com", "/"}, true, false}, + // Different paths don't match + {{"A", "a.foo.com", "/sub"}, {"A", "a.foo.com", "/other"}, false, true}, + {{"A", "a.foo.com", "/a/b"}, {"A", "a.foo.com", "/a/c"}, false, true}, + }; + + for (auto test : kTests) { + auto cookie = std::make_unique<CanonicalCookie>( + test.cookie.name, "value1", test.cookie.domain, test.cookie.path, + base::Time(), base::Time(), base::Time(), false /* secure */, false, + CookieSameSite::LAX_MODE, COOKIE_PRIORITY_MEDIUM); + auto secure_cookie = std::make_unique<CanonicalCookie>( + test.secure_cookie.name, "value2", test.secure_cookie.domain, + test.secure_cookie.path, base::Time(), base::Time(), base::Time(), + true /* secure */, false, CookieSameSite::LAX_MODE, + COOKIE_PRIORITY_MEDIUM); + + EXPECT_EQ(test.equivalent, + cookie->IsEquivalentForSecureCookieMatching(*secure_cookie)); + EXPECT_EQ(test.equivalent == test.is_symmetric, + secure_cookie->IsEquivalentForSecureCookieMatching(*cookie)); + } +} + TEST(CanonicalCookieTest, IsDomainMatch) { GURL url("http://www.example.com/test/foo.html"); base::Time creation_time = base::Time::Now(); @@ -712,6 +763,8 @@ TEST(CanonicalCookieTest, IncludeForRequestURLSameSite) { // Test cases that are the same regardless of feature status or access // semantics: + // TODO(https://crbug.com/1030938): This test will need to consider + // SchemefulSameSite when it is added to CanonicalCookie. std::vector<IncludeForRequestURLTestCase> common_test_cases = { // Strict cookies: {"Common=1;SameSite=Strict", CookieSameSite::STRICT_MODE, @@ -735,129 +788,112 @@ TEST(CanonicalCookieTest, IncludeForRequestURLSameSite) { SameSiteCookieContext( SameSiteCookieContext::ContextType::SAME_SITE_STRICT), CanonicalCookie::CookieInclusionStatus()}, + // Strict cookies with downgrade: {"Common=5;SameSite=Strict", CookieSameSite::STRICT_MODE, CookieEffectiveSameSite::STRICT_MODE, SameSiteCookieContext( SameSiteCookieContext::ContextType::SAME_SITE_STRICT, - SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), + SameSiteCookieContext::ContextType::SAME_SITE_LAX), CanonicalCookie::CookieInclusionStatus::MakeFromReasonsForTesting( std::vector< CanonicalCookie::CookieInclusionStatus::ExclusionReason>(), {CanonicalCookie::CookieInclusionStatus:: - WARN_SAMESITE_STRICT_CROSS_SCHEME_SECURE_URL})}, + WARN_STRICT_LAX_DOWNGRADE_STRICT_SAMESITE})}, {"Common=6;SameSite=Strict", CookieSameSite::STRICT_MODE, CookieEffectiveSameSite::STRICT_MODE, SameSiteCookieContext( SameSiteCookieContext::ContextType::SAME_SITE_STRICT, - SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE), + SameSiteCookieContext::ContextType::SAME_SITE_LAX_METHOD_UNSAFE), + CanonicalCookie::CookieInclusionStatus::MakeFromReasonsForTesting( + std::vector< + CanonicalCookie::CookieInclusionStatus::ExclusionReason>(), + {CanonicalCookie::CookieInclusionStatus:: + WARN_STRICT_CROSS_DOWNGRADE_STRICT_SAMESITE})}, + {"Common=7;SameSite=Strict", CookieSameSite::STRICT_MODE, + CookieEffectiveSameSite::STRICT_MODE, + SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT, + SameSiteCookieContext::ContextType::CROSS_SITE), CanonicalCookie::CookieInclusionStatus::MakeFromReasonsForTesting( std::vector< CanonicalCookie::CookieInclusionStatus::ExclusionReason>(), {CanonicalCookie::CookieInclusionStatus:: - WARN_SAMESITE_STRICT_CROSS_SCHEME_INSECURE_URL})}, + WARN_STRICT_CROSS_DOWNGRADE_STRICT_SAMESITE})}, // Lax cookies: - {"Common=7;SameSite=Lax", CookieSameSite::LAX_MODE, + {"Common=8;SameSite=Lax", CookieSameSite::LAX_MODE, CookieEffectiveSameSite::LAX_MODE, SameSiteCookieContext(SameSiteCookieContext::ContextType::CROSS_SITE), CanonicalCookie::CookieInclusionStatus( CanonicalCookie::CookieInclusionStatus::EXCLUDE_SAMESITE_LAX)}, - {"Common=8;SameSite=Lax", CookieSameSite::LAX_MODE, + {"Common=9;SameSite=Lax", CookieSameSite::LAX_MODE, CookieEffectiveSameSite::LAX_MODE, SameSiteCookieContext( SameSiteCookieContext::ContextType::SAME_SITE_LAX_METHOD_UNSAFE), CanonicalCookie::CookieInclusionStatus( CanonicalCookie::CookieInclusionStatus::EXCLUDE_SAMESITE_LAX)}, - {"Common=9;SameSite=Lax", CookieSameSite::LAX_MODE, + {"Common=10;SameSite=Lax", CookieSameSite::LAX_MODE, CookieEffectiveSameSite::LAX_MODE, SameSiteCookieContext(SameSiteCookieContext::ContextType::SAME_SITE_LAX), CanonicalCookie::CookieInclusionStatus()}, - {"Common=10;SameSite=Lax", CookieSameSite::LAX_MODE, + {"Common=11;SameSite=Lax", CookieSameSite::LAX_MODE, CookieEffectiveSameSite::LAX_MODE, SameSiteCookieContext( SameSiteCookieContext::ContextType::SAME_SITE_STRICT), CanonicalCookie::CookieInclusionStatus()}, - {"Common=11;SameSite=Lax", CookieSameSite::LAX_MODE, + // Lax cookies with downgrade: + {"Common=12;SameSite=Lax", CookieSameSite::LAX_MODE, CookieEffectiveSameSite::LAX_MODE, SameSiteCookieContext( - SameSiteCookieContext::ContextType::SAME_SITE_LAX, - SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), - CanonicalCookie::CookieInclusionStatus::MakeFromReasonsForTesting( - std::vector< - CanonicalCookie::CookieInclusionStatus::ExclusionReason>(), - {CanonicalCookie::CookieInclusionStatus:: - WARN_SAMESITE_LAX_CROSS_SCHEME_SECURE_URL})}, - {"Common=12;SameSite=Lax", CookieSameSite::LAX_MODE, + SameSiteCookieContext::ContextType::SAME_SITE_STRICT, + SameSiteCookieContext::ContextType::SAME_SITE_LAX), + CanonicalCookie::CookieInclusionStatus()}, + {"Common=13;SameSite=Lax", CookieSameSite::LAX_MODE, CookieEffectiveSameSite::LAX_MODE, SameSiteCookieContext( SameSiteCookieContext::ContextType::SAME_SITE_STRICT, - SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), + SameSiteCookieContext::ContextType::SAME_SITE_LAX_METHOD_UNSAFE), CanonicalCookie::CookieInclusionStatus::MakeFromReasonsForTesting( std::vector< CanonicalCookie::CookieInclusionStatus::ExclusionReason>(), {CanonicalCookie::CookieInclusionStatus:: - WARN_SAMESITE_STRICT_CROSS_SCHEME_SECURE_URL})}, - {"Common=13;SameSite=Lax", CookieSameSite::LAX_MODE, + WARN_STRICT_CROSS_DOWNGRADE_LAX_SAMESITE})}, + {"Common=14;SameSite=Lax", CookieSameSite::LAX_MODE, CookieEffectiveSameSite::LAX_MODE, SameSiteCookieContext( - SameSiteCookieContext::ContextType::SAME_SITE_LAX, - SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE), + SameSiteCookieContext::ContextType::SAME_SITE_STRICT, + SameSiteCookieContext::ContextType::CROSS_SITE), CanonicalCookie::CookieInclusionStatus::MakeFromReasonsForTesting( std::vector< CanonicalCookie::CookieInclusionStatus::ExclusionReason>(), {CanonicalCookie::CookieInclusionStatus:: - WARN_SAMESITE_LAX_CROSS_SCHEME_INSECURE_URL})}, - {"Common=14;SameSite=Lax", CookieSameSite::LAX_MODE, + WARN_STRICT_CROSS_DOWNGRADE_LAX_SAMESITE})}, + {"Common=15;SameSite=Lax", CookieSameSite::LAX_MODE, CookieEffectiveSameSite::LAX_MODE, - SameSiteCookieContext( - SameSiteCookieContext::ContextType::SAME_SITE_STRICT, - SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE), + SameSiteCookieContext(SameSiteCookieContext::ContextType::SAME_SITE_LAX, + SameSiteCookieContext::ContextType::CROSS_SITE), CanonicalCookie::CookieInclusionStatus::MakeFromReasonsForTesting( std::vector< CanonicalCookie::CookieInclusionStatus::ExclusionReason>(), {CanonicalCookie::CookieInclusionStatus:: - WARN_SAMESITE_STRICT_CROSS_SCHEME_INSECURE_URL})}, + WARN_LAX_CROSS_DOWNGRADE_LAX_SAMESITE})}, // None and Secure cookies: - {"Common=15;SameSite=None;Secure", CookieSameSite::NO_RESTRICTION, + {"Common=16;SameSite=None;Secure", CookieSameSite::NO_RESTRICTION, CookieEffectiveSameSite::NO_RESTRICTION, SameSiteCookieContext(SameSiteCookieContext::ContextType::CROSS_SITE), CanonicalCookie::CookieInclusionStatus()}, - {"Common=16;SameSite=None;Secure", CookieSameSite::NO_RESTRICTION, + {"Common=17;SameSite=None;Secure", CookieSameSite::NO_RESTRICTION, CookieEffectiveSameSite::NO_RESTRICTION, SameSiteCookieContext( SameSiteCookieContext::ContextType::SAME_SITE_LAX_METHOD_UNSAFE), CanonicalCookie::CookieInclusionStatus()}, - {"Common=17;SameSite=None;Secure", CookieSameSite::NO_RESTRICTION, - CookieEffectiveSameSite::NO_RESTRICTION, - SameSiteCookieContext(SameSiteCookieContext::ContextType::SAME_SITE_LAX), - CanonicalCookie::CookieInclusionStatus()}, {"Common=18;SameSite=None;Secure", CookieSameSite::NO_RESTRICTION, CookieEffectiveSameSite::NO_RESTRICTION, - SameSiteCookieContext( - SameSiteCookieContext::ContextType::SAME_SITE_STRICT), + SameSiteCookieContext(SameSiteCookieContext::ContextType::SAME_SITE_LAX), CanonicalCookie::CookieInclusionStatus()}, {"Common=19;SameSite=None;Secure", CookieSameSite::NO_RESTRICTION, CookieEffectiveSameSite::NO_RESTRICTION, SameSiteCookieContext( - SameSiteCookieContext::ContextType::SAME_SITE_LAX, - SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), - CanonicalCookie::CookieInclusionStatus()}, - {"Common=20;SameSite=None;Secure", CookieSameSite::NO_RESTRICTION, - CookieEffectiveSameSite::NO_RESTRICTION, - SameSiteCookieContext( - SameSiteCookieContext::ContextType::SAME_SITE_STRICT, - SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), - CanonicalCookie::CookieInclusionStatus()}, - {"Common=21;SameSite=None;Secure", CookieSameSite::NO_RESTRICTION, - CookieEffectiveSameSite::NO_RESTRICTION, - SameSiteCookieContext( - SameSiteCookieContext::ContextType::SAME_SITE_LAX, - SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE), - CanonicalCookie::CookieInclusionStatus()}, - {"Common=22;SameSite=None;Secure", CookieSameSite::NO_RESTRICTION, - CookieEffectiveSameSite::NO_RESTRICTION, - SameSiteCookieContext( - SameSiteCookieContext::ContextType::SAME_SITE_STRICT, - SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE), + SameSiteCookieContext::ContextType::SAME_SITE_STRICT), CanonicalCookie::CookieInclusionStatus()}}; // Test cases where the default is None (either access semantics is LEGACY, or @@ -2008,30 +2044,24 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) { context_same_site_strict.set_same_site_cookie_context( CookieOptions::SameSiteCookieContext( CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT)); - CookieOptions context_same_site_lax_to_secure; - context_same_site_lax_to_secure.set_same_site_cookie_context( + + CookieOptions context_same_site_strict_to_lax; + context_same_site_strict_to_lax.set_same_site_cookie_context( CookieOptions::SameSiteCookieContext( - CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX, - CookieOptions::SameSiteCookieContext::CrossSchemeness:: - INSECURE_SECURE)); - CookieOptions context_same_site_strict_to_secure; - context_same_site_strict_to_secure.set_same_site_cookie_context( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT, + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX)); + + CookieOptions context_same_site_strict_to_cross; + context_same_site_strict_to_cross.set_same_site_cookie_context( CookieOptions::SameSiteCookieContext( CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT, - CookieOptions::SameSiteCookieContext::CrossSchemeness:: - INSECURE_SECURE)); - CookieOptions context_same_site_lax_to_insecure; - context_same_site_lax_to_insecure.set_same_site_cookie_context( + CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE)); + + CookieOptions context_same_site_lax_to_cross; + context_same_site_lax_to_cross.set_same_site_cookie_context( CookieOptions::SameSiteCookieContext( CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX, - CookieOptions::SameSiteCookieContext::CrossSchemeness:: - SECURE_INSECURE)); - CookieOptions context_same_site_strict_to_insecure; - context_same_site_strict_to_insecure.set_same_site_cookie_context( - CookieOptions::SameSiteCookieContext( - CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT, - CookieOptions::SameSiteCookieContext::CrossSchemeness:: - SECURE_INSECURE)); + CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE)); { CanonicalCookie cookie_same_site_unrestricted( @@ -2048,19 +2078,22 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) { EXPECT_TRUE(cookie_same_site_unrestricted .IsSetPermittedInContext(context_same_site_strict) .IsInclude()); - EXPECT_TRUE(cookie_same_site_unrestricted - .IsSetPermittedInContext(context_same_site_lax_to_secure) - .IsInclude()); - EXPECT_TRUE(cookie_same_site_unrestricted - .IsSetPermittedInContext(context_same_site_strict_to_secure) - .IsInclude()); - EXPECT_TRUE(cookie_same_site_unrestricted - .IsSetPermittedInContext(context_same_site_lax_to_insecure) - .IsInclude()); - EXPECT_TRUE( - cookie_same_site_unrestricted - .IsSetPermittedInContext(context_same_site_strict_to_insecure) - .IsInclude()); + + CanonicalCookie::CookieInclusionStatus status_strict_to_lax = + cookie_same_site_unrestricted.IsSetPermittedInContext( + context_same_site_strict_to_lax); + EXPECT_TRUE(status_strict_to_lax.IsInclude()); + EXPECT_FALSE(status_strict_to_lax.HasDowngradeWarning()); + CanonicalCookie::CookieInclusionStatus status_strict_to_cross = + cookie_same_site_unrestricted.IsSetPermittedInContext( + context_same_site_strict_to_cross); + EXPECT_TRUE(status_strict_to_cross.IsInclude()); + EXPECT_FALSE(status_strict_to_cross.HasDowngradeWarning()); + CanonicalCookie::CookieInclusionStatus status_lax_to_cross = + cookie_same_site_unrestricted.IsSetPermittedInContext( + context_same_site_lax_to_cross); + EXPECT_TRUE(status_lax_to_cross.IsInclude()); + EXPECT_FALSE(status_lax_to_cross.HasDowngradeWarning()); } { @@ -2079,19 +2112,26 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) { EXPECT_TRUE( cookie_same_site_lax.IsSetPermittedInContext(context_same_site_strict) .IsInclude()); - EXPECT_TRUE(cookie_same_site_lax - .IsSetPermittedInContext(context_same_site_lax_to_secure) - .IsInclude()); - EXPECT_TRUE(cookie_same_site_lax - .IsSetPermittedInContext(context_same_site_strict_to_secure) - .IsInclude()); - EXPECT_TRUE(cookie_same_site_lax - .IsSetPermittedInContext(context_same_site_lax_to_insecure) - .IsInclude()); - EXPECT_TRUE( - cookie_same_site_lax - .IsSetPermittedInContext(context_same_site_strict_to_insecure) - .IsInclude()); + + CanonicalCookie::CookieInclusionStatus status_strict_to_lax = + cookie_same_site_lax.IsSetPermittedInContext( + context_same_site_strict_to_lax); + EXPECT_TRUE(status_strict_to_lax.IsInclude()); + EXPECT_FALSE(status_strict_to_lax.HasDowngradeWarning()); + CanonicalCookie::CookieInclusionStatus status_strict_to_cross = + cookie_same_site_lax.IsSetPermittedInContext( + context_same_site_strict_to_cross); + EXPECT_TRUE(status_strict_to_cross.IsInclude()); + EXPECT_TRUE(status_strict_to_cross.HasWarningReason( + CanonicalCookie::CookieInclusionStatus:: + WARN_STRICT_CROSS_DOWNGRADE_LAX_SAMESITE)); + CanonicalCookie::CookieInclusionStatus status_lax_to_cross = + cookie_same_site_lax.IsSetPermittedInContext( + context_same_site_lax_to_cross); + EXPECT_TRUE(status_lax_to_cross.IsInclude()); + EXPECT_TRUE(status_lax_to_cross.HasWarningReason( + CanonicalCookie::CookieInclusionStatus:: + WARN_LAX_CROSS_DOWNGRADE_LAX_SAMESITE)); } { @@ -2113,19 +2153,26 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) { EXPECT_TRUE(cookie_same_site_strict .IsSetPermittedInContext(context_same_site_strict) .IsInclude()); - EXPECT_TRUE(cookie_same_site_strict - .IsSetPermittedInContext(context_same_site_lax_to_secure) - .IsInclude()); - EXPECT_TRUE(cookie_same_site_strict - .IsSetPermittedInContext(context_same_site_strict_to_secure) - .IsInclude()); - EXPECT_TRUE(cookie_same_site_strict - .IsSetPermittedInContext(context_same_site_lax_to_insecure) - .IsInclude()); - EXPECT_TRUE( - cookie_same_site_strict - .IsSetPermittedInContext(context_same_site_strict_to_insecure) - .IsInclude()); + + CanonicalCookie::CookieInclusionStatus status_strict_to_lax = + cookie_same_site_strict.IsSetPermittedInContext( + context_same_site_strict_to_lax); + EXPECT_TRUE(status_strict_to_lax.IsInclude()); + EXPECT_FALSE(status_strict_to_lax.HasDowngradeWarning()); + CanonicalCookie::CookieInclusionStatus status_strict_to_cross = + cookie_same_site_strict.IsSetPermittedInContext( + context_same_site_strict_to_cross); + EXPECT_TRUE(status_strict_to_cross.IsInclude()); + EXPECT_TRUE(status_strict_to_cross.HasWarningReason( + CanonicalCookie::CookieInclusionStatus:: + WARN_STRICT_CROSS_DOWNGRADE_STRICT_SAMESITE)); + CanonicalCookie::CookieInclusionStatus status_lax_to_cross = + cookie_same_site_strict.IsSetPermittedInContext( + context_same_site_lax_to_cross); + EXPECT_TRUE(status_lax_to_cross.IsInclude()); + EXPECT_TRUE(status_lax_to_cross.HasWarningReason( + CanonicalCookie::CookieInclusionStatus:: + WARN_LAX_CROSS_DOWNGRADE_STRICT_SAMESITE)); } // Behavior of UNSPECIFIED depends on an experiment and CookieAccessSemantics. @@ -2151,23 +2198,6 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) { CookieAccessSemantics::UNKNOWN) .IsInclude()); EXPECT_TRUE(cookie_same_site_unspecified - .IsSetPermittedInContext(context_same_site_lax_to_secure, - CookieAccessSemantics::UNKNOWN) - .IsInclude()); - EXPECT_TRUE(cookie_same_site_unspecified - .IsSetPermittedInContext(context_same_site_strict_to_secure, - CookieAccessSemantics::UNKNOWN) - .IsInclude()); - EXPECT_TRUE(cookie_same_site_unspecified - .IsSetPermittedInContext(context_same_site_lax_to_insecure, - CookieAccessSemantics::UNKNOWN) - .IsInclude()); - EXPECT_TRUE( - cookie_same_site_unspecified - .IsSetPermittedInContext(context_same_site_strict_to_insecure, - CookieAccessSemantics::UNKNOWN) - .IsInclude()); - EXPECT_TRUE(cookie_same_site_unspecified .IsSetPermittedInContext(context_cross_site, CookieAccessSemantics::LEGACY) .IsInclude()); @@ -2180,23 +2210,6 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) { CookieAccessSemantics::LEGACY) .IsInclude()); EXPECT_TRUE(cookie_same_site_unspecified - .IsSetPermittedInContext(context_same_site_lax_to_secure, - CookieAccessSemantics::LEGACY) - .IsInclude()); - EXPECT_TRUE(cookie_same_site_unspecified - .IsSetPermittedInContext(context_same_site_strict_to_secure, - CookieAccessSemantics::LEGACY) - .IsInclude()); - EXPECT_TRUE(cookie_same_site_unspecified - .IsSetPermittedInContext(context_same_site_lax_to_insecure, - CookieAccessSemantics::LEGACY) - .IsInclude()); - EXPECT_TRUE( - cookie_same_site_unspecified - .IsSetPermittedInContext(context_same_site_strict_to_insecure, - CookieAccessSemantics::LEGACY) - .IsInclude()); - EXPECT_TRUE(cookie_same_site_unspecified .IsSetPermittedInContext(context_cross_site, CookieAccessSemantics::NONLEGACY) .HasExactlyExclusionReasonsForTesting( @@ -2210,23 +2223,6 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) { .IsSetPermittedInContext(context_same_site_strict, CookieAccessSemantics::NONLEGACY) .IsInclude()); - EXPECT_TRUE(cookie_same_site_unspecified - .IsSetPermittedInContext(context_same_site_lax_to_secure, - CookieAccessSemantics::NONLEGACY) - .IsInclude()); - EXPECT_TRUE(cookie_same_site_unspecified - .IsSetPermittedInContext(context_same_site_strict_to_secure, - CookieAccessSemantics::NONLEGACY) - .IsInclude()); - EXPECT_TRUE(cookie_same_site_unspecified - .IsSetPermittedInContext(context_same_site_lax_to_insecure, - CookieAccessSemantics::NONLEGACY) - .IsInclude()); - EXPECT_TRUE( - cookie_same_site_unspecified - .IsSetPermittedInContext(context_same_site_strict_to_insecure, - CookieAccessSemantics::NONLEGACY) - .IsInclude()); } { @@ -2248,23 +2244,6 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) { CookieAccessSemantics::UNKNOWN) .IsInclude()); EXPECT_TRUE(cookie_same_site_unspecified - .IsSetPermittedInContext(context_same_site_lax_to_secure, - CookieAccessSemantics::UNKNOWN) - .IsInclude()); - EXPECT_TRUE(cookie_same_site_unspecified - .IsSetPermittedInContext(context_same_site_strict_to_secure, - CookieAccessSemantics::UNKNOWN) - .IsInclude()); - EXPECT_TRUE(cookie_same_site_unspecified - .IsSetPermittedInContext(context_same_site_lax_to_insecure, - CookieAccessSemantics::UNKNOWN) - .IsInclude()); - EXPECT_TRUE( - cookie_same_site_unspecified - .IsSetPermittedInContext(context_same_site_strict_to_insecure, - CookieAccessSemantics::UNKNOWN) - .IsInclude()); - EXPECT_TRUE(cookie_same_site_unspecified .IsSetPermittedInContext(context_cross_site, CookieAccessSemantics::LEGACY) .IsInclude()); @@ -2277,23 +2256,6 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) { CookieAccessSemantics::LEGACY) .IsInclude()); EXPECT_TRUE(cookie_same_site_unspecified - .IsSetPermittedInContext(context_same_site_lax_to_secure, - CookieAccessSemantics::LEGACY) - .IsInclude()); - EXPECT_TRUE(cookie_same_site_unspecified - .IsSetPermittedInContext(context_same_site_strict_to_secure, - CookieAccessSemantics::LEGACY) - .IsInclude()); - EXPECT_TRUE(cookie_same_site_unspecified - .IsSetPermittedInContext(context_same_site_lax_to_insecure, - CookieAccessSemantics::LEGACY) - .IsInclude()); - EXPECT_TRUE( - cookie_same_site_unspecified - .IsSetPermittedInContext(context_same_site_strict_to_insecure, - CookieAccessSemantics::LEGACY) - .IsInclude()); - EXPECT_TRUE(cookie_same_site_unspecified .IsSetPermittedInContext(context_cross_site, CookieAccessSemantics::NONLEGACY) .HasExactlyExclusionReasonsForTesting( @@ -2307,23 +2269,6 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) { .IsSetPermittedInContext(context_same_site_strict, CookieAccessSemantics::NONLEGACY) .IsInclude()); - EXPECT_TRUE(cookie_same_site_unspecified - .IsSetPermittedInContext(context_same_site_lax_to_secure, - CookieAccessSemantics::NONLEGACY) - .IsInclude()); - EXPECT_TRUE(cookie_same_site_unspecified - .IsSetPermittedInContext(context_same_site_strict_to_secure, - CookieAccessSemantics::NONLEGACY) - .IsInclude()); - EXPECT_TRUE(cookie_same_site_unspecified - .IsSetPermittedInContext(context_same_site_lax_to_insecure, - CookieAccessSemantics::NONLEGACY) - .IsInclude()); - EXPECT_TRUE( - cookie_same_site_unspecified - .IsSetPermittedInContext(context_same_site_strict_to_insecure, - CookieAccessSemantics::NONLEGACY) - .IsInclude()); } } @@ -2503,39 +2448,37 @@ TEST(CookieInclusionStatusTest, RemoveWarningReason) { WARN_SAMESITE_UNSPECIFIED_CROSS_SITE_CONTEXT)); } -TEST(CookieInclusionStatusTest, HasCrossSchemeWarning) { +TEST(CookieInclusionStatusTest, HasDowngradeWarning) { std::vector<CanonicalCookie::CookieInclusionStatus::WarningReason> - cross_scheme_warnings = { + downgrade_warnings = { CanonicalCookie::CookieInclusionStatus:: - WARN_SAMESITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_SECURE_URL, + WARN_STRICT_LAX_DOWNGRADE_STRICT_SAMESITE, CanonicalCookie::CookieInclusionStatus:: - WARN_SAMESITE_LAX_CROSS_SCHEME_SECURE_URL, + WARN_STRICT_CROSS_DOWNGRADE_STRICT_SAMESITE, CanonicalCookie::CookieInclusionStatus:: - WARN_SAMESITE_STRICT_CROSS_SCHEME_SECURE_URL, + WARN_STRICT_CROSS_DOWNGRADE_LAX_SAMESITE, CanonicalCookie::CookieInclusionStatus:: - WARN_SAMESITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_INSECURE_URL, + WARN_LAX_CROSS_DOWNGRADE_STRICT_SAMESITE, CanonicalCookie::CookieInclusionStatus:: - WARN_SAMESITE_LAX_CROSS_SCHEME_INSECURE_URL, - CanonicalCookie::CookieInclusionStatus:: - WARN_SAMESITE_STRICT_CROSS_SCHEME_INSECURE_URL}; + WARN_LAX_CROSS_DOWNGRADE_LAX_SAMESITE, + }; CanonicalCookie::CookieInclusionStatus empty_status; - EXPECT_FALSE(empty_status.HasCrossSchemeWarning()); + EXPECT_FALSE(empty_status.HasDowngradeWarning()); - CanonicalCookie::CookieInclusionStatus not_cross_scheme; - not_cross_scheme.AddWarningReason( + CanonicalCookie::CookieInclusionStatus not_downgrade; + not_downgrade.AddWarningReason( CanonicalCookie::CookieInclusionStatus:: WARN_SAMESITE_UNSPECIFIED_CROSS_SITE_CONTEXT); - EXPECT_FALSE(not_cross_scheme.HasCrossSchemeWarning()); + EXPECT_FALSE(not_downgrade.HasDowngradeWarning()); - for (auto warning : cross_scheme_warnings) { + for (auto warning : downgrade_warnings) { CanonicalCookie::CookieInclusionStatus status; status.AddWarningReason(warning); CanonicalCookie::CookieInclusionStatus::WarningReason reason; - EXPECT_TRUE(status.HasCrossSchemeWarning(&reason)); + EXPECT_TRUE(status.HasDowngradeWarning(&reason)); EXPECT_EQ(warning, reason); } } - } // namespace net diff --git a/chromium/net/cookies/cookie_change_dispatcher_test_helpers.cc b/chromium/net/cookies/cookie_change_dispatcher_test_helpers.cc index 0db6daaa5e8..3419e6653fe 100644 --- a/chromium/net/cookies/cookie_change_dispatcher_test_helpers.cc +++ b/chromium/net/cookies/cookie_change_dispatcher_test_helpers.cc @@ -4,7 +4,7 @@ #include "net/cookies/cookie_change_dispatcher_test_helpers.h" -#include "base/logging.h" +#include "base/notreached.h" namespace net { diff --git a/chromium/net/cookies/cookie_constants.cc b/chromium/net/cookies/cookie_constants.cc index 95adeef96e9..bf8dd08c555 100644 --- a/chromium/net/cookies/cookie_constants.cc +++ b/chromium/net/cookies/cookie_constants.cc @@ -4,8 +4,8 @@ #include "net/cookies/cookie_constants.h" -#include "base/logging.h" #include "base/metrics/histogram_macros.h" +#include "base/notreached.h" #include "base/strings/string_util.h" namespace net { diff --git a/chromium/net/cookies/cookie_deletion_info.cc b/chromium/net/cookies/cookie_deletion_info.cc index 73a11949b2b..b451dc2350f 100644 --- a/chromium/net/cookies/cookie_deletion_info.cc +++ b/chromium/net/cookies/cookie_deletion_info.cc @@ -28,12 +28,8 @@ bool DomainMatchesDomains(const net::CanonicalCookie& cookie, // If the cookie's domain is is not parsed as belonging to a registry // (e.g. for IP addresses or internal hostnames) an empty string will be // returned. In this case, use the domain in the cookie. - if (effective_domain.empty()) { - if (cookie.IsDomainCookie()) - effective_domain = cookie.Domain().substr(1); - else - effective_domain = cookie.Domain(); - } + if (effective_domain.empty()) + effective_domain = cookie.DomainWithoutDot(); return match_domains.count(effective_domain) != 0; } diff --git a/chromium/net/cookies/cookie_monster.cc b/chromium/net/cookies/cookie_monster.cc index 783485c013d..533cc97ba71 100644 --- a/chromium/net/cookies/cookie_monster.cc +++ b/chromium/net/cookies/cookie_monster.cc @@ -303,7 +303,8 @@ bool IsHttpSameSiteContextAtLeast( const CookieOptions& options, CookieOptions::SameSiteCookieContext::ContextType same_site_requirement) { return !options.exclude_httponly() && - options.same_site_cookie_context().context >= same_site_requirement; + options.same_site_cookie_context().GetContextForCookieInclusion() >= + same_site_requirement; } } // namespace @@ -368,7 +369,7 @@ void CookieMonster::SetAllCookiesAsync(const CookieList& list, void CookieMonster::SetCanonicalCookieAsync( std::unique_ptr<CanonicalCookie> cookie, - std::string source_scheme, + const GURL& source_url, const CookieOptions& options, SetCookiesCallback callback) { DCHECK(cookie->IsCanonical()); @@ -380,8 +381,7 @@ void CookieMonster::SetCanonicalCookieAsync( // the callback on |*this|, so the callback will not outlive // the object. &CookieMonster::SetCanonicalCookie, base::Unretained(this), - std::move(cookie), std::move(source_scheme), options, - std::move(callback)), + std::move(cookie), source_url, options, std::move(callback)), domain); } @@ -904,7 +904,7 @@ void CookieMonster::TrimDuplicateCookiesForKey(const std::string& key, dupes.erase(dupes.begin()); LOG(ERROR) << base::StringPrintf( - "Found %d duplicate cookies for host='%s', " + "Found %d duplicate cookies for key='%s', " "with {name='%s', domain='%s', path='%s'}", static_cast<int>(dupes.size()), key.c_str(), std::get<0>(signature).c_str(), std::get<1>(signature).c_str(), @@ -998,68 +998,72 @@ void CookieMonster::MaybeDeleteEquivalentCookieAndUpdateStatus( CanonicalCookie::CookieInclusionStatus::EXCLUDE_OVERWRITE_HTTP_ONLY)); bool found_equivalent_cookie = false; - CookieMap::iterator maybe_delete_it = cookies_.end(); - CanonicalCookie* cc_skipped_secure = nullptr; + CookieMap::iterator deletion_candidate_it = cookies_.end(); + CanonicalCookie* skipped_secure_cookie = nullptr; // Check every cookie matching this domain key for equivalence. CookieMapItPair range_its = cookies_.equal_range(key); for (auto cur_it = range_its.first; cur_it != range_its.second; ++cur_it) { - CanonicalCookie* cc = cur_it->second.get(); + CanonicalCookie* cur_existing_cookie = cur_it->second.get(); // Evaluate "Leave Secure Cookies Alone": - // If the cookie is being set from an insecure scheme, then if a cookie - // already exists with the same name and it is Secure, then the cookie - // should *not* be updated if they domain-match and ignoring the path - // attribute. This notion of equivalence is slightly more inclusive than the - // usual IsEquivalent() check. + // If the cookie is being set from an insecure source, then if an + // "equivalent" Secure cookie already exists, then the cookie should *not* + // be updated. + // + // "Equivalent" means they are the same by + // IsEquivalentForSecureCookieMatching(). See the comment there for + // details. (Note this is not a symmetric comparison.) This notion of + // equivalence is slightly more inclusive than the usual IsEquivalent() one. // // See: https://tools.ietf.org/html/draft-ietf-httpbis-cookie-alone - if (cc->IsSecure() && !source_secure && - cookie_being_set.IsEquivalentForSecureCookieMatching(*cc)) { + if (cur_existing_cookie->IsSecure() && !source_secure && + cookie_being_set.IsEquivalentForSecureCookieMatching( + *cur_existing_cookie)) { // Hold onto this for additional Netlogging later if we end up preserving // a would-have-been-deleted cookie because of this. - cc_skipped_secure = cc; + skipped_secure_cookie = cur_existing_cookie; net_log_.AddEvent(NetLogEventType::COOKIE_STORE_COOKIE_REJECTED_SECURE, [&](NetLogCaptureMode capture_mode) { return NetLogCookieMonsterCookieRejectedSecure( - cc_skipped_secure, &cookie_being_set, + skipped_secure_cookie, &cookie_being_set, capture_mode); }); status->AddExclusionReason( CanonicalCookie::CookieInclusionStatus::EXCLUDE_OVERWRITE_SECURE); } - if (cookie_being_set.IsEquivalent(*cc)) { + if (cookie_being_set.IsEquivalent(*cur_existing_cookie)) { // We should never have more than one equivalent cookie, since they should // overwrite each other. CHECK(!found_equivalent_cookie) << "Duplicate equivalent cookies found, cookie store is corrupted."; - DCHECK(maybe_delete_it == cookies_.end()); + DCHECK(deletion_candidate_it == cookies_.end()); found_equivalent_cookie = true; // The |cookie_being_set| is rejected for trying to overwrite an httponly // cookie when it should not be able to. - if (skip_httponly && cc->IsHttpOnly()) { + if (skip_httponly && cur_existing_cookie->IsHttpOnly()) { net_log_.AddEvent( NetLogEventType::COOKIE_STORE_COOKIE_REJECTED_HTTPONLY, [&](NetLogCaptureMode capture_mode) { return NetLogCookieMonsterCookieRejectedHttponly( - cc, &cookie_being_set, capture_mode); + cur_existing_cookie, &cookie_being_set, capture_mode); }); status->AddExclusionReason(CanonicalCookie::CookieInclusionStatus:: EXCLUDE_OVERWRITE_HTTP_ONLY); } else { - maybe_delete_it = cur_it; + deletion_candidate_it = cur_it; } } } - if (maybe_delete_it != cookies_.end()) { - CanonicalCookie* maybe_delete_cc = maybe_delete_it->second.get(); - if (maybe_delete_cc->Value() == cookie_being_set.Value()) - *creation_date_to_inherit = maybe_delete_cc->CreationDate(); + if (deletion_candidate_it != cookies_.end()) { + CanonicalCookie* deletion_candidate = deletion_candidate_it->second.get(); + if (deletion_candidate->Value() == cookie_being_set.Value()) + *creation_date_to_inherit = deletion_candidate->CreationDate(); if (status->IsInclude()) { - InternalDeleteCookie(maybe_delete_it, true, + InternalDeleteCookie(deletion_candidate_it, true /* sync_to_store */, already_expired ? DELETE_COOKIE_EXPIRED_OVERWRITE : DELETE_COOKIE_OVERWRITE); } else if (status->HasExclusionReason( @@ -1067,14 +1071,14 @@ void CookieMonster::MaybeDeleteEquivalentCookieAndUpdateStatus( EXCLUDE_OVERWRITE_SECURE)) { // Log that we preserved a cookie that would have been deleted due to // Leave Secure Cookies Alone. This arbitrarily only logs the last - // |cc_skipped_secure| that we were left with after the for loop, even if - // there were multiple matching Secure cookies that were left alone. - DCHECK(cc_skipped_secure); + // |skipped_secure_cookie| that we were left with after the for loop, even + // if there were multiple matching Secure cookies that were left alone. + DCHECK(skipped_secure_cookie); net_log_.AddEvent( NetLogEventType::COOKIE_STORE_COOKIE_PRESERVED_SKIPPED_SECURE, [&](NetLogCaptureMode capture_mode) { return NetLogCookieMonsterCookiePreservedSkippedSecure( - cc_skipped_secure, maybe_delete_cc, &cookie_being_set, + skipped_secure_cookie, deletion_candidate, &cookie_being_set, capture_mode); }); } @@ -1145,15 +1149,14 @@ CookieMonster::CookieMap::iterator CookieMonster::InternalInsertCookie( } void CookieMonster::SetCanonicalCookie(std::unique_ptr<CanonicalCookie> cc, - std::string source_scheme, + const GURL& source_url, const CookieOptions& options, SetCookiesCallback callback) { DCHECK(thread_checker_.CalledOnValidThread()); CanonicalCookie::CookieInclusionStatus status; - std::string scheme_lower = base::ToLowerASCII(source_scheme); - bool secure_source = GURL::SchemeIsCryptographic(scheme_lower); + bool secure_source = source_url.SchemeIsCryptographic(); cc->SetSourceScheme(secure_source ? CookieSourceScheme::kSecure : CookieSourceScheme::kNonSecure); if ((cc->IsSecure() && !secure_source)) { @@ -1161,7 +1164,7 @@ void CookieMonster::SetCanonicalCookie(std::unique_ptr<CanonicalCookie> cc, CanonicalCookie::CookieInclusionStatus::EXCLUDE_SECURE_ONLY); } - if (!IsCookieableScheme(scheme_lower)) { + if (!IsCookieableScheme(source_url.scheme())) { status.AddExclusionReason( CanonicalCookie::CookieInclusionStatus::EXCLUDE_NONCOOKIEABLE_SCHEME); } @@ -1199,6 +1202,15 @@ void CookieMonster::SetCanonicalCookie(std::unique_ptr<CanonicalCookie> cc, "insecure scheme"; } + // Now that IsSetPermittedInContext() and + // MaybeDeleteEquivalentCookieAndUpdateStatus() have had a chance to set + // cookie warnings/exclusions, record the downgrade metric. + if (status.ShouldRecordDowngradeMetrics()) { + UMA_HISTOGRAM_ENUMERATION( + "Cookie.SameSiteContextDowngradeResponse", + status.GetBreakingDowngradeMetricsEnumValue(source_url)); + } + if (status.IsInclude()) { DVLOG(net::cookie_util::kVlogSetCookies) << "SetCookie() key: " << key << " cc: " << cc->DebugString(); @@ -1658,9 +1670,7 @@ std::string CookieMonster::GetKey(base::StringPiece domain) { if (effective_domain.empty()) effective_domain = std::string(domain); - if (!effective_domain.empty() && effective_domain[0] == '.') - return effective_domain.substr(1); - return effective_domain; + return cookie_util::CookieDomainAsHost(effective_domain); } bool CookieMonster::HasCookieableScheme(const GURL& url) { diff --git a/chromium/net/cookies/cookie_monster.h b/chromium/net/cookies/cookie_monster.h index 431fab884a5..46001bd4e4e 100644 --- a/chromium/net/cookies/cookie_monster.h +++ b/chromium/net/cookies/cookie_monster.h @@ -158,7 +158,7 @@ class NET_EXPORT CookieMonster : public CookieStore { // CookieStore implementation. void SetCanonicalCookieAsync(std::unique_ptr<CanonicalCookie> cookie, - std::string source_scheme, + const GURL& source_url, const CookieOptions& options, SetCookiesCallback callback) override; void GetCookieListWithOptionsAsync(const GURL& url, @@ -306,14 +306,14 @@ class NET_EXPORT CookieMonster : public CookieStore { static const int kRecordStatisticsIntervalSeconds = 10 * 60; // Sets a canonical cookie, deletes equivalents and performs garbage - // collection. |source_scheme| indicates what scheme the cookie is being set + // collection. |source_url| indicates what URL the cookie is being set // from; secure cookies cannot be altered from insecure schemes, and some // schemes may not be authorized. // // |options| indicates if this setting operation is allowed // to affect http_only or same-site cookies. void SetCanonicalCookie(std::unique_ptr<CanonicalCookie> cookie, - std::string source_scheme, + const GURL& source_url, const CookieOptions& options, SetCookiesCallback callback); diff --git a/chromium/net/cookies/cookie_monster_perftest.cc b/chromium/net/cookies/cookie_monster_perftest.cc index 8ac5ec1ffd0..6966a8a9e4b 100644 --- a/chromium/net/cookies/cookie_monster_perftest.cc +++ b/chromium/net/cookies/cookie_monster_perftest.cc @@ -99,7 +99,7 @@ class SetCookieCallback : public CookieTestCallback { auto cookie = CanonicalCookie::Create(gurl, cookie_line, base::Time::Now(), base::nullopt /* server_time */); cm->SetCanonicalCookieAsync( - std::move(cookie), gurl.scheme(), options_, + std::move(cookie), gurl, options_, base::BindOnce(&SetCookieCallback::Run, base::Unretained(this))); WaitForCallback(); } diff --git a/chromium/net/cookies/cookie_monster_unittest.cc b/chromium/net/cookies/cookie_monster_unittest.cc index 477961d177e..82877bcb54b 100644 --- a/chromium/net/cookies/cookie_monster_unittest.cc +++ b/chromium/net/cookies/cookie_monster_unittest.cc @@ -51,6 +51,7 @@ #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" #include "url/gurl.h" +#include "url/url_constants.h" namespace net { @@ -163,8 +164,7 @@ class CookieMonsterTestBase : public CookieStoreTest<T> { cm->SetCanonicalCookieAsync( CanonicalCookie::Create(url, cookie_line, creation_time, base::nullopt /* server_time */), - url.scheme(), CookieOptions::MakeAllInclusive(), - callback.MakeCallback()); + url, CookieOptions::MakeAllInclusive(), callback.MakeCallback()); callback.WaitUntilDone(); return callback.result().IsInclude(); } @@ -208,119 +208,84 @@ class CookieMonsterTestBase : public CookieStoreTest<T> { // * Two domain path cookies (.c.b.a/dir1, .c.b.a/dir1/dir2) // * Two host path cookies (w.c.b.a/dir1, w.c.b.a/dir1/dir2) + std::vector<std::unique_ptr<CanonicalCookie>> cookies; + // Domain cookies - EXPECT_TRUE(this->SetCanonicalCookie( - cm, - std::make_unique<CanonicalCookie>( - "dom_1", "A", ".harvard.edu", "/", base::Time(), base::Time(), - base::Time(), false, false, CookieSameSite::LAX_MODE, - COOKIE_PRIORITY_DEFAULT), - "http", true /*modify_httponly*/)); - EXPECT_TRUE(this->SetCanonicalCookie( - cm, - std::make_unique<CanonicalCookie>( - "dom_2", "B", ".math.harvard.edu", "/", base::Time(), base::Time(), - base::Time(), false, false, CookieSameSite::LAX_MODE, - COOKIE_PRIORITY_DEFAULT), - "http", true /*modify_httponly*/)); - EXPECT_TRUE(this->SetCanonicalCookie( - cm, - std::make_unique<CanonicalCookie>( - "dom_3", "C", ".bourbaki.math.harvard.edu", "/", base::Time(), - base::Time(), base::Time(), false, false, CookieSameSite::LAX_MODE, - COOKIE_PRIORITY_DEFAULT), - "http", true /*modify_httponly*/)); + cookies.push_back(std::make_unique<CanonicalCookie>( + "dom_1", "A", ".harvard.edu", "/", base::Time(), base::Time(), + base::Time(), false, false, CookieSameSite::LAX_MODE, + COOKIE_PRIORITY_DEFAULT)); + cookies.push_back(std::make_unique<CanonicalCookie>( + "dom_2", "B", ".math.harvard.edu", "/", base::Time(), base::Time(), + base::Time(), false, false, CookieSameSite::LAX_MODE, + COOKIE_PRIORITY_DEFAULT)); + cookies.push_back(std::make_unique<CanonicalCookie>( + "dom_3", "C", ".bourbaki.math.harvard.edu", "/", base::Time(), + base::Time(), base::Time(), false, false, CookieSameSite::LAX_MODE, + COOKIE_PRIORITY_DEFAULT)); // Host cookies - EXPECT_TRUE(this->SetCanonicalCookie( - cm, - std::make_unique<CanonicalCookie>( - "host_1", "A", url_top_level_domain_plus_1, "/", base::Time(), - base::Time(), base::Time(), false, false, CookieSameSite::LAX_MODE, - COOKIE_PRIORITY_DEFAULT), - "http", true /*modify_httponly*/)); - EXPECT_TRUE(this->SetCanonicalCookie( - cm, - std::make_unique<CanonicalCookie>( - "host_2", "B", url_top_level_domain_plus_2, "/", base::Time(), - base::Time(), base::Time(), false, false, CookieSameSite::LAX_MODE, - COOKIE_PRIORITY_DEFAULT), - "http", true /*modify_httponly*/)); - EXPECT_TRUE(this->SetCanonicalCookie( - cm, - std::make_unique<CanonicalCookie>( - "host_3", "C", url_top_level_domain_plus_3, "/", base::Time(), - base::Time(), base::Time(), false, false, CookieSameSite::LAX_MODE, - COOKIE_PRIORITY_DEFAULT), - "http", true /*modify_httponly*/)); + cookies.push_back(std::make_unique<CanonicalCookie>( + "host_1", "A", url_top_level_domain_plus_1, "/", base::Time(), + base::Time(), base::Time(), false, false, CookieSameSite::LAX_MODE, + COOKIE_PRIORITY_DEFAULT)); + cookies.push_back(std::make_unique<CanonicalCookie>( + "host_2", "B", url_top_level_domain_plus_2, "/", base::Time(), + base::Time(), base::Time(), false, false, CookieSameSite::LAX_MODE, + COOKIE_PRIORITY_DEFAULT)); + cookies.push_back(std::make_unique<CanonicalCookie>( + "host_3", "C", url_top_level_domain_plus_3, "/", base::Time(), + base::Time(), base::Time(), false, false, CookieSameSite::LAX_MODE, + COOKIE_PRIORITY_DEFAULT)); // http_only cookie - EXPECT_TRUE(this->SetCanonicalCookie( - cm, - std::make_unique<CanonicalCookie>( - "httpo_check", "A", url_top_level_domain_plus_2, "/", base::Time(), - base::Time(), base::Time(), false, true, CookieSameSite::LAX_MODE, - COOKIE_PRIORITY_DEFAULT), - "http", true /*modify_httponly*/)); + cookies.push_back(std::make_unique<CanonicalCookie>( + "httpo_check", "A", url_top_level_domain_plus_2, "/", base::Time(), + base::Time(), base::Time(), false, true, CookieSameSite::LAX_MODE, + COOKIE_PRIORITY_DEFAULT)); // same-site cookie - EXPECT_TRUE(this->SetCanonicalCookie( - cm, - std::make_unique<CanonicalCookie>( - "firstp_check", "A", url_top_level_domain_plus_2, "/", base::Time(), - base::Time(), base::Time(), false, false, - CookieSameSite::STRICT_MODE, COOKIE_PRIORITY_DEFAULT), - "http", true /*modify_httponly*/)); + cookies.push_back(std::make_unique<CanonicalCookie>( + "firstp_check", "A", url_top_level_domain_plus_2, "/", base::Time(), + base::Time(), base::Time(), false, false, CookieSameSite::STRICT_MODE, + COOKIE_PRIORITY_DEFAULT)); // Secure cookies - EXPECT_TRUE(this->SetCanonicalCookie( - cm, - std::make_unique<CanonicalCookie>( - "sec_dom", "A", ".math.harvard.edu", "/", base::Time(), - base::Time(), base::Time(), true, false, - CookieSameSite::NO_RESTRICTION, COOKIE_PRIORITY_DEFAULT), - "https", true /*modify_httponly*/)); - - EXPECT_TRUE(this->SetCanonicalCookie( - cm, - std::make_unique<CanonicalCookie>( - "sec_host", "B", url_top_level_domain_plus_2, "/", base::Time(), - base::Time(), base::Time(), true, false, - CookieSameSite::NO_RESTRICTION, COOKIE_PRIORITY_DEFAULT), - "https", true /*modify_httponly*/)); + cookies.push_back(std::make_unique<CanonicalCookie>( + "sec_dom", "A", ".math.harvard.edu", "/", base::Time(), base::Time(), + base::Time(), true, false, CookieSameSite::NO_RESTRICTION, + COOKIE_PRIORITY_DEFAULT)); + cookies.push_back(std::make_unique<CanonicalCookie>( + "sec_host", "B", url_top_level_domain_plus_2, "/", base::Time(), + base::Time(), base::Time(), true, false, CookieSameSite::NO_RESTRICTION, + COOKIE_PRIORITY_DEFAULT)); // Domain path cookies - EXPECT_TRUE(this->SetCanonicalCookie( - cm, - std::make_unique<CanonicalCookie>( - "dom_path_1", "A", ".math.harvard.edu", "/dir1", base::Time(), - base::Time(), base::Time(), false, false, CookieSameSite::LAX_MODE, - COOKIE_PRIORITY_DEFAULT), - "http", true /*modify_httponly*/)); - EXPECT_TRUE(this->SetCanonicalCookie( - cm, - std::make_unique<CanonicalCookie>( - "dom_path_2", "B", ".math.harvard.edu", "/dir1/dir2", base::Time(), - base::Time(), base::Time(), false, false, CookieSameSite::LAX_MODE, - COOKIE_PRIORITY_DEFAULT), - "http", true /*modify_httponly*/)); + cookies.push_back(std::make_unique<CanonicalCookie>( + "dom_path_1", "A", ".math.harvard.edu", "/dir1", base::Time(), + base::Time(), base::Time(), false, false, CookieSameSite::LAX_MODE, + COOKIE_PRIORITY_DEFAULT)); + cookies.push_back(std::make_unique<CanonicalCookie>( + "dom_path_2", "B", ".math.harvard.edu", "/dir1/dir2", base::Time(), + base::Time(), base::Time(), false, false, CookieSameSite::LAX_MODE, + COOKIE_PRIORITY_DEFAULT)); // Host path cookies - EXPECT_TRUE(this->SetCanonicalCookie( - cm, - std::make_unique<CanonicalCookie>( - "host_path_1", "A", url_top_level_domain_plus_2, "/dir1", - base::Time(), base::Time(), base::Time(), false, false, - CookieSameSite::LAX_MODE, COOKIE_PRIORITY_DEFAULT), - "http", true /*modify_httponly*/)); - - EXPECT_TRUE(this->SetCanonicalCookie( - cm, - std::make_unique<CanonicalCookie>( - "host_path_2", "B", url_top_level_domain_plus_2, "/dir1/dir2", - base::Time(), base::Time(), base::Time(), false, false, - CookieSameSite::LAX_MODE, COOKIE_PRIORITY_DEFAULT), - "http", true /*modify_httponly*/)); + cookies.push_back(std::make_unique<CanonicalCookie>( + "host_path_1", "A", url_top_level_domain_plus_2, "/dir1", base::Time(), + base::Time(), base::Time(), false, false, CookieSameSite::LAX_MODE, + COOKIE_PRIORITY_DEFAULT)); + cookies.push_back(std::make_unique<CanonicalCookie>( + "host_path_2", "B", url_top_level_domain_plus_2, "/dir1/dir2", + base::Time(), base::Time(), base::Time(), false, false, + CookieSameSite::LAX_MODE, COOKIE_PRIORITY_DEFAULT)); + + for (auto& cookie : cookies) { + GURL source_url = cookie_util::SimulatedCookieSource( + *cookie, cookie->IsSecure() ? "https" : "http"); + EXPECT_TRUE(this->SetCanonicalCookie(cm, std::move(cookie), source_url, + true /* modify_httponly */)); + } EXPECT_EQ(14U, this->GetAllCookies(cm).size()); } @@ -825,7 +790,8 @@ class CookieMonsterTestBase : public CookieStoreTest<T> { creation_time /* last_access */, true /* secure */, false /* http_only */, CookieSameSite::NO_RESTRICTION, COOKIE_PRIORITY_DEFAULT)); - cm->SetCanonicalCookieAsync(std::move(cc), "https", + GURL source_url = cookie_util::SimulatedCookieSource(*cc, "https"); + cm->SetCanonicalCookieAsync(std::move(cc), source_url, CookieOptions::MakeAllInclusive(), CookieStore::SetCookiesCallback()); } @@ -970,7 +936,7 @@ TEST_F(DeferredCookieTaskTest, DeferredSetCookie) { cookie_monster_->SetCanonicalCookieAsync( CanonicalCookie::Create(http_www_foo_.url(), "A=B", base::Time::Now(), base::nullopt /* server_time */), - http_www_foo_.url().scheme(), CookieOptions::MakeAllInclusive(), + http_www_foo_.url(), CookieOptions::MakeAllInclusive(), call1.MakeCallback()); base::RunLoop().RunUntilIdle(); EXPECT_FALSE(call1.was_run()); @@ -984,7 +950,7 @@ TEST_F(DeferredCookieTaskTest, DeferredSetCookie) { cookie_monster_->SetCanonicalCookieAsync( CanonicalCookie::Create(http_www_foo_.url(), "X=Y", base::Time::Now(), base::nullopt /* server_time */), - http_www_foo_.url().scheme(), CookieOptions::MakeAllInclusive(), + http_www_foo_.url(), CookieOptions::MakeAllInclusive(), call2.MakeCallback()); ASSERT_TRUE(call2.was_run()); EXPECT_TRUE(call2.result().IsInclude()); @@ -1245,7 +1211,7 @@ TEST_F(DeferredCookieTaskTest, DeferredTaskOrder) { cookie_monster_->SetCanonicalCookieAsync( CanonicalCookie::Create(http_www_foo_.url(), "A=B", base::Time::Now(), base::nullopt /* server_time */), - http_www_foo_.url().scheme(), CookieOptions::MakeAllInclusive(), + http_www_foo_.url(), CookieOptions::MakeAllInclusive(), set_cookies_callback.MakeCallback()); // Nothing happened yet, before loads are done. @@ -1475,7 +1441,7 @@ TEST_F(CookieMonsterTest, SetCookieableSchemes) { EXPECT_TRUE(SetCanonicalCookieReturnStatus( cm.get(), CanonicalCookie::Create(http_url, "y=1", now, server_time), - "http", false /*modify_httponly*/) + http_url, false /*modify_httponly*/) .IsInclude()); EXPECT_TRUE(CreateAndSetCookieReturnStatus(cm.get(), foo_url, "x=1") @@ -1485,7 +1451,7 @@ TEST_F(CookieMonsterTest, SetCookieableSchemes) { EXPECT_TRUE(SetCanonicalCookieReturnStatus( cm.get(), CanonicalCookie::Create(foo_url, "y=1", now, server_time), - "foo", false /*modify_httponly*/) + foo_url, false /*modify_httponly*/) .HasExactlyExclusionReasonsForTesting( {CanonicalCookie::CookieInclusionStatus:: EXCLUDE_NONCOOKIEABLE_SCHEME})); @@ -1495,7 +1461,7 @@ TEST_F(CookieMonsterTest, SetCookieableSchemes) { EXPECT_TRUE(SetCanonicalCookieReturnStatus( cm_foo.get(), CanonicalCookie::Create(foo_url, "y=1", now, server_time), - "foo", false /*modify_httponly*/) + foo_url, false /*modify_httponly*/) .IsInclude()); EXPECT_TRUE(CreateAndSetCookieReturnStatus(cm_foo.get(), http_url, "x=1") @@ -1505,7 +1471,7 @@ TEST_F(CookieMonsterTest, SetCookieableSchemes) { EXPECT_TRUE(SetCanonicalCookieReturnStatus( cm_foo.get(), CanonicalCookie::Create(http_url, "y=1", now, server_time), - "http", false /*modify_httponly*/) + http_url, false /*modify_httponly*/) .HasExactlyExclusionReasonsForTesting( {CanonicalCookie::CookieInclusionStatus:: EXCLUDE_NONCOOKIEABLE_SCHEME})); @@ -2005,7 +1971,7 @@ TEST_F(CookieMonsterTest, BackingStoreCommunication) { cookie.name, cookie.value, cookie.domain, cookie.path, base::Time(), cookie.expiration_time, base::Time(), cookie.secure, cookie.http_only, cookie.same_site, cookie.priority), - cookie.url.scheme(), true /*modify_httponly*/)); + cookie.url, true /*modify_httponly*/)); } EXPECT_TRUE(FindAndDeleteCookie(cmout.get(), @@ -2225,7 +2191,7 @@ TEST_F(CookieMonsterTest, WhileLoadingLoadCompletesBeforeKeyLoadCompletes) { base::nullopt /* server_time */); ResultSavingCookieCallback<CanonicalCookie::CookieInclusionStatus> set_cookie_callback; - cm->SetCanonicalCookieAsync(std::move(cookie), kUrl.scheme(), + cm->SetCanonicalCookieAsync(std::move(cookie), kUrl, CookieOptions::MakeAllInclusive(), set_cookie_callback.MakeCallback()); @@ -2314,7 +2280,7 @@ TEST_F(CookieMonsterTest, WhileLoadingGetAllSetGetAll) { base::nullopt /* server_time */); ResultSavingCookieCallback<CanonicalCookie::CookieInclusionStatus> set_cookie_callback; - cm->SetCanonicalCookieAsync(std::move(cookie), kUrl.scheme(), + cm->SetCanonicalCookieAsync(std::move(cookie), kUrl, CookieOptions::MakeAllInclusive(), set_cookie_callback.MakeCallback()); @@ -2365,8 +2331,8 @@ TEST_F(CookieMonsterTest, CheckOrderOfCookieTaskQueueWhenLoadingCompletes) { cm->GetAllCookiesAsync(base::BindOnce( &RunClosureOnAllCookiesReceived, base::BindOnce(&CookieStore::SetCanonicalCookieAsync, - base::Unretained(cm.get()), std::move(cookie), - kUrl.scheme(), CookieOptions::MakeAllInclusive(), + base::Unretained(cm.get()), std::move(cookie), kUrl, + CookieOptions::MakeAllInclusive(), set_cookie_callback.MakeCallback()))); // Get cookie task. Queued before the delete task is executed, so should not @@ -2548,13 +2514,13 @@ TEST_F(CookieMonsterTest, HistogramCheck) { std::unique_ptr<base::HistogramSamples> samples1( expired_histogram->SnapshotSamples()); - ASSERT_TRUE(SetCanonicalCookie( - cm.get(), - std::make_unique<CanonicalCookie>( - "a", "b", "a.url", "/", base::Time(), - base::Time::Now() + base::TimeDelta::FromMinutes(59), base::Time(), - true, false, CookieSameSite::NO_RESTRICTION, COOKIE_PRIORITY_DEFAULT), - "https", true /*modify_httponly*/)); + auto cookie = std::make_unique<CanonicalCookie>( + "a", "b", "a.url", "/", base::Time(), + base::Time::Now() + base::TimeDelta::FromMinutes(59), base::Time(), true, + false, CookieSameSite::NO_RESTRICTION, COOKIE_PRIORITY_DEFAULT); + GURL source_url = cookie_util::SimulatedCookieSource(*cookie, "https"); + ASSERT_TRUE(SetCanonicalCookie(cm.get(), std::move(cookie), source_url, + true /*modify_httponly*/)); std::unique_ptr<base::HistogramSamples> samples2( expired_histogram->SnapshotSamples()); @@ -2764,7 +2730,8 @@ TEST_F(CookieMonsterTest, MaybeDeleteEquivalentCookieAndUpdateStatus) { base::nullopt /* server_time */); CanonicalCookie::CookieInclusionStatus status = SetCanonicalCookieReturnStatus(cm.get(), std::move(preexisting_cookie), - "https", true /* can_modify_httponly */); + https_www_foo_.url(), + true /* can_modify_httponly */); ASSERT_TRUE(status.IsInclude()); // Set a new cookie with a different name. Should work because cookies with @@ -2782,8 +2749,9 @@ TEST_F(CookieMonsterTest, MaybeDeleteEquivalentCookieAndUpdateStatus) { base::nullopt /* server_time */); // Allow modifying HttpOnly, so that we don't skip preexisting cookies for // being HttpOnly. - status = SetCanonicalCookieReturnStatus( - cm.get(), std::move(bad_cookie), "http", true /* can_modify_httponly */); + status = SetCanonicalCookieReturnStatus(cm.get(), std::move(bad_cookie), + http_www_foo_.url(), + true /* can_modify_httponly */); EXPECT_TRUE(status.HasExactlyExclusionReasonsForTesting( {CanonicalCookie::CookieInclusionStatus::EXCLUDE_OVERWRITE_SECURE})); // The preexisting cookie should still be there. @@ -2812,8 +2780,9 @@ TEST_F(CookieMonsterTest, MaybeDeleteEquivalentCookieAndUpdateStatus) { base::nullopt /* server_time */); // Allow modifying HttpOnly, so that we don't skip preexisting cookies for // being HttpOnly. - status = SetCanonicalCookieReturnStatus( - cm.get(), std::move(bad_cookie), "http", true /* can_modify_httponly */); + status = SetCanonicalCookieReturnStatus(cm.get(), std::move(bad_cookie), + http_www_foo_.url(), + true /* can_modify_httponly */); EXPECT_TRUE(status.HasExactlyExclusionReasonsForTesting( {CanonicalCookie::CookieInclusionStatus::EXCLUDE_OVERWRITE_SECURE})); // The preexisting cookie should still be there. @@ -2839,9 +2808,9 @@ TEST_F(CookieMonsterTest, MaybeDeleteEquivalentCookieAndUpdateStatus) { bad_cookie = CanonicalCookie::Create(https_www_foo_.url(), "A=E; Secure", base::Time::Now(), base::nullopt /* server_time */); - status = - SetCanonicalCookieReturnStatus(cm.get(), std::move(bad_cookie), "https", - false /* can_modify_httponly */); + status = SetCanonicalCookieReturnStatus(cm.get(), std::move(bad_cookie), + https_www_foo_.url(), + false /* can_modify_httponly */); EXPECT_TRUE(status.HasExactlyExclusionReasonsForTesting( {CanonicalCookie::CookieInclusionStatus::EXCLUDE_OVERWRITE_HTTP_ONLY})); @@ -2865,7 +2834,8 @@ TEST_F(CookieMonsterTest, SkipDontOverwriteForMultipleReasons) { base::nullopt /* server_time */); CanonicalCookie::CookieInclusionStatus status = SetCanonicalCookieReturnStatus(cm.get(), std::move(preexisting_cookie), - "https", true /* can_modify_httponly */); + https_www_foo_.url(), + true /* can_modify_httponly */); ASSERT_TRUE(status.IsInclude()); // Attempt to set a new cookie with the same name that is not Secure or @@ -2873,7 +2843,8 @@ TEST_F(CookieMonsterTest, SkipDontOverwriteForMultipleReasons) { auto cookie = CanonicalCookie::Create(http_www_foo_.url(), "A=B", base::Time::Now(), base::nullopt /* server_time */); - status = SetCanonicalCookieReturnStatus(cm.get(), std::move(cookie), "http", + status = SetCanonicalCookieReturnStatus(cm.get(), std::move(cookie), + http_www_foo_.url(), false /* can_modify_httponly */); EXPECT_TRUE(status.HasExactlyExclusionReasonsForTesting( {CanonicalCookie::CookieInclusionStatus::EXCLUDE_OVERWRITE_SECURE, @@ -2899,14 +2870,16 @@ TEST_F(CookieMonsterTest, DontDeleteEquivalentCookieIfSetIsRejected) { base::nullopt /* server_time */); CanonicalCookie::CookieInclusionStatus status = SetCanonicalCookieReturnStatus(cm.get(), std::move(preexisting_cookie), - "https", false /* can_modify_httponly */); + http_www_foo_.url(), + false /* can_modify_httponly */); ASSERT_TRUE(status.IsInclude()); auto bad_cookie = CanonicalCookie::Create( http_www_foo_.url(), "cookie=bar;secure", base::Time::Now(), base::nullopt /* server_time */); CanonicalCookie::CookieInclusionStatus status2 = - SetCanonicalCookieReturnStatus(cm.get(), std::move(bad_cookie), "http", + SetCanonicalCookieReturnStatus(cm.get(), std::move(bad_cookie), + http_www_foo_.url(), false /* can_modify_httponly */); EXPECT_TRUE(status2.HasExactlyExclusionReasonsForTesting( {CanonicalCookie::CookieInclusionStatus::EXCLUDE_SECURE_ONLY})); @@ -2930,13 +2903,13 @@ TEST_F(CookieMonsterTest, SetSecureCookies) { EXPECT_TRUE( CreateAndSetCookieReturnStatus(cm.get(), https_url, "A=B;").IsInclude()); - // A secure cookie cannot be created from a URL with an insecure scheme. + // A secure cookie cannot be set from a URL with an insecure scheme. EXPECT_TRUE( CreateAndSetCookieReturnStatus(cm.get(), http_url, "A=B; Secure") .HasExactlyExclusionReasonsForTesting( {CanonicalCookie::CookieInclusionStatus::EXCLUDE_SECURE_ONLY})); - // A secure cookie can be created from a URL with a secure scheme. + // A secure cookie can be set from a URL with a secure scheme. EXPECT_TRUE(CreateAndSetCookieReturnStatus(cm.get(), https_url, "A=B; Secure") .IsInclude()); @@ -3095,6 +3068,288 @@ TEST_F(CookieMonsterTest, SetSecureCookies) { NetLogEventPhase::NONE); } +// Tests the behavior of "Leave Secure Cookies Alone" in +// MaybeDeleteEquivalentCookieAndUpdateStatus(). +// Check domain-match criterion: If either cookie domain matches the other, +// don't set the insecure cookie. +TEST_F(CookieMonsterTest, LeaveSecureCookiesAlone_DomainMatch) { + std::unique_ptr<CookieMonster> cm(new CookieMonster(nullptr, &net_log_)); + + // These domains will domain-match each other. + const char* kRegistrableDomain = "foo.com"; + const char* kSuperdomain = "a.foo.com"; + const char* kDomain = "b.a.foo.com"; + const char* kSubdomain = "c.b.a.foo.com"; + // This domain does not match any, aside from the registrable domain. + const char* kOtherDomain = "z.foo.com"; + + for (const char* preexisting_cookie_host : + {kRegistrableDomain, kSuperdomain, kDomain, kSubdomain}) { + GURL preexisting_cookie_url( + base::StrCat({url::kHttpsScheme, url::kStandardSchemeSeparator, + preexisting_cookie_host})); + for (const char* new_cookie_host : + {kRegistrableDomain, kSuperdomain, kDomain, kSubdomain}) { + GURL https_url(base::StrCat( + {url::kHttpsScheme, url::kStandardSchemeSeparator, new_cookie_host})); + GURL http_url(base::StrCat( + {url::kHttpScheme, url::kStandardSchemeSeparator, new_cookie_host})); + + // Preexisting Secure host and domain cookies. + EXPECT_TRUE(CreateAndSetCookieReturnStatus( + cm.get(), preexisting_cookie_url, "A=0; Secure") + .IsInclude()); + EXPECT_TRUE( + CreateAndSetCookieReturnStatus( + cm.get(), preexisting_cookie_url, + base::StrCat({"B=0; Secure; Domain=", preexisting_cookie_host})) + .IsInclude()); + + // Don't set insecure cookie from an insecure URL if equivalent secure + // cookie exists. + EXPECT_TRUE(CreateAndSetCookieReturnStatus(cm.get(), http_url, "A=1") + .HasExactlyExclusionReasonsForTesting( + {CanonicalCookie::CookieInclusionStatus:: + EXCLUDE_OVERWRITE_SECURE})) + << "Insecure host cookie from " << http_url + << " should not be set if equivalent secure host cookie from " + << preexisting_cookie_url << " exists."; + EXPECT_TRUE(CreateAndSetCookieReturnStatus( + cm.get(), http_url, + base::StrCat({"A=2; Domain=", new_cookie_host})) + .HasExactlyExclusionReasonsForTesting( + {CanonicalCookie::CookieInclusionStatus:: + EXCLUDE_OVERWRITE_SECURE})) + << "Insecure domain cookie from " << http_url + << " should not be set if equivalent secure host cookie from " + << preexisting_cookie_url << " exists."; + EXPECT_TRUE(CreateAndSetCookieReturnStatus(cm.get(), http_url, "B=1") + .HasExactlyExclusionReasonsForTesting( + {CanonicalCookie::CookieInclusionStatus:: + EXCLUDE_OVERWRITE_SECURE})) + << "Insecure host cookie from " << http_url + << " should not be set if equivalent secure domain cookie from " + << preexisting_cookie_url << " exists."; + EXPECT_TRUE(CreateAndSetCookieReturnStatus( + cm.get(), http_url, + base::StrCat({"B=2; Domain=", new_cookie_host})) + .HasExactlyExclusionReasonsForTesting( + {CanonicalCookie::CookieInclusionStatus:: + EXCLUDE_OVERWRITE_SECURE})) + << "Insecure domain cookie from " << http_url + << " should not be set if equivalent secure domain cookie from " + << preexisting_cookie_url << " exists."; + + // Allow setting insecure cookie from a secure URL even if equivalent + // secure cookie exists. + EXPECT_TRUE(CreateAndSetCookieReturnStatus(cm.get(), https_url, "A=3;") + .IsInclude()) + << "Insecure host cookie from " << https_url + << " can be set even if equivalent secure host cookie from " + << preexisting_cookie_url << " exists."; + EXPECT_TRUE(CreateAndSetCookieReturnStatus( + cm.get(), https_url, + base::StrCat({"A=4; Domain=", new_cookie_host})) + .IsInclude()) + << "Insecure domain cookie from " << https_url + << " can be set even if equivalent secure host cookie from " + << preexisting_cookie_url << " exists."; + EXPECT_TRUE(CreateAndSetCookieReturnStatus(cm.get(), https_url, "B=3;") + .IsInclude()) + << "Insecure host cookie from " << https_url + << " can be set even if equivalent secure domain cookie from " + << preexisting_cookie_url << " exists."; + EXPECT_TRUE(CreateAndSetCookieReturnStatus( + cm.get(), https_url, + base::StrCat({"B=4; Domain=", new_cookie_host})) + .IsInclude()) + << "Insecure domain cookie from " << https_url + << " can be set even if equivalent secure domain cookie from " + << preexisting_cookie_url << " exists."; + + DeleteAll(cm.get()); + } + } + + // Test non-domain-matching case. These sets should all be allowed because the + // cookie is not equivalent. + GURL nonmatching_https_url(base::StrCat( + {url::kHttpsScheme, url::kStandardSchemeSeparator, kOtherDomain})); + + for (const char* host : {kSuperdomain, kDomain, kSubdomain}) { + GURL https_url( + base::StrCat({url::kHttpsScheme, url::kStandardSchemeSeparator, host})); + GURL http_url( + base::StrCat({url::kHttpScheme, url::kStandardSchemeSeparator, host})); + + // Preexisting Secure host and domain cookies. + EXPECT_TRUE(CreateAndSetCookieReturnStatus(cm.get(), nonmatching_https_url, + "A=0; Secure") + .IsInclude()); + EXPECT_TRUE(CreateAndSetCookieReturnStatus( + cm.get(), nonmatching_https_url, + base::StrCat({"B=0; Secure; Domain=", kOtherDomain})) + .IsInclude()); + + // New cookie from insecure URL is set. + EXPECT_TRUE( + CreateAndSetCookieReturnStatus(cm.get(), http_url, "A=1;").IsInclude()) + << "Insecure host cookie from " << http_url + << " can be set even if equivalent secure host cookie from " + << nonmatching_https_url << " exists."; + EXPECT_TRUE(CreateAndSetCookieReturnStatus( + cm.get(), http_url, base::StrCat({"A=2; Domain=", host})) + .IsInclude()) + << "Insecure domain cookie from " << http_url + << " can be set even if equivalent secure host cookie from " + << nonmatching_https_url << " exists."; + EXPECT_TRUE( + CreateAndSetCookieReturnStatus(cm.get(), http_url, "B=1;").IsInclude()) + << "Insecure host cookie from " << http_url + << " can be set even if equivalent secure domain cookie from " + << nonmatching_https_url << " exists."; + EXPECT_TRUE(CreateAndSetCookieReturnStatus( + cm.get(), http_url, base::StrCat({"B=2; Domain=", host})) + .IsInclude()) + << "Insecure domain cookie from " << http_url + << " can be set even if equivalent secure domain cookie from " + << nonmatching_https_url << " exists."; + + // New cookie from secure URL is set. + EXPECT_TRUE( + CreateAndSetCookieReturnStatus(cm.get(), https_url, "A=3;").IsInclude()) + << "Insecure host cookie from " << https_url + << " can be set even if equivalent secure host cookie from " + << nonmatching_https_url << " exists."; + EXPECT_TRUE(CreateAndSetCookieReturnStatus( + cm.get(), https_url, base::StrCat({"A=4; Domain=", host})) + .IsInclude()) + << "Insecure domain cookie from " << https_url + << " can be set even if equivalent secure host cookie from " + << nonmatching_https_url << " exists."; + EXPECT_TRUE( + CreateAndSetCookieReturnStatus(cm.get(), https_url, "B=3;").IsInclude()) + << "Insecure host cookie from " << https_url + << " can be set even if equivalent secure host cookie from " + << nonmatching_https_url << " exists."; + EXPECT_TRUE(CreateAndSetCookieReturnStatus( + cm.get(), https_url, base::StrCat({"B=4; Domain=", host})) + .IsInclude()) + << "Insecure domain cookie from " << https_url + << " can be set even if equivalent secure host cookie from " + << nonmatching_https_url << " exists."; + + DeleteAll(cm.get()); + } +} + +// Tests the behavior of "Leave Secure Cookies Alone" in +// MaybeDeleteEquivalentCookieAndUpdateStatus(). +// Check path-match criterion: If the new cookie is for the same path or a +// subdirectory of the preexisting cookie's path, don't set the new cookie. +TEST_F(CookieMonsterTest, LeaveSecureCookiesAlone_PathMatch) { + std::unique_ptr<CookieMonster> cm(new CookieMonster(nullptr, &net_log_)); + + // A path that is later in this list will path-match all the paths before it. + const char* kPaths[] = {"/", "/1", "/1/2", "/1/2/3"}; + // This path does not match any, aside from the root path. + const char* kOtherDirectory = "/9"; + + for (int preexisting_cookie_path_index = 0; preexisting_cookie_path_index < 4; + ++preexisting_cookie_path_index) { + const char* preexisting_cookie_path = kPaths[preexisting_cookie_path_index]; + GURL preexisting_cookie_url( + base::StrCat({url::kHttpsScheme, url::kStandardSchemeSeparator, + "a.foo.com", preexisting_cookie_path})); + for (int new_cookie_path_index = 0; new_cookie_path_index < 4; + ++new_cookie_path_index) { + const char* new_cookie_path = kPaths[new_cookie_path_index]; + bool should_path_match = + new_cookie_path_index >= preexisting_cookie_path_index; + GURL https_url( + base::StrCat({url::kHttpsScheme, url::kStandardSchemeSeparator, + "a.foo.com", new_cookie_path})); + GURL http_url( + base::StrCat({url::kHttpScheme, url::kStandardSchemeSeparator, + "a.foo.com", new_cookie_path})); + + // Preexisting Secure cookie. + EXPECT_TRUE( + CreateAndSetCookieReturnStatus( + cm.get(), preexisting_cookie_url, + base::StrCat({"A=0; Secure; Path=", preexisting_cookie_path})) + .IsInclude()); + + // Don't set insecure cookie from an insecure URL if equivalent secure + // cookie exists. + CanonicalCookie::CookieInclusionStatus set = + CreateAndSetCookieReturnStatus( + cm.get(), http_url, + base::StrCat({"A=1; Path=", new_cookie_path})); + EXPECT_TRUE(should_path_match + ? set.HasExactlyExclusionReasonsForTesting( + {CanonicalCookie::CookieInclusionStatus:: + EXCLUDE_OVERWRITE_SECURE}) + : set.IsInclude()) + << "Insecure cookie from " << http_url << " should " + << (should_path_match ? "not " : "") + << "be set if equivalent secure cookie from " + << preexisting_cookie_url << " exists."; + + // Allow setting insecure cookie from a secure URL even if equivalent + // secure cookie exists. + EXPECT_TRUE(CreateAndSetCookieReturnStatus( + cm.get(), https_url, + base::StrCat({"A=2; Path=", new_cookie_path})) + .IsInclude()) + << "Insecure cookie from " << http_url + << " can be set even if equivalent secure cookie from " + << preexisting_cookie_url << " exists."; + + DeleteAll(cm.get()); + } + } + + // Test non-matching-path case. These sets should all be allowed because the + // cookie is not equivalent. + GURL nonmatching_https_url( + base::StrCat({url::kHttpsScheme, url::kStandardSchemeSeparator, + "a.foo.com", kOtherDirectory})); + + for (int new_cookie_path_index = 1; new_cookie_path_index < 4; + ++new_cookie_path_index) { + const char* new_cookie_path = kPaths[new_cookie_path_index]; + GURL https_url(base::StrCat( + {url::kHttpsScheme, url::kStandardSchemeSeparator, new_cookie_path})); + GURL http_url(base::StrCat( + {url::kHttpScheme, url::kStandardSchemeSeparator, new_cookie_path})); + + // Preexisting Secure cookie. + EXPECT_TRUE(CreateAndSetCookieReturnStatus( + cm.get(), nonmatching_https_url, + base::StrCat({"A=0; Secure; Path=", kOtherDirectory})) + .IsInclude()); + + // New cookie from insecure URL is set. + EXPECT_TRUE( + CreateAndSetCookieReturnStatus( + cm.get(), http_url, base::StrCat({"A=1; Path=", new_cookie_path})) + .IsInclude()) + << "Insecure cookie from " << http_url + << " can be set even if equivalent secure cookie from " + << nonmatching_https_url << " exists."; + + // New cookie from secure URL is set. + EXPECT_TRUE( + CreateAndSetCookieReturnStatus( + cm.get(), https_url, base::StrCat({"A=1; Path=", new_cookie_path})) + .IsInclude()) + << "Insecure cookie from " << https_url + << " can be set even if equivalent secure cookie from " + << nonmatching_https_url << " exists."; + } +} + // Tests for behavior for strict secure cookies. TEST_F(CookieMonsterTest, EvictSecureCookies) { // Hard-coding limits in the test, but use DCHECK_EQ to enforce constraint. @@ -3254,10 +3509,12 @@ TEST_F(CookieMonsterTest, SetCanonicalCookieDoesNotBlockForLoadAll) { // Start of a canonical cookie set. ResultSavingCookieCallback<CanonicalCookie::CookieInclusionStatus> callback_set; + GURL cookie_url("http://a.com/"); cm.SetCanonicalCookieAsync( - CanonicalCookie::Create(GURL("http://a.com/"), "A=B", base::Time::Now(), + CanonicalCookie::Create(cookie_url, "A=B", base::Time::Now(), base::nullopt /* server_time */), - "http", CookieOptions::MakeAllInclusive(), callback_set.MakeCallback()); + cookie_url, CookieOptions::MakeAllInclusive(), + callback_set.MakeCallback()); // Get cookies for a different URL. GetCookieListCallback callback_get; @@ -3339,7 +3596,7 @@ TEST_F(CookieMonsterTest, DeleteCookieWithInheritedTimestamps) { auto cookie = CanonicalCookie::Create(url, cookie_line, t1, server_time); ResultSavingCookieCallback<CanonicalCookie::CookieInclusionStatus> set_callback_1; - cm.SetCanonicalCookieAsync(std::move(cookie), url.scheme(), options, + cm.SetCanonicalCookieAsync(std::move(cookie), url, options, set_callback_1.MakeCallback()); set_callback_1.WaitUntilDone(); @@ -3347,7 +3604,7 @@ TEST_F(CookieMonsterTest, DeleteCookieWithInheritedTimestamps) { cookie = CanonicalCookie::Create(url, cookie_line, t2, server_time); ResultSavingCookieCallback<CanonicalCookie::CookieInclusionStatus> set_callback_2; - cm.SetCanonicalCookieAsync(std::move(cookie), url.scheme(), options, + cm.SetCanonicalCookieAsync(std::move(cookie), url, options, set_callback_2.MakeCallback()); set_callback_2.WaitUntilDone(); @@ -3380,7 +3637,7 @@ TEST_F(CookieMonsterTest, RejectCreatedSameSiteCookieOnSet) { // ... but the environment is checked on set, so this may be rejected then. ResultSavingCookieCallback<CanonicalCookie::CookieInclusionStatus> callback; - cm.SetCanonicalCookieAsync(std::move(cookie), "http", env_cross_site, + cm.SetCanonicalCookieAsync(std::move(cookie), url, env_cross_site, callback.MakeCallback()); callback.WaitUntilDone(); EXPECT_TRUE(callback.result().HasExactlyExclusionReasonsForTesting( @@ -3404,7 +3661,7 @@ TEST_F(CookieMonsterTest, RejectCreatedSecureCookieOnSet) { // Cookie is rejected when attempting to set from a non-secure scheme. ResultSavingCookieCallback<CanonicalCookie::CookieInclusionStatus> callback; - cm.SetCanonicalCookieAsync(std::move(cookie), "http", + cm.SetCanonicalCookieAsync(std::move(cookie), http_url, CookieOptions::MakeAllInclusive(), callback.MakeCallback()); callback.WaitUntilDone(); @@ -3434,7 +3691,7 @@ TEST_F(CookieMonsterTest, RejectCreatedHttpOnlyCookieOnSet) { CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT)); options_no_httponly.set_exclude_httponly(); // Default, but make it explicit. ResultSavingCookieCallback<CanonicalCookie::CookieInclusionStatus> callback; - cm.SetCanonicalCookieAsync(std::move(cookie), "http", options_no_httponly, + cm.SetCanonicalCookieAsync(std::move(cookie), url, options_no_httponly, callback.MakeCallback()); callback.WaitUntilDone(); EXPECT_TRUE(callback.result().HasExactlyExclusionReasonsForTesting( @@ -3565,7 +3822,7 @@ TEST_F(CookieMonsterTest, CookiesWithoutSameSiteMustBeSecure) { CanonicalCookie cookie_copy = *cookie; CanonicalCookie::CookieInclusionStatus result = SetCanonicalCookieReturnStatus( - cm.get(), std::move(cookie), url.scheme(), + cm.get(), std::move(cookie), url, true /* can_modify_httponly (irrelevant) */); EXPECT_EQ(test.expected_set_cookie_result, result) << "Test case " << i << " failed."; diff --git a/chromium/net/cookies/cookie_options.cc b/chromium/net/cookies/cookie_options.cc index 252de953cea..3ab86e67f0c 100644 --- a/chromium/net/cookies/cookie_options.cc +++ b/chromium/net/cookies/cookie_options.cc @@ -6,20 +6,41 @@ #include "net/cookies/cookie_options.h" +#include "net/cookies/cookie_util.h" + namespace net { CookieOptions::SameSiteCookieContext CookieOptions::SameSiteCookieContext::MakeInclusive() { - return SameSiteCookieContext(ContextType::SAME_SITE_STRICT); + return SameSiteCookieContext(ContextType::SAME_SITE_STRICT, + ContextType::SAME_SITE_STRICT); +} + +CookieOptions::SameSiteCookieContext +CookieOptions::SameSiteCookieContext::MakeInclusiveForSet() { + return SameSiteCookieContext(ContextType::SAME_SITE_LAX, + ContextType::SAME_SITE_LAX); +} + +CookieOptions::SameSiteCookieContext::ContextType +CookieOptions::SameSiteCookieContext::GetContextForCookieInclusion() const { + DCHECK_LE(schemeful_context_, context_); + + if (cookie_util::IsSchemefulSameSiteEnabled()) + return schemeful_context_; + + return context_; +} + +bool operator==(const CookieOptions::SameSiteCookieContext& lhs, + const CookieOptions::SameSiteCookieContext& rhs) { + return std::tie(lhs.context_, lhs.schemeful_context_) == + std::tie(rhs.context_, rhs.schemeful_context_); } -int64_t CookieOptions::SameSiteCookieContext::ConvertToMetricsValue() const { - if (cross_schemeness == CrossSchemeness::INSECURE_SECURE) { - return static_cast<int64_t>(context) | kToSecureMask; - } else if (cross_schemeness == CrossSchemeness::SECURE_INSECURE) { - return static_cast<int64_t>(context) | kToInsecureMask; - } - return static_cast<int64_t>(context); +bool operator!=(const CookieOptions::SameSiteCookieContext& lhs, + const CookieOptions::SameSiteCookieContext& rhs) { + return !(lhs == rhs); } // Keep default values in sync with content/public/common/cookie_manager.mojom. @@ -39,15 +60,4 @@ CookieOptions CookieOptions::MakeAllInclusive() { return options; } -bool operator==(const CookieOptions::SameSiteCookieContext& lhs, - const CookieOptions::SameSiteCookieContext& rhs) { - return std::tie(lhs.context, lhs.cross_schemeness) == - std::tie(rhs.context, rhs.cross_schemeness); -} - -bool operator!=(const CookieOptions::SameSiteCookieContext& lhs, - const CookieOptions::SameSiteCookieContext& rhs) { - return !(lhs == rhs); -} - } // namespace net diff --git a/chromium/net/cookies/cookie_options.h b/chromium/net/cookies/cookie_options.h index db0c434ec3b..abf074b6aab 100644 --- a/chromium/net/cookies/cookie_options.h +++ b/chromium/net/cookies/cookie_options.h @@ -33,49 +33,53 @@ class NET_EXPORT CookieOptions { COUNT }; - // Used for when, and in what direction, same-site requests and responses - // are made in a cross-scheme context. Currently only used for metrics - // gathering and does not affect cookie behavior. - enum class CrossSchemeness { - NONE, - INSECURE_SECURE, // Insecure site-for-cookies, secure request/response - SECURE_INSECURE // Secure site-for-cookies, insecure request/response - }; - - SameSiteCookieContext() : SameSiteCookieContext(ContextType::CROSS_SITE) {} - explicit SameSiteCookieContext( - ContextType same_site_context, - CrossSchemeness cross_schemeness = CrossSchemeness::NONE) - : context(same_site_context), cross_schemeness(cross_schemeness) {} + SameSiteCookieContext() + : SameSiteCookieContext(ContextType::CROSS_SITE, + ContextType::CROSS_SITE) {} + explicit SameSiteCookieContext(ContextType same_site_context) + : SameSiteCookieContext(same_site_context, same_site_context) {} + + SameSiteCookieContext(ContextType same_site_context, + ContextType schemeful_same_site_context) + : context_(same_site_context), + schemeful_context_(schemeful_same_site_context) { + DCHECK_LE(schemeful_context_, context_); + } // Convenience method which returns a SameSiteCookieContext with the most - // inclusive context. This allows access to all SameSite cookies. + // inclusive contexts. This allows access to all SameSite cookies. static SameSiteCookieContext MakeInclusive(); - // The following functions are for conversion to the previous style of - // SameSiteCookieContext for metrics usage. This may be removed when the - // metrics using them are also removed. + // Convenience method which returns a SameSiteCookieContext with the most + // inclusive contexts for set. This allows setting all SameSite cookies. + static SameSiteCookieContext MakeInclusiveForSet(); - // Used as the "COUNT" entry in a histogram enum. - static constexpr int64_t MetricCount() { - return (static_cast<int>(ContextType::SAME_SITE_STRICT) | - kToInsecureMask) + - 1; - } - int64_t ConvertToMetricsValue() const; + // Returns the context for determining SameSite cookie inclusion. + ContextType GetContextForCookieInclusion() const; - ContextType context; + // If you're just trying to determine if a cookie is accessible you likely + // want to use GetContextForCookieInclusion() which will return the correct + // context regardless the status of same-site features. + ContextType context() const { return context_; } + void set_context(ContextType context) { context_ = context; } - CrossSchemeness cross_schemeness; + ContextType schemeful_context() const { return schemeful_context_; } + void set_schemeful_context(ContextType schemeful_context) { + schemeful_context_ = schemeful_context; + } + + NET_EXPORT friend bool operator==( + const CookieOptions::SameSiteCookieContext& lhs, + const CookieOptions::SameSiteCookieContext& rhs); + NET_EXPORT friend bool operator!=( + const CookieOptions::SameSiteCookieContext& lhs, + const CookieOptions::SameSiteCookieContext& rhs); private: - // The following variables are for conversion to the previous style of - // SameSiteCookieContext for metrics usage. This may be removed when the - // metrics using them are also removed. - // Mask indicating insecure site-for-cookies and secure request/response. - static const int kToSecureMask = 1 << 5; - // Mask indicating secure site-for-cookies and insecure request/response. - static const int kToInsecureMask = kToSecureMask << 1; + + ContextType context_; + + ContextType schemeful_context_; }; // Creates a CookieOptions object which: @@ -88,8 +92,7 @@ class NET_EXPORT CookieOptions { // These settings can be altered by calling: // // * |set_{include,exclude}_httponly()| - // * |set_same_site_cookie_context( - // CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT)| + // * |set_same_site_cookie_context()| // * |set_do_not_update_access_time()| CookieOptions(); @@ -103,7 +106,6 @@ class NET_EXPORT CookieOptions { same_site_cookie_context_ = context; } - // Strips off the cross-scheme bits to only return the same-site context. SameSiteCookieContext same_site_cookie_context() const { return same_site_cookie_context_; } @@ -131,12 +133,6 @@ class NET_EXPORT CookieOptions { bool return_excluded_cookies_; }; -NET_EXPORT bool operator==(const CookieOptions::SameSiteCookieContext& lhs, - const CookieOptions::SameSiteCookieContext& rhs); - -NET_EXPORT bool operator!=(const CookieOptions::SameSiteCookieContext& lhs, - const CookieOptions::SameSiteCookieContext& rhs); - } // namespace net #endif // NET_COOKIES_COOKIE_OPTIONS_H_ diff --git a/chromium/net/cookies/cookie_store.h b/chromium/net/cookies/cookie_store.h index 996ad7d14df..4157f0ce83a 100644 --- a/chromium/net/cookies/cookie_store.h +++ b/chromium/net/cookies/cookie_store.h @@ -62,14 +62,14 @@ class NET_EXPORT CookieStore { virtual ~CookieStore(); // Set the cookie on the cookie store. |cookie.IsCanonical()| must - // be true. |source_scheme| denotes the scheme of the resource setting this. + // be true. |source_url| denotes the url of the resource setting this. // // |options| is used to determine the context the operation is run in, and // which cookies it can alter (e.g. http only, or same site). // // The current time will be used in place of a null creation time. virtual void SetCanonicalCookieAsync(std::unique_ptr<CanonicalCookie> cookie, - std::string source_scheme, + const GURL& source_url, const CookieOptions& options, SetCookiesCallback callback) = 0; diff --git a/chromium/net/cookies/cookie_store_test_helpers.cc b/chromium/net/cookies/cookie_store_test_helpers.cc index 6ac538077e8..a709c84f134 100644 --- a/chromium/net/cookies/cookie_store_test_helpers.cc +++ b/chromium/net/cookies/cookie_store_test_helpers.cc @@ -89,12 +89,12 @@ void DelayedCookieMonster::GetCookieListWithOptionsInternalCallback( void DelayedCookieMonster::SetCanonicalCookieAsync( std::unique_ptr<CanonicalCookie> cookie, - std::string source_scheme, + const GURL& source_url, const CookieOptions& options, SetCookiesCallback callback) { did_run_ = false; cookie_monster_->SetCanonicalCookieAsync( - std::move(cookie), std::move(source_scheme), options, + std::move(cookie), source_url, options, base::BindOnce(&DelayedCookieMonster::SetCookiesInternalCallback, base::Unretained(this))); DCHECK_EQ(did_run_, true); diff --git a/chromium/net/cookies/cookie_store_test_helpers.h b/chromium/net/cookies/cookie_store_test_helpers.h index a78190831b6..ae6a152b7f2 100644 --- a/chromium/net/cookies/cookie_store_test_helpers.h +++ b/chromium/net/cookies/cookie_store_test_helpers.h @@ -54,7 +54,7 @@ class DelayedCookieMonster : public CookieStore { // Post a delayed task to invoke the original callback with the results. void SetCanonicalCookieAsync(std::unique_ptr<CanonicalCookie> cookie, - std::string source_scheme, + const GURL& source_url, const CookieOptions& options, SetCookiesCallback callback) override; diff --git a/chromium/net/cookies/cookie_store_unittest.h b/chromium/net/cookies/cookie_store_unittest.h index 1e86c65f34a..ee8e46f9b1d 100644 --- a/chromium/net/cookies/cookie_store_unittest.h +++ b/chromium/net/cookies/cookie_store_unittest.h @@ -201,7 +201,7 @@ class CookieStoreTest : public testing::Test { return false; DCHECK(cs); ResultSavingCookieCallback<CanonicalCookie::CookieInclusionStatus> callback; - cs->SetCanonicalCookieAsync(std::move(cookie), url.scheme(), options, + cs->SetCanonicalCookieAsync(std::move(cookie), url, options, callback.MakeCallback()); callback.WaitUntilDone(); return callback.result().IsInclude(); @@ -209,7 +209,7 @@ class CookieStoreTest : public testing::Test { bool SetCanonicalCookie(CookieStore* cs, std::unique_ptr<CanonicalCookie> cookie, - std::string source_scheme, + const GURL& source_url, bool can_modify_httponly) { DCHECK(cs); ResultSavingCookieCallback<CanonicalCookie::CookieInclusionStatus> callback; @@ -218,8 +218,8 @@ class CookieStoreTest : public testing::Test { options.set_include_httponly(); options.set_same_site_cookie_context( net::CookieOptions::SameSiteCookieContext::MakeInclusive()); - cs->SetCanonicalCookieAsync(std::move(cookie), std::move(source_scheme), - options, callback.MakeCallback()); + cs->SetCanonicalCookieAsync(std::move(cookie), source_url, options, + callback.MakeCallback()); callback.WaitUntilDone(); return callback.result().IsInclude(); } @@ -268,7 +268,7 @@ class CookieStoreTest : public testing::Test { DCHECK(cs); ResultSavingCookieCallback<CanonicalCookie::CookieInclusionStatus> callback; - cs->SetCanonicalCookieAsync(std::move(cookie), url.scheme(), options, + cs->SetCanonicalCookieAsync(std::move(cookie), url, options, callback.MakeCallback()); callback.WaitUntilDone(); return callback.result(); @@ -277,7 +277,7 @@ class CookieStoreTest : public testing::Test { CanonicalCookie::CookieInclusionStatus SetCanonicalCookieReturnStatus( CookieStore* cs, std::unique_ptr<CanonicalCookie> cookie, - std::string source_scheme, + const GURL& source_url, bool can_modify_httponly) { DCHECK(cs); ResultSavingCookieCallback<CanonicalCookie::CookieInclusionStatus> callback; @@ -286,8 +286,8 @@ class CookieStoreTest : public testing::Test { options.set_include_httponly(); options.set_same_site_cookie_context( net::CookieOptions::SameSiteCookieContext::MakeInclusive()); - cs->SetCanonicalCookieAsync(std::move(cookie), std::move(source_scheme), - options, callback.MakeCallback()); + cs->SetCanonicalCookieAsync(std::move(cookie), source_url, options, + callback.MakeCallback()); callback.WaitUntilDone(); return callback.result(); } @@ -424,8 +424,8 @@ TYPED_TEST_P(CookieStoreTest, FilterTest) { one_hour_from_now, base::Time(), false, false, CookieSameSite::STRICT_MODE, COOKIE_PRIORITY_DEFAULT)); ASSERT_TRUE(cc); - EXPECT_TRUE(this->SetCanonicalCookie(cs, std::move(cc), "https", - true /*modify_httponly*/)); + EXPECT_TRUE(this->SetCanonicalCookie( + cs, std::move(cc), this->www_foo_foo_.url(), true /*modify_httponly*/)); // Note that for the creation time to be set exactly, without modification, // it must be different from the one set by the line above. @@ -434,8 +434,8 @@ TYPED_TEST_P(CookieStoreTest, FilterTest) { two_hours_ago, base::Time(), one_hour_ago, false, true, CookieSameSite::STRICT_MODE, COOKIE_PRIORITY_DEFAULT); ASSERT_TRUE(cc); - EXPECT_TRUE(this->SetCanonicalCookie(cs, std::move(cc), "https", - true /*modify_httponly*/)); + EXPECT_TRUE(this->SetCanonicalCookie( + cs, std::move(cc), this->www_foo_bar_.url(), true /*modify_httponly*/)); // Because of strict secure cookies, it should not be possible to create // a secure cookie with an HTTP URL. @@ -451,8 +451,8 @@ TYPED_TEST_P(CookieStoreTest, FilterTest) { base::Time(), base::Time(), base::Time(), true, false, CookieSameSite::NO_RESTRICTION, COOKIE_PRIORITY_DEFAULT); ASSERT_TRUE(cc); - EXPECT_TRUE(this->SetCanonicalCookie(cs, std::move(cc), "https", - true /*modify_httponly*/)); + EXPECT_TRUE(this->SetCanonicalCookie( + cs, std::move(cc), this->https_www_foo_.url(), true /*modify_httponly*/)); // Get all the cookies for a given URL, regardless of properties. This 'get()' // operation shouldn't update the access time, as the test checks that the @@ -550,16 +550,14 @@ TYPED_TEST_P(CookieStoreTest, SetCanonicalCookieTest) { "A", "B", foo_foo_host, "/foo", one_hour_ago, one_hour_from_now, base::Time(), false /* secure */, false /* httponly */, CookieSameSite::LAX_MODE, COOKIE_PRIORITY_DEFAULT), - "http", true)); - // Note that for the creation time to be set exactly, without modification, - // it must be different from the one set by the line above. + this->www_foo_foo_.url(), true)); EXPECT_TRUE(this->SetCanonicalCookie( cs, std::make_unique<CanonicalCookie>( "C", "D", "." + foo_bar_domain, "/bar", two_hours_ago, base::Time(), one_hour_ago, false, true, CookieSameSite::LAX_MODE, COOKIE_PRIORITY_DEFAULT), - "http", true)); + this->www_foo_bar_.url(), true)); // A secure source is required for setting secure cookies. EXPECT_TRUE( @@ -569,7 +567,7 @@ TYPED_TEST_P(CookieStoreTest, SetCanonicalCookieTest) { "E", "F", http_foo_host, "/", base::Time(), base::Time(), base::Time(), true, false, CookieSameSite::NO_RESTRICTION, COOKIE_PRIORITY_DEFAULT), - "http", true) + this->http_www_foo_.url(), true) .HasExclusionReason( CanonicalCookie::CookieInclusionStatus::EXCLUDE_SECURE_ONLY)); @@ -582,7 +580,8 @@ TYPED_TEST_P(CookieStoreTest, SetCanonicalCookieTest) { EXPECT_TRUE(cookie->IsSecure()); EXPECT_TRUE(status.IsInclude()); EXPECT_TRUE( - this->SetCanonicalCookieReturnStatus(cs, std::move(cookie), "http", true) + this->SetCanonicalCookieReturnStatus(cs, std::move(cookie), + this->http_www_foo_.url(), true) .HasExclusionReason( CanonicalCookie::CookieInclusionStatus::EXCLUDE_SECURE_ONLY)); @@ -591,10 +590,10 @@ TYPED_TEST_P(CookieStoreTest, SetCanonicalCookieTest) { EXPECT_TRUE(this->SetCanonicalCookie( cs, std::make_unique<CanonicalCookie>( - "E", "F", http_foo_host, "/", base::Time(), base::Time(), + "E", "F", https_foo_host, "/", base::Time(), base::Time(), base::Time(), true /* secure */, false /* httponly */, CookieSameSite::NO_RESTRICTION, COOKIE_PRIORITY_DEFAULT), - "https", true /* modify_http_only */)); + this->https_www_foo_.url(), true /* modify_http_only */)); EXPECT_TRUE( this->SetCanonicalCookieReturnStatus( @@ -603,7 +602,7 @@ TYPED_TEST_P(CookieStoreTest, SetCanonicalCookieTest) { "E", "F", http_foo_host, "/", base::Time(), base::Time(), base::Time(), true /* secure */, false /* httponly */, CookieSameSite::NO_RESTRICTION, COOKIE_PRIORITY_DEFAULT), - "http", true /* modify_http_only */) + this->http_www_foo_.url(), true /* modify_http_only */) .HasExclusionReason( CanonicalCookie::CookieInclusionStatus::EXCLUDE_SECURE_ONLY)); @@ -618,7 +617,7 @@ TYPED_TEST_P(CookieStoreTest, SetCanonicalCookieTest) { base::Time(), base::Time(), false /* secure */, true /* httponly */, CookieSameSite::LAX_MODE, COOKIE_PRIORITY_DEFAULT), - "http", false /* modify_http_only */) + this->http_www_foo_.url(), false /* modify_http_only */) .HasExclusionReason( CanonicalCookie::CookieInclusionStatus::EXCLUDE_HTTP_ONLY)); @@ -631,7 +630,8 @@ TYPED_TEST_P(CookieStoreTest, SetCanonicalCookieTest) { EXPECT_TRUE(c->IsHttpOnly()); EXPECT_TRUE(create_status.IsInclude()); EXPECT_TRUE( - this->SetCanonicalCookieReturnStatus(cs, std::move(c), "http", + this->SetCanonicalCookieReturnStatus(cs, std::move(c), + this->http_www_foo_.url(), false /* can_modify_httponly */) .HasExclusionReason( CanonicalCookie::CookieInclusionStatus::EXCLUDE_HTTP_ONLY)); @@ -644,7 +644,7 @@ TYPED_TEST_P(CookieStoreTest, SetCanonicalCookieTest) { "G", "H", http_foo_host, "/unique", base::Time(), base::Time(), base::Time(), false /* secure */, true /* httponly */, CookieSameSite::LAX_MODE, COOKIE_PRIORITY_DEFAULT), - "http", true /* modify_http_only */)); + this->http_www_foo_.url(), true /* modify_http_only */)); EXPECT_TRUE( this->SetCanonicalCookieReturnStatus( @@ -654,7 +654,7 @@ TYPED_TEST_P(CookieStoreTest, SetCanonicalCookieTest) { base::Time(), base::Time(), false /* secure */, true /* httponly */, CookieSameSite::LAX_MODE, COOKIE_PRIORITY_DEFAULT), - "http", false /* modify_http_only */) + this->http_www_foo_.url(), false /* modify_http_only */) .HasExclusionReason( CanonicalCookie::CookieInclusionStatus::EXCLUDE_HTTP_ONLY)); } else { @@ -665,7 +665,7 @@ TYPED_TEST_P(CookieStoreTest, SetCanonicalCookieTest) { "G", "H", http_foo_host, "/unique", base::Time(), base::Time(), base::Time(), false /* secure */, true /* httponly */, CookieSameSite::LAX_MODE, COOKIE_PRIORITY_DEFAULT), - "http", true /* modify_http_only */)); + this->http_www_foo_.url(), true /* modify_http_only */)); } // Get all the cookies for a given URL, regardless of properties. This 'get()' @@ -743,28 +743,28 @@ TYPED_TEST_P(CookieStoreTest, SecureEnforcement) { "A", "B", http_domain, "/", base::Time::Now(), base::Time(), base::Time(), true, false, CookieSameSite::STRICT_MODE, COOKIE_PRIORITY_DEFAULT), - "http", true /*modify_httponly*/)); + http_url, true /*modify_httponly*/)); EXPECT_TRUE(this->SetCanonicalCookie( cs, std::make_unique<CanonicalCookie>( "A", "B", http_domain, "/", base::Time::Now(), base::Time(), base::Time(), true, false, CookieSameSite::STRICT_MODE, COOKIE_PRIORITY_DEFAULT), - "https", true /*modify_httponly*/)); + https_url, true /*modify_httponly*/)); EXPECT_TRUE(this->SetCanonicalCookie( cs, std::make_unique<CanonicalCookie>( "A", "B", http_domain, "/", base::Time::Now(), base::Time(), base::Time(), false, false, CookieSameSite::STRICT_MODE, COOKIE_PRIORITY_DEFAULT), - "https", true /*modify_httponly*/)); + https_url, true /*modify_httponly*/)); EXPECT_TRUE(this->SetCanonicalCookie( cs, std::make_unique<CanonicalCookie>( "A", "B", http_domain, "/", base::Time::Now(), base::Time(), base::Time(), false, false, CookieSameSite::STRICT_MODE, COOKIE_PRIORITY_DEFAULT), - "http", true /*modify_httponly*/)); + http_url, true /*modify_httponly*/)); } // The iOS networking stack uses the iOS cookie parser, which we do not diff --git a/chromium/net/cookies/cookie_util.cc b/chromium/net/cookies/cookie_util.cc index ed58360cd75..7f3afe4e178 100644 --- a/chromium/net/cookies/cookie_util.cc +++ b/chromium/net/cookies/cookie_util.cc @@ -9,8 +9,9 @@ #include "base/bind.h" #include "base/callback.h" +#include "base/check.h" #include "base/feature_list.h" -#include "base/logging.h" +#include "base/notreached.h" #include "base/stl_util.h" #include "base/strings/string_piece.h" #include "base/strings/string_tokenizer.h" @@ -21,12 +22,15 @@ #include "net/base/url_util.h" #include "net/http/http_util.h" #include "url/gurl.h" +#include "url/url_constants.h" namespace net { namespace cookie_util { namespace { +using ContextType = CookieOptions::SameSiteCookieContext::ContextType; + base::Time MinNonNullTime() { return base::Time::FromInternalValue(1); } @@ -74,47 +78,45 @@ bool SaturatedTimeFromUTCExploded(const base::Time::Exploded& exploded, return false; } -CookieOptions::SameSiteCookieContext::CrossSchemeness ComputeSchemeChange( - const GURL& url, - const SiteForCookies& site_for_cookies) { - - CookieOptions::SameSiteCookieContext::CrossSchemeness cross_schemeness = - CookieOptions::SameSiteCookieContext::CrossSchemeness::NONE; - bool url_secure = url.SchemeIsCryptographic(); - bool site_for_cookies_secure = - GURL::SchemeIsCryptographic(site_for_cookies.scheme()); - - if (url_secure && !site_for_cookies_secure) { - cross_schemeness = - CookieOptions::SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE; - } else if (!url_secure && site_for_cookies_secure) { - cross_schemeness = - CookieOptions::SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE; +ContextType ComputeSameSiteContext(const GURL& url, + const SiteForCookies& site_for_cookies, + const base::Optional<url::Origin>& initiator, + bool compute_schemefully) { + if (site_for_cookies.IsFirstPartyWithSchemefulMode(url, + compute_schemefully)) { + // Create a SiteForCookies object from the initiator so that we can reuse + // IsFirstPartyWithSchemefulMode(). + if (!initiator || + SiteForCookies::FromOrigin(initiator.value()) + .IsFirstPartyWithSchemefulMode(url, compute_schemefully)) { + return ContextType::SAME_SITE_STRICT; + } else { + return ContextType::SAME_SITE_LAX; + } } - - return cross_schemeness; + return ContextType::CROSS_SITE; } -CookieOptions::SameSiteCookieContext ComputeSameSiteContext( +CookieOptions::SameSiteCookieContext ComputeSameSiteContextForSet( const GURL& url, const SiteForCookies& site_for_cookies, - const base::Optional<url::Origin>& initiator) { - CookieOptions::SameSiteCookieContext same_site_type( - CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE); - if (site_for_cookies.IsFirstParty(url)) { - // Create a SiteForCookies object from the initiator so that we can reuse - // IsFirstParty(). - if (!initiator || - SiteForCookies::FromOrigin(initiator.value()).IsFirstParty(url)) { - same_site_type.context = - CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT; - } else { - same_site_type.context = - CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX; - } + bool force_ignore_site_for_cookies) { + if (force_ignore_site_for_cookies) + return CookieOptions::SameSiteCookieContext::MakeInclusiveForSet(); + + // Schemeless check + if (!site_for_cookies.IsFirstPartyWithSchemefulMode(url, false)) { + return CookieOptions::SameSiteCookieContext(ContextType::CROSS_SITE, + ContextType::CROSS_SITE); } - same_site_type.cross_schemeness = ComputeSchemeChange(url, site_for_cookies); - return same_site_type; + + // Schemeful check + if (!site_for_cookies.IsFirstPartyWithSchemefulMode(url, true)) { + return CookieOptions::SameSiteCookieContext(ContextType::SAME_SITE_LAX, + ContextType::CROSS_SITE); + } + + return CookieOptions::SameSiteCookieContext::MakeInclusiveForSet(); } } // namespace @@ -123,6 +125,12 @@ bool DomainIsHostOnly(const std::string& domain_string) { return (domain_string.empty() || domain_string[0] != '.'); } +std::string CookieDomainAsHost(const std::string& cookie_domain) { + if (DomainIsHostOnly(cookie_domain)) + return cookie_domain; + return cookie_domain.substr(1); +} + std::string GetEffectiveDomain(const std::string& scheme, const std::string& host) { if (scheme == "http" || scheme == "https" || scheme == "ws" || @@ -132,9 +140,7 @@ std::string GetEffectiveDomain(const std::string& scheme, registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES); } - if (!DomainIsHostOnly(host)) - return host.substr(1); - return host; + return CookieDomainAsHost(host); } bool GetCookieDomainWithString(const GURL& url, @@ -324,9 +330,19 @@ GURL CookieOriginToURL(const std::string& domain, bool is_https) { if (domain.empty()) return GURL(); - const std::string scheme = is_https ? "https" : "http"; - const std::string host = domain[0] == '.' ? domain.substr(1) : domain; - return GURL(scheme + "://" + host); + const std::string scheme = is_https ? url::kHttpsScheme : url::kHttpScheme; + return GURL(scheme + url::kStandardSchemeSeparator + + CookieDomainAsHost(domain) + "/"); +} + +GURL SimulatedCookieSource(const CanonicalCookie& cookie, + const std::string& source_scheme) { + // Note: cookie.DomainWithoutDot() could be empty for e.g. file cookies. + if (cookie.DomainWithoutDot().empty() || source_scheme.empty()) + return GURL(); + + return GURL(source_scheme + url::kStandardSchemeSeparator + + cookie.DomainWithoutDot() + cookie.Path()); } bool IsDomainMatch(const std::string& domain, const std::string& host) { @@ -421,7 +437,7 @@ CookieOptions::SameSiteCookieContext ComputeSameSiteContextForRequest( const GURL& url, const SiteForCookies& site_for_cookies, const base::Optional<url::Origin>& initiator, - bool attach_same_site_cookies) { + bool force_ignore_site_for_cookies) { // Set SameSiteCookieMode according to the rules laid out in // https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-02: // @@ -446,25 +462,27 @@ CookieOptions::SameSiteCookieContext ComputeSameSiteContextForRequest( // but appear like cross-site ones. // // * Otherwise, do not include same-site cookies. - CookieOptions::SameSiteCookieContext same_site_context; - if (attach_same_site_cookies) { - same_site_context.context = - CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT; - same_site_context.cross_schemeness = - ComputeSchemeChange(url, site_for_cookies); - return same_site_context; - } + if (force_ignore_site_for_cookies) + return CookieOptions::SameSiteCookieContext::MakeInclusive(); + + CookieOptions::SameSiteCookieContext same_site_context; - same_site_context = ComputeSameSiteContext(url, site_for_cookies, initiator); + same_site_context.set_context( + ComputeSameSiteContext(url, site_for_cookies, initiator, false)); + same_site_context.set_schemeful_context( + ComputeSameSiteContext(url, site_for_cookies, initiator, true)); // If the method is safe, the context is Lax. Otherwise, make a note that // the method is unsafe. - if (same_site_context.context == - CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX && - !net::HttpUtil::IsMethodSafe(http_method)) { - same_site_context.context = CookieOptions::SameSiteCookieContext:: - ContextType::SAME_SITE_LAX_METHOD_UNSAFE; + if (!net::HttpUtil::IsMethodSafe(http_method)) { + if (same_site_context.context() == ContextType::SAME_SITE_LAX) { + same_site_context.set_context(ContextType::SAME_SITE_LAX_METHOD_UNSAFE); + } + if (same_site_context.schemeful_context() == ContextType::SAME_SITE_LAX) { + same_site_context.set_schemeful_context( + ContextType::SAME_SITE_LAX_METHOD_UNSAFE); + } } return same_site_context; @@ -474,71 +492,63 @@ NET_EXPORT CookieOptions::SameSiteCookieContext ComputeSameSiteContextForScriptGet(const GURL& url, const SiteForCookies& site_for_cookies, const base::Optional<url::Origin>& initiator, - bool attach_same_site_cookies) { - if (attach_same_site_cookies) { - CookieOptions::SameSiteCookieContext same_site_context( - CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT); - same_site_context.cross_schemeness = - ComputeSchemeChange(url, site_for_cookies); - return same_site_context; - } - return ComputeSameSiteContext(url, site_for_cookies, initiator); + bool force_ignore_site_for_cookies) { + if (force_ignore_site_for_cookies) + return CookieOptions::SameSiteCookieContext::MakeInclusive(); + + CookieOptions::SameSiteCookieContext same_site_context; + + same_site_context.set_context( + ComputeSameSiteContext(url, site_for_cookies, initiator, false)); + same_site_context.set_schemeful_context( + ComputeSameSiteContext(url, site_for_cookies, initiator, true)); + + return same_site_context; } CookieOptions::SameSiteCookieContext ComputeSameSiteContextForResponse( const GURL& url, const SiteForCookies& site_for_cookies, const base::Optional<url::Origin>& initiator, - bool attach_same_site_cookies) { - CookieOptions::SameSiteCookieContext same_site_context; + bool force_ignore_site_for_cookies) { // |initiator| is here in case it'll be decided to ignore |site_for_cookies| // for entirely browser-side requests (see https://crbug.com/958335). - if (attach_same_site_cookies || site_for_cookies.IsFirstParty(url)) { - same_site_context.context = - CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX; - } else { - same_site_context.context = - CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE; - } - same_site_context.cross_schemeness = - ComputeSchemeChange(url, site_for_cookies); - return same_site_context; + + return ComputeSameSiteContextForSet(url, site_for_cookies, + force_ignore_site_for_cookies); } CookieOptions::SameSiteCookieContext ComputeSameSiteContextForScriptSet( const GURL& url, const SiteForCookies& site_for_cookies, - bool attach_same_site_cookies) { - CookieOptions::SameSiteCookieContext same_site_context; - if (attach_same_site_cookies || site_for_cookies.IsFirstParty(url)) { - same_site_context.context = - CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX; - } else { - same_site_context.context = - CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE; - } - same_site_context.cross_schemeness = - ComputeSchemeChange(url, site_for_cookies); - return same_site_context; + bool force_ignore_site_for_cookies) { + return ComputeSameSiteContextForSet(url, site_for_cookies, + force_ignore_site_for_cookies); } CookieOptions::SameSiteCookieContext ComputeSameSiteContextForSubresource( const GURL& url, const SiteForCookies& site_for_cookies, - bool attach_same_site_cookies) { - CookieOptions::SameSiteCookieContext same_site_context; + bool force_ignore_site_for_cookies) { + if (force_ignore_site_for_cookies) + return CookieOptions::SameSiteCookieContext::MakeInclusive(); + // If the URL is same-site as site_for_cookies it's same-site as all frames // in the tree from the initiator frame up --- including the initiator frame. - if (attach_same_site_cookies || site_for_cookies.IsFirstParty(url)) { - same_site_context.context = - CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT; - } else { - same_site_context.context = - CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE; + + // Schemeless check + if (!site_for_cookies.IsFirstPartyWithSchemefulMode(url, false)) { + return CookieOptions::SameSiteCookieContext(ContextType::CROSS_SITE, + ContextType::CROSS_SITE); } - same_site_context.cross_schemeness = - ComputeSchemeChange(url, site_for_cookies); - return same_site_context; + + // Schemeful check + if (!site_for_cookies.IsFirstPartyWithSchemefulMode(url, true)) { + return CookieOptions::SameSiteCookieContext(ContextType::SAME_SITE_STRICT, + ContextType::CROSS_SITE); + } + + return CookieOptions::SameSiteCookieContext::MakeInclusive(); } bool IsSameSiteByDefaultCookiesEnabled() { @@ -551,6 +561,10 @@ bool IsCookiesWithoutSameSiteMustBeSecureEnabled() { features::kCookiesWithoutSameSiteMustBeSecure); } +bool IsSchemefulSameSiteEnabled() { + return base::FeatureList::IsEnabled(features::kSchemefulSameSite); +} + bool IsRecentHttpSameSiteAccessGrantsLegacyCookieSemanticsEnabled() { return IsSameSiteByDefaultCookiesEnabled() && base::FeatureList::IsEnabled( diff --git a/chromium/net/cookies/cookie_util.h b/chromium/net/cookies/cookie_util.h index 19c63715b3d..3634058c1b0 100644 --- a/chromium/net/cookies/cookie_util.h +++ b/chromium/net/cookies/cookie_util.h @@ -48,6 +48,13 @@ NET_EXPORT bool GetCookieDomainWithString(const GURL& url, // i.e. it doesn't begin with a leading '.' character. NET_EXPORT bool DomainIsHostOnly(const std::string& domain_string); +// If |cookie_domain| is nonempty and starts with a "." character, this returns +// the substring of |cookie_domain| without the leading dot. (Note only one +// leading dot is stripped, if there are multiple.) Otherwise it returns +// |cookie_domain|. This is useful for converting from CanonicalCookie's +// representation of a cookie domain to the RFC's notion of a cookie's domain. +NET_EXPORT std::string CookieDomainAsHost(const std::string& cookie_domain); + // Parses the string with the cookie expiration time (very forgivingly). // Returns the "null" time on failure. // @@ -59,8 +66,16 @@ NET_EXPORT base::Time ParseCookieExpirationTime(const std::string& time_string); // Convenience for converting a cookie origin (domain and https pair) to a URL. NET_EXPORT GURL CookieOriginToURL(const std::string& domain, bool is_https); -// Returns true if the cookie |domain| matches the given |host| as described -// in section 5.1.3 of RFC 6265. +// Returns a URL that could have been the cookie's source. +// Not guaranteed to actually be the URL that set the cookie. Not guaranteed to +// be a valid GURL. Intended as a shim for SetCanonicalCookieAsync calls, where +// a source URL is required but only a source scheme may be available. +NET_EXPORT GURL SimulatedCookieSource(const CanonicalCookie& cookie, + const std::string& source_scheme); + +// |domain| is the output of cookie.Domain() for some cookie. This returns true +// if a |domain| indicates that the cookie can be accessed by |host|. +// See comment on CanonicalCookie::IsDomainMatch(). NET_EXPORT bool IsDomainMatch(const std::string& domain, const std::string& host); @@ -98,7 +113,7 @@ NET_EXPORT std::string SerializeRequestCookieLine( // the user directly interacting with the browser UI, e.g. entering a URL // or selecting a bookmark. // -// If |attach_same_site_cookies| is specified, all SameSite cookies will be +// If |force_ignore_site_for_cookies| is specified, all SameSite cookies will be // attached, i.e. this will return SAME_SITE_STRICT. This flag is set to true // when the |site_for_cookies| is a chrome:// URL embedding a secure origin, // among other scenarios. @@ -116,50 +131,51 @@ ComputeSameSiteContextForRequest(const std::string& http_method, const GURL& url, const SiteForCookies& site_for_cookies, const base::Optional<url::Origin>& initiator, - bool attach_same_site_cookies); + bool force_ignore_site_for_cookies); // As above, but applying for scripts. |initiator| here should be the initiator // used when fetching the document. -// If |attach_same_site_cookies| is true, this returns SAME_SITE_STRICT. +// If |force_ignore_site_for_cookies| is true, this returns SAME_SITE_STRICT. NET_EXPORT CookieOptions::SameSiteCookieContext ComputeSameSiteContextForScriptGet(const GURL& url, const SiteForCookies& site_for_cookies, const base::Optional<url::Origin>& initiator, - bool attach_same_site_cookies); + bool force_ignore_site_for_cookies); // Determines which of the cookies for |url| can be set from a network response, // with respect to the SameSite attribute. This will only return CROSS_SITE or // SAME_SITE_LAX (cookie sets of SameSite=strict cookies are permitted in same // contexts that sets of SameSite=lax cookies are). -// If |attach_same_site_cookies| is true, this returns SAME_SITE_LAX. +// If |force_ignore_site_for_cookies| is true, this returns SAME_SITE_LAX. NET_EXPORT CookieOptions::SameSiteCookieContext ComputeSameSiteContextForResponse(const GURL& url, const SiteForCookies& site_for_cookies, const base::Optional<url::Origin>& initiator, - bool attach_same_site_cookies); + bool force_ignore_site_for_cookies); // Determines which of the cookies for |url| can be set from a script context, // with respect to the SameSite attribute. This will only return CROSS_SITE or // SAME_SITE_LAX (cookie sets of SameSite=strict cookies are permitted in same // contexts that sets of SameSite=lax cookies are). -// If |attach_same_site_cookies| is true, this returns SAME_SITE_LAX. +// If |force_ignore_site_for_cookies| is true, this returns SAME_SITE_LAX. NET_EXPORT CookieOptions::SameSiteCookieContext ComputeSameSiteContextForScriptSet(const GURL& url, const SiteForCookies& site_for_cookies, - bool attach_same_site_cookies); + bool force_ignore_site_for_cookies); // Determines which of the cookies for |url| can be accessed when fetching a // subresources. This is either CROSS_SITE or SAME_SITE_STRICT, // since the initiator for a subresource is the frame loading it. NET_EXPORT CookieOptions::SameSiteCookieContext -// If |attach_same_site_cookies| is true, this returns SAME_SITE_STRICT. +// If |force_ignore_site_for_cookies| is true, this returns SAME_SITE_STRICT. ComputeSameSiteContextForSubresource(const GURL& url, const SiteForCookies& site_for_cookies, - bool attach_same_site_cookies); + bool force_ignore_site_for_cookies); // Returns whether the respective SameSite feature is enabled. NET_EXPORT bool IsSameSiteByDefaultCookiesEnabled(); NET_EXPORT bool IsCookiesWithoutSameSiteMustBeSecureEnabled(); +NET_EXPORT bool IsSchemefulSameSiteEnabled(); bool IsRecentHttpSameSiteAccessGrantsLegacyCookieSemanticsEnabled(); bool IsRecentCreationTimeGrantsLegacyCookieSemanticsEnabled(); diff --git a/chromium/net/cookies/cookie_util_unittest.cc b/chromium/net/cookies/cookie_util_unittest.cc index 13f41bae1f5..b95e1d6da26 100644 --- a/chromium/net/cookies/cookie_util_unittest.cc +++ b/chromium/net/cookies/cookie_util_unittest.cc @@ -225,6 +225,49 @@ TEST(CookieUtilTest, TestRequestCookieParsing) { } } +TEST(CookieUtilTest, SimulatedCookieSource) { + GURL secure_url("https://b.a.com"); + GURL insecure_url("http://b.a.com"); + + struct { + std::string cookie; + std::string source_scheme; + std::string expected_simulated_source; + } kTests[]{ + {"cookie=foo", "http", "http://b.a.com/"}, + {"cookie=foo", "https", "https://b.a.com/"}, + {"cookie=foo", "wss", "wss://b.a.com/"}, + {"cookie=foo", "file", "file://b.a.com/"}, + {"cookie=foo; Domain=b.a.com", "https", "https://b.a.com/"}, + {"cookie=foo; Domain=a.com", "https", "https://a.com/"}, + {"cookie=foo; Domain=.b.a.com", "https", "https://b.a.com/"}, + {"cookie=foo; Domain=.a.com", "https", "https://a.com/"}, + {"cookie=foo; Path=/", "https", "https://b.a.com/"}, + {"cookie=foo; Path=/bar", "https", "https://b.a.com/bar"}, + {"cookie=foo; Domain=b.a.com; Path=/", "https", "https://b.a.com/"}, + {"cookie=foo; Domain=b.a.com; Path=/bar", "https", "https://b.a.com/bar"}, + {"cookie=foo; Domain=a.com; Path=/", "https", "https://a.com/"}, + {"cookie=foo; Domain=a.com; Path=/bar", "https", "https://a.com/bar"}, + }; + + for (const auto& test : kTests) { + std::vector<std::unique_ptr<CanonicalCookie>> cookies; + // It shouldn't depend on the cookie's secureness or actual source scheme. + cookies.push_back(CanonicalCookie::Create( + insecure_url, test.cookie, base::Time::Now(), base::nullopt)); + cookies.push_back(CanonicalCookie::Create( + secure_url, test.cookie, base::Time::Now(), base::nullopt)); + cookies.push_back( + CanonicalCookie::Create(secure_url, test.cookie + "; Secure", + base::Time::Now(), base::nullopt)); + for (const auto& cookie : cookies) { + GURL simulated_source = + cookie_util::SimulatedCookieSource(*cookie, test.source_scheme); + EXPECT_EQ(GURL(test.expected_simulated_source), simulated_source); + } + } +} + TEST(CookieUtilTest, TestGetEffectiveDomain) { // Note: registry_controlled_domains::GetDomainAndRegistry is tested in its // own unittests. @@ -261,25 +304,24 @@ TEST(CookieUtilTest, TestComputeSameSiteContextForScriptGet) { cookie_util::ComputeSameSiteContextForScriptGet( GURL("http://example.com"), SiteForCookies::FromUrl(GURL("http://notexample.com")), - base::nullopt /*initiator*/, false /* attach_same_site_cookies */)); + base::nullopt /*initiator*/, + false /* force_ignore_site_for_cookies */)); EXPECT_EQ( - SameSiteCookieContext( - SameSiteCookieContext::ContextType::CROSS_SITE, - SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), + SameSiteCookieContext(SameSiteCookieContext::ContextType::CROSS_SITE), cookie_util::ComputeSameSiteContextForScriptGet( GURL("https://example.com"), SiteForCookies::FromUrl(GURL("http://notexample.com")), - base::nullopt /*initiator*/, false /* attach_same_site_cookies */)); + base::nullopt /*initiator*/, + false /* force_ignore_site_for_cookies */)); EXPECT_EQ( - SameSiteCookieContext( - SameSiteCookieContext::ContextType::CROSS_SITE, - SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE), + SameSiteCookieContext(SameSiteCookieContext::ContextType::CROSS_SITE), cookie_util::ComputeSameSiteContextForScriptGet( GURL("http://example.com"), SiteForCookies::FromUrl(GURL("https://notexample.com")), - base::nullopt /*initiator*/, false /* attach_same_site_cookies */)); + base::nullopt /*initiator*/, + false /* force_ignore_site_for_cookies */)); EXPECT_EQ( SameSiteCookieContext(SameSiteCookieContext::ContextType::CROSS_SITE), @@ -287,32 +329,53 @@ TEST(CookieUtilTest, TestComputeSameSiteContextForScriptGet) { GURL("http://example.com"), SiteForCookies::FromUrl(GURL("http://notexample.com")), url::Origin::Create(GURL("http://example.com")), - false /* attach_same_site_cookies */)); + false /* force_ignore_site_for_cookies */)); - EXPECT_EQ(SameSiteCookieContext( - SameSiteCookieContext::ContextType::CROSS_SITE, - SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), - cookie_util::ComputeSameSiteContextForScriptGet( - GURL("https://example.com"), - SiteForCookies::FromUrl(GURL("http://notexample.com")), - url::Origin::Create(GURL("http://example.com")), - false /* attach_same_site_cookies */)); + EXPECT_EQ( + SameSiteCookieContext(SameSiteCookieContext::ContextType::CROSS_SITE), + cookie_util::ComputeSameSiteContextForScriptGet( + GURL("https://example.com"), + SiteForCookies::FromUrl(GURL("http://notexample.com")), + url::Origin::Create(GURL("http://example.com")), + false /* force_ignore_site_for_cookies */)); - EXPECT_EQ(SameSiteCookieContext( - SameSiteCookieContext::ContextType::CROSS_SITE, - SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE), - cookie_util::ComputeSameSiteContextForScriptGet( - GURL("http://example.com"), - SiteForCookies::FromUrl(GURL("https://notexample.com")), - url::Origin::Create(GURL("http://example.com")), - false /* attach_same_site_cookies */)); + EXPECT_EQ( + SameSiteCookieContext(SameSiteCookieContext::ContextType::CROSS_SITE), + cookie_util::ComputeSameSiteContextForScriptGet( + GURL("http://example.com"), + SiteForCookies::FromUrl(GURL("https://notexample.com")), + url::Origin::Create(GURL("http://example.com")), + false /* force_ignore_site_for_cookies */)); EXPECT_EQ( SameSiteCookieContext(SameSiteCookieContext::ContextType::CROSS_SITE), cookie_util::ComputeSameSiteContextForScriptGet( GURL("http://a.com"), SiteForCookies::FromUrl(GURL("http://b.com")), url::Origin::Create(GURL("http://from-elsewhere.com")), - false /* attach_same_site_cookies */)); + false /* force_ignore_site_for_cookies */)); + + // |site_for_cookies| not being schemefully_same -> it's cross-site. + SiteForCookies insecure_not_schemefully_same = + SiteForCookies::FromUrl(GURL("http://example.com")); + insecure_not_schemefully_same.SetSchemefullySameForTesting(false); + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT, + SameSiteCookieContext::ContextType::CROSS_SITE), + cookie_util::ComputeSameSiteContextForScriptGet( + GURL("http://example.com"), insecure_not_schemefully_same, + url::Origin::Create(GURL("http://example.com")), + false /* force_ignore_site_for_cookies */)); + + SiteForCookies secure_not_schemefully_same = + SiteForCookies::FromUrl(GURL("https://example.com")); + secure_not_schemefully_same.SetSchemefullySameForTesting(false); + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT, + SameSiteCookieContext::ContextType::CROSS_SITE), + cookie_util::ComputeSameSiteContextForScriptGet( + GURL("https://example.com"), secure_not_schemefully_same, + url::Origin::Create(GURL("https://example.com")), + false /* force_ignore_site_for_cookies */)); // Same |site_for_cookies|, but not |initiator| -> it's same-site lax. EXPECT_EQ( @@ -322,27 +385,46 @@ TEST(CookieUtilTest, TestComputeSameSiteContextForScriptGet) { GURL("http://example.com"), SiteForCookies::FromUrl(GURL("http://example.com")), url::Origin::Create(GURL("http://from-elsewhere.com")), - false /* attach_same_site_cookies */)); + false /* force_ignore_site_for_cookies */)); // This isn't a full on origin check --- subdomains and different schema are - // accepted. + // accepted. For SameSiteCookieContext::schemeful_context the scheme is + // considered. EXPECT_EQ(SameSiteCookieContext( - SameSiteCookieContext::ContextType::SAME_SITE_LAX, - SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), + SameSiteCookieContext::ContextType::SAME_SITE_STRICT, + SameSiteCookieContext::ContextType::SAME_SITE_LAX), cookie_util::ComputeSameSiteContextForScriptGet( - GURL("https://example.com"), + GURL("http://example.com"), SiteForCookies::FromUrl(GURL("http://example.com")), - url::Origin::Create(GURL("http://from-elsewhere.com")), - false /* attach_same_site_cookies */)); + url::Origin::Create(GURL("https://example.com")), + false /* force_ignore_site_for_cookies */)); EXPECT_EQ(SameSiteCookieContext( - SameSiteCookieContext::ContextType::SAME_SITE_LAX, - SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE), + SameSiteCookieContext::ContextType::SAME_SITE_STRICT, + SameSiteCookieContext::ContextType::SAME_SITE_LAX), cookie_util::ComputeSameSiteContextForScriptGet( - GURL("http://example.com"), + GURL("https://example.com"), SiteForCookies::FromUrl(GURL("https://example.com")), - url::Origin::Create(GURL("http://from-elsewhere.com")), - false /* attach_same_site_cookies */)); + url::Origin::Create(GURL("http://example.com")), + false /* force_ignore_site_for_cookies */)); + + EXPECT_EQ( + SameSiteCookieContext(SameSiteCookieContext::ContextType::SAME_SITE_LAX, + SameSiteCookieContext::ContextType::CROSS_SITE), + cookie_util::ComputeSameSiteContextForScriptGet( + GURL("https://example.com"), + SiteForCookies::FromUrl(GURL("http://example.com")), + url::Origin::Create(GURL("http://from-elsewhere.com")), + false /* force_ignore_site_for_cookies */)); + + EXPECT_EQ( + SameSiteCookieContext(SameSiteCookieContext::ContextType::SAME_SITE_LAX, + SameSiteCookieContext::ContextType::CROSS_SITE), + cookie_util::ComputeSameSiteContextForScriptGet( + GURL("http://example.com"), + SiteForCookies::FromUrl(GURL("https://example.com")), + url::Origin::Create(GURL("http://from-elsewhere.com")), + false /* force_ignore_site_for_cookies */)); EXPECT_EQ( SameSiteCookieContext(SameSiteCookieContext::ContextType::SAME_SITE_LAX), @@ -350,7 +432,7 @@ TEST(CookieUtilTest, TestComputeSameSiteContextForScriptGet) { GURL("http://sub.example.com"), SiteForCookies::FromUrl(GURL("http://sub2.example.com")), url::Origin::Create(GURL("http://from-elsewhere.com")), - false /* attach_same_site_cookies */)); + false /* force_ignore_site_for_cookies */)); EXPECT_EQ( SameSiteCookieContext(SameSiteCookieContext::ContextType::SAME_SITE_LAX), @@ -358,7 +440,24 @@ TEST(CookieUtilTest, TestComputeSameSiteContextForScriptGet) { GURL("http://sub.example.com"), SiteForCookies::FromUrl(GURL("http://sub.example.com:8080")), url::Origin::Create(GURL("http://from-elsewhere.com")), - false /* attach_same_site_cookies */)); + false /* force_ignore_site_for_cookies */)); + + // wss/https and http/ws are considered the same for schemeful purposes. + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT), + cookie_util::ComputeSameSiteContextForScriptGet( + GURL("wss://example.com"), + SiteForCookies::FromUrl(GURL("https://example.com")), + url::Origin::Create(GURL("https://example.com")), + false /* force_ignore_site_for_cookies */)); + + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT), + cookie_util::ComputeSameSiteContextForScriptGet( + GURL("ws://example.com"), + SiteForCookies::FromUrl(GURL("http://example.com")), + url::Origin::Create(GURL("http://example.com")), + false /* force_ignore_site_for_cookies */)); // nullopt |initiator| is trusted for purposes of strict, an opaque one isn't. EXPECT_EQ(SameSiteCookieContext( @@ -367,25 +466,25 @@ TEST(CookieUtilTest, TestComputeSameSiteContextForScriptGet) { GURL("http://example.com"), SiteForCookies::FromUrl(GURL("http://example.com")), url::Origin::Create(GURL("http://example.com")), - false /* attach_same_site_cookies */)); + false /* force_ignore_site_for_cookies */)); - EXPECT_EQ( - SameSiteCookieContext( - SameSiteCookieContext::ContextType::SAME_SITE_STRICT, - SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), - cookie_util::ComputeSameSiteContextForScriptGet( - GURL("https://example.com"), - SiteForCookies::FromUrl(GURL("http://example.com")), - base::nullopt /*initiator*/, false /* attach_same_site_cookies */)); + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT, + SameSiteCookieContext::ContextType::CROSS_SITE), + cookie_util::ComputeSameSiteContextForScriptGet( + GURL("https://example.com"), + SiteForCookies::FromUrl(GURL("http://example.com")), + base::nullopt /*initiator*/, + false /* force_ignore_site_for_cookies */)); - EXPECT_EQ( - SameSiteCookieContext( - SameSiteCookieContext::ContextType::SAME_SITE_STRICT, - SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE), - cookie_util::ComputeSameSiteContextForScriptGet( - GURL("http://example.com"), - SiteForCookies::FromUrl(GURL("https://example.com")), - base::nullopt /*initiator*/, false /* attach_same_site_cookies */)); + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT, + SameSiteCookieContext::ContextType::CROSS_SITE), + cookie_util::ComputeSameSiteContextForScriptGet( + GURL("http://example.com"), + SiteForCookies::FromUrl(GURL("https://example.com")), + base::nullopt /*initiator*/, + false /* force_ignore_site_for_cookies */)); EXPECT_EQ( SameSiteCookieContext( @@ -393,7 +492,8 @@ TEST(CookieUtilTest, TestComputeSameSiteContextForScriptGet) { cookie_util::ComputeSameSiteContextForScriptGet( GURL("http://example.com"), SiteForCookies::FromUrl(GURL("http://example.com")), - base::nullopt /*initiator*/, false /* attach_same_site_cookies */)); + base::nullopt /*initiator*/, + false /* force_ignore_site_for_cookies */)); EXPECT_EQ( SameSiteCookieContext( @@ -401,9 +501,9 @@ TEST(CookieUtilTest, TestComputeSameSiteContextForScriptGet) { cookie_util::ComputeSameSiteContextForScriptGet( GURL("http://example.com"), SiteForCookies::FromUrl(GURL("http://example.com")), url::Origin(), - false /* attach_same_site_cookies */)); + false /* force_ignore_site_for_cookies */)); - // |attach_same_site_cookies| causes (some variant of) SAME_SITE_STRICT to be + // |force_ignore_site_for_cookies| causes SAME_SITE_STRICT to be // returned. EXPECT_EQ( SameSiteCookieContext( @@ -411,7 +511,8 @@ TEST(CookieUtilTest, TestComputeSameSiteContextForScriptGet) { cookie_util::ComputeSameSiteContextForScriptGet( GURL("http://example.com"), SiteForCookies::FromUrl(GURL("http://notexample.com")), - base::nullopt /*initiator*/, true /* attach_same_site_cookies */)); + base::nullopt /*initiator*/, + true /* force_ignore_site_for_cookies */)); EXPECT_EQ( SameSiteCookieContext( @@ -420,7 +521,7 @@ TEST(CookieUtilTest, TestComputeSameSiteContextForScriptGet) { GURL("http://example.com"), SiteForCookies::FromUrl(GURL("http://notexample.com")), url::Origin::Create(GURL("http://example.com")), - true /* attach_same_site_cookies */)); + true /* force_ignore_site_for_cookies */)); EXPECT_EQ( SameSiteCookieContext( @@ -428,7 +529,7 @@ TEST(CookieUtilTest, TestComputeSameSiteContextForScriptGet) { cookie_util::ComputeSameSiteContextForScriptGet( GURL("http://a.com"), SiteForCookies::FromUrl(GURL("http://b.com")), url::Origin::Create(GURL("http://from-elsewhere.com")), - true /* attach_same_site_cookies */)); + true /* force_ignore_site_for_cookies */)); EXPECT_EQ( SameSiteCookieContext( @@ -437,25 +538,23 @@ TEST(CookieUtilTest, TestComputeSameSiteContextForScriptGet) { GURL("http://example.com"), SiteForCookies::FromUrl(GURL("http://example.com")), url::Origin::Create(GURL("http://from-elsewhere.com")), - true /* attach_same_site_cookies */)); + true /* force_ignore_site_for_cookies */)); EXPECT_EQ(SameSiteCookieContext( - SameSiteCookieContext::ContextType::SAME_SITE_STRICT, - SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), + SameSiteCookieContext::ContextType::SAME_SITE_STRICT), cookie_util::ComputeSameSiteContextForScriptGet( GURL("https://example.com"), SiteForCookies::FromUrl(GURL("http://example.com")), url::Origin::Create(GURL("http://from-elsewhere.com")), - true /* attach_same_site_cookies */)); + true /* force_ignore_site_for_cookies */)); EXPECT_EQ(SameSiteCookieContext( - SameSiteCookieContext::ContextType::SAME_SITE_STRICT, - SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE), + SameSiteCookieContext::ContextType::SAME_SITE_STRICT), cookie_util::ComputeSameSiteContextForScriptGet( GURL("http://example.com"), SiteForCookies::FromUrl(GURL("https://example.com")), url::Origin::Create(GURL("http://from-elsewhere.com")), - true /* attach_same_site_cookies */)); + true /* force_ignore_site_for_cookies */)); EXPECT_EQ( SameSiteCookieContext( @@ -464,7 +563,7 @@ TEST(CookieUtilTest, TestComputeSameSiteContextForScriptGet) { GURL("http://sub.example.com"), SiteForCookies::FromUrl(GURL("http://sub2.example.com")), url::Origin::Create(GURL("http://from-elsewhere.com")), - true /* attach_same_site_cookies */)); + true /* force_ignore_site_for_cookies */)); EXPECT_EQ( SameSiteCookieContext( @@ -473,37 +572,59 @@ TEST(CookieUtilTest, TestComputeSameSiteContextForScriptGet) { GURL("http://sub.example.com"), SiteForCookies::FromUrl(GURL("http://sub.example.com:8080")), url::Origin::Create(GURL("http://from-elsewhere.com")), - true /* attach_same_site_cookies */)); + true /* force_ignore_site_for_cookies */)); } TEST(CookieUtilTest, ComputeSameSiteContextForRequest) { using SameSiteCookieContext = CookieOptions::SameSiteCookieContext; - EXPECT_EQ( - SameSiteCookieContext( - CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE), - cookie_util::ComputeSameSiteContextForRequest( - "GET", GURL("http://example.com"), - SiteForCookies::FromUrl(GURL("http://notexample.com")), - base::nullopt /*initiator*/, false /*attach_same_site_cookies*/)); - EXPECT_EQ( - SameSiteCookieContext( - CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE, - SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), - cookie_util::ComputeSameSiteContextForRequest( - "GET", GURL("https://example.com"), - SiteForCookies::FromUrl(GURL("http://notexample.com")), - base::nullopt /*initiator*/, false /*attach_same_site_cookies*/)); + EXPECT_EQ(SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE), + cookie_util::ComputeSameSiteContextForRequest( + "GET", GURL("http://example.com"), + SiteForCookies::FromUrl(GURL("http://notexample.com")), + base::nullopt /*initiator*/, + false /*force_ignore_site_for_cookies*/)); + EXPECT_EQ(SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE), + cookie_util::ComputeSameSiteContextForRequest( + "GET", GURL("https://example.com"), + SiteForCookies::FromUrl(GURL("http://notexample.com")), + base::nullopt /*initiator*/, + false /*force_ignore_site_for_cookies*/)); + + EXPECT_EQ(SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE), + cookie_util::ComputeSameSiteContextForRequest( + "GET", GURL("http://example.com"), + SiteForCookies::FromUrl(GURL("https://notexample.com")), + base::nullopt /*initiator*/, + false /*force_ignore_site_for_cookies*/)); + // |site_for_cookies| not being schemefully_same -> it's cross-site. + SiteForCookies insecure_not_schemefully_same = + SiteForCookies::FromUrl(GURL("http://example.com")); + insecure_not_schemefully_same.SetSchemefullySameForTesting(false); EXPECT_EQ( SameSiteCookieContext( - CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE, - SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE), + SameSiteCookieContext::ContextType::SAME_SITE_STRICT, + SameSiteCookieContext::ContextType::CROSS_SITE), cookie_util::ComputeSameSiteContextForRequest( - "GET", GURL("http://example.com"), - SiteForCookies::FromUrl(GURL("https://notexample.com")), - base::nullopt /*initiator*/, false /*attach_same_site_cookies*/)); + "GET", GURL("http://example.com"), insecure_not_schemefully_same, + url::Origin::Create(GURL("http://example.com")), + false /* force_ignore_site_for_cookies */)); + + SiteForCookies secure_not_schemefully_same = + SiteForCookies::FromUrl(GURL("https://example.com")); + secure_not_schemefully_same.SetSchemefullySameForTesting(false); + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT, + SameSiteCookieContext::ContextType::CROSS_SITE), + cookie_util::ComputeSameSiteContextForRequest( + "GET", GURL("https://example.com"), secure_not_schemefully_same, + url::Origin::Create(GURL("https://example.com")), + false /* force_ignore_site_for_cookies */)); - // |attach_same_site_cookies| = true bypasses all checks. + // |force_ignore_site_for_cookies| = true bypasses all checks. EXPECT_EQ( SameSiteCookieContext( CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT), @@ -511,7 +632,7 @@ TEST(CookieUtilTest, ComputeSameSiteContextForRequest) { "GET", GURL("http://example.com"), SiteForCookies::FromUrl(GURL("http://example.com")), url::Origin::Create(GURL("http://from-elsewhere.com")), - true /*attach_same_site_cookies*/)); + true /*force_ignore_site_for_cookies*/)); EXPECT_EQ( SameSiteCookieContext( @@ -520,7 +641,7 @@ TEST(CookieUtilTest, ComputeSameSiteContextForRequest) { "POST", GURL("http://example.com"), SiteForCookies::FromUrl(GURL("http://example.com")), url::Origin::Create(GURL("http://from-elsewhere.com")), - true /*attach_same_site_cookies*/)); + true /*force_ignore_site_for_cookies*/)); EXPECT_EQ( SameSiteCookieContext( @@ -529,7 +650,7 @@ TEST(CookieUtilTest, ComputeSameSiteContextForRequest) { "GET", GURL("http://example.com"), SiteForCookies::FromUrl(GURL("http://question.com")), url::Origin::Create(GURL("http://from-elsewhere.com")), - true /*attach_same_site_cookies*/)); + true /*force_ignore_site_for_cookies*/)); EXPECT_EQ( SameSiteCookieContext( @@ -538,7 +659,7 @@ TEST(CookieUtilTest, ComputeSameSiteContextForRequest) { "GET", GURL("http://example.com"), SiteForCookies::FromUrl(GURL("http://example.com")), url::Origin::Create(GURL("http://example.com")), - false /*attach_same_site_cookies*/)); + false /*force_ignore_site_for_cookies*/)); EXPECT_EQ( SameSiteCookieContext( @@ -547,45 +668,80 @@ TEST(CookieUtilTest, ComputeSameSiteContextForRequest) { "POST", GURL("http://example.com"), SiteForCookies::FromUrl(GURL("http://example.com")), url::Origin::Create(GURL("http://example.com")), - false /*attach_same_site_cookies*/)); + false /*force_ignore_site_for_cookies*/)); EXPECT_EQ(SameSiteCookieContext( SameSiteCookieContext::ContextType::SAME_SITE_STRICT, - SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), + SameSiteCookieContext::ContextType::CROSS_SITE), cookie_util::ComputeSameSiteContextForRequest( "GET", GURL("https://example.com"), SiteForCookies::FromUrl(GURL("http://example.com")), url::Origin::Create(GURL("http://example.com")), - false /*attach_same_site_cookies*/)); + false /*force_ignore_site_for_cookies*/)); EXPECT_EQ(SameSiteCookieContext( SameSiteCookieContext::ContextType::SAME_SITE_STRICT, - SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), + SameSiteCookieContext::ContextType::CROSS_SITE), cookie_util::ComputeSameSiteContextForRequest( "POST", GURL("https://example.com"), SiteForCookies::FromUrl(GURL("http://example.com")), url::Origin::Create(GURL("http://example.com")), - false /*attach_same_site_cookies*/)); + false /*force_ignore_site_for_cookies*/)); EXPECT_EQ(SameSiteCookieContext( SameSiteCookieContext::ContextType::SAME_SITE_STRICT, - SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE), + SameSiteCookieContext::ContextType::CROSS_SITE), cookie_util::ComputeSameSiteContextForRequest( "GET", GURL("http://example.com"), SiteForCookies::FromUrl(GURL("https://example.com")), url::Origin::Create(GURL("http://example.com")), - false /*attach_same_site_cookies*/)); + false /*force_ignore_site_for_cookies*/)); EXPECT_EQ(SameSiteCookieContext( SameSiteCookieContext::ContextType::SAME_SITE_STRICT, - SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE), + SameSiteCookieContext::ContextType::CROSS_SITE), cookie_util::ComputeSameSiteContextForRequest( "POST", GURL("http://example.com"), SiteForCookies::FromUrl(GURL("https://example.com")), url::Origin::Create(GURL("http://example.com")), - false /*attach_same_site_cookies*/)); + false /*force_ignore_site_for_cookies*/)); // Normally, lax requests also require a safe method. + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT, + SameSiteCookieContext::ContextType::SAME_SITE_LAX), + cookie_util::ComputeSameSiteContextForRequest( + "GET", GURL("https://example.com"), + SiteForCookies::FromUrl(GURL("https://example.com")), + url::Origin::Create(GURL("http://example.com")), + false /*force_ignore_site_for_cookies*/)); + + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT, + SameSiteCookieContext::ContextType::SAME_SITE_LAX), + cookie_util::ComputeSameSiteContextForRequest( + "GET", GURL("http://example.com"), + SiteForCookies::FromUrl(GURL("http://example.com")), + url::Origin::Create(GURL("https://example.com")), + false /*force_ignore_site_for_cookies*/)); + + // wss/https and http/ws are considered the same for schemeful purposes. + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT), + cookie_util::ComputeSameSiteContextForRequest( + "GET", GURL("wss://example.com"), + SiteForCookies::FromUrl(GURL("https://example.com")), + url::Origin::Create(GURL("https://example.com")), + false /* force_ignore_site_for_cookies */)); + + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT), + cookie_util::ComputeSameSiteContextForRequest( + "GET", GURL("ws://example.com"), + SiteForCookies::FromUrl(GURL("http://example.com")), + url::Origin::Create(GURL("http://example.com")), + false /* force_ignore_site_for_cookies */)); + EXPECT_EQ( SameSiteCookieContext( CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX), @@ -593,7 +749,7 @@ TEST(CookieUtilTest, ComputeSameSiteContextForRequest) { "GET", GURL("http://example.com"), SiteForCookies::FromUrl(GURL("http://example.com")), url::Origin::Create(GURL("http://from-elsewhere.com")), - false /*attach_same_site_cookies*/)); + false /*force_ignore_site_for_cookies*/)); EXPECT_EQ( SameSiteCookieContext( @@ -602,25 +758,45 @@ TEST(CookieUtilTest, ComputeSameSiteContextForRequest) { "HEAD", GURL("http://example.com"), SiteForCookies::FromUrl(GURL("http://example.com")), url::Origin::Create(GURL("http://from-elsewhere.com")), - false /*attach_same_site_cookies*/)); + false /*force_ignore_site_for_cookies*/)); - EXPECT_EQ(SameSiteCookieContext( - SameSiteCookieContext::ContextType::SAME_SITE_LAX, - SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), - cookie_util::ComputeSameSiteContextForRequest( - "GET", GURL("https://example.com"), - SiteForCookies::FromUrl(GURL("http://example.com")), - url::Origin::Create(GURL("http://from-elsewhere.com")), - false /*attach_same_site_cookies*/)); + EXPECT_EQ( + SameSiteCookieContext(SameSiteCookieContext::ContextType::SAME_SITE_LAX, + SameSiteCookieContext::ContextType::CROSS_SITE), + cookie_util::ComputeSameSiteContextForRequest( + "GET", GURL("https://example.com"), + SiteForCookies::FromUrl(GURL("http://example.com")), + url::Origin::Create(GURL("http://from-elsewhere.com")), + false /*force_ignore_site_for_cookies*/)); - EXPECT_EQ(SameSiteCookieContext( - SameSiteCookieContext::ContextType::SAME_SITE_LAX, - SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE), - cookie_util::ComputeSameSiteContextForRequest( - "GET", GURL("http://example.com"), - SiteForCookies::FromUrl(GURL("https://example.com")), - url::Origin::Create(GURL("http://from-elsewhere.com")), - false /*attach_same_site_cookies*/)); + EXPECT_EQ( + SameSiteCookieContext(SameSiteCookieContext::ContextType::SAME_SITE_LAX, + SameSiteCookieContext::ContextType::CROSS_SITE), + cookie_util::ComputeSameSiteContextForRequest( + "GET", GURL("http://example.com"), + SiteForCookies::FromUrl(GURL("https://example.com")), + url::Origin::Create(GURL("http://from-elsewhere.com")), + false /*force_ignore_site_for_cookies*/)); + + EXPECT_EQ( + SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT, + SameSiteCookieContext::ContextType::SAME_SITE_LAX_METHOD_UNSAFE), + cookie_util::ComputeSameSiteContextForRequest( + "POST", GURL("https://example.com"), + SiteForCookies::FromUrl(GURL("https://example.com")), + url::Origin::Create(GURL("http://example.com")), + false /*force_ignore_site_for_cookies*/)); + + EXPECT_EQ( + SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT, + SameSiteCookieContext::ContextType::SAME_SITE_LAX_METHOD_UNSAFE), + cookie_util::ComputeSameSiteContextForRequest( + "POST", GURL("http://example.com"), + SiteForCookies::FromUrl(GURL("http://example.com")), + url::Origin::Create(GURL("https://example.com")), + false /*force_ignore_site_for_cookies*/)); EXPECT_EQ(SameSiteCookieContext(CookieOptions::SameSiteCookieContext:: ContextType::SAME_SITE_LAX_METHOD_UNSAFE), @@ -628,34 +804,25 @@ TEST(CookieUtilTest, ComputeSameSiteContextForRequest) { "POST", GURL("http://example.com"), SiteForCookies::FromUrl(GURL("http://example.com")), url::Origin::Create(GURL("http://from-elsewhere.com")), - false /*attach_same_site_cookies*/)); + false /*force_ignore_site_for_cookies*/)); EXPECT_EQ(SameSiteCookieContext( SameSiteCookieContext::ContextType::SAME_SITE_LAX_METHOD_UNSAFE, - SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), + SameSiteCookieContext::ContextType::CROSS_SITE), cookie_util::ComputeSameSiteContextForRequest( "POST", GURL("https://example.com"), SiteForCookies::FromUrl(GURL("http://example.com")), url::Origin::Create(GURL("http://from-elsewhere.com")), - false /*attach_same_site_cookies*/)); + false /*force_ignore_site_for_cookies*/)); EXPECT_EQ(SameSiteCookieContext( SameSiteCookieContext::ContextType::SAME_SITE_LAX_METHOD_UNSAFE, - SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE), + SameSiteCookieContext::ContextType::CROSS_SITE), cookie_util::ComputeSameSiteContextForRequest( "POST", GURL("http://example.com"), SiteForCookies::FromUrl(GURL("https://example.com")), url::Origin::Create(GURL("http://from-elsewhere.com")), - false /*attach_same_site_cookies*/)); - - EXPECT_EQ(SameSiteCookieContext( - SameSiteCookieContext::ContextType::SAME_SITE_LAX_METHOD_UNSAFE, - SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), - cookie_util::ComputeSameSiteContextForRequest( - "POST", GURL("https://example.com"), - SiteForCookies::FromUrl(GURL("http://example.com")), - url::Origin::Create(GURL("http://from-elsewhere.com")), - false /*attach_same_site_cookies*/)); + false /*force_ignore_site_for_cookies*/)); } TEST(CookieUtilTest, ComputeSameSiteContextForSet) { @@ -665,64 +832,168 @@ TEST(CookieUtilTest, ComputeSameSiteContextForSet) { cookie_util::ComputeSameSiteContextForResponse( GURL("http://example.com"), SiteForCookies::FromUrl(GURL("http://notexample.com")), - base::nullopt, false /* attach_same_site_cookies */)); + base::nullopt, false /* force_ignore_site_for_cookies */)); EXPECT_EQ(SameSiteCookieContext( - CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE, - SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), + CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE), cookie_util::ComputeSameSiteContextForResponse( GURL("https://example.com"), SiteForCookies::FromUrl(GURL("http://notexample.com")), - base::nullopt, false /* attach_same_site_cookies */)); + base::nullopt, false /* force_ignore_site_for_cookies */)); EXPECT_EQ(SameSiteCookieContext( - CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE, - SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE), + CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE), cookie_util::ComputeSameSiteContextForResponse( GURL("http://example.com"), SiteForCookies::FromUrl(GURL("https://notexample.com")), - base::nullopt, false /* attach_same_site_cookies */)); + base::nullopt, false /* force_ignore_site_for_cookies */)); - // Same as above except |attach_same_site_cookies| makes it return LAX. + EXPECT_EQ( + SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX, + CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE), + cookie_util::ComputeSameSiteContextForResponse( + GURL("https://example.com"), + SiteForCookies::FromUrl(GURL("http://example.com")), base::nullopt, + false /* force_ignore_site_for_cookies */)); + + EXPECT_EQ( + SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX, + CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE), + cookie_util::ComputeSameSiteContextForResponse( + GURL("http://example.com"), + SiteForCookies::FromUrl(GURL("https://example.com")), base::nullopt, + false /* force_ignore_site_for_cookies */)); + + // Same as above except |force_ignore_site_for_cookies| makes it return LAX. EXPECT_EQ( SameSiteCookieContext( CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX), cookie_util::ComputeSameSiteContextForResponse( GURL("http://example.com"), SiteForCookies::FromUrl(GURL("http://notexample.com")), base::nullopt, - true /* attach_same_site_cookies */)); + true /* force_ignore_site_for_cookies */)); + + EXPECT_EQ( + SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX), + cookie_util::ComputeSameSiteContextForResponse( + GURL("https://example.com"), + SiteForCookies::FromUrl(GURL("http://example.com")), base::nullopt, + true /* force_ignore_site_for_cookies */)); + + EXPECT_EQ( + SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX), + cookie_util::ComputeSameSiteContextForResponse( + GURL("http://example.com"), + SiteForCookies::FromUrl(GURL("https://example.com")), base::nullopt, + true /* force_ignore_site_for_cookies */)); + + // |site_for_cookies| not being schemefully_same -> it's cross-site. + SiteForCookies insecure_not_schemefully_same = + SiteForCookies::FromUrl(GURL("http://example.com")); + insecure_not_schemefully_same.SetSchemefullySameForTesting(false); + EXPECT_EQ( + SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX, + CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE), + cookie_util::ComputeSameSiteContextForResponse( + GURL("http://example.com"), insecure_not_schemefully_same, + base::nullopt, false /* force_ignore_site_for_cookies */)); + + SiteForCookies secure_not_schemefully_same = + SiteForCookies::FromUrl(GURL("https://example.com")); + secure_not_schemefully_same.SetSchemefullySameForTesting(false); + EXPECT_EQ( + SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX, + CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE), + cookie_util::ComputeSameSiteContextForResponse( + GURL("https://example.com"), secure_not_schemefully_same, + base::nullopt, false /* force_ignore_site_for_cookies */)); EXPECT_EQ(SameSiteCookieContext( CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE), cookie_util::ComputeSameSiteContextForScriptSet( GURL("http://example.com"), SiteForCookies::FromUrl(GURL("http://notexample.com")), - false /* attach_same_site_cookies */)); + false /* force_ignore_site_for_cookies */)); EXPECT_EQ(SameSiteCookieContext( - CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE, - SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), + CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE), cookie_util::ComputeSameSiteContextForScriptSet( GURL("https://example.com"), SiteForCookies::FromUrl(GURL("http://notexample.com")), - false /* attach_same_site_cookies */)); + false /* force_ignore_site_for_cookies */)); EXPECT_EQ(SameSiteCookieContext( - CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE, - SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE), + CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE), cookie_util::ComputeSameSiteContextForScriptSet( GURL("http://example.com"), SiteForCookies::FromUrl(GURL("https://notexample.com")), - false /* attach_same_site_cookies */)); + false /* force_ignore_site_for_cookies */)); - // Same as above except |attach_same_site_cookies| makes it return LAX. + EXPECT_EQ( + SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX, + CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE), + cookie_util::ComputeSameSiteContextForScriptSet( + GURL("https://example.com"), + SiteForCookies::FromUrl(GURL("http://example.com")), + false /* force_ignore_site_for_cookies */)); + + EXPECT_EQ( + SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX, + CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE), + cookie_util::ComputeSameSiteContextForScriptSet( + GURL("http://example.com"), + SiteForCookies::FromUrl(GURL("https://example.com")), + false /* force_ignore_site_for_cookies */)); + + // Same as above except |force_ignore_site_for_cookies| makes it return LAX. EXPECT_EQ( SameSiteCookieContext( CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX), cookie_util::ComputeSameSiteContextForScriptSet( GURL("http://example.com"), SiteForCookies::FromUrl(GURL("http://notexample.com")), - true /* attach_same_site_cookies */)); + true /* force_ignore_site_for_cookies */)); + + EXPECT_EQ( + SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX), + cookie_util::ComputeSameSiteContextForScriptSet( + GURL("https://example.com"), + SiteForCookies::FromUrl(GURL("http://example.com")), + true /* force_ignore_site_for_cookies */)); + + EXPECT_EQ( + SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX), + cookie_util::ComputeSameSiteContextForScriptSet( + GURL("http://example.com"), + SiteForCookies::FromUrl(GURL("https://example.com")), + true /* force_ignore_site_for_cookies */)); + + // |site_for_cookies| not being schemefully_same -> it's cross-site. + EXPECT_EQ( + SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX, + CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE), + cookie_util::ComputeSameSiteContextForScriptSet( + GURL("http://example.com"), insecure_not_schemefully_same, + false /* force_ignore_site_for_cookies */)); + + EXPECT_EQ( + SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX, + CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE), + cookie_util::ComputeSameSiteContextForScriptSet( + GURL("https://example.com"), secure_not_schemefully_same, + false /* force_ignore_site_for_cookies */)); EXPECT_EQ( SameSiteCookieContext( @@ -730,42 +1001,58 @@ TEST(CookieUtilTest, ComputeSameSiteContextForSet) { cookie_util::ComputeSameSiteContextForResponse( GURL("http://example.com/dir"), SiteForCookies::FromUrl(GURL("http://sub.example.com")), - base::nullopt, false /* attach_same_site_cookies */)); + base::nullopt, false /* force_ignore_site_for_cookies */)); EXPECT_EQ( SameSiteCookieContext( CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX), cookie_util::ComputeSameSiteContextForResponse( GURL("http://example.com/dir"), SiteForCookies::FromUrl(GURL("http://sub.example.com")), - base::nullopt, true /* attach_same_site_cookies */)); - EXPECT_EQ(SameSiteCookieContext( - SameSiteCookieContext::ContextType::SAME_SITE_LAX, - SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE), - cookie_util::ComputeSameSiteContextForResponse( - GURL("http://example.com/dir"), - SiteForCookies::FromUrl(GURL("https://sub.example.com")), - base::nullopt, false /* attach_same_site_cookies */)); + base::nullopt, true /* force_ignore_site_for_cookies */)); + + // wss/https and http/ws are considered the same for schemeful purposes. + EXPECT_EQ( + SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX), + cookie_util::ComputeSameSiteContextForResponse( + GURL("ws://example.com"), + SiteForCookies::FromUrl(GURL("http://example.com")), base::nullopt, + true /* force_ignore_site_for_cookies */)); + + EXPECT_EQ( + SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX), + cookie_util::ComputeSameSiteContextForResponse( + GURL("wss://example.com"), + SiteForCookies::FromUrl(GURL("https://example.com")), base::nullopt, + true /* force_ignore_site_for_cookies */)); + EXPECT_EQ(SameSiteCookieContext( SameSiteCookieContext::ContextType::SAME_SITE_LAX, - SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE), + CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE), cookie_util::ComputeSameSiteContextForResponse( GURL("http://example.com/dir"), SiteForCookies::FromUrl(GURL("https://sub.example.com")), - base::nullopt, true /* attach_same_site_cookies */)); - EXPECT_EQ(SameSiteCookieContext( - SameSiteCookieContext::ContextType::SAME_SITE_LAX, - SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), - cookie_util::ComputeSameSiteContextForResponse( - GURL("https://example.com/dir"), - SiteForCookies::FromUrl(GURL("http://sub.example.com")), - base::nullopt, false /* attach_same_site_cookies */)); + base::nullopt, false /* force_ignore_site_for_cookies */)); + EXPECT_EQ( + SameSiteCookieContext(SameSiteCookieContext::ContextType::SAME_SITE_LAX), + cookie_util::ComputeSameSiteContextForResponse( + GURL("http://example.com/dir"), + SiteForCookies::FromUrl(GURL("https://sub.example.com")), + base::nullopt, true /* force_ignore_site_for_cookies */)); EXPECT_EQ(SameSiteCookieContext( SameSiteCookieContext::ContextType::SAME_SITE_LAX, - SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), + CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE), cookie_util::ComputeSameSiteContextForResponse( GURL("https://example.com/dir"), SiteForCookies::FromUrl(GURL("http://sub.example.com")), - base::nullopt, true /* attach_same_site_cookies */)); + base::nullopt, false /* force_ignore_site_for_cookies */)); + EXPECT_EQ( + SameSiteCookieContext(SameSiteCookieContext::ContextType::SAME_SITE_LAX), + cookie_util::ComputeSameSiteContextForResponse( + GURL("https://example.com/dir"), + SiteForCookies::FromUrl(GURL("http://sub.example.com")), + base::nullopt, true /* force_ignore_site_for_cookies */)); EXPECT_EQ( SameSiteCookieContext( @@ -773,21 +1060,35 @@ TEST(CookieUtilTest, ComputeSameSiteContextForSet) { cookie_util::ComputeSameSiteContextForScriptSet( GURL("http://example.com/dir"), SiteForCookies::FromUrl(GURL("http://sub.example.com")), - false /* attach_same_site_cookies */)); - EXPECT_EQ(SameSiteCookieContext( - SameSiteCookieContext::ContextType::SAME_SITE_LAX, - SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE), - cookie_util::ComputeSameSiteContextForScriptSet( - GURL("http://example.com/dir"), - SiteForCookies::FromUrl(GURL("https://sub.example.com")), - false /* attach_same_site_cookies */)); - EXPECT_EQ(SameSiteCookieContext( - SameSiteCookieContext::ContextType::SAME_SITE_LAX, - SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), - cookie_util::ComputeSameSiteContextForScriptSet( - GURL("https://example.com/dir"), - SiteForCookies::FromUrl(GURL("http://sub.example.com")), - false /* attach_same_site_cookies */)); + false /* force_ignore_site_for_cookies */)); + EXPECT_EQ( + SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX), + cookie_util::ComputeSameSiteContextForScriptSet( + GURL("ws://example.com"), + SiteForCookies::FromUrl(GURL("http://example.com")), + false /* force_ignore_site_for_cookies */)); + EXPECT_EQ( + SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX), + cookie_util::ComputeSameSiteContextForScriptSet( + GURL("wss://example.com"), + SiteForCookies::FromUrl(GURL("https://example.com")), + false /* force_ignore_site_for_cookies */)); + EXPECT_EQ( + SameSiteCookieContext(SameSiteCookieContext::ContextType::SAME_SITE_LAX, + SameSiteCookieContext::ContextType::CROSS_SITE), + cookie_util::ComputeSameSiteContextForScriptSet( + GURL("http://example.com/dir"), + SiteForCookies::FromUrl(GURL("https://sub.example.com")), + false /* force_ignore_site_for_cookies */)); + EXPECT_EQ( + SameSiteCookieContext(SameSiteCookieContext::ContextType::SAME_SITE_LAX, + SameSiteCookieContext::ContextType::CROSS_SITE), + cookie_util::ComputeSameSiteContextForScriptSet( + GURL("https://example.com/dir"), + SiteForCookies::FromUrl(GURL("http://sub.example.com")), + false /* force_ignore_site_for_cookies */)); } TEST(CookieUtilTest, TestComputeSameSiteContextForSubresource) { @@ -798,62 +1099,116 @@ TEST(CookieUtilTest, TestComputeSameSiteContextForSubresource) { cookie_util::ComputeSameSiteContextForSubresource( GURL("http://example.com"), SiteForCookies::FromUrl(GURL("http://notexample.com")), - false /* attach_same_site_cookies */)); + false /* force_ignore_site_for_cookies */)); - EXPECT_EQ(SameSiteCookieContext( - SameSiteCookieContext::ContextType::CROSS_SITE, - SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), - cookie_util::ComputeSameSiteContextForSubresource( - GURL("https://example.com"), - SiteForCookies::FromUrl(GURL("http://notexample.com")), - false /* attach_same_site_cookies */)); + EXPECT_EQ( + SameSiteCookieContext(SameSiteCookieContext::ContextType::CROSS_SITE), + cookie_util::ComputeSameSiteContextForSubresource( + GURL("https://example.com"), + SiteForCookies::FromUrl(GURL("http://notexample.com")), + false /* force_ignore_site_for_cookies */)); - EXPECT_EQ(SameSiteCookieContext( - SameSiteCookieContext::ContextType::CROSS_SITE, - SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE), - cookie_util::ComputeSameSiteContextForSubresource( - GURL("http://example.com"), - SiteForCookies::FromUrl(GURL("https://notexample.com")), - false /* attach_same_site_cookies */)); + EXPECT_EQ( + SameSiteCookieContext(SameSiteCookieContext::ContextType::CROSS_SITE), + cookie_util::ComputeSameSiteContextForSubresource( + GURL("http://example.com"), + SiteForCookies::FromUrl(GURL("https://notexample.com")), + false /* force_ignore_site_for_cookies */)); - // Same as above except |attach_same_site_cookies| makes it return STRICT. + // Same as above except |force_ignore_site_for_cookies| makes it return + // STRICT. EXPECT_EQ(SameSiteCookieContext( SameSiteCookieContext::ContextType::SAME_SITE_STRICT), cookie_util::ComputeSameSiteContextForSubresource( GURL("http://example.com"), SiteForCookies::FromUrl(GURL("http://notexample.com")), - true /* attach_same_site_cookies */)); + true /* force_ignore_site_for_cookies */)); + + // |site_for_cookies| not being schemefully_same -> it's cross-site. + SiteForCookies insecure_not_schemefully_same = + SiteForCookies::FromUrl(GURL("http://example.com")); + insecure_not_schemefully_same.SetSchemefullySameForTesting(false); + EXPECT_EQ( + SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT, + CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE), + cookie_util::ComputeSameSiteContextForSubresource( + GURL("http://example.com"), insecure_not_schemefully_same, + false /* force_ignore_site_for_cookies */)); + + SiteForCookies secure_not_schemefully_same = + SiteForCookies::FromUrl(GURL("https://example.com")); + secure_not_schemefully_same.SetSchemefullySameForTesting(false); + EXPECT_EQ( + SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT, + CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE), + cookie_util::ComputeSameSiteContextForSubresource( + GURL("https://example.com"), secure_not_schemefully_same, + false /* force_ignore_site_for_cookies */)); // This isn't a full on origin check --- subdomains and different schema are - // accepted. + // accepted. For SameSiteCookieContext::schemeful_context the scheme is + // considered. EXPECT_EQ(SameSiteCookieContext( SameSiteCookieContext::ContextType::SAME_SITE_STRICT, - SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), + SameSiteCookieContext::ContextType::CROSS_SITE), cookie_util::ComputeSameSiteContextForSubresource( GURL("https://example.com"), SiteForCookies::FromUrl(GURL("http://example.com")), - false /* attach_same_site_cookies */)); + false /* force_ignore_site_for_cookies */)); + + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT, + SameSiteCookieContext::ContextType::CROSS_SITE), + cookie_util::ComputeSameSiteContextForSubresource( + GURL("http://example.com"), + SiteForCookies::FromUrl(GURL("https://example.com")), + false /* force_ignore_site_for_cookies */)); + + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT, + SameSiteCookieContext::ContextType::CROSS_SITE), + cookie_util::ComputeSameSiteContextForSubresource( + GURL("http://example.com"), + SiteForCookies::FromUrl(GURL("https://example.com")), + false /* force_ignore_site_for_cookies */)); EXPECT_EQ(SameSiteCookieContext( SameSiteCookieContext::ContextType::SAME_SITE_STRICT), cookie_util::ComputeSameSiteContextForSubresource( GURL("http://sub.example.com"), SiteForCookies::FromUrl(GURL("http://sub2.example.com")), - false /* attach_same_site_cookies */)); + false /* force_ignore_site_for_cookies */)); EXPECT_EQ(SameSiteCookieContext( SameSiteCookieContext::ContextType::SAME_SITE_STRICT), cookie_util::ComputeSameSiteContextForSubresource( GURL("http://sub.example.com"), SiteForCookies::FromUrl(GURL("http://sub.example.com:8080")), - false /* attach_same_site_cookies */)); + false /* force_ignore_site_for_cookies */)); EXPECT_EQ(SameSiteCookieContext( SameSiteCookieContext::ContextType::SAME_SITE_STRICT), cookie_util::ComputeSameSiteContextForSubresource( GURL("http://example.com"), SiteForCookies::FromUrl(GURL("http://example.com")), - false /* attach_same_site_cookies */)); + false /* force_ignore_site_for_cookies */)); + + // wss/https and http/ws are considered the same for schemeful purposes. + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT), + cookie_util::ComputeSameSiteContextForSubresource( + GURL("ws://example.com"), + SiteForCookies::FromUrl(GURL("http://example.com")), + false /* force_ignore_site_for_cookies */)); + + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT), + cookie_util::ComputeSameSiteContextForSubresource( + GURL("wss://example.com"), + SiteForCookies::FromUrl(GURL("https://example.com")), + false /* force_ignore_site_for_cookies */)); } TEST(CookieUtilTest, AdaptCookieInclusionStatusToBool) { diff --git a/chromium/net/cookies/parse_cookie_line_fuzzer.cc b/chromium/net/cookies/parse_cookie_line_fuzzer.cc index e65412f1a82..4ea774ab748 100644 --- a/chromium/net/cookies/parse_cookie_line_fuzzer.cc +++ b/chromium/net/cookies/parse_cookie_line_fuzzer.cc @@ -7,7 +7,7 @@ #include <fuzzer/FuzzedDataProvider.h> -#include "base/logging.h" +#include "base/check_op.h" #include "net/cookies/parsed_cookie.h" const std::string GetArbitraryString(FuzzedDataProvider* data_provider) { diff --git a/chromium/net/cookies/site_for_cookies.cc b/chromium/net/cookies/site_for_cookies.cc index 8c152a67943..759b4e7a372 100644 --- a/chromium/net/cookies/site_for_cookies.cc +++ b/chromium/net/cookies/site_for_cookies.cc @@ -7,6 +7,7 @@ #include "base/strings/strcat.h" #include "base/strings/string_util.h" #include "net/base/registry_controlled_domains/registry_controlled_domain.h" +#include "net/cookies/cookie_util.h" namespace net { @@ -20,7 +21,7 @@ std::string RegistrableDomainOrHost(const std::string& host) { } // namespace -SiteForCookies::SiteForCookies() = default; +SiteForCookies::SiteForCookies() : schemefully_same_(false) {} SiteForCookies::SiteForCookies(const SiteForCookies& other) = default; SiteForCookies::SiteForCookies(SiteForCookies&& other) = default; @@ -35,6 +36,7 @@ SiteForCookies& SiteForCookies::operator=(SiteForCookies&& site_for_cookies) = // static bool SiteForCookies::FromWire(const std::string& scheme, const std::string& registrable_domain, + bool schemefully_same, SiteForCookies* out) { // Make sure scheme meets precondition of methods like // GURL::SchemeIsCryptographic. @@ -46,6 +48,8 @@ bool SiteForCookies::FromWire(const std::string& scheme, if (registrable_domain != candidate.registrable_domain_) return false; + candidate.schemefully_same_ = schemefully_same; + *out = std::move(candidate); return true; } @@ -65,25 +69,34 @@ SiteForCookies SiteForCookies::FromUrl(const GURL& url) { } std::string SiteForCookies::ToDebugString() const { + std::string same_scheme_string = schemefully_same_ ? "true" : "false"; return base::StrCat({"SiteForCookies: {scheme=", scheme_, - "; registrable_domain=", registrable_domain_, "}"}); + "; registrable_domain=", registrable_domain_, + "; schemefully_same=", same_scheme_string, "}"}); } bool SiteForCookies::IsFirstParty(const GURL& url) const { - if (scheme_.empty() || !url.is_valid()) - return false; - - std::string other_registrable_domain = RegistrableDomainOrHost(url.host()); + return IsFirstPartyWithSchemefulMode( + url, cookie_util::IsSchemefulSameSiteEnabled()); +} - if (registrable_domain_.empty()) - return other_registrable_domain.empty() && (scheme_ == url.scheme()); +bool SiteForCookies::IsFirstPartyWithSchemefulMode( + const GURL& url, + bool compute_schemefully) const { + if (compute_schemefully) + return IsSchemefullyFirstParty(url); - return registrable_domain_ == other_registrable_domain; + return IsSchemelesslyFirstParty(url); } bool SiteForCookies::IsEquivalent(const SiteForCookies& other) const { - if (scheme_.empty()) - return other.scheme_.empty(); + if (IsNull()) + return other.IsNull(); + + if (cookie_util::IsSchemefulSameSiteEnabled() && + !CompatibleScheme(other.scheme())) { + return false; + } if (registrable_domain_.empty()) return other.registrable_domain_.empty() && (scheme_ == other.scheme_); @@ -91,16 +104,91 @@ bool SiteForCookies::IsEquivalent(const SiteForCookies& other) const { return registrable_domain_ == other.registrable_domain_; } +void SiteForCookies::MarkIfCrossScheme(const url::Origin& other) { + // If |this| is IsNull() then |this| doesn't match anything which means that + // the scheme check is pointless. Also exit early if schemefully_same_ is + // already false. + if (IsNull() || !schemefully_same_) + return; + + // Mark if |other| is opaque. Opaque origins shouldn't match. + if (other.opaque()) { + schemefully_same_ = false; + return; + } + + if (CompatibleScheme(other.scheme())) + return; + + // The two are cross-scheme to each other. + schemefully_same_ = false; +} + GURL SiteForCookies::RepresentativeUrl() const { - if (scheme_.empty()) + if (IsNull()) return GURL(); GURL result(base::StrCat({scheme_, "://", registrable_domain_, "/"})); DCHECK(result.is_valid()); return result; } +bool SiteForCookies::IsNull() const { + if (cookie_util::IsSchemefulSameSiteEnabled()) + return scheme_.empty() || !schemefully_same_; + + return scheme_.empty(); +} + SiteForCookies::SiteForCookies(const std::string& scheme, const std::string& host) - : scheme_(scheme), registrable_domain_(RegistrableDomainOrHost(host)) {} + : scheme_(scheme), + registrable_domain_(RegistrableDomainOrHost(host)), + schemefully_same_(!scheme.empty()) {} + +bool SiteForCookies::CompatibleScheme(const std::string& other_scheme) const { + DCHECK(base::IsStringASCII(other_scheme)); + DCHECK(base::ToLowerASCII(other_scheme) == other_scheme); + + // Exact match case. + if (scheme_ == other_scheme) + return true; + + // ["https", "wss"] case. + if ((scheme_ == url::kHttpsScheme || scheme_ == url::kWssScheme) && + (other_scheme == url::kHttpsScheme || other_scheme == url::kWssScheme)) { + return true; + } + + // ["http", "ws"] case. + if ((scheme_ == url::kHttpScheme || scheme_ == url::kWsScheme) && + (other_scheme == url::kHttpScheme || other_scheme == url::kWsScheme)) { + return true; + } + + return false; +} + +bool SiteForCookies::IsSchemefullyFirstParty(const GURL& url) const { + // Can't use IsNull() as we want the same behavior regardless of + // SchemefulSameSite feature status. + if (scheme_.empty() || !schemefully_same_ || !url.is_valid()) + return false; + + return CompatibleScheme(url.scheme()) && IsSchemelesslyFirstParty(url); +} + +bool SiteForCookies::IsSchemelesslyFirstParty(const GURL& url) const { + // Can't use IsNull() as we want the same behavior regardless of + // SchemefulSameSite feature status. + if (scheme_.empty() || !url.is_valid()) + return false; + + std::string other_registrable_domain = RegistrableDomainOrHost(url.host()); + + if (registrable_domain_.empty()) + return other_registrable_domain.empty() && (scheme_ == url.scheme()); + + return registrable_domain_ == other_registrable_domain; +} } // namespace net diff --git a/chromium/net/cookies/site_for_cookies.h b/chromium/net/cookies/site_for_cookies.h index 680a9a16330..0de33fabeba 100644 --- a/chromium/net/cookies/site_for_cookies.h +++ b/chromium/net/cookies/site_for_cookies.h @@ -23,12 +23,13 @@ namespace net { // 2) They both have empty hostnames and equal schemes. // Invalid URLs are not first party to anything. // -// TODO(morlovich): It may make sense to require scheme to match in case (1) -// too, where the notion of matching makes http/https/ws/wss equivalent, but -// all other schemes are distinct. -// -// This should wait until SiteForCookies type is used everywhere relevant, so -// any changes are consistent. +// With the SchemefulSameSite feature enabled the policy is that two valid URLs +// would be considered the same party if either: +// 1) They both have compatible schemes along with non-empty and equal +// registrable domains or hostnames/IPs. See CompatibleScheme() for more details +// on what it means to have a compatible scheme. +// 2) They both have empty hostnames and exactly equal schemes. Invalid URLs are +// not first party to anything. class NET_EXPORT SiteForCookies { public: // Matches nothing. @@ -50,6 +51,7 @@ class NET_EXPORT SiteForCookies { // did not lie, merely that they are well-formed. static bool FromWire(const std::string& scheme, const std::string& registrable_domain, + bool schemefully_same, SiteForCookies* out); // If the origin is opaque, returns SiteForCookies that matches nothing. @@ -61,16 +63,39 @@ class NET_EXPORT SiteForCookies { // Equivalent to FromOrigin(url::Origin::Create(url)). static SiteForCookies FromUrl(const GURL& url); + // Returns a string with the values of the member variables. + // |schemefully_same| being false does not change the output. std::string ToDebugString() const; // Returns true if |url| should be considered first-party to the context // |this| represents. bool IsFirstParty(const GURL& url) const; + // Don't use this function unless you know what you're doing, if you're unsure + // you probably want IsFirstParty(). + // + // If |compute_schemefully| is true this function will return true if |url| + // should be considered first-party to the context |this| represents when the + // compatibility of the schemes are taken into account. + // + // If |compute_schemefully| is false this function will return true if |url| + // should be considered first-party to the context |this| represents when the + // compatibility of the scheme are not taken into account. Note that schemes + // are still compared for exact equality if neither |this| nor |url| have a + // registered domain. + // + // See CompatibleScheme() for more information on scheme compatibility. + bool IsFirstPartyWithSchemefulMode(const GURL& url, + bool compute_schemefully) const; + // Returns true if |other.IsFirstParty()| is true for exactly the same URLs // as |this->IsFirstParty| (potentially none). bool IsEquivalent(const SiteForCookies& other) const; + // Clears the schemefully_same_ flag if |other|'s scheme is cross-scheme to + // |this|. Schemes are considered cross-scheme if they're !CompatibleScheme(). + void MarkIfCrossScheme(const url::Origin& other); + // Returns a URL that's first party to this SiteForCookies (an empty URL if // none) --- that is, it has the property that // site_for_cookies.IsEquivalent( @@ -87,12 +112,30 @@ class NET_EXPORT SiteForCookies { const std::string& registrable_domain() const { return registrable_domain_; } + // Used for serialization/deserialization. This value is irrelevant if + // IsNull() is true. + bool schemefully_same() const { return schemefully_same_; } + + void SetSchemefullySameForTesting(bool schemefully_same) { + schemefully_same_ = schemefully_same; + } + // Returns true if this SiteForCookies matches nothing. - bool IsNull() const { return scheme_.empty(); } + // If the SchemefulSameSite feature is enabled then !schemefully_same_ causes + // this function to return true. + bool IsNull() const; private: SiteForCookies(const std::string& scheme, const std::string& host); + // Two schemes are considered compatible if they exactly match, they are both + // in ["https", "wss"], or they are both in ["http", "ws"]. + bool CompatibleScheme(const std::string& other_scheme) const; + + bool IsSchemefullyFirstParty(const GURL& url) const; + + bool IsSchemelesslyFirstParty(const GURL& url) const; + // These should be canonicalized appropriately by GURL/url::Origin. // An empty |scheme_| means that this matches nothing. std::string scheme_; @@ -102,6 +145,23 @@ class NET_EXPORT SiteForCookies { // just the bare hostname or IP, or an empty string if this represents // something like file:/// std::string registrable_domain_; + + // Used to indicate if the SiteForCookies would be the same if computed + // schemefully. A schemeful computation means to take the |scheme_| as well as + // the |registrable_domain_| into account when determining first-partyness. + // See CompatibleScheme() for more information on scheme comparison. + // + // True means to treat |this| as-is while false means that |this| should be + // treated as if it matches nothing i.e. IsNull() returns true. + // + // This value is important in the case where the SiteForCookies is being used + // to assess the first-partyness of a sub-frame in a document. + // + // For a SiteForCookies with !scheme_.empty() this value starts as true and + // will only go false via MarkIfCrossScheme(), otherwise this value is + // irrelevant (For tests this value can also be modified by + // SetSchemefullySameForTesting()). + bool schemefully_same_; }; } // namespace net diff --git a/chromium/net/cookies/site_for_cookies_unittest.cc b/chromium/net/cookies/site_for_cookies_unittest.cc index 3583f1a744e..640b9987628 100644 --- a/chromium/net/cookies/site_for_cookies_unittest.cc +++ b/chromium/net/cookies/site_for_cookies_unittest.cc @@ -7,6 +7,8 @@ #include <vector> #include "base/strings/strcat.h" +#include "base/test/scoped_feature_list.h" +#include "net/base/features.h" #include "testing/gtest/include/gtest/gtest.h" #include "url/gurl.h" #include "url/origin.h" @@ -15,6 +17,16 @@ namespace net { namespace { +class SchemefulSiteForCookiesTest : public ::testing::Test { + public: + SchemefulSiteForCookiesTest() { + scope_feature_list_.InitAndEnableFeature(features::kSchemefulSameSite); + } + + protected: + base::test::ScopedFeatureList scope_feature_list_; +}; + // Tests that all URLs from |equivalent| produce SiteForCookies that match // URLs in the set and are equivalent to each other, and are distinct and // don't match |distinct|. @@ -70,8 +82,9 @@ TEST(SiteForCookiesTest, Default) { SiteForCookies::FromOrigin(url::Origin()))); EXPECT_EQ("", should_match_none.scheme()); - EXPECT_EQ("SiteForCookies: {scheme=; registrable_domain=}", - should_match_none.ToDebugString()); + EXPECT_EQ( + "SiteForCookies: {scheme=; registrable_domain=; schemefully_same=false}", + should_match_none.ToDebugString()); } TEST(SiteForCookiesTest, Basic) { @@ -89,6 +102,38 @@ TEST(SiteForCookiesTest, Basic) { TestEquivalentAndDistinct(equivalent, distinct, "example.com"); } +// Similar to SiteForCookiesTest_Basic with a focus on testing secure SFCs. +TEST_F(SchemefulSiteForCookiesTest, BasicSecure) { + std::vector<GURL> equivalent = {GURL("https://example.com"), + GURL("wss://example.com"), + GURL("https://sub1.example.com:42/something"), + GURL("wss://sub2.example.com/something")}; + + std::vector<GURL> distinct = { + GURL("http://example.com"), GURL("https://example.org"), + GURL("ws://example.com"), GURL("https://com/i_am_a_tld"), + GURL("file://example.com/helo"), + }; + + TestEquivalentAndDistinct(equivalent, distinct, "example.com"); +} + +// Similar to SiteForCookiesTest_Basic with a focus on testing insecure SFCs. +TEST_F(SchemefulSiteForCookiesTest, BasicInsecure) { + std::vector<GURL> equivalent = {GURL("http://example.com"), + GURL("ws://example.com"), + GURL("http://sub1.example.com:42/something"), + GURL("ws://sub2.example.com/something")}; + + std::vector<GURL> distinct = { + GURL("https://example.com"), GURL("http://example.org"), + GURL("wss://example.com"), GURL("http://com/i_am_a_tld"), + GURL("file://example.com/helo"), + }; + + TestEquivalentAndDistinct(equivalent, distinct, "example.com"); +} + TEST(SiteForCookiesTest, File) { std::vector<GURL> equivalent = {GURL("file:///a/b/c"), GURL("file:///etc/shaaadow")}; @@ -103,6 +148,7 @@ TEST(SiteForCookiesTest, Extension) { url::AddStandardScheme("chrome-extension", url::SCHEME_WITH_HOST); std::vector<GURL> equivalent = {GURL("chrome-extension://abc/"), GURL("chrome-extension://abc/foo.txt"), + GURL("https://abc"), GURL("http://abc"), // This one is disputable. GURL("file://abc/bar.txt")}; @@ -111,6 +157,23 @@ TEST(SiteForCookiesTest, Extension) { TestEquivalentAndDistinct(equivalent, distinct, "abc"); } +// Similar to SiteForCookiesTest_Extension with a focus on ensuring that http(s) +// schemes are distinct. +TEST_F(SchemefulSiteForCookiesTest, Extension) { + url::ScopedSchemeRegistryForTests scoped_registry; + url::AddStandardScheme("chrome-extension", url::SCHEME_WITH_HOST); + std::vector<GURL> equivalent = { + GURL("chrome-extension://abc/"), + GURL("chrome-extension://abc/foo.txt"), + }; + + std::vector<GURL> distinct = {GURL("chrome-extension://def"), + GURL("https://abc"), GURL("http://abc"), + GURL("file://abc/bar.txt")}; + + TestEquivalentAndDistinct(equivalent, distinct, "abc"); +} + TEST(SiteForCookiesTest, NonStandard) { // If we don't register the scheme, nothing matches, even identical ones std::vector<GURL> equivalent; @@ -134,39 +197,210 @@ TEST(SiteForCookiesTest, Blob) { EXPECT_TRUE(from_blob.IsFirstParty(GURL("http://sub.example.org/resource"))); EXPECT_EQ("https", from_blob.scheme()); - EXPECT_EQ("SiteForCookies: {scheme=https; registrable_domain=example.org}", - from_blob.ToDebugString()); + EXPECT_EQ( + "SiteForCookies: {scheme=https; registrable_domain=example.org; " + "schemefully_same=true}", + from_blob.ToDebugString()); EXPECT_EQ("https://example.org/", from_blob.RepresentativeUrl().spec()); EXPECT_TRUE(from_blob.IsEquivalent( SiteForCookies::FromUrl(GURL("http://www.example.org:631")))); } +// Similar to SiteForCookiesTest_Blob with a focus on a secure blob. +TEST_F(SchemefulSiteForCookiesTest, SecureBlob) { + SiteForCookies from_blob = SiteForCookies::FromUrl( + GURL("blob:https://example.org/9115d58c-bcda-ff47-86e5-083e9a2153041")); + + EXPECT_TRUE(from_blob.IsFirstParty(GURL("https://sub.example.org/resource"))); + EXPECT_FALSE(from_blob.IsFirstParty(GURL("http://sub.example.org/resource"))); + EXPECT_EQ("https", from_blob.scheme()); + EXPECT_EQ( + "SiteForCookies: {scheme=https; registrable_domain=example.org; " + "schemefully_same=true}", + from_blob.ToDebugString()); + EXPECT_EQ("https://example.org/", from_blob.RepresentativeUrl().spec()); + EXPECT_TRUE(from_blob.IsEquivalent( + SiteForCookies::FromUrl(GURL("https://www.example.org:631")))); + EXPECT_FALSE(from_blob.IsEquivalent( + SiteForCookies::FromUrl(GURL("http://www.example.org:631")))); +} + +// Similar to SiteForCookiesTest_Blob with a focus on an insecure blob. +TEST_F(SchemefulSiteForCookiesTest, InsecureBlob) { + SiteForCookies from_blob = SiteForCookies::FromUrl( + GURL("blob:http://example.org/9115d58c-bcda-ff47-86e5-083e9a2153041")); + + EXPECT_TRUE(from_blob.IsFirstParty(GURL("http://sub.example.org/resource"))); + EXPECT_FALSE( + from_blob.IsFirstParty(GURL("https://sub.example.org/resource"))); + EXPECT_EQ("http", from_blob.scheme()); + EXPECT_EQ( + "SiteForCookies: {scheme=http; registrable_domain=example.org; " + "schemefully_same=true}", + from_blob.ToDebugString()); + EXPECT_EQ("http://example.org/", from_blob.RepresentativeUrl().spec()); + EXPECT_TRUE(from_blob.IsEquivalent( + SiteForCookies::FromUrl(GURL("http://www.example.org:631")))); + EXPECT_FALSE(from_blob.IsEquivalent( + SiteForCookies::FromUrl(GURL("https://www.example.org:631")))); +} + TEST(SiteForCookiesTest, Wire) { SiteForCookies out; // Empty one. - EXPECT_TRUE(SiteForCookies::FromWire("", "", &out)); + EXPECT_TRUE(SiteForCookies::FromWire("", "", false, &out)); + EXPECT_TRUE(out.IsNull()); + + EXPECT_TRUE(SiteForCookies::FromWire("", "", true, &out)); EXPECT_TRUE(out.IsNull()); // Not a valid scheme. - EXPECT_FALSE(SiteForCookies::FromWire("aH", "example.com", &out)); + EXPECT_FALSE(SiteForCookies::FromWire("aH", "example.com", false, &out)); EXPECT_TRUE(out.IsNull()); // Not a eTLD + 1 (or something hosty). - EXPECT_FALSE(SiteForCookies::FromWire("http", "sub.example.com", &out)); + EXPECT_FALSE( + SiteForCookies::FromWire("http", "sub.example.com", false, &out)); EXPECT_TRUE(out.IsNull()); // This is fine, though. - EXPECT_TRUE(SiteForCookies::FromWire("https", "127.0.0.1", &out)); + EXPECT_TRUE(SiteForCookies::FromWire("https", "127.0.0.1", true, &out)); EXPECT_FALSE(out.IsNull()); - EXPECT_EQ("SiteForCookies: {scheme=https; registrable_domain=127.0.0.1}", - out.ToDebugString()); + EXPECT_EQ( + "SiteForCookies: {scheme=https; registrable_domain=127.0.0.1; " + "schemefully_same=true}", + out.ToDebugString()); + + EXPECT_TRUE(SiteForCookies::FromWire("https", "127.0.0.1", false, &out)); + EXPECT_FALSE(out.IsNull()); + EXPECT_EQ( + "SiteForCookies: {scheme=https; registrable_domain=127.0.0.1; " + "schemefully_same=false}", + out.ToDebugString()); // As is actual eTLD+1. - EXPECT_TRUE(SiteForCookies::FromWire("wss", "example.com", &out)); + EXPECT_TRUE(SiteForCookies::FromWire("wss", "example.com", true, &out)); EXPECT_FALSE(out.IsNull()); - EXPECT_EQ("SiteForCookies: {scheme=wss; registrable_domain=example.com}", - out.ToDebugString()); + EXPECT_EQ( + "SiteForCookies: {scheme=wss; registrable_domain=example.com; " + "schemefully_same=true}", + out.ToDebugString()); +} + +// Similar to SiteForCookiesTest_Wire except that schemefully_same has an +// effect. +TEST_F(SchemefulSiteForCookiesTest, Wire) { + SiteForCookies out; + + // Empty one. + EXPECT_TRUE(SiteForCookies::FromWire("", "", false, &out)); + EXPECT_TRUE(out.IsNull()); + + EXPECT_TRUE(SiteForCookies::FromWire("", "", true, &out)); + EXPECT_TRUE(out.IsNull()); + + // Not a valid scheme. + EXPECT_FALSE(SiteForCookies::FromWire("aH", "example.com", false, &out)); + EXPECT_TRUE(out.IsNull()); + + // Not a eTLD + 1 (or something hosty). + EXPECT_FALSE( + SiteForCookies::FromWire("http", "sub.example.com", false, &out)); + EXPECT_TRUE(out.IsNull()); + + // This is fine, though. + EXPECT_TRUE(SiteForCookies::FromWire("https", "127.0.0.1", true, &out)); + EXPECT_FALSE(out.IsNull()); + EXPECT_EQ( + "SiteForCookies: {scheme=https; registrable_domain=127.0.0.1; " + "schemefully_same=true}", + out.ToDebugString()); + + // This one's schemefully_same is false + EXPECT_TRUE(SiteForCookies::FromWire("https", "127.0.0.1", false, &out)); + EXPECT_TRUE(out.IsNull()); + + // As is actual eTLD+1. + EXPECT_TRUE(SiteForCookies::FromWire("wss", "example.com", true, &out)); + EXPECT_FALSE(out.IsNull()); + EXPECT_EQ( + "SiteForCookies: {scheme=wss; registrable_domain=example.com; " + "schemefully_same=true}", + out.ToDebugString()); +} + +TEST(SiteForCookiesTest, SameScheme) { + struct TestCase { + const char* first; + const char* second; + bool expected_value; + }; + + const TestCase kTestCases[] = { + {"http://a.com", "http://a.com", true}, + {"https://a.com", "https://a.com", true}, + {"ws://a.com", "ws://a.com", true}, + {"wss://a.com", "wss://a.com", true}, + {"https://a.com", "wss://a.com", true}, + {"wss://a.com", "https://a.com", true}, + {"http://a.com", "ws://a.com", true}, + {"ws://a.com", "http://a.com", true}, + {"file://a.com", "file://a.com", true}, + {"file://folder1/folder2/file.txt", "file://folder1/folder2/file.txt", + true}, + {"ftp://a.com", "ftp://a.com", true}, + {"http://a.com", "file://a.com", false}, + {"ws://a.com", "wss://a.com", false}, + {"wss://a.com", "ws://a.com", false}, + {"https://a.com", "http://a.com", false}, + {"file://a.com", "https://a.com", false}, + {"https://a.com", "file://a.com", false}, + {"file://a.com", "ftp://a.com", false}, + {"ftp://a.com", "file://a.com", false}, + }; + + for (const TestCase& t : kTestCases) { + SiteForCookies first = SiteForCookies::FromUrl(GURL(t.first)); + url::Origin second = url::Origin::Create(GURL(t.second)); + EXPECT_FALSE(first.IsNull()); + first.MarkIfCrossScheme(second); + EXPECT_EQ(first.schemefully_same(), t.expected_value); + } +} + +TEST(SiteForCookiesTest, SameSchemeOpaque) { + url::Origin not_opaque_secure = + url::Origin::Create(GURL("https://site.example")); + url::Origin not_opaque_nonsecure = + url::Origin::Create(GURL("http://site.example")); + // Check an opaque origin made from a triple origin and one from the default + // constructor. + const url::Origin kOpaqueOrigins[] = { + not_opaque_secure.DeriveNewOpaqueOrigin(), + not_opaque_nonsecure.DeriveNewOpaqueOrigin(), url::Origin()}; + + for (const url::Origin& origin : kOpaqueOrigins) { + SiteForCookies secure_sfc = SiteForCookies::FromOrigin(not_opaque_secure); + EXPECT_FALSE(secure_sfc.IsNull()); + SiteForCookies nonsecure_sfc = + SiteForCookies::FromOrigin(not_opaque_nonsecure); + EXPECT_FALSE(nonsecure_sfc.IsNull()); + + EXPECT_TRUE(secure_sfc.schemefully_same()); + secure_sfc.MarkIfCrossScheme(origin); + EXPECT_FALSE(secure_sfc.schemefully_same()); + + EXPECT_TRUE(nonsecure_sfc.schemefully_same()); + nonsecure_sfc.MarkIfCrossScheme(origin); + EXPECT_FALSE(nonsecure_sfc.schemefully_same()); + + SiteForCookies opaque_sfc = SiteForCookies::FromOrigin(origin); + EXPECT_TRUE(opaque_sfc.IsNull()); + // Slightly implementation detail specific as the value isn't relevant for + // null SFCs. + EXPECT_FALSE(nonsecure_sfc.schemefully_same()); + } } } // namespace diff --git a/chromium/net/cookies/static_cookie_policy.cc b/chromium/net/cookies/static_cookie_policy.cc index 25c6e411826..96a45759a5f 100644 --- a/chromium/net/cookies/static_cookie_policy.cc +++ b/chromium/net/cookies/static_cookie_policy.cc @@ -4,7 +4,7 @@ #include "net/cookies/static_cookie_policy.h" -#include "base/logging.h" +#include "base/notreached.h" #include "net/base/net_errors.h" #include "net/cookies/site_for_cookies.h" #include "url/gurl.h" diff --git a/chromium/net/cookies/test_cookie_access_delegate.cc b/chromium/net/cookies/test_cookie_access_delegate.cc index 41893830adb..78750a8152e 100644 --- a/chromium/net/cookies/test_cookie_access_delegate.cc +++ b/chromium/net/cookies/test_cookie_access_delegate.cc @@ -48,7 +48,7 @@ void TestCookieAccessDelegate::SetIgnoreSameSiteRestrictionsScheme( std::string TestCookieAccessDelegate::GetKeyForDomainValue( const std::string& domain) const { DCHECK(!domain.empty()); - return domain[0] == '.' ? domain.substr(1) : domain; + return cookie_util::CookieDomainAsHost(domain); } } // namespace net diff --git a/chromium/net/data/ssl/certificates/README b/chromium/net/data/ssl/certificates/README index f9f2e3c3f77..5a4ecca0e77 100644 --- a/chromium/net/data/ssl/certificates/README +++ b/chromium/net/data/ssl/certificates/README @@ -208,6 +208,11 @@ unit tests. verification, regardless of the order in which the intermediate/root CA certificates are provided. +- ev_test.pem +- ev_test_state_only.pem + Certificates for testing EV display (including regression test for + https://crbug.com/1069113). + ===== From net/data/ssl/scripts/generate-weak-test-chains.sh - 2048-rsa-root.pem - {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-intermediate.pem diff --git a/chromium/net/data/ssl/certificates/ev_test.pem b/chromium/net/data/ssl/certificates/ev_test.pem new file mode 100644 index 00000000000..c42932fe240 --- /dev/null +++ b/chromium/net/data/ssl/certificates/ev_test.pem @@ -0,0 +1,69 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: + 76:70:77:fb:69:b5:13:08:c1:79:b8:d7:95:33:03:52:f0:1a:61:13 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = US, ST = California, L = Mountain View, O = Test Org + Validity + Not Before: Apr 10 18:36:42 2020 GMT + Not After : Apr 10 18:36:42 2022 GMT + Subject: C = US, ST = California, L = Mountain View, O = Test Org + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:bd:83:f9:36:21:cf:0c:f0:fe:30:71:90:e5:bb: + 9b:77:67:00:5f:43:96:c1:a6:99:06:bf:d2:41:27: + f9:d5:7f:be:5f:3a:55:a6:ff:4c:7c:07:fe:36:4f: + 9f:46:54:2d:3e:d9:13:ab:e3:e0:66:45:b6:ac:5a: + 62:21:13:f9:52:d9:20:c9:a7:92:b1:47:b1:46:98: + 8e:6a:e6:3e:48:2c:a2:ac:3a:65:b0:ce:7a:14:14: + 7f:88:d1:93:4a:9c:4d:dc:e8:89:ba:8b:68:c7:f0: + 3f:b7:80:de:97:4d:9c:16:2c:66:a7:e0:37:bd:9f: + 01:ed:dd:4a:bb:3b:d3:67:58:27:c5:e9:a6:8e:97: + 4a:35:02:00:04:ea:78:65:a3:d0:01:e8:8c:ef:88: + e2:fe:d8:77:a0:60:8e:08:a1:b1:90:e5:8d:4e:2b: + 7d:a8:b2:17:24:81:e2:6b:85:68:ee:11:41:65:d1: + 5b:08:d3:a8:2d:2a:98:7e:1d:c4:a9:8f:7f:ec:69: + 2a:97:a8:5c:bc:d2:85:de:a6:53:5f:73:8e:ca:97: + 66:d4:04:41:d8:ef:20:12:0c:3b:21:75:dc:6d:69: + 2b:00:a3:e4:09:9a:53:8e:be:f6:92:40:2e:a6:4f: + 55:d4:59:34:18:8b:79:0b:19:98:0d:c5:48:45:db: + b1:5b + Exponent: 65537 (0x10001) + Signature Algorithm: sha256WithRSAEncryption + 70:b2:c2:f6:4f:8e:82:a2:fc:6c:0e:a4:1a:e9:ee:90:ff:0c: + 70:f3:a3:77:bd:21:76:3d:83:58:12:27:33:9c:1e:74:0d:7f: + 19:bd:80:4a:ec:29:48:2b:09:5e:d7:f3:1a:db:39:f8:ca:f6: + b1:51:f8:84:86:2e:f7:d1:7b:84:93:dd:63:c0:d3:2a:da:3b: + be:75:bf:9e:3f:02:ea:82:1f:13:3a:ab:1c:40:a1:16:a2:31: + 91:71:50:7a:9f:a3:97:37:a6:77:77:84:85:65:3c:4c:47:d8: + ef:42:f5:b4:dc:87:1f:2a:3a:b0:72:4f:6f:75:b2:b0:60:f3: + ff:a2:e9:f0:ec:a8:b5:a1:dc:1a:74:1d:f3:4a:13:9e:1f:06: + c8:c6:c9:6e:b0:9a:67:e8:90:b5:38:51:ce:8f:96:f4:89:f8: + b2:b4:44:f5:35:98:20:32:a1:e6:7a:ee:8d:88:9c:cb:fc:36: + a3:3d:4b:8a:6f:4a:e0:0b:21:b7:5d:9d:68:ab:88:60:7f:db: + 61:a0:cd:0a:76:bb:b4:19:36:79:84:c3:ea:69:67:50:60:e3: + 20:9a:74:74:8f:44:52:fa:b4:31:6b:0d:12:37:38:bc:39:f7: + b6:d9:07:10:89:31:50:2a:20:a7:2f:16:df:a6:4c:0c:ae:70: + 93:24:30:ef +-----BEGIN CERTIFICATE----- +MIIDITCCAgkCFHZwd/tptRMIwXm415UzA1LwGmETMA0GCSqGSIb3DQEBCwUAME0x +CzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3Vu +dGFpbiBWaWV3MREwDwYDVQQKDAhUZXN0IE9yZzAeFw0yMDA0MTAxODM2NDJaFw0y +MjA0MTAxODM2NDJaME0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh +MRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MREwDwYDVQQKDAhUZXN0IE9yZzCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL2D+TYhzwzw/jBxkOW7m3dnAF9D +lsGmmQa/0kEn+dV/vl86Vab/THwH/jZPn0ZULT7ZE6vj4GZFtqxaYiET+VLZIMmn +krFHsUaYjmrmPkgsoqw6ZbDOehQUf4jRk0qcTdzoibqLaMfwP7eA3pdNnBYsZqfg +N72fAe3dSrs702dYJ8Xppo6XSjUCAATqeGWj0AHojO+I4v7Yd6BgjgihsZDljU4r +faiyFySB4muFaO4RQWXRWwjTqC0qmH4dxKmPf+xpKpeoXLzShd6mU19zjsqXZtQE +QdjvIBIMOyF13G1pKwCj5AmaU46+9pJALqZPVdRZNBiLeQsZmA3FSEXbsVsCAwEA +ATANBgkqhkiG9w0BAQsFAAOCAQEAcLLC9k+OgqL8bA6kGunukP8McPOjd70hdj2D +WBInM5wedA1/Gb2ASuwpSCsJXtfzGts5+Mr2sVH4hIYu99F7hJPdY8DTKto7vnW/ +nj8C6oIfEzqrHEChFqIxkXFQep+jlzemd3eEhWU8TEfY70L1tNyHHyo6sHJPb3Wy +sGDz/6Lp8OyotaHcGnQd80oTnh8GyMbJbrCaZ+iQtThRzo+W9In4srRE9TWYIDKh +5nrujYicy/w2oz1Lim9K4Asht12daKuIYH/bYaDNCna7tBk2eYTD6mlnUGDjIJp0 +dI9EUvq0MWsNEjc4vDn3ttkHEIkxUCogpy8W36ZMDK5wkyQw7w== +-----END CERTIFICATE----- diff --git a/chromium/net/data/ssl/certificates/ev_test_state_only.pem b/chromium/net/data/ssl/certificates/ev_test_state_only.pem new file mode 100644 index 00000000000..0e806447e6e --- /dev/null +++ b/chromium/net/data/ssl/certificates/ev_test_state_only.pem @@ -0,0 +1,68 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: + 53:09:3e:01:61:14:4d:c5:a3:57:d3:66:76:b9:9b:ab:c9:07:7a:c6 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = US, ST = California, O = Test Org + Validity + Not Before: Apr 10 18:36:42 2020 GMT + Not After : Apr 10 18:36:42 2022 GMT + Subject: C = US, ST = California, O = Test Org + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:f3:e0:35:ed:52:11:24:c5:f3:a2:0f:b9:41:2d: + eb:4d:ec:f9:57:7c:4d:80:8d:9b:3b:f4:73:50:78: + d8:a3:bd:7a:51:7f:20:e6:0a:b4:f7:2a:b4:fa:0e: + 1a:6c:aa:a6:19:f7:06:f4:39:8e:33:43:1b:70:f5: + d6:b0:22:0e:c0:36:a6:7d:8a:3c:41:48:b6:a2:8b: + ec:78:e3:f0:8f:7b:1a:14:c9:d8:6f:ca:af:28:4a: + cc:6c:d1:2f:90:16:e1:0d:e8:5e:98:ec:9b:2f:6a: + 46:5c:e2:89:05:41:a5:93:bc:87:47:d4:23:05:c4: + 7f:a9:76:6d:06:29:c1:46:93:f6:50:9f:06:1b:79: + 55:68:74:40:be:cc:e9:41:1b:2e:c8:1a:dc:00:70: + 6d:2e:fd:cc:5f:93:2d:cb:9f:35:51:0c:fe:63:fb: + 1f:11:74:ed:5d:82:a4:00:67:9a:22:67:dd:91:94: + db:6e:6f:5e:47:f2:bd:04:8d:f1:e7:73:76:bf:db: + 69:3a:a7:8a:8f:97:0d:17:11:34:4f:de:5a:c4:3b: + 1a:f0:b6:8f:c7:1f:41:7e:5f:68:98:38:d1:18:85: + 5e:75:71:29:d0:d9:aa:74:ed:6b:fd:11:07:85:c1: + 65:10:04:6b:9e:a4:b9:4d:d5:da:80:8d:02:33:18: + 27:7b + Exponent: 65537 (0x10001) + Signature Algorithm: sha256WithRSAEncryption + 09:46:1a:3e:97:c5:ac:c2:f8:c4:c9:51:e2:ff:9b:e1:68:c2: + 6a:aa:a2:11:32:34:93:95:a8:37:31:fa:2d:dc:fd:04:c5:e3: + 0f:15:92:96:53:a6:7b:60:42:65:79:1d:b6:3c:f7:16:93:f8: + c9:a6:72:42:c6:e2:1c:26:e5:ca:07:5c:44:96:a7:ad:8e:74: + ac:ea:1a:e1:6c:fe:f6:b1:de:b7:03:69:6b:30:ea:8e:8f:af: + be:36:2c:10:20:7f:e1:7e:0d:b6:a1:cf:8e:05:4f:59:c8:3c: + e8:7c:5c:16:ff:f2:d3:eb:6a:31:57:66:06:da:f6:5c:99:a7: + 9c:3f:09:f9:6a:b9:fe:4c:5a:b8:81:b8:04:bc:ce:ff:5c:62: + f8:0c:e6:0c:e6:68:32:e5:69:61:18:dd:6b:7e:a9:6c:1a:7e: + a9:c0:63:a2:bf:c6:48:80:48:17:d7:f8:8b:e6:7d:ae:72:f8: + 26:75:b3:75:d1:6c:b1:55:53:7a:5b:7d:f3:d9:ca:b0:b8:8b: + 84:d3:a8:a3:f0:6e:21:79:95:3e:aa:48:bd:cc:c6:5a:8f:6e: + fb:eb:9c:12:56:86:1e:d9:48:ec:ce:ce:06:8d:09:43:07:1a: + 0f:4b:c4:ab:83:a2:13:8d:a5:40:96:1f:f2:da:42:c6:94:a2: + 35:d1:82:bb +-----BEGIN CERTIFICATE----- +MIIC8TCCAdkCFFMJPgFhFE3Fo1fTZna5m6vJB3rGMA0GCSqGSIb3DQEBCwUAMDUx +CzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQKDAhUZXN0 +IE9yZzAeFw0yMDA0MTAxODM2NDJaFw0yMjA0MTAxODM2NDJaMDUxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQKDAhUZXN0IE9yZzCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPPgNe1SESTF86IPuUEt603s+Vd8 +TYCNmzv0c1B42KO9elF/IOYKtPcqtPoOGmyqphn3BvQ5jjNDG3D11rAiDsA2pn2K +PEFItqKL7Hjj8I97GhTJ2G/KryhKzGzRL5AW4Q3oXpjsmy9qRlziiQVBpZO8h0fU +IwXEf6l2bQYpwUaT9lCfBht5VWh0QL7M6UEbLsga3ABwbS79zF+TLcufNVEM/mP7 +HxF07V2CpABnmiJn3ZGU225vXkfyvQSN8edzdr/baTqnio+XDRcRNE/eWsQ7GvC2 +j8cfQX5faJg40RiFXnVxKdDZqnTta/0RB4XBZRAEa56kuU3V2oCNAjMYJ3sCAwEA +ATANBgkqhkiG9w0BAQsFAAOCAQEACUYaPpfFrML4xMlR4v+b4WjCaqqiETI0k5Wo +NzH6Ldz9BMXjDxWSllOme2BCZXkdtjz3FpP4yaZyQsbiHCblygdcRJanrY50rOoa +4Wz+9rHetwNpazDqjo+vvjYsECB/4X4NtqHPjgVPWcg86HxcFv/y0+tqMVdmBtr2 +XJmnnD8J+Wq5/kxauIG4BLzO/1xi+AzmDOZoMuVpYRjda36pbBp+qcBjor/GSIBI +F9f4i+Z9rnL4JnWzddFssVVTelt989nKsLiLhNOoo/BuIXmVPqpIvczGWo9u++uc +ElaGHtlI7M7OBo0JQwcaD0vEq4OiE42lQJYf8tpCxpSiNdGCuw== +-----END CERTIFICATE----- diff --git a/chromium/net/data/ssl/root_stores/root_stores.json b/chromium/net/data/ssl/root_stores/root_stores.json index 401eba8eafc..632b2363832 100644 --- a/chromium/net/data/ssl/root_stores/root_stores.json +++ b/chromium/net/data/ssl/root_stores/root_stores.json @@ -45,7 +45,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "007e452fd5cf838946696dfe37a2db2ef3991436d27bcbab45922053c15a87a8": [ "windows/080328202117", @@ -109,7 +118,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "00ab444abd6bdba33da8de569ac4ecde326d1be1a61442d5eec3975a0c243f04": [ "windows/070201011524", @@ -178,16 +196,35 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "016e1dcd5f78841bbebbae9ddea08c8d7ec54e698e95bb778ecdd1e10d8bf4f9": [ "windows/181124234732", "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "02ed0eb28c14da45165c566791700d6451d7fb56f0b2ab1d3b8eb070e56edff5": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -219,6 +256,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -234,6 +279,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/130626232015", "windows/131003230417", @@ -271,7 +319,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "03458b6abeecc214953d97149af45391691de9f9cdcc2647863a3d67c95c243b": [ "android/kitkat-cts-release", @@ -312,6 +369,7 @@ "windows/130626232015" ], "0376ab1d54c5f9803ce4b2e201a0ee7eef7b57b636e8a93c9b8d4860c96f5fa7": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -343,6 +401,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -359,6 +425,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/100503224537", "windows/100719231554", @@ -412,7 +481,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "0378b202ccabba99a12e569a11a077db1edb39482061c75d0073059d9ab5b513": [ "windows/071219233937", @@ -513,9 +591,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "04048028bf1f2864d48f9ad4d83294366a828856553f3b14303f90147f5d40ef": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -547,6 +635,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -563,6 +659,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/091029013045", "windows/100503224537", @@ -617,7 +716,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "04acfb3b24793f300f67ef87e44dd72cb9b28b204f389a7cd5ae28785c7d42cd": [ "macos/10.10.0", @@ -696,7 +804,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "04f1bec36951bc1454a904ce32890c5da3cde1356b7900f6e62dfa2041ebad51": [ "windows/170228174808", @@ -718,7 +835,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "0536801fbb443b3e905fd6d70d8c81eb88551be8061299110d2b4f82e64cade1": [ "windows/100719231554", @@ -772,7 +898,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "058a40323ec8c46262c3052a5d357b91ac24d3da26351b3ff4407e99f7a4e9b4": [ "windows/070201011524", @@ -841,7 +976,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "05d38c2a70bfc500ccb0cb509159b46b065c6ac9cb42d2e6f16167841434572a": [ "windows/120223022238", @@ -885,9 +1029,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "063e4afac491dfd332f3089b8542e94617d893d7fe944e10a7937ee29d9693c0": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -919,6 +1073,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -934,6 +1096,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/090501224247", "windows/090825180842", @@ -991,9 +1156,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "0687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -1025,6 +1200,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -1041,6 +1224,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/070109202240", "windows/070201011524", @@ -1109,7 +1295,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "06a2c9a3379ab3c156159a27ca9ecdbd4ef75309b409cf70aeca9a12330f380e": [ "macos/10.9.0", @@ -1196,7 +1391,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "07453d53793bf41819a5251c69f88e2bb344b59ca828b5a543781599eaf3d602": [ "windows/070109202240", @@ -1237,7 +1441,15 @@ "windows/150122021939" ], "0753e940378c1bd5e3836e395daea5cb839e5046f1bd0eae1951cf10fec7c965": [ + "android/android10-release", "android/pie-cts-release", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.18", "mozilla/2.20", "mozilla/2.22", @@ -1246,6 +1458,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "windows/161112005943", "windows/170228174808", "windows/170419224008", @@ -1266,7 +1481,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "075bfcca2d55ae6e35742c32afd0ca8ea4c958feefc23224999541c033d69c8d": [ "windows/120125230451", @@ -1311,7 +1535,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "0771920c8cb874d5c5a4dc0d6a51a2d495d38c4de2cd5b83d2a06faa051935f6": [ "windows/121102212406", @@ -1353,7 +1586,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "0791ca0749b20782aad3c7d7bd0cdfc9485835843eb2d7996009ce43ab6c6927": [ "android/kitkat-cts-release", @@ -1465,9 +1707,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "0a81ec5a929777f145904af38d5d509f66b5e2c58fcdb531058b0e17f3f0b41b": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -1499,6 +1751,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -1515,6 +1775,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/100503224537", "windows/100719231554", @@ -1568,7 +1831,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "0b5eed4e846403cf55e065848440ed2a82758bf5b9aa1f253d4613cfa080ff3f": [ "android/kitkat-cts-release", @@ -1684,7 +1956,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "0c0b6b2bd1edd7b27fead157f8e846b335b784a39f06c47216c8746f64c5ceda": [ "windows/140912180251", @@ -1718,7 +1999,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "0c258a12a5674aef25f28ba7dcfaeceea348e541e6f5cc4ee63b71b361606ac3": [ "android/kitkat-cts-release", @@ -1752,6 +2042,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -1829,9 +2127,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "0c2cd63df7806fa399ede809116b575bf87989f06518f9808c860503178baf66": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -1863,6 +2171,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -1879,6 +2195,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/070109202240", "windows/070201011524", @@ -1922,6 +2241,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -1978,7 +2305,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "0ed3ffab6c149c8b4e71058e8668d429abfda681c2fff508207641f0d751a3e5": [ "macos/10.10.0", @@ -1998,6 +2334,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5" @@ -2076,6 +2420,7 @@ "windows/180326181210" ], "0f993c8aef97baaf5687140ed59ad1821bb4afacf0aa9a58b5d57a338a3afbcb": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -2107,6 +2452,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -2123,6 +2476,7 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", "mozilla/2.9", "windows/070109202240", "windows/070201011524", @@ -2191,10 +2545,22 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "125609aa301da0a249b97a8239cb6a34216f44dcac9f3954b14292f2e8c8608f": [ "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "windows/180821001257", "windows/180926205955", "windows/181012165448", @@ -2202,7 +2568,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "126bf01c1094d2f0ca2e352380b3c724294546ccc65597bef7f12d8a171f1984": [ "macos/10.10.0", @@ -2222,6 +2597,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -2260,7 +2643,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "12d480c1a3c664781b99d9df0e9faf3f1cacee1b3c30c3123a337a4a454ffed2": [ "windows/071219233937", @@ -2325,9 +2717,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "136335439334a7698016a0d324de72284e079d7b5220bb8fbd747816eebebaca": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -2359,6 +2761,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -2374,6 +2784,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/090501224247", "windows/090825180842", @@ -2431,9 +2844,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "1465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -2465,6 +2888,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -2481,6 +2912,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/070109202240", "windows/070201011524", @@ -2549,7 +2983,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "1501f89c5c4dcf36cf588a17c9fd7cfceb9ee01e8729be355e25de80eb6284b4": [ "windows/160414222039", @@ -2574,7 +3017,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "152a402bfcdf2cd548054d2275b39c7fca3ec0978078b0f0ea76e561a6c7433e": [ "android/nougat-mr1-cts-release", @@ -2587,6 +3039,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.10", "mozilla/2.11", "mozilla/2.14", @@ -2625,7 +3085,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "1594cb5b826c315de3bc932c56895ff23a3a988b5dc1f034d214dfd858d89ee8": [ "windows/070109202240", @@ -2666,8 +3135,20 @@ "windows/150122021939" ], "15d5b8774619ea7d54ce1ca6d0b0c403e037a917f131e8a04e1e6b7a71babce5": [ + "android/android10-release", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "windows/170922155710", "windows/171121202507", "windows/180122185731", @@ -2684,9 +3165,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "15f0ba00a3ac7af3ac884c072b1011a077bd77c097f40164b2f8598abd83860c": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -2718,6 +3209,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -2734,6 +3233,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/070109202240", "windows/070201011524", @@ -2760,6 +3262,7 @@ "windows/110830153721" ], "16af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -2791,6 +3294,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -2807,6 +3318,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/070109202240", "windows/070201011524", @@ -2875,9 +3389,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "1793927a0614549789adce2f8f34f7f0b66d0f3ae3a3b84d21ec15dbba4fadc7": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -2901,6 +3425,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.10", "mozilla/2.11", "mozilla/2.14", @@ -2913,6 +3445,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/081103235012", "windows/090203164005", @@ -2972,9 +3507,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "179fbc148a3dd00fd24ea13458cc43bfa7f59c8182d783a513f6ebec100c8924": [ + "android/android10-release", "android/lollipop-mr1-cts-release", "android/marshmallow-cts-release", "android/marshmallow-mr1-release", @@ -3002,6 +3547,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -3017,6 +3570,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/130626232015", "windows/131003230417", @@ -3054,9 +3610,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "18ce6cfe7bf14e60b2e347b8dfe868cb31d02ebb3ada271569f50343b46db3a4": [ + "android/android10-release", "android/oreo-cts-release", "android/oreo-mr1-cts-release", "android/pie-cts-release", @@ -3066,6 +3632,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.11", "mozilla/2.14", "mozilla/2.16", @@ -3077,6 +3651,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "windows/160113232859", "windows/160123000836", "windows/160128175153", @@ -3102,9 +3679,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "18f1fc7f205df8adddeb7fe007dd57e3af375a9c4d8d73546bf4f1fed1e18d35": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -3136,6 +3723,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -3152,6 +3747,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/070109202240", "windows/070201011524", @@ -3220,7 +3818,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "19abcdff3a74402fa8f0ca206bf7fab0dffff3ae2bbd719584d21090a4353207": [ "windows/170613190204", @@ -3240,7 +3847,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "1a0d20445de5ba1862d19ef880858cbce50102b36e8f0a040c3c69e74522fe6e": [ "windows/110919210309", @@ -3287,7 +3903,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "1a2512cda6744abea11432a2fdc9f8c088db5a98c89e13352574cde4d9e80cdd": [ "windows/140912180251", @@ -3321,7 +3946,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "1aa980c8c0d316f25029978982f033cbb3a3f4188d669f2de6a8d84ee00a1575": [ "windows/080328202117", @@ -3385,9 +4019,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "1ba5b2aa8c65401a82960118f80bec4f62304d83cec4713a19c39c011ea46db4": [ + "android/android10-release", "android/oreo-cts-release", "android/oreo-mr1-cts-release", "android/pie-cts-release", @@ -3397,6 +4041,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.11", "mozilla/2.14", "mozilla/2.16", @@ -3408,6 +4060,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "windows/160113232859", "windows/160123000836", "windows/160128175153", @@ -3433,7 +4088,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "1ba622b36325544ae922afc22ef9d367943794f6e16874f368a733c65c9d5279": [ "windows/111018233154", @@ -3479,7 +4143,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "1c01c6f4dbb2fefc22558b2bca32563f49844acfc32b7be4b0ff599f9e8c7af7": [ "android/kitkat-cts-release", @@ -3553,7 +4226,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "1d4f0596fca2611d09f84c78f2ea565ef2eab9cfc272a1718bd336e6e0ae021a": [ "windows/070109202240", @@ -3636,7 +4318,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "1e49ac5dc69e86d0565da2c1305c419330b0b781bfec50e54a1b35af7fddd501": [ "macos/10.11.0", @@ -3653,6 +4344,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "windows/100927165108", "windows/110125205412", "windows/110218005058", @@ -3703,7 +4402,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "1e51942b84fd467bf77d1c89da241c04254dc8f3ef4c22451fe7a89978bdcd4f": [ "windows/160916174005", @@ -3727,7 +4435,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "1e910b40c08184c0ca20468e824502ff2485163f77b03bb73296823f03885621": [ "windows/111018233154", @@ -3773,7 +4490,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "209e956af04df3996507c887d356230d6eb49fdbdd2d8a058ff50b8f80f690aa": [ "windows/170228174808", @@ -3795,7 +4521,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "2193cfea381211a1aeaa2de984e630643a87160b1208118145eafb8e1bc69958": [ "windows/170228174808", @@ -3817,7 +4552,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "21db20123660bb2ed418205da11ee7a85a65e2bc6e55b5af7e7899c8a266d92e": [ "android/kitkat-cts-release", @@ -3849,6 +4593,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -3924,7 +4676,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "229ccc196d32c98421cc119e78486eebef603aecd525c6b88b47abb740692b96": [ "windows/150618202535", @@ -3956,11 +4717,29 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "22a2c1f7bded704cc1e701b5f408c310880fe956b5de2a4a44f99c873a25a7c8": [ + "android/android10-release", "android/pie-cts-release", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.18", "mozilla/2.20", "mozilla/2.22", @@ -3969,6 +4748,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "windows/160916174005", "windows/161112005943", "windows/170228174808", @@ -3990,7 +4772,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "22e0d11dc9207e16c92b2ee18cfdb2c2e940626847921fc528cedd2f7932f714": [ "windows/070109202240", @@ -4046,6 +4837,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -4111,9 +4910,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "2399561127a57125de8cefea610ddf2fa078b5c8067f4e828290bfb860e84b3c": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -4145,6 +4954,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -4160,6 +4977,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/090825180842", "windows/091013033632", @@ -4216,7 +5036,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "248302a977f40f7dd6a2b770586adfaac3eb1e85fd1a102dbd7863c72b8f8ef2": [ "macos/10.10.0", @@ -4245,9 +5074,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "2530cc8e98321502bad96f9b1fba1b099e2d299e0f4548bb914f363bc0d4531f": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -4279,6 +5118,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -4294,7 +5141,13 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", - "mozilla/2.9" + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", + "mozilla/2.9", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "2602d21e81277a83f6048128f61d794a06f474e1f75e49740a817c2666f62211": [ "windows/070109202240", @@ -4352,6 +5205,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -4399,7 +5260,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "27995829fe6a7515c1bfe848f9c4761db16c225929257bf40d0894f29ea8baf2": [ "android/nougat-mr1-cts-release", @@ -4412,6 +5282,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.10", "mozilla/2.11", "mozilla/2.14", @@ -4450,7 +5328,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "2834991cf677466d22baac3b0055e5b911d9a9e55f5b85ba02dc566782c30e8a": [ "macos/10.10.0", @@ -4535,8 +5422,20 @@ "windows/150122021939" ], "2a575471e31340bc21581cbd2cf13e158463203ece94bcf9d3cc196bf09a5472": [ + "android/android10-release", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "windows/170922155710", "windows/171121202507", "windows/180122185731", @@ -4553,7 +5452,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "2a8da2f8d23e0cd3b5871ecfb0f42276ca73230667f474eede71c5ee32cc3ec6": [ "windows/160414222039", @@ -4578,9 +5486,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "2a99f5bc1174b73cbb1d620884e01c34e51ccb3978da125f0e33268883bf4158": [ + "android/android10-release", "android/marshmallow-cts-release", "android/marshmallow-mr1-release", "android/marshmallow-mr2-release", @@ -4607,6 +5525,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.4", "macos/10.9.5", "mozilla/2.10", @@ -4654,13 +5580,26 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "2cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf69": [ + "android/android10-release", "mozilla/2.26", "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "windows/170922155710", "windows/171121202507", "windows/180122185731", @@ -4677,9 +5616,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "2ce1cb0bf9d2f9e102993fbe215152c3b2dd0cabde1c68e5319b839154dbb7f5": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -4711,6 +5660,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -4727,6 +5684,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/100503224537", "windows/100719231554", @@ -4780,7 +5740,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "2d47437de17951215a12f3c58e51c729a58026ef1fcc0a5fb3d9dc012f600d19": [ "android/kitkat-cts-release", @@ -4873,7 +5842,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "2d66a702ae81ba03af8cff55ab318afa919039d9f31b4d64388680f81311b65a": [ "windows/110919210309", @@ -4920,7 +5898,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "2dc62c3f6c0cc9020bba77e1c511511024b943ee598856da5a22e222b7277a20": [ "macos/10.9.0", @@ -5004,7 +5991,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "2dfcbacadf22a6ff107a51fd3e8b9e17858028879b13f7c3b57b3e1bd2315809": [ "windows/070109202240", @@ -5044,9 +6040,21 @@ "windows/140912180251", "windows/150122021939" ], + "2e44102ab58cb85419451c8e19d9acf3662cafbc614b6a53960a30f7d0e2eb41": [ + "windows/200421004343" + ], "2e7bf16cc22485a7bbe2aa8696750761b0ae39be3b2fe9d0cc6d4ef73491425c": [ + "android/android10-release", "android/pie-cts-release", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.18", "mozilla/2.20", "mozilla/2.22", @@ -5055,6 +6063,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "windows/170922155710", "windows/171121202507", "windows/180122185731", @@ -5071,7 +6082,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "2f1062f8bf84e7eb83a0f64c98d891fbe2c811b17ffac0bce1a6dc9c7c3dcbb7": [ "macos/10.9.0", @@ -5159,6 +6179,7 @@ "windows/150220201450" ], "30d0895a9a448a262091635522d1f52010b5867acae12c78ef958fd4f4389f2f": [ + "android/android10-release", "android/marshmallow-cts-release", "android/marshmallow-mr1-release", "android/marshmallow-mr2-release", @@ -5184,6 +6205,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.10", "mozilla/2.11", "mozilla/2.14", @@ -5196,6 +6225,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/140912180251", "windows/150122021939", @@ -5230,9 +6262,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0": [ + "android/android10-release", "android/lollipop-cts-release", "android/lollipop-mr1-cts-release", "android/marshmallow-cts-release", @@ -5261,6 +6303,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -5276,6 +6326,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/131003230417", "windows/140312052931", @@ -5312,7 +6365,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "31eace9b4c9c71734a185680bc24866ca6cbd82b3cb61bcc8706261b59ce1073": [ "windows/070109202240", @@ -5488,11 +6550,29 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "3417bb06cc6007da1b961c920b8ab4ce3fad820e4aa30b9acbc4a74ebdcebc65": [ + "android/android10-release", "android/pie-cts-release", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.18", "mozilla/2.20", "mozilla/2.22", @@ -5501,6 +6581,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "windows/160916174005", "windows/161112005943", "windows/170228174808", @@ -5522,7 +6605,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "341de98b1392abf7f4ab90a960cf25d4bd6ec65b9a51ce6ed067d00ec7ce9b7f": [ "macos/10.10.0", @@ -5567,10 +6659,32 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "34ff2a4409dc1383e9f8966e8adfe5719eba373fd0ad5e2f49f90ee07cf5d4c1": [ - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" + ], + "358df39d764af9e1b766e9c972df352ee15cfac227af6ad1d70e8e4a6edcba02": [ + "windows/200226213356", + "windows/200421004343" ], "35ae5bddd8f7ae635cffba5682a8f00b95f48462c7108ee9a0e5292b074aafb2": [ "android/kitkat-cts-release", @@ -5663,7 +6777,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "363f3c849eab03b0a2a0f636d7b86d04d3ac7fcfe26a0a9121ab9795f6e176df": [ "macos/10.10.0", @@ -5754,9 +6877,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "37d51006c512eaab626421f1ec8c92013fc5f82ae98ee533eb4619b8deb4d06c": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -5788,6 +6921,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -5804,6 +6945,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/070109202240", "windows/070201011524", @@ -5872,7 +7016,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "37d8dc8af7867845da3344a6b1bade448d8a80e47b5579f96bf631768f9f30f6": [ "windows/070201011524", @@ -6073,6 +7226,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -6143,9 +7304,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "3c4fb0b95ab8b30032f432b86f535fe172c185d0fd39865837cf36187fa6f428": [ + "android/android10-release", "android/marshmallow-cts-release", "android/marshmallow-mr1-release", "android/marshmallow-mr2-release", @@ -6169,6 +7340,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.10", "mozilla/2.11", "mozilla/2.14", @@ -6181,6 +7360,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/140912180251", "windows/150122021939", @@ -6215,9 +7397,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "3c5f81fea5fab82c64bfa2eaecafcde8e077fc8620a7cae537163df36edbf378": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -6249,6 +7441,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.4", "macos/10.9.5", "mozilla/2.10", @@ -6263,6 +7463,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/100927165108", "windows/110125205412", @@ -6314,7 +7517,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "3ccc3ccfe45496d07b620dbf1328e8a1490018f48633c8a28a995ca60408b0be": [ "windows/070109202240", @@ -6384,7 +7596,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "3cfc3c14d1f684ff17e38c43ca440c00b967ec933e8bfe064ca1d72c90f2adb0": [ "mozilla/2.10", @@ -6408,6 +7629,7 @@ "windows/090501224247" ], "3e84ba4342908516e77573c0992f0979ca084e4685681ff195ccba8a229b8a76": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr2-release", "android/lollipop-cts-release", @@ -6438,6 +7660,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -6453,6 +7683,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/110627203812", "windows/110830002513", @@ -6501,9 +7734,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "3e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -6535,6 +7778,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -6551,6 +7802,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/070109202240", "windows/070201011524", @@ -6619,7 +7873,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "3f06e55681d496f5be169eb5389f9f2b8ff61e1708df6881724849cd5d27cb69": [ "android/kitkat-cts-release", @@ -6750,7 +8013,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "407c276bead2e4af0661ef6697341dec0a1f9434e4eafb2d3d32a90549d9de4a": [ "windows/120406192127", @@ -6793,10 +8065,22 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "40f6af0346a99aa1cd1d555a4e9cce62c7f9634603ee406615833dc8c8d00367": [ "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "windows/180821001257", "windows/180926205955", "windows/181012165448", @@ -6804,7 +8088,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "416b1f9e84e74c1d19b23d8d7191c6ad81246e641601f599132729f507beb3cc": [ "windows/180518182443", @@ -6817,7 +8110,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "417dcf3180f4ed1a3747acf1179316cd48cb05c5788435168aed98c98cdcb615": [ "windows/121102212406", @@ -6859,9 +8161,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "41c923866ab4cad6b7ad578081582e020797a6cbdf4fff78ce8396b38937d7f5": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -6893,6 +8205,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -6909,6 +8229,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/070201011524", "windows/070522004642", @@ -6976,7 +8299,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "41d4f6dcf130b9843a3b9a9530953e925fdd84e8b7aeb8f205b8fae39352617d": [ "macos/10.10.0", @@ -6988,6 +8320,7 @@ "macos/10.9.5" ], "4200f5043ac8590ebb527d209ed1503029fbcbd41ca1b506ec27f15ade7dac69": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -7019,6 +8352,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -7035,6 +8376,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/070109202240", "windows/070201011524", @@ -7103,7 +8447,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "4210f199499a9ac33c8de02ba6dbaa14408bdd8a6e324689c1922d069715a332": [ "windows/100503224537", @@ -7158,7 +8511,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "42143a511a3afcdd80d555debb4191ec6bb285ee66e62ec657ed20adf7d55faa": [ "windows/090825180842", @@ -7216,9 +8578,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "4348a0e9444c78cb265e058d5e8944b4d84f9662bd26db257f8934a443c70161": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -7250,6 +8622,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -7266,6 +8646,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/070109202240", "windows/070201011524", @@ -7334,9 +8717,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "43df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f339": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -7368,6 +8761,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -7383,6 +8784,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/090825180842", "windows/091013033632", @@ -7439,7 +8843,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "43f257412d440d627476974f877da8f1fc2444565a367ae60eddc27a412531ae": [ "macos/10.10.0", @@ -7459,6 +8872,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -7578,11 +8999,20 @@ "windows/150122021939" ], "44b545aa8a25e65a73ca15dc27fc36d24c1cb9953a066539b11582dc487b4833": [ + "android/android10-release", "android/nougat-mr1-cts-release", "android/oreo-cts-release", "android/oreo-mr1-cts-release", "android/pie-cts-release", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.10", "mozilla/2.11", "mozilla/2.14", @@ -7595,6 +9025,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/151119231843", "windows/160113232859", @@ -7622,9 +9055,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "45140b3247eb9cc8c5b4f0d7b53091f73292089e6e5a63e2749dd3aca9198eda": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -7656,6 +9099,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -7672,6 +9123,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/100503224537", "windows/100719231554", @@ -7725,7 +9179,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "46273285615d96e52da9fc2ed8c036f10af3d9f6280f8d288706c52b2011b4da": [ "windows/090501224247", @@ -7784,11 +9247,29 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "46edc3689046d53a453fb3104ab80dcaec658b2660ea1629dd7e867990648716": [ + "android/android10-release", "android/oreo-mr1-cts-release", "android/pie-cts-release", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.14", "mozilla/2.16", "mozilla/2.18", @@ -7799,6 +9280,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "windows/160916174005", "windows/161112005943", "windows/170228174808", @@ -7820,7 +9304,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "488e134f30c5db56b76473e608086842bf21af8ab3cd7ac67ebdf125d531834e": [ "windows/090825180842", @@ -7878,7 +9371,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "488fca189eaadf54a3f920ed39e587183ba512232999fae3e4a285fe98e298d1": [ "windows/150122021939", @@ -7989,7 +9491,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "49c8175a9815e08bef129a929de1bacad04e4db67a8c839293953e5031c81ca0": [ "windows/070109202240", @@ -8030,6 +9541,7 @@ "windows/150122021939" ], "49e7a442acf0ea6287050054b52564b650e4f49e42e348d6aa38e039e957b1c1": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -8061,6 +9573,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -8076,6 +9596,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/120223022238", "windows/120406192127", @@ -8118,7 +9641,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "49f74f824f2e059fe99c98af3219ec0d9a004d1b64dd2fd1452616318ab806c0": [ "windows/070109202240", @@ -8159,6 +9691,7 @@ "windows/150122021939" ], "4b03f45807ad70f21bfc2cae71c9fde4604c064cf5ffb686bae5dbaad7fdd34c": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -8190,6 +9723,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -8205,6 +9746,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/090825180842", "windows/091013033632", @@ -8261,7 +9805,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "4b22d5a6aec99f3cdb79aa5ec06838479cd5ecba7164f7f22dc1d65f63d85708": [ "android/lollipop-cts-release", @@ -8311,7 +9864,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "4bdb7418bdf7ffe33ba0884afa7c0c61fd85a153972f65f7d01cb3ec7eb4073c": [ "windows/070109202240", @@ -8396,9 +9958,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "4d2491414cfe956746ec4cefa6cf6f72e28a1329432f9d8a907ac4cb5dadc15a": [ + "android/android10-release", "android/marshmallow-cts-release", "android/marshmallow-mr1-release", "android/marshmallow-mr2-release", @@ -8425,6 +9997,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.4", "macos/10.9.5", "mozilla/2.10", @@ -8439,6 +10019,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/140912180251", "windows/150122021939", @@ -8473,7 +10056,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "4d9ebb28825c9643ab15d54e5f9614f13cb3e95de3cf4eac971301f320f9226e": [ "windows/090825180842", @@ -8531,7 +10123,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "4dbb0157a691fa7382289d65c0332ddb1dcb640b40ad10f010a43e20f3afed1e": [ "windows/070109202240", @@ -8610,6 +10211,7 @@ "windows/150122021939" ], "4ff460d54b9c86dabfbcfc5712e0400d2bed3fbc4d4fbdaa86e06adcd2a9ad7a": [ + "android/android10-release", "android/lollipop-mr1-cts-release", "android/marshmallow-cts-release", "android/marshmallow-mr1-release", @@ -8629,6 +10231,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.10", "mozilla/2.11", "mozilla/2.14", @@ -8641,6 +10251,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/100927165108", "windows/110125205412", @@ -8692,7 +10305,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "507941c74460a0b47086220d4e9932572ab5d1b5bbcb8980ab1cb17651a844d2": [ "android/kitkat-cts-release", @@ -8721,6 +10343,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -8791,9 +10421,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "513b2cecb810d4cde5dd85391adfc6c2dd60d87bb736d2b521484aa47a0ebef6": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -8825,6 +10465,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -8841,6 +10489,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/091029013045", "windows/100503224537", @@ -8895,7 +10546,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "51847c8cbd2e9a72c91e292d2ae247d7de1e3fd270547a20ef7d610f38b8842c": [ "macos/10.10.0", @@ -8993,6 +10653,7 @@ "windows/150122021939" ], "52f0e1c4e58ec629291b60317f074671b85d7ea80d5b07273463534b32b40234": [ + "android/android10-release", "android/lollipop-mr1-cts-release", "android/marshmallow-cts-release", "android/marshmallow-mr1-release", @@ -9012,6 +10673,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.10", "mozilla/2.11", "mozilla/2.14", @@ -9024,6 +10693,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/100927165108", "windows/110125205412", @@ -9075,7 +10747,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "53dfdfa4e297fcfe07594e8c62d5b8ab06b32c7549f38a163094fd6429d5da43": [ "macos/10.10.0", @@ -9134,9 +10815,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "54455f7129c20b1447c418f997168f24c58fc5023bf5da5be2eb6e1dd8902ed5": [ + "android/android10-release", "android/oreo-cts-release", "android/oreo-mr1-cts-release", "android/pie-cts-release", @@ -9151,6 +10842,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "windows/160916174005", "windows/161112005943", "windows/170228174808", @@ -9172,7 +10866,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "54ae8a683fe2d78ff1ef0e0b3f58425092953ba08c67fe4a95595d1cebcdcb30": [ "windows/140912180251", @@ -9206,7 +10909,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "54b4fc43d44aa4ca9fc03ca7e9949fbae267a064d02da21852412a381b5d1537": [ "windows/140912180251", @@ -9242,9 +10954,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988": [ + "android/android10-release", "android/lollipop-cts-release", "android/lollipop-mr1-cts-release", "android/marshmallow-cts-release", @@ -9273,6 +10995,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -9288,6 +11018,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/131003230417", "windows/140312052931", @@ -9324,7 +11057,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "5533a0401f612c688ebce5bf53f2ec14a734eb178bfae00e50e85dae6723078a": [ "windows/131003230417", @@ -9362,12 +11104,37 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" + ], + "554153b13d2cf9ddb753bfbe1a4e0ae08d0aa4187058fe60a2b862b2e4b87bcb": [ + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "55903859c8c0c3ebb8759ece4e2557225ff5758bbd38ebd48276601e1bd58097": [ - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "55926084ec963a64b96e2abe01ce0ba86a64fbfebcc7aab5afc155b37fd76066": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr2-release", "android/lollipop-cts-release", @@ -9398,6 +11165,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -9413,6 +11188,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/111018233154", "windows/120125230451", @@ -9457,7 +11235,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "5607e260163f49c8ea4175a1c0a53b13195cb7d07845611e943a2ff507036834": [ "windows/070522004642", @@ -9525,9 +11312,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "568d6905a2c88708a4b3025190edcfedb1974a606a13c6e5290fcb2ae63edab5": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -9559,6 +11356,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -9575,6 +11380,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/100503224537", "windows/100719231554", @@ -9628,7 +11436,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "56c77128d98c18d91b4cfdffbc25ee9103d4758ea2abad826a90f3457d460eb4": [ "android/nougat-mr1-cts-release", @@ -9641,6 +11458,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.10", "mozilla/2.11", "mozilla/2.14", @@ -9679,7 +11504,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "56ce347cc6df4c35943dfdeaee023f9739a3f1cedeee0cd88dc2386bc8a91eaf": [ "windows/070109202240", @@ -9782,6 +11616,7 @@ "windows/150220201450" ], "59769007f7685d0fcd50872f9f95d5755a5b2b457d81f3692b610a98672f0e1b": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr2-release", "android/lollipop-cts-release", @@ -9812,6 +11647,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -9827,6 +11670,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/140912180251", "windows/150122021939", @@ -9861,7 +11707,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "59b3829f1ff443344958fae8bff621b684c848cfbf7ead6b63a6ca50f2794f89": [ "macos/10.11.0", @@ -9878,6 +11733,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "windows/100927165108", "windows/110125205412", "windows/110218005058", @@ -9928,7 +11791,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "5a1b5d6bc65523b40a6deffa45b48e4288ae8dd86dd70a5b858d4a5affc94f71": [ "windows/071219233937", @@ -9993,20 +11865,49 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "5a2fc03f0c83b090bbfa40604b0988446c7636183df9846e17101a447fb8efd6": [ "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "windows/180926205955", "windows/181012165448", "windows/181124234732", "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "5a885db19c01d912c5759388938cafbbdf031ab2d48e91ee15589b42971d039c": [ + "android/android10-release", "android/pie-cts-release", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.18", "mozilla/2.20", "mozilla/2.22", @@ -10015,6 +11916,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "windows/160414222039", "windows/160916174005", "windows/161112005943", @@ -10037,7 +11941,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "5ab4fcdb180b5b6af0d262a2375a2c77d25602015d96648756611e2e78c53ad3": [ "windows/180926205955", @@ -10046,7 +11959,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "5adfa25013bed3710831572de51c4b9a21171c00313249c4cb4719d37fbb8d20": [ "windows/160916174005", @@ -10070,7 +11992,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "5b1d9d24de0afea8b35ba04a1c3e25d0812cdf7c4625de0a89af9fe4bbd1bb15": [ "windows/110919210309", @@ -10117,7 +12048,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "5b38bd129e83d5a0cad23921089490d50d4aae370428f8ddfffffa4c1564e184": [ "macos/10.10.0", @@ -10129,6 +12069,7 @@ "macos/10.9.5" ], "5c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -10160,6 +12101,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -10176,6 +12125,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/090501224247", "windows/090825180842", @@ -10233,9 +12185,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "5cc3d78e4e1d5e45547a04e6873e64f90cf9536d1ccc2ef800f355c4c5fd70fd": [ + "android/android10-release", "android/marshmallow-cts-release", "android/marshmallow-mr1-release", "android/marshmallow-mr2-release", @@ -10254,6 +12216,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.10", "mozilla/2.11", "mozilla/2.14", @@ -10266,6 +12236,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/130420010442", "windows/130626232015", @@ -10304,9 +12277,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "5d56499be4d2e08bcfcad08a3e38723d50503bde706948e42f55603019e528ae": [ + "android/android10-release", "android/marshmallow-cts-release", "android/marshmallow-mr1-release", "android/marshmallow-mr2-release", @@ -10332,6 +12315,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.10", "mozilla/2.11", "mozilla/2.14", @@ -10344,6 +12335,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/140912180251", "windows/150122021939", @@ -10378,7 +12372,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "5e3571f33f45a7df1537a68b5ffb9e036af9d2f5bc4c9717130dc43d7175aac7": [ "windows/070201011524", @@ -10446,9 +12449,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "5edb7ac43b82a06a8761e8d7be4979ebf2611f7dd79bf91c1c6b566a219ed766": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -10480,6 +12493,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -10495,6 +12516,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/090825180842", "windows/091013033632", @@ -10551,7 +12575,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "5f0b62eab5e353ea6521651658fbb65359f443280a4afbd104d77d10f9f04c07": [ "android/kitkat-cts-release", @@ -10631,7 +12664,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "5f960eebd716dbcb4d8a78b996e680ec2547441e69b4e44e98a595502e28a002": [ "android/kitkat-mr1-release", @@ -10702,7 +12744,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "604d32d036895aed3bfefaeb727c009ec0f2b3cdfa42a1c71730e6a72c3be9d4": [ "windows/150618202535", @@ -10734,7 +12785,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "606223d9db80df3939601e74b7e828e2800cce4273f76f276aa62db0a8e3b6c1": [ "windows/071219233937", @@ -10775,6 +12835,13 @@ "windows/150820181119", "windows/151119231843" ], + "608142da5c675dd47c1aa3a26ee329e24e81d5ff3b94017bc1c1a0c37db4c1a0": [ + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" + ], "614fd18da1490560cdad1196e2492ab7062eab1a67b3a30f1d0585a7d6ba6824": [ "windows/070109202240", "windows/070201011524", @@ -10919,9 +12986,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "62dd0be9b9f50a163ea0f8e75c053b1eca57ea55c8688f647c6881f2c8357b95": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -10953,6 +13030,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -10969,6 +13054,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/070201011524", "windows/070522004642", @@ -11036,7 +13124,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "62f240278c564c4dd8bf7d9d4f6f366ea894d22f5f34d989a983acec2fffed50": [ "android/kitkat-cts-release", @@ -11189,7 +13286,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "63343abfb89a6a03ebb57e9b3f5fa7be7c4f5c756f3017b3a8c488c3653e9179": [ "macos/10.10.0", @@ -11209,6 +13315,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.4", "macos/10.9.5" ], @@ -11254,7 +13368,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "657cfe2fa73faa38462571f332a2363a46fce7020951710702cdfbb6eeda3305": [ "windows/180122185731", @@ -11271,7 +13394,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "6639d13cab85df1ad9a23c443b3a60901e2b138d456fa71183578108884ec6bf": [ "macos/10.10.0", @@ -11291,12 +13423,21 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5" ], "668c83947da63b724bece1743c31a0e6aed0db8ec5b31be377bb784f91b6716f": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -11328,6 +13469,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -11344,6 +13493,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/090203164005", "windows/090501224247", @@ -11402,7 +13554,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" + ], + "66960242db2ed5906e113295f2454f33d6fb418c4c65e8166d43be64d19ba4fa": [ + "windows/200421004343" ], "67ec2059fbf52d2e6ab51a5a9b3fc2e1dcd658a1ef3a8f31107bc98028b494a2": [ "windows/070109202240", @@ -11519,6 +13683,7 @@ "windows/150122021939" ], "687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -11550,6 +13715,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -11566,6 +13739,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/090825180842", "windows/091013033632", @@ -11622,7 +13798,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "68ad50909b04363c605ef13581a939ff2c96372e3f12325b0a6861e1d59f6603": [ "windows/100927165108", @@ -11675,9 +13860,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "69ddd7ea90bb57c93e135dc85ea6fcd5480b603239bdc454fc758b2a26cf7f79": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -11709,6 +13904,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -11724,6 +13927,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/090825180842", "windows/091013033632", @@ -11780,7 +13986,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "69fac9bd55fb0ac78d53bbee5cf1d597989fd0aaab20a25151bdf1733ee7d122": [ "android/kitkat-cts-release", @@ -11814,6 +14029,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -11895,16 +14118,34 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "6aea30bc02ca85afcfec2f65f60881893c926925fd0704bd8ada3f0f6eddb699": [ "windows/181124234732", "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356" ], "6b9c08e86eb0f767cfad65cd98b62149e5494a67f5845e7bd1ed019f27b86bd6": [ + "android/android10-release", "android/nougat-cts-release", "android/nougat-mr1-cts-release", "android/oreo-cts-release", @@ -11921,6 +14162,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.10", "mozilla/2.11", "mozilla/2.14", @@ -11933,6 +14182,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/160113232859", "windows/160123000836", @@ -11959,7 +14211,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "6baf50ae3467eff3c35fefdc76a02a97fab6267723eda91e99f1b3dc2b28f82e": [ "windows/090825180842", @@ -12017,9 +14278,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "6c61dac3a2def031506be036d2a6fe401994fbd13df9c8d466599274c446ec98": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -12051,6 +14322,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -12067,6 +14346,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/090203164005", "windows/090501224247", @@ -12125,9 +14407,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "6cc05041e6445e74696c4cfbc9f80f543b7eabbb44b4ce6f787c6a9971c42f17": [ + "android/android10-release", "android/nougat-mr1-cts-release", "android/oreo-cts-release", "android/oreo-mr1-cts-release", @@ -12138,6 +14430,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.10", "mozilla/2.11", "mozilla/2.14", @@ -12176,7 +14476,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "6ccfd302fc44bf4599329b9750878ea44e7e8566564bcbd586169762dd10c74e": [ "windows/130626232015", @@ -12215,7 +14524,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "6cf5f658436d10507eba9df463987480bc8560a8e26ef4691e1d3c9a878a0952": [ "macos/10.10.0", @@ -12235,6 +14553,7 @@ "macos/10.9.5" ], "6dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb177": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -12266,6 +14585,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -12282,6 +14609,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/091029013045", "windows/100503224537", @@ -12336,7 +14666,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "6dea86a1e66620a040c3c5943cb215d2ca87fb6ac09b59707e29d2facbd66b4e": [ "android/kitkat-mr1-release", @@ -12439,6 +14778,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -12514,7 +14861,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "6ec6614e9a8efd47d6318ffdfd0bf65b493a141f77c38d0b319be1bbbc053dd2": [ "windows/110919210309", @@ -12561,7 +14917,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "6f2bc4cb632c24eae6782c0f39758932d1e1dc9b3e070f9303073fff38b288e2": [ "macos/10.9.0" @@ -12587,6 +14952,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -12658,7 +15031,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "6fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f": [ "macos/10.10.0", @@ -12678,12 +15060,21 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5" ], "70a73f7f376b60074248904534b11482d5bf0e698ecc498df52577ebf2e93b9a": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -12715,6 +15106,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -12731,6 +15130,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/100503224537", "windows/100719231554", @@ -12784,7 +15186,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "70b922bfda0e3f4a342e4ee22d579ae598d071cc5ec9c30f123680340388aea5": [ "macos/10.10.0", @@ -12804,6 +15215,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -12839,11 +15258,32 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "71cca5391f9e794b04802530b363e121da8a3043bb26662fea4dca7fc951a4bd": [ + "android/android10-release", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "windows/170922155710", "windows/171121202507", "windows/180122185731", @@ -12860,7 +15300,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "7286ce249fe9e32bd4752257c17cd8f6991a9c1e6f1a3cc73304ed023e6ae4eb": [ "windows/131003230417", @@ -12898,7 +15347,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "730b619eaa759863c65360b7412e1457eca96844ef2f16d91fcf2efe46a647e9": [ "windows/070109202240", @@ -12999,9 +15457,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "73c176434f1bc6d5adf45b0e76e727287c8de57616c1e6e6141a2b2cbc7d8e4c": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -13033,6 +15501,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -13049,6 +15525,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/070109202240", "windows/070201011524", @@ -13117,9 +15596,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "7431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -13151,6 +15640,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -13167,6 +15664,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/070109202240", "windows/070201011524", @@ -13235,7 +15735,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "744b1147b4a9a69c32785e9e37c3323241ef29f63e76f1603d6761a783d8a0fe": [ "windows/150122021939", @@ -13310,7 +15819,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "75c9d4361cb96e993abd9620cf043be9407a4633f202f0f4c0e17851cc6089cd": [ "macos/10.10.0", @@ -13361,6 +15879,7 @@ "windows/140912180251" ], "7600295eefe85b9e1fd624db76062aaaae59818a54d2774cd4c0b2c01131e1b3": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -13387,6 +15906,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/070109202240", "windows/070201011524", @@ -13455,7 +15977,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "767c955a76412c89af688e90a1c70f556cfd6b6025dbea10416d7eb6831f8c40": [ "android/kitkat-cts-release", @@ -13587,7 +16118,16 @@ ], "7707bb2be9f7ce057060b8308c3bc087b56529b3638eaf5b2a8049c8e15ed720": [ "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "77407312c63a153d5bc00b4e51759cdfdac237dc2a33b67946e98e9bfa680ae3": [ "android/kitkat-cts-release", @@ -13702,7 +16242,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "77e04c9a751c73f23e2a1336112ec8d5153d382a152fed89d7532c3102771f3c": [ "windows/090501224247", @@ -13761,7 +16310,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "781d64dfa77b00f2c006700b1fda86bf68b865a603c7a656f92e90c042ca2873": [ "windows/080328202117", @@ -13823,9 +16381,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "7908b40314c138100b518d0735807ffbfcf8518a0095337105ba386b153dd927": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -13857,6 +16425,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -13873,6 +16449,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/070109202240", "windows/070201011524", @@ -13941,7 +16520,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "793cbf4559b9fde38ab22df16869f69881ae14c4b0139ac788a78a1afcca02fb": [ "android/kitkat-cts-release", @@ -14096,7 +16684,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "7af6ea9f753a1e709bd64d0beb867c11e8c295a56e24a6e0471459dccdaa1558": [ "macos/10.11.0", @@ -14113,6 +16710,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "windows/100927165108", "windows/110125205412", "windows/110218005058", @@ -14163,7 +16768,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "7afc9d01a62f03a2de9637936d4afe68090d2de18d03f29c88cfb0b1ba63587f": [ "macos/10.10.0", @@ -14183,6 +16797,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -14286,6 +16908,7 @@ "macos/10.9.5" ], "7d05ebb682339f8c9451ee094eebfefa7953a114edb2f44949452fab7d2fc185": [ + "android/android10-release", "android/lollipop-cts-release", "android/lollipop-mr1-cts-release", "android/marshmallow-cts-release", @@ -14314,6 +16937,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -14329,6 +16960,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/131003230417", "windows/140312052931", @@ -14365,7 +16999,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "7d2bf3489ebc9ad3448b8b0827715a3cbfe3d523e3b56a9b5fc1d2a2da2f20fe": [ "windows/100503224537", @@ -14420,7 +17063,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "7d3b465a6014e526c0affcee2127d2311727ad811c26842d006af37306cc80bd": [ "android/kitkat-cts-release", @@ -14540,9 +17192,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "7e37cb8b4c47090cab36551ba6f45db840680fba166a952db100717f43053fc2": [ + "android/android10-release", "android/lollipop-cts-release", "android/lollipop-mr1-cts-release", "android/marshmallow-cts-release", @@ -14571,6 +17233,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -14586,6 +17256,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/131003230417", "windows/140312052931", @@ -14622,7 +17295,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "7f12cd5f7e5e290ec7d85179d5b72c20a5be7508ffdb5bf81ab9684a7fc9f667": [ "android/kitkat-cts-release", @@ -14712,7 +17394,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "8095210805db4bbc355e4428d8fd6ec2cde3ab5fb97a9942988eb8f4dcd06016": [ "android/kitkat-cts-release", @@ -14809,7 +17500,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "81c2568503eb3be5eec366653960e6d1be9448915e4605b793fbeb34ccb2470f": [ "windows/120223022238", @@ -14853,7 +17553,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "82d42db3d657f1944e65c192b1dd58db8df8417b89165b045f5c6a70c5f8939e": [ "windows/130626232015", @@ -14889,6 +17598,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -14951,7 +17668,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "83ce3c1229688a593d485f81973c0f9195431eda37cc5e36430e79c7a888638b": [ "android/kitkat-cts-release", @@ -15031,7 +17757,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "847df6a78497943f27fc72eb93f9a637320a02b561d0a91b09e87a7807ed7c61": [ "windows/110919210309", @@ -15078,12 +17813,25 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "8560f91c3624daba9570b5fea0dbe36ff11a8323be9486854fb3f34a5571198d": [ + "android/android10-release", "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "windows/171121202507", "windows/180122185731", "windows/180326181210", @@ -15099,11 +17847,29 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "85666a562ee0be5ce925c1d8890a6f76a87ec16d4d7d5f29ea7419cf20123b69": [ + "android/android10-release", "android/pie-cts-release", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.18", "mozilla/2.20", "mozilla/2.22", @@ -15112,6 +17878,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "windows/160916174005", "windows/161112005943", "windows/170228174808", @@ -15133,9 +17902,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "85a0dd7dd720adb7ff05f83d542b209dc7ff4528f7d677b18389fea5e5c49e86": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -15167,6 +17946,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -15183,6 +17970,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/070109202240", "windows/070201011524", @@ -15250,7 +18040,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "85e0dfae3e55a843195f8b08c8349050e4689372f6e133ad0d199af96e95cc08": [ "windows/070109202240", @@ -15317,6 +18116,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -15391,10 +18198,22 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "86a1ecba089c4a8d3bbe2734c612ba341d813e043cf9e8a862cd5c57a36bbe6b": [ "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "windows/180821001257", "windows/180926205955", "windows/181012165448", @@ -15402,7 +18221,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "87c678bfb8b25f38f7e97b336956bbcf144bbacaa53647e61a2325bc1055316b": [ "android/kitkat-cts-release", @@ -15440,6 +18268,7 @@ "windows/150122021939" ], "88497f01602f3154246ae28c4d5aef10f1d87ebb76626f4ae0b7f95ba7968799": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -15466,6 +18295,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/070109202240", "windows/070201011524", @@ -15534,7 +18366,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "885de64c340e3ea70658f01e1145f957fcda27aabeea1ab9faa9fdb0102d4077": [ "windows/070109202240", @@ -15604,9 +18445,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "88ef81de202eb018452e43f864725cea5fbd1fc2d9d205730709c5d8b8690f46": [ + "android/android10-release", "android/lollipop-cts-release", "android/lollipop-mr1-cts-release", "android/marshmallow-cts-release", @@ -15634,6 +18485,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.10", "mozilla/2.11", "mozilla/2.14", @@ -15646,6 +18505,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/130626232015", "windows/131003230417", @@ -15683,11 +18545,29 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "88f438dcf8ffd1fa8f429115ffe5f82ae1e06e0c70c375faad717b34a49e7265": [ "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "894ce6ddb012cb3f736954668de63f436080e95f17b7a81bd924eb21bee9e440": [ "windows/071219233937", @@ -15752,7 +18632,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "894ebc0b23da2a50c0186b7f8f25ef1f6b2935af32a94584ef80aaf877a3a06e": [ "macos/10.10.0", @@ -15824,9 +18713,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "8a866fd1b276b57e578e921c65828a2bed58e9f2f288054134b7f1f4bfc9cc74": [ + "android/android10-release", "android/lollipop-cts-release", "android/lollipop-mr1-cts-release", "android/marshmallow-cts-release", @@ -15854,6 +18753,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.10", "mozilla/2.11", "mozilla/2.14", @@ -15866,6 +18773,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/130626232015", "windows/131003230417", @@ -15903,7 +18813,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "8a968aadd88b20519672a452a3d6e31eacb71c26bcaf65b32f9793bf2ffa54a9": [ "macos/10.10.0", @@ -15914,6 +18833,12 @@ "macos/10.9.4", "macos/10.9.5" ], + "8ac552ad577e37ad2c6808d72aa331d6a96b4b3febff34ce9bc0578e08055ec3": [ + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" + ], "8b3fdb151af759c566143e07c950ede4f9e8c7cf808453d33bcb78e52a400af9": [ "windows/130420010442", "windows/130626232015", @@ -15952,7 +18877,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "8b45da1c06f791eb0cabf26be588f5fb23165c2e614bf885562d0dce50b29b02": [ "android/nougat-cts-release", @@ -15992,7 +18926,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "8ba1bd9c88efb3947e60ebe21137f81df7f09994cef27f097055018b8194c634": [ "windows/140912180251", @@ -16026,7 +18969,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "8c4edfd04348f322969e7e29a4cd4dca004655061c16e1b076422ef342ad630e": [ "android/kitkat-cts-release", @@ -16107,7 +19059,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "8c7209279ac04e275e16d07fd3b775e80154b5968046e31f52dd25766324e9a7": [ "android/kitkat-cts-release", @@ -16138,6 +19099,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -16148,6 +19117,7 @@ "mozilla/2.9" ], "8d722f81a9c113c0791df136a2966db26c950a971db46b4199f4ea54b78bfb9f": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -16179,6 +19149,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -16195,6 +19173,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/070109202240", "windows/070201011524", @@ -16263,7 +19244,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "8da084fcf99ce07722f89b3205939806fa5cb811e1c813f6a108c7d336b3408e": [ "android/kitkat-cts-release", @@ -16383,7 +19373,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "8dbb5a7c06c20ef62dd912a36740992ff6e1e8583d42ede257c3affd7c769399": [ "windows/070109202240", @@ -16467,7 +19466,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "8e8c6ebf77dc73db3e38e93f4803e62b6b5933beb51ee4152f68d7aa14426b31": [ "windows/090825180842", @@ -16477,6 +19485,7 @@ "windows/100719231554" ], "8ecde6884f3d87b1125ba31ac3fcb13d7016de7f57cc904fe1cb97c6ae98196e": [ + "android/android10-release", "android/oreo-cts-release", "android/oreo-mr1-cts-release", "android/pie-cts-release", @@ -16486,6 +19495,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.11", "mozilla/2.14", "mozilla/2.16", @@ -16497,6 +19514,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "windows/160113232859", "windows/160123000836", "windows/160128175153", @@ -16522,7 +19542,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "8f1ecdaf29bcd56eddd6b5d56a07fcac2b74d4bcd179179144a0365c27dcf14b": [ "windows/121102212406", @@ -16618,7 +19647,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "8f9e2751dcd574e9ba90e744ea92581fd0af640ae86ac1ce2198c90f96b44823": [ "windows/070109202240", @@ -16705,6 +19743,7 @@ "windows/150122021939" ], "8fe4fb0af93a4d0d67db0bebb23e37c71bf325dcbcdd240ea04daf58b47e1840": [ + "android/android10-release", "android/lollipop-cts-release", "android/lollipop-mr1-cts-release", "android/marshmallow-cts-release", @@ -16732,6 +19771,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.10", "mozilla/2.11", "mozilla/2.14", @@ -16744,6 +19791,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/130626232015", "windows/131003230417", @@ -16778,7 +19828,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "90f3e05396995ff20922c44592db62d7845e1bf64aef512cca75bc669caa2479": [ "windows/070702210503", @@ -16845,7 +19904,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "9111240747e1f652f66d1f712a11f698963b491702e312f7513da3d0fc1e5a28": [ "windows/150122021939", @@ -16860,6 +19928,7 @@ "windows/160128175153" ], "91e2f5788d5810eba7ba58737de1548a8ecacd014598bc0b143e041b17052552": [ + "android/android10-release", "android/lollipop-cts-release", "android/lollipop-mr1-cts-release", "android/marshmallow-cts-release", @@ -16888,6 +19957,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -16903,6 +19980,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/131003230417", "windows/140312052931", @@ -16939,7 +20019,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "92a9d9833fe1944db366e8bfae7a95b6480c2d6c6c2a1be65d4236b608fca1bb": [ "macos/10.10.0", @@ -16959,6 +20048,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -17043,7 +20140,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "92d8092ee77bc9208f0897dc05271894e63ef27933ae537fb983eef0eae3eec8": [ "macos/10.10.0", @@ -17063,6 +20169,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5" @@ -17085,6 +20199,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -17147,7 +20269,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "940ef46536713d8e2eb4b501e80b6abd8eb4e9928dba44784ce7d7e98595dfe8": [ "macos/10.9.0" @@ -17162,7 +20293,16 @@ "macos/10.9.5" ], "945bbc825ea554f489d1fd51a73ddf2ea624ac7019a05205225c22a78ccfa8b4": [ - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "956057517ff3bb35049342288c1c9dce852daca652b465e9747253b5f93b1f5e": [ "windows/070109202240", @@ -17221,7 +20361,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "959dc5880c457cd92e5447aaa5609db09ed47bd02c17a0edefdc819e756c74e5": [ "macos/10.10.0", @@ -17233,6 +20382,7 @@ "macos/10.9.5" ], "960adf0063e96356750c2965dd0a0867da0b9cbd6e77714aeafb2349ab393da3": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -17259,6 +20409,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/070201011524", "windows/070522004642", @@ -17326,7 +20479,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "9676f287356c89a12683d65234098cb77c4f1c18f23c0e541de0e196725b7ebe": [ "macos/10.10.0", @@ -17344,6 +20506,7 @@ "macos/10.9.5" ], "96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6": [ + "android/android10-release", "android/nougat-mr1-cts-release", "android/oreo-cts-release", "android/oreo-mr1-cts-release", @@ -17357,6 +20520,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.10", "mozilla/2.11", "mozilla/2.14", @@ -17369,6 +20540,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/180718210913", "windows/180821001257", @@ -17378,10 +20552,28 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "97552015f5ddfc3c8788c006944555408894450084f100867086bc1a2bb58dc8": [ - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "978cd966f2faa07ba7aa9500d9c02e9d77f2cdada6ad6ba74af4b91c66593c50": [ "android/kitkat-cts-release", @@ -17489,7 +20681,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "9806ab8509e2f35e192f275f0c308b9409b42512f90c659598c22be613962272": [ "windows/070109202240", @@ -17547,9 +20748,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "9a114025197c5bb95d94e63d55cd43790847b646b23cdf11ada4a00eff15fb48": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -17581,6 +20792,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -17596,6 +20815,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/111018233154", "windows/120125230451", @@ -17640,9 +20862,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "9a6ec012e1a7da9dbe34194d478ad7c0db1822fb071df12981496ed104384113": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -17669,6 +20901,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/130420010442", "windows/130626232015", @@ -17707,7 +20942,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "9a73929a500f1a0bf49dcb046e8039169696557345e9f813f10ff9380db22695": [ "macos/10.10.0", @@ -17727,12 +20971,21 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5" ], "9acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -17764,6 +21017,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -17780,6 +21041,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/070109202240", "windows/070201011524", @@ -17848,7 +21112,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "9b14e8f5f6ea167666e76dcd6becc190861d5e8970b99a9470f0231236049704": [ "windows/131003230417", @@ -17862,8 +21135,12 @@ "windows/150820181119" ], "9bea11c976fe014764c1be56a6f914b5a560317abd9988393382e5161aa0493c": [ + "android/android10-release", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "windows/161112005943", "windows/170228174808", "windows/170419224008", @@ -17884,7 +21161,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "9cefb0cb7b74e642932532831e0dc8f4d68ad414261fc3f474b795e72a164e57": [ "windows/150618202535", @@ -17916,7 +21202,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "9d190b2e314566685be8a889e27aa8c7d7ae1d8aaddba3c1ecf9d24863cd34b9": [ "macos/10.10.0", @@ -17936,6 +21231,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5" @@ -18057,12 +21360,21 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5" ], "a0234f3bc8527ca5628eec81ad5d69895da5680dc91d1cb8477f33f878b95b0b": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -18089,6 +21401,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/070109202240", "windows/070201011524", @@ -18157,14 +21472,32 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "a040929a02ce53b4acf4f2ffc6981ce4496f755e6d45fe0b2a692bcd52523f36": [ + "android/android10-release", "android/nougat-mr1-cts-release", "android/oreo-cts-release", "android/oreo-mr1-cts-release", "android/pie-cts-release", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.10", "mozilla/2.11", "mozilla/2.14", @@ -18177,6 +21510,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/151119231843", "windows/160113232859", @@ -18204,9 +21540,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "a0459b9f63b22559f5fa5d4c6db3f9f72ff19342033578f073bf1d1b46cbb912": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -18233,6 +21579,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/070109202240", "windows/070201011524", @@ -18301,9 +21650,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "a1339d33281a0b56e557d3d32b1ce7f9367eb094bd5fa72a7e5004c8ded7cafe": [ + "android/android10-release", "android/nougat-cts-release", "android/nougat-mr1-cts-release", "android/oreo-cts-release", @@ -18321,6 +21680,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/170228174808", "windows/170419224008", @@ -18341,7 +21703,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "a1a86d04121eb87f027c66f53303c28e5739f943fc84b38ad6af009035dd9457": [ "macos/10.13.1", @@ -18349,7 +21720,15 @@ "macos/10.13.3", "macos/10.13.4", "macos/10.13.5", - "macos/10.14.0" + "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2" ], "a1b2dbeb64e706c6169e3c4118b23baa09018a8427666d8bf0e28891ec051950": [ "windows/110919210309", @@ -18396,7 +21775,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "a1f05ccb80c2d710ec7d479abdcbb879e58d7edb7149fe78a87884e3d0bad0f9": [ "macos/10.10.0", @@ -18416,6 +21804,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -18478,7 +21874,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "a22dba681e97376e2d397d728aae3a9b6296b9fdba60bc2e11f647f2c675fb37": [ "android/kitkat-cts-release", @@ -18512,6 +21917,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -18586,7 +21999,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "a31f093053bd12c1f5c3c6efd498023fd2914d7758d05d698ce084b50626e0e5": [ "macos/10.10.0", @@ -18606,6 +22028,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -18671,7 +22101,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "a3cc68595dfe7e86d8ad1772a8b5284add54ace3b8a798df47bccafb1fdb84df": [ "windows/160414222039", @@ -18696,7 +22135,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "a3d7435a18c46b23b6a4f8929cd59050c9168b03a7fad532626f297cac5356e4": [ "windows/110919210309", @@ -18743,9 +22191,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "a4310d50af18a6447190372a86afaf8b951ffb431d837f1e5688b45971ed1557": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -18793,6 +22251,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/090825180842", "windows/091013033632", @@ -18849,9 +22310,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "a45ede3bbbf09c8ae15c72efc07268d693a21c996fd51e67ca079460fd6d8873": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -18883,6 +22354,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -18899,6 +22378,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/070109202240", "windows/070201011524", @@ -18967,7 +22449,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "a4b6b3996fc2f306b3fd8681bd63413d8c5009cc4fa329c2ccf0e2fa1b140305": [ "android/kitkat-cts-release", @@ -19092,7 +22583,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "a6c51e0da5ca0a9309d2e4c0e40c2af9107aae8203857fe198e3e769e343085c": [ "android/kitkat-cts-release", @@ -19248,7 +22748,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "a798a1c70e9b6d50eaa5724a26fac7991848edc61bf48d79816bcafb66972128": [ "windows/070109202240", @@ -19363,7 +22872,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "aad9ceed5aa6b1cea28596a8e4e1abed9386d6ebc9d4aad9acde0fa36ba069d0": [ "macos/10.10.0", @@ -19436,7 +22954,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "ab7036365c7154aa29c2c29f5d4191163b162a2225011357d56d07ffa7bc1f72": [ "macos/10.10.0", @@ -19511,14 +23038,32 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "ac7f7862e685c7a7d9826a58ea32d183d4893fcc8f8fd6d900c9769a987e77f0": [ "windows/181124234732", "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "ad016f958050e0e7e46fae7dcc50197ed8e3ff0a4b262e5ddcdb3edddc7d6578": [ "windows/100503224537", @@ -19573,7 +23118,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "ad7539e5cdc985fa95244055a9202d63460ec921467d034cfdbe87ec6d00fedc": [ "windows/130626232015", @@ -19631,6 +23185,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -19701,7 +23263,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "ae92e90000541a9ebc101b70b6c33a62f5a53a55ba815e81d31abddf03507f5d": [ "windows/070109202240", @@ -19771,7 +23342,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "af6d08eef3cac4e1584abc63c8a9472ac529af99f3f791319a43776063f58dca": [ "windows/070109202240", @@ -19841,7 +23421,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "af71a3bca322e5224df546895696ce449a8bd2bd130f7a7ae457767f5c23d8f8": [ "windows/070109202240", @@ -20020,7 +23609,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "b04d708f1ae0456265dd1b66907a2691a28680b853e031df3df9083af71614d7": [ "windows/070109202240", @@ -20147,7 +23745,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "b0b1730ecbc7ff4505142c49f1295e6eda6bcaed7e2c68c5be91b5a11001f024": [ "macos/10.10.0", @@ -20167,12 +23774,21 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5" ], "b0bfd52bb0d7d9bd92bf5d4dc13da255c02c542f378365ea893911f55e55f23c": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr2-release", "android/lollipop-cts-release", @@ -20203,6 +23819,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -20218,6 +23842,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/131003230417", "windows/140312052931", @@ -20254,7 +23881,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "b2259996fff735ab35014ef63f3d413190079dd03a0962432635a8695f995305": [ "windows/100927165108", @@ -20328,7 +23964,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "b32396746453442f353e616292bb20bbaa5d23b546450fdb9c54b8386167d529": [ "macos/10.10.0", @@ -20387,7 +24032,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "b3c962d34019fb38ab9fe9c62399742ab26c43c2d18ce3f2b13c14321e52964b": [ "windows/070109202240", @@ -20556,9 +24210,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "b478b812250df878635c2aa7ec7d155eaa625ee82916e2cd294361886cd1fbd4": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -20590,6 +24254,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -20605,6 +24277,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/090825180842", "windows/091013033632", @@ -20661,7 +24336,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "b5bd2cb79cbd1907298d6bdf4842e516d8c78fa6fc96d25f71af814e16cc245e": [ "windows/080828200829", @@ -20723,9 +24407,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "b6191a50d0c3977f7da99bcdaac86a227daeb9679ec70ba3b0c9d92271c170d3": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -20757,6 +24451,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -20773,6 +24475,7 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", "mozilla/2.9", "windows/070109202240", "windows/070201011524", @@ -20841,7 +24544,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "b644d955fff29b74e3b5687e908ee7c3c9197ba3336cc6328531f6c057d677fd": [ "windows/100927165108", @@ -20894,9 +24606,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "b676f2eddae8775cd36cb0f63cd1d4603961f49e6265ba013a2f0307b6d0b804": [ + "android/android10-release", "android/nougat-cts-release", "android/nougat-mr1-cts-release", "android/oreo-cts-release", @@ -20912,6 +24634,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.10", "mozilla/2.11", "mozilla/2.14", @@ -20924,6 +24654,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/160916174005", "windows/161112005943", @@ -20946,7 +24679,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "b7a7ec419454411761225ecf30d99585f851356077bf83274b11588fd05521b8": [ "macos/10.9.0" @@ -21007,6 +24749,7 @@ "windows/160916174005" ], "b7c36231706e81078c367cb896198f1e3208dd926949dd8f5709a410f75b6292": [ + "android/android10-release", "android/nougat-mr1-cts-release", "android/oreo-cts-release", "android/oreo-mr1-cts-release", @@ -21017,6 +24760,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.10", "mozilla/2.11", "mozilla/2.14", @@ -21055,7 +24806,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "b8bbe523bfca3b11d50f73f7f10b3ec8ec958aa1dc86f66d9541907ff1a110ef": [ "windows/090203164005", @@ -21165,7 +24925,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "ba7f1136389075b8e86c53c095fa14f5c83b6b017a0244ed7637114620d3a3b1": [ "macos/10.9.0", @@ -21174,6 +24943,7 @@ "macos/10.9.5" ], "bc104f15a48be709dca542a7e1d4b9df6f054527e802eaa92d595444258afe71": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -21205,6 +24975,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -21220,6 +24998,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/130420010442", "windows/130626232015", @@ -21258,7 +25039,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "bc23f98a313cb92de3bbfc3a5a9f4461ac39494c4ae15a9e9df131e99b73019a": [ "android/kitkat-cts-release", @@ -21313,6 +25103,9 @@ ], "bc4d809b15189d78db3e1d8cf4f9726a795da1643ca5f1358e1ddb0edc0d7eb3": [ "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "windows/180821001257", "windows/180926205955", "windows/181012165448", @@ -21320,7 +25113,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "bcdd8df4276366d7ff4b688dc81500d8e98252c049c8ff1e8c82f2baec9d5c16": [ "windows/070109202240", @@ -21370,6 +25172,7 @@ "macos/10.9.5" ], "bd71fdf6da97e4cf62d1647add2581b07d79adf8397eb4ecba9c5e8488821423": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -21401,6 +25204,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -21417,6 +25228,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/100719231554", "windows/100927165108", @@ -21469,7 +25283,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "bd81ce3b4f6591d11a67b5fc7a47fdef25521bf9aa4e18b9e3df2e34a7803be8": [ "android/kitkat-cts-release", @@ -21500,6 +25323,7 @@ "mozilla/2.9" ], "be6c4da2bbb9ba59b6f3939768374246c3c005993fa98f020d1dedbed48a81d5": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -21531,6 +25355,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -21547,6 +25379,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/070201011524", "windows/070522004642", @@ -21614,7 +25449,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "bebce57dcb85f60a93bfa5019edb1a294bf6d81f82d9b4e71f502f0b15a1fc08": [ "windows/160916174005", @@ -21638,9 +25482,14 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703" ], "bec94911c2955676db6c0a550986d76e3ba005667c442c9762b4fbb773de228c": [ + "android/android10-release", "android/lollipop-mr1-cts-release", "android/marshmallow-cts-release", "android/marshmallow-mr1-release", @@ -21668,6 +25517,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -21683,6 +25540,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/130626232015", "windows/131003230417", @@ -21720,9 +25580,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "bf0feefb9e3a581ad5f9e9db7589985743d261085c4d314f6f5d7259aa421612": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -21753,6 +25623,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/090501224247", "windows/090825180842", @@ -21787,6 +25660,7 @@ "windows/151119231843" ], "bfd88fe1101c41ae3e801bf8be56350ee9bad1a6b9bd515edc5c6d5b8711ac44": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -21818,6 +25692,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -21834,6 +25716,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/090825180842", "windows/091013033632", @@ -21890,10 +25775,28 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "bfff8fd04433487d6a8aa60c1a29767a9fc2bbb05e420f713a13b992891d3893": [ + "android/android10-release", "android/pie-cts-release", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.18", "mozilla/2.20", "mozilla/2.22", @@ -21902,6 +25805,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "windows/150618202535", "windows/150723231635", "windows/150820181119", @@ -21931,9 +25837,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "c0a6f4dc63a24bfdcf54ef2a6a082a0a72de35803e2ff5ff527ae5d87206dfd5": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -21965,6 +25881,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -21981,6 +25905,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/080328202117", "windows/080612204220", @@ -22042,7 +25969,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "c0c05a8d8da55eaf27aa9b910b0a6ef0d8bbded346928db872e182c2073e9802": [ "macos/10.10.0", @@ -22062,6 +25998,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -22140,7 +26084,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "c1b12f480020336e5b04f520bc19c2e2e10ab42c9d9235f05cbec33ffa4d4dea": [ "windows/070109202240", @@ -22210,9 +26163,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "c1b48299aba5208fe9630ace55ca68a03eda5a519c8802a0d3a673be8f8e557d": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr2-release", "android/lollipop-cts-release", @@ -22243,6 +26206,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -22259,6 +26230,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/070109202240", "windows/070201011524", @@ -22327,7 +26301,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "c1cf0b52096435e3f1b71daaec455a2311c8404f5583a9e213c69d857d943305": [ "android/kitkat-mr1-release", @@ -22388,7 +26371,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "c2157309d9aee17bf34f4df5e88dbaeba57e0361eb814cbc239f4d54d329a38d": [ "windows/140912180251", @@ -22424,7 +26416,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "c2959db8339e8dbcf6409ca92a66c49fd2e32494940a901143bd7eb72827dec2": [ "windows/070109202240", @@ -22482,6 +26483,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.4", "macos/10.9.5" ], @@ -22519,7 +26528,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "c34c5df53080078ffe45b21a7f600469917204f4f0293f1d7209393e5265c04f": [ "windows/150723231635", @@ -22550,9 +26568,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "c3846bf24b9e93ca64274c0ec67c1ecc5e024ffcacd2d74019350e81fe546ae4": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -22584,6 +26612,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -22600,6 +26636,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/070109202240", "windows/070201011524", @@ -22668,7 +26707,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "c38dcb38959393358691ea4d4f3ce495ce748996e64ed1891d897a0fc4dd55c6": [ "android/kitkat-mr1-release", @@ -22735,8 +26783,20 @@ "windows/160916174005" ], "c45d7bb08e6d67e62e4235110b564e5f78fd92ef058c840aea4e6455d7585c60": [ + "android/android10-release", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "windows/170922155710", "windows/171121202507", "windows/180122185731", @@ -22753,7 +26813,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "c470cf547e2302b977fb29dd71a89a7b6c1f60777b0329f56017f328bf4f6be6": [ "android/kitkat-cts-release", @@ -22877,6 +26946,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -22945,11 +27022,24 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "c57bacf238f9336c3dfba62d12bcf5823603e5842c44e62f5448cc7e5f4cad59": [ "macos/10.9.0" ], + "c741f70f4b2a8d88bf2e71c14122ef53ef10eba0cfa5e64cfa20f418853073e0": [ + "windows/200226213356", + "windows/200421004343" + ], "c766a9bef2d4071c863a31aa4920e813b2d198608cb7b7cfe21143b836df09ea": [ "android/kitkat-cts-release", "android/kitkat-mr1-release", @@ -22980,6 +27070,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -23044,7 +27142,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "c795ff8ff20c966688f064a1e091421d3110a3456c17ec2404b998738741f622": [ "windows/150618202535", @@ -23076,7 +27183,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "c7ba6567de93a798ae1faa791e712d378fae1f93c4397fea441bb7cbe6fd5995": [ "android/kitkat-cts-release", @@ -23108,6 +27224,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -23152,7 +27276,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "ca2d82a08677072f8ab6764ff035676cfe3e5e325e012172df3f92096db79b85": [ "android/kitkat-cts-release", @@ -23238,9 +27371,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "ca42dd41745fd0b81eb902362cf9d8bf719da1bd1b1efc946f5b4c99f42c1b9e": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -23272,6 +27415,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -23288,6 +27439,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/070201011524", "windows/070522004642", @@ -23355,7 +27509,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "ca7a5e68c53d2c51f72f6b465d3ed753f5903ec7901c8d0f55d868337c81975a": [ "windows/110125205412", @@ -23407,7 +27570,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "caca93b9d23d2b6fa76e8b8471931e0df3ec6f63af3cdbb936c41954a1872326": [ "windows/180619172254", @@ -23419,9 +27591,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f": [ + "android/android10-release", "android/lollipop-cts-release", "android/lollipop-mr1-cts-release", "android/marshmallow-cts-release", @@ -23450,6 +27632,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -23465,6 +27655,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/131003230417", "windows/140312052931", @@ -23501,7 +27694,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "cb627d18b58ad56dde331a30456bc65c601a4e9b18dedcea08e7daaa07815ff0": [ "macos/10.10.0", @@ -23521,6 +27723,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5" @@ -23535,6 +27745,7 @@ "macos/10.9.5" ], "cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -23566,6 +27777,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -23582,6 +27801,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/100503224537", "windows/100719231554", @@ -23635,7 +27857,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "cbb5af185e942a2402f9eacbc0ed5bb876eea3c1223623d00447e4f3ba554b65": [ "macos/10.10.0", @@ -23655,6 +27886,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -23714,7 +27953,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "ccc89489371bad111c90619bea240a2e6dadd99f9f6e1d4d41e58ed6de3d0285": [ "windows/070109202240", @@ -23784,7 +28032,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "cd0b3b2aa174b55f18c7502f3c3a76f2198175ce45637370cf4f48b9c2ce4fbf": [ "windows/090825180842", @@ -23842,7 +28099,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "cd201256fe5ced0bfff8df595fff36b1416d5313a999f532ef4a9915df96dee0": [ "windows/090825180842", @@ -23900,7 +28166,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "cd808284cf746ff2fd6eb58aa1d59c4ad4b3ca56fdc6274a8926a7835f32313d": [ "macos/10.10.0", @@ -23986,9 +28261,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "cecddc905099d8dadfc5b1d209b737cbe2c18cfb2c10c0ff0bcf0d3286fc1aa2": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -24020,6 +28305,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -24036,6 +28329,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/070109202240", "windows/070201011524", @@ -24104,7 +28400,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "cf56ff46a4a186109dd96584b5eeb58a510c4275b0e5f94f40bbae865e19f673": [ "android/kitkat-cts-release", @@ -24183,7 +28488,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "d1c339ea2784eb870f934fc5634e4aa9ad5505016401f26465d37a574663359f": [ "macos/10.10.0", @@ -24203,6 +28517,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -24250,10 +28572,27 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "d40e9c86cd8fe468c1776959f49ea774fa548684b6c406f3909261f4dce2575c": [ + "android/android10-release", "android/pie-cts-release", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.18", "mozilla/2.20", "mozilla/2.22", @@ -24262,6 +28601,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "windows/160414222039", "windows/160916174005", "windows/170228174808", @@ -24283,7 +28625,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "d41d829e8c1659822af93fce62bffcde264fc84e8b950c5ff275d052354695a3": [ "android/kitkat-cts-release", @@ -24372,11 +28723,24 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "d43af9b35473755c9684fc06d7d8cb70ee5c28e773fb294eb41ee71722924d24": [ + "android/android10-release", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "windows/161112005943", "windows/170228174808", "windows/170419224008", @@ -24397,7 +28761,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "d487a56f83b07482e85e963394c1ecc2c9e51d0903ee946b02c301581ed99e16": [ "android/nougat-cts-release", @@ -24437,11 +28810,24 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "d48d3d23eedb50a459e55197601c27774b9d7b18c94d5a059511a10250b93168": [ + "android/android10-release", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "windows/160414222039", "windows/160916174005", "windows/161112005943", @@ -24464,7 +28850,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "d68f7730b1ec2b3fb698c96d76540c9997415a25737dcd61d44960db77d2723d": [ "macos/10.9.0" @@ -24517,9 +28912,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -24551,6 +28956,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -24567,6 +28980,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/070109202240", "windows/070201011524", @@ -24635,7 +29051,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "d7ba3f4ff8ad05633451470dda3378a3491b90005e5c687d2b68d53647cfdd66": [ "windows/170922155710", @@ -24654,7 +29079,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "d80fef910ae3f104723b045cec2d019f441ce6213adf156791e70c1790110a31": [ "windows/150618202535", @@ -24685,7 +29119,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "d8e0febc1db2e38d00940f37d27d41344d993e734b99d5656d9778d4d8143624": [ "android/kitkat-cts-release", @@ -24718,6 +29161,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -24794,7 +29245,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "d95fea3ca4eedce74cd76e75fc6d1ff62c441f0fa8bc77f034b19e5db258015d": [ "android/kitkat-cts-release", @@ -24825,6 +29285,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -24868,7 +29336,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "da98f640194df128c7888bc8e3479a9dd31795ff087c649052fbafb02eaef184": [ "macos/10.10.0", @@ -24887,9 +29364,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "dd6936fe21f8f077c123a1a521c12224f72255b73e03a7260693e8a24b0fa389": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr2-release", "android/lollipop-cts-release", @@ -24920,6 +29407,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -24935,6 +29430,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/100503224537", "windows/100719231554", @@ -24988,7 +29486,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "ddbf149733bc2bf8a09d7f012b01a6dea11d7bae26713783ef6407a2495bf189": [ "windows/170228174808", @@ -25010,7 +29517,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "ddff53ecd7743b60bb7b2795ff5732fa785f9a14df1120fb40a38cf84ca2a566": [ "windows/070201011524", @@ -25079,7 +29595,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" + ], + "de1af143ffa160cf5fa86abfe577291633dc264da12c863c5738bea4afbb2cdb": [ + "windows/200421004343" ], "df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e": [ "windows/100719231554", @@ -25133,14 +29661,31 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "dfb3c314740596ad5fb97960ef62ad7c1fcceead16e74054652d1032e6f140ef": [ "windows/181124234732", "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356" ], "e0e17aea06cf9ce12aae8190345a2c59720130a7d8ff72f3745ad75dbaa365b6": [ "windows/140912180251", @@ -25176,7 +29721,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "e17890ee09a3fbf4f48b9c414a17d637b7a50647e9bc752322727fcc1742a911": [ "android/kitkat-cts-release", @@ -25207,6 +29761,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -25218,6 +29780,7 @@ "mozilla/2.9" ], "e23d4a036d7b70e9f595b1422079d2b91edfbb1fb651a0633eaa8a9dc5f80703": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr2-release", "android/lollipop-cts-release", @@ -25248,6 +29811,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -25263,6 +29834,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/131003230417", "windows/140312052931", @@ -25299,7 +29873,24 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" + ], + "e28097721a8cab8880af80fdef8902b1f15bc7473ad68ec22991257a910d9ea2": [ + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "e28393773da845a679f2080cc7fb44a3b7a1c3792cb7eb7729fdcb6a8d99aea7": [ "android/kitkat-cts-release", @@ -25378,7 +29969,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "e3268f6106ba8b665a1a962ddea1459d2a46972f1f2440329b390b895749ad45": [ "macos/10.10.3", @@ -25396,9 +29996,18 @@ "macos/10.13.3", "macos/10.13.4", "macos/10.13.5", - "macos/10.14.0" + "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2" ], "e35d28419ed02025cfa69038cd623962458da5c695fbdea3c22b0bfb25897092": [ + "android/android10-release", "android/oreo-cts-release", "android/oreo-mr1-cts-release", "android/pie-cts-release", @@ -25408,6 +30017,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.11", "mozilla/2.14", "mozilla/2.16", @@ -25419,6 +30036,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "windows/160113232859", "windows/160123000836", "windows/160128175153", @@ -25444,7 +30064,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "e389360d0fdbaeb3d250584b4730314e222f39c156a020144e8d960561791506": [ "android/kitkat-cts-release", @@ -25513,6 +30142,7 @@ "windows/110901174705" ], "e3b6a2db2ed7ce48842f7ac53241c7b71d54144bfb40c11f3f1d0b42f5eea12d": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -25544,6 +30174,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -25560,6 +30198,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/080328202117", "windows/080612204220", @@ -25622,7 +30263,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "e3efb6118a92e3b858fd806f690e31d46b95ca1bd756da2b3037fe2f87cc9137": [ "macos/10.9.0", @@ -25730,7 +30380,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "e57210ab812c8df308267cb4291b98e956597ca36ec2b95189ef1723396bcac8": [ "windows/070109202240", @@ -25901,7 +30560,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "e6b8f8766485f807ae7f8dac1670461f07c0a13eef3a1ff717538d7abad391b4": [ "android/kitkat-cts-release", @@ -26026,7 +30694,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "e74fbda55bd564c473a36b441aa799c8a68e077440e8288b9fa1e50e4bbaca11": [ "windows/170228174808", @@ -26048,9 +30725,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "e75e72ed9f560eec6eb4800073a43fc3ad19195a392282017895974a99026b6c": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -26082,6 +30769,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -26098,6 +30793,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/070109202240", "windows/070201011524", @@ -26166,7 +30864,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "e7685634efacf69ace939a6b255b7b4fabef42935b50a265acb5cb6027e44e70": [ "macos/10.10.0", @@ -26241,9 +30948,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd2": [ + "android/android10-release", "android/lollipop-mr1-cts-release", "android/marshmallow-cts-release", "android/marshmallow-mr1-release", @@ -26263,6 +30980,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.10", "mozilla/2.11", "mozilla/2.14", @@ -26275,6 +31000,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/100927165108", "windows/110125205412", @@ -26326,7 +31054,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "e873d4082a7b4632934f48a5cc1ee500932f661e56c3467c5c84d31447476b0c": [ "windows/070109202240", @@ -26519,6 +31256,7 @@ "windows/150220201450" ], "eaa962c4fa4a6bafebe415196d351ccd888d4f53f3fa8ae6d7c466a94e6042bb": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -26550,6 +31288,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -26565,6 +31311,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/090203164005", "windows/090501224247", @@ -26623,7 +31372,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "eac0220c5c9fecc5121d3720872d06707b5266be25d4ebb56ab804bbbf85fe03": [ "macos/10.10.0", @@ -26698,9 +31456,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "eb04cf5eb1f39afa762f2bb120f296cba520c1b97db1589565b81cb9a17b7244": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -26732,6 +31500,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -26748,6 +31524,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/070109202240", "windows/070201011524", @@ -26816,7 +31595,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "eb7e05aa58e7bd328a282bf8867033f3c035342b516ee85c01673dffffbbfe58": [ "windows/090203164005", @@ -26876,13 +31664,31 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "ebc5570c29018c4d67b1aa127baf12f703b4611ebc17b7dab5573894179b93fa": [ + "android/android10-release", "android/oreo-cts-release", "android/oreo-mr1-cts-release", "android/pie-cts-release", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.11", "mozilla/2.14", "mozilla/2.16", @@ -26894,6 +31700,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "windows/170922155710", "windows/171121202507", "windows/180122185731", @@ -26910,9 +31719,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -26944,6 +31763,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -26960,6 +31787,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/080328202117", "windows/080612204220", @@ -27022,7 +31852,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "ebf3c02a8789b1fb7d511995d663b72906d913ce0d5e10568a8a77e2586167e7": [ "android/kitkat-cts-release", @@ -27173,16 +32012,34 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "ecdd47b5acbfa328211e1bff54adeac95e6991e3c1d50e27b527e903208040a1": [ "windows/181124234732", "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356" ], "edf7ebbca27a2a384d387b7d4010c666e2edb4843e4c29b4ae1d5b9332e6b24d": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -27214,6 +32071,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -27229,6 +32094,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/111018233154", "windows/120125230451", @@ -27273,9 +32141,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "eec5496b988ce98625b934092eec2908bed0b0f316c2d4730c84eaf1f3d34881": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -27307,6 +32185,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -27322,6 +32208,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/120223022238", "windows/120406192127", @@ -27364,7 +32253,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "eefca888db442cea1f03fac5de5b1af210ae03f5e1658ddb880c645e78624546": [ "windows/091013033632", @@ -27424,6 +32322,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -27500,7 +32406,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "efb5157e9c66caa1dcc63c9fac0127cde83b7a426c4579b7b43a41ba46a56deb": [ "windows/111018233154", @@ -27546,7 +32461,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "f00355eef101c7df4e46cce6417dffce3db82dbb1369c3b439c4e33bee445c42": [ "windows/070201011524", @@ -27615,7 +32539,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "f008733ec500dc498763cc9264c6fcea40ec22000e927d053ce9c90bfa046cb2": [ "macos/10.10.0", @@ -27635,6 +32568,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -27704,7 +32645,24 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" + ], + "f015ce3cc239bfef064be9f1d2c417e1a0264a0a94be1f0c8d121864eb6949cc": [ + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "f09b122c7114f4a09bd4ea4f4a99d558b46e4c25cd81140d29c05613914c3841": [ "android/kitkat-cts-release", @@ -27736,6 +32694,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -27784,7 +32750,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "f1b13f5c9a326403b0f31bbe7699cd17c7d1c0b981586dd1a7b219c52508fe99": [ "windows/070702210503", @@ -27851,9 +32826,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "f1c1b50ae5a20dd8030ec9f6bc24823dd367b5255759b4e71b61fce9f7375d73": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -27885,6 +32870,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -27901,6 +32894,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/070109202240", "windows/070201011524", @@ -27969,7 +32965,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "f1f3cc207a6d47947b8cb9c30422229de0d71fb867e0b9a3eda08e0e1736bc28": [ "windows/070109202240", @@ -28041,9 +33046,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "f356bea244b7a91eb35d53ca9ad7864ace018e2d35d5f8f96ddf68a6f41aa474": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr2-release", "android/lollipop-cts-release", @@ -28066,6 +33081,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "mozilla/2.10", "mozilla/2.11", "mozilla/2.14", @@ -28078,6 +33101,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/110919210309", "windows/111018233154", @@ -28123,7 +33149,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "f375e2f77a108bacc4234894a9af308edeca1acd8fbde0e7aaa9634e9daf7e1c": [ "windows/091029013045", @@ -28220,7 +33255,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "f4336bc2ac75950beccf1c1f2f9da6dddafd1f41161ca71f59c76889bd474033": [ "windows/110919210309", @@ -28267,7 +33311,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "f4c149551a3013a35bc7bffe17a7f3449bc1ab5b5a0ae74b06c23b90004c0104": [ "android/kitkat-cts-release", @@ -28416,6 +33469,7 @@ "windows/150122021939" ], "f96f23f4c3e79c077a46988d5af5900676a0f039cb645dd17549b216c82440ce": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr2-release", "android/lollipop-cts-release", @@ -28446,6 +33500,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -28490,9 +33552,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "f9e67d336c51002ac054c632022d66dda2e7e3fff10ad061ed31d8bbb410cfb2": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -28524,6 +33596,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -28540,6 +33620,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/070109202240", "windows/070201011524", @@ -28608,7 +33691,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "fabcf5197cdd7f458ac33832d3284021db2425fd6bea7a2e69b7486e8f51f9cc": [ "macos/10.10.0", @@ -28628,6 +33720,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -28666,7 +33766,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "fad540811afae0dc767cdf6572a088fa3ce8493dd82b3b869a67d10aab4e8124": [ "windows/170419224008", @@ -28687,7 +33796,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "fb47d92a9909fd4fa9bec02737543e1f3514ced747407a8d9cfa397b0915067c": [ "windows/120223022238", @@ -28731,7 +33849,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "fc0a0fe27c9dc13c81238a5913a1daf8184168beb7e5a4512a771fd4f453651d": [ "windows/070109202240", @@ -28787,7 +33914,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "fcbfe2886206f72b27593c8b070297e12d769ed10ed7930705a8098effc14d17": [ "android/kitkat-cts-release", @@ -28820,6 +33956,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -28878,9 +34022,19 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "fd73dad31c644ff1b43bef0ccdda96710b9cd9875eca7e31707af3e96d522bbd": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -28912,6 +34066,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.2", "macos/10.9.4", "macos/10.9.5", @@ -28927,6 +34089,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/110919210309", "windows/111018233154", @@ -28972,7 +34137,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "fe7114d07a147759891ff37b4f53eb43568296bc3bf89bc12cafb186985ef28d": [ "windows/071219233937", @@ -29037,7 +34211,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "fe863d0822fe7a2353fa484d5924e875656d3dc9fb58771f6f616f9d571bc592": [ "macos/10.10.0", @@ -29066,9 +34249,18 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356" ], "ff856a2d251dcd88d36656f450126798cfabaade40799c722de4d2b5db36a73a": [ + "android/android10-release", "android/kitkat-cts-release", "android/kitkat-mr1-release", "android/kitkat-mr2-release", @@ -29100,6 +34292,14 @@ "macos/10.13.4", "macos/10.13.5", "macos/10.14.0", + "macos/10.14.2", + "macos/10.14.3", + "macos/10.14.4", + "macos/10.14.5", + "macos/10.14.6", + "macos/10.15.0", + "macos/10.15.1", + "macos/10.15.2", "macos/10.9.0", "macos/10.9.2", "macos/10.9.4", @@ -29116,6 +34316,9 @@ "mozilla/2.28", "mozilla/2.30", "mozilla/2.32", + "mozilla/2.34", + "mozilla/2.36", + "mozilla/2.38", "mozilla/2.9", "windows/070109202240", "windows/070201011524", @@ -29183,7 +34386,16 @@ "windows/190115181058", "windows/190222164938", "windows/190315181653", - "windows/190416222336" + "windows/190416222336", + "windows/190517165903", + "windows/190621214355", + "windows/190710202938", + "windows/190723222703", + "windows/190821214431", + "windows/191029183108", + "windows/200111003235", + "windows/200226213356", + "windows/200421004343" ], "ffcef2224e29b0b36ec8314e686822f3ac0f1c5e0c2d5c0eb2484ce7e2540fd0": [ "windows/070109202240", @@ -29230,7 +34442,7 @@ "windows/151119231843" ] }, - "last_spki_id": 514, + "last_spki_id": 520, "spkis": { "004124ad6037fd5f3319e7a23d4d9c811f5598d66c4754155b0aaa9e8f00621f": { "fingerprints": [ @@ -29437,6 +34649,13 @@ "id": 388, "legacy": true }, + "1134fd81561a2818eccfffc2e440a0cef9a40e2926c08299804d738b0a97f63d": { + "fingerprints": [ + "e28097721a8cab8880af80fdef8902b1f15bc7473ad68ec22991257a910d9ea2" + ], + "id": 515, + "legacy": true + }, "122312c081949106b7049f3febf199c010ada13e3281cd358a41e7bd09c829d7": { "fingerprints": [ "34ff2a4409dc1383e9f8966e8adfe5719eba373fd0ad5e2f49f90ee07cf5d4c1" @@ -29598,6 +34817,13 @@ "id": 416, "legacy": true }, + "1f3c9fd4fdbb50a055bcca7fe5a581a92099cef1e9e476d6baef0c910831c7b3": { + "fingerprints": [ + "8ac552ad577e37ad2c6808d72aa331d6a96b4b3febff34ce9bc0578e08055ec3" + ], + "id": 519, + "legacy": true + }, "1f4224cec84fc99ced881ff6fcfd3e21f8c519c547aa6a5dd3de247302ce50d1": { "fingerprints": [ "e28393773da845a679f2080cc7fb44a3b7a1c3792cb7eb7729fdcb6a8d99aea7" @@ -29975,7 +35201,8 @@ }, "35f53ce1264611e03340fe37e1ec7d4cc986c5613dca70fd04aa44545f2daf28": { "fingerprints": [ - "fea1884ab3aea6d0dbedbe4b9cd9fec8655116300a86a856488fc488bb4b44d2" + "fea1884ab3aea6d0dbedbe4b9cd9fec8655116300a86a856488fc488bb4b44d2", + "358df39d764af9e1b766e9c972df352ee15cfac227af6ad1d70e8e4a6edcba02" ], "id": 508, "legacy": true @@ -30232,6 +35459,13 @@ "id": 51, "legacy": true }, + "453b74809b69019627f2f843001db5950cdd1d45371053e7f3dfdbc3714113c6": { + "fingerprints": [ + "554153b13d2cf9ddb753bfbe1a4e0ae08d0aa4187058fe60a2b862b2e4b87bcb" + ], + "id": 518, + "legacy": true + }, "463dbb9b0a26ed2616397b643125fbd29b66cf3a46fdb4384b209e78237a1aff": { "fingerprints": [ "2930bd09a07126bdc17288d4f2ad84645ec948607907a97b5ed0b0b05879ef69" @@ -30332,7 +35566,8 @@ "fingerprints": [ "49351b903444c185ccdc5c693d24d8555cb208d6a8141307699f4af063199d78" ], - "id": 184 + "id": 184, + "legacy": true }, "4ba24996ddee6f8e1fcec0aa9eccfd3aa5477b3ef8f5f85f0a06073f97522857": { "fingerprints": [ @@ -30380,7 +35615,8 @@ "fingerprints": [ "ef3cb417fc8ebf6f97876c9e4ece39de1ea5fe649141d1028b7d11c0b2298ced" ], - "id": 100 + "id": 100, + "legacy": true }, "4ef7dacf77edb751f704035fb5c6c442351ec7220af90bdf82fd047bd3c24187": { "fingerprints": [ @@ -30649,7 +35885,8 @@ "fingerprints": [ "a22dba681e97376e2d397d728aae3a9b6296b9fdba60bc2e11f647f2c675fb37" ], - "id": 98 + "id": 98, + "legacy": true }, "659cb368ac56998bd07af2cafc5fb93f8e79474accc2a6cf1ac9f2192d136360": { "fingerprints": [ @@ -30677,7 +35914,8 @@ "fingerprints": [ "27995829fe6a7515c1bfe848f9c4761db16c225929257bf40d0894f29ea8baf2" ], - "id": 198 + "id": 198, + "legacy": true }, "676b9ff303ede180fb95a4736fb4d3153032c014444f63a2074c41b98b51e0bd": { "fingerprints": [ @@ -30721,7 +35959,8 @@ }, "68aa635451d83962167e88fb08f8678d73aec66fc559462137cff9d1bc3d3871": { "fingerprints": [ - "dfb3c314740596ad5fb97960ef62ad7c1fcceead16e74054652d1032e6f140ef" + "dfb3c314740596ad5fb97960ef62ad7c1fcceead16e74054652d1032e6f140ef", + "66960242db2ed5906e113295f2454f33d6fb418c4c65e8166d43be64d19ba4fa" ], "id": 506, "legacy": true @@ -30812,7 +36051,8 @@ "fingerprints": [ "56c77128d98c18d91b4cfdffbc25ee9103d4758ea2abad826a90f3457d460eb4" ], - "id": 202 + "id": 202, + "legacy": true }, "6dbfae00d37b9cd73f8fb47de65917af00e0dddf42dbceac20c17c0275ee2095": { "fingerprints": [ @@ -30912,6 +36152,13 @@ "id": 437, "legacy": true }, + "79caaf5347e6e4a94c8e78a98496fc74020f809ede13f220fab6104c8ded329f": { + "fingerprints": [ + "f015ce3cc239bfef064be9f1d2c417e1a0264a0a94be1f0c8d121864eb6949cc" + ], + "id": 516, + "legacy": true + }, "7aedddf36b18f8acb7379fe1ce183212b2350d0788abe0e82457be9badad6d54": { "fingerprints": [ "8b45da1c06f791eb0cabf26be588f5fb23165c2e614bf885562d0dce50b29b02" @@ -31151,7 +36398,8 @@ "fingerprints": [ "0c258a12a5674aef25f28ba7dcfaeceea348e541e6f5cc4ee63b71b361606ac3" ], - "id": 145 + "id": 145, + "legacy": true }, "8a42eeadbc8b21a35c4b3aadd7dfbcbd2ed1b1da12e8c45a534da90607e564fd": { "fingerprints": [ @@ -31634,7 +36882,8 @@ "fingerprints": [ "69fac9bd55fb0ac78d53bbee5cf1d597989fd0aaab20a25151bdf1733ee7d122" ], - "id": 67 + "id": 67, + "legacy": true }, "a6f1f9bf8a0a9ddc080fb49b1efc3d1a1c2c32dc0e136a5b00c97316f2a3dc11": { "fingerprints": [ @@ -31886,7 +37135,8 @@ }, "b2f7298b52bf2c3cac4ddfe72de4d682ac58957595982f2b62301af597c699c5": { "fingerprints": [ - "ecdd47b5acbfa328211e1bff54adeac95e6991e3c1d50e27b527e903208040a1" + "ecdd47b5acbfa328211e1bff54adeac95e6991e3c1d50e27b527e903208040a1", + "c741f70f4b2a8d88bf2e71c14122ef53ef10eba0cfa5e64cfa20f418853073e0" ], "id": 507, "legacy": true @@ -32161,6 +37411,13 @@ "id": 358, "legacy": true }, + "c942262c0c7c0a95bb152b71c42556ddbe9a04fa8378373550d2b7ce27d952a3": { + "fingerprints": [ + "2e44102ab58cb85419451c8e19d9acf3662cafbc614b6a53960a30f7d0e2eb41" + ], + "id": 520, + "legacy": true + }, "c954c2c0b189825bb65ddb3ddca080b7dbcfe6b17cade1022bada818336677d0": { "fingerprints": [ "e873d4082a7b4632934f48a5cc1ee500932f661e56c3467c5c84d31447476b0c" @@ -32493,7 +37750,8 @@ "fingerprints": [ "152a402bfcdf2cd548054d2275b39c7fca3ec0978078b0f0ea76e561a6c7433e" ], - "id": 197 + "id": 197, + "legacy": true }, "eca0f181402ce7a8652b31b4d036df247e3a30b7f41a50d91ec4f90b006b43a1": { "fingerprints": [ @@ -32545,7 +37803,8 @@ }, "f26cdaa1c48e2d369eaf24993a424f8290983af7094a5bde9c7d44341f2e2428": { "fingerprints": [ - "6aea30bc02ca85afcfec2f65f60881893c926925fd0704bd8ada3f0f6eddb699" + "6aea30bc02ca85afcfec2f65f60881893c926925fd0704bd8ada3f0f6eddb699", + "de1af143ffa160cf5fa86abfe577291633dc264da12c863c5738bea4afbb2cdb" ], "id": 504, "legacy": true @@ -32694,6 +37953,13 @@ "id": 123, "legacy": true }, + "fde8999a5e427319835c89a17d64a2dcd13a851c0916c4c547b6d8f7a6437d94": { + "fingerprints": [ + "608142da5c675dd47c1aa3a26ee329e24e81d5ff3b94017bc1c1a0c37db4c1a0" + ], + "id": 517, + "legacy": true + }, "fea2b7d645fba73d753c1ec9a7870c40e1f7b0c561e927b985bf711866e36f22": { "fingerprints": [ "02ed0eb28c14da45165c566791700d6451d7fb56f0b2ab1d3b8eb070e56edff5" diff --git a/chromium/net/data/ssl/scripts/ee.cnf b/chromium/net/data/ssl/scripts/ee.cnf index 53b055d76e8..74d23b3d23e 100644 --- a/chromium/net/data/ssl/scripts/ee.cnf +++ b/chromium/net/data/ssl/scripts/ee.cnf @@ -55,6 +55,17 @@ CN = SS B [req_punycode_dn] CN = xn--wgv71a119e.com +[req_ev_dn] +C = US +ST = California +L = Mountain View +O = Test Org + +[req_ev_state_only_dn] +C = US +ST = California +O = Test Org + [req_extensions] subjectAltName = IP:127.0.0.1 diff --git a/chromium/net/data/ssl/scripts/generate-test-certs.sh b/chromium/net/data/ssl/scripts/generate-test-certs.sh index a26a595c7c3..6a195fac246 100755 --- a/chromium/net/data/ssl/scripts/generate-test-certs.sh +++ b/chromium/net/data/ssl/scripts/generate-test-certs.sh @@ -589,6 +589,17 @@ CA_NAME="req_ca_dn" \ -out ../certificates/900_days_after_2019_07_01.pem \ -config ca.cnf +## Certificates for testing EV display (DN set with different variations) +SUBJECT_NAME="req_ev_dn" \ + openssl req -x509 -days ${CERT_LIFETIME} \ + --config ../scripts/ee.cnf -newkey rsa:2048 -text \ + -out ../certificates/ev_test.pem + +SUBJECT_NAME="req_ev_state_only_dn" \ + openssl req -x509 -days ${CERT_LIFETIME} \ + --config ../scripts/ee.cnf -newkey rsa:2048 -text \ + -out ../certificates/ev_test_state_only.pem + # Regenerate CRLSets ## Block a leaf cert directly by SPKI python crlsetutil.py -o ../certificates/crlset_by_leaf_spki.raw \ diff --git a/chromium/net/der/input.cc b/chromium/net/der/input.cc index 76d101057f8..835651272fb 100644 --- a/chromium/net/der/input.cc +++ b/chromium/net/der/input.cc @@ -8,7 +8,7 @@ #include <algorithm> -#include "base/logging.h" +#include "base/check_op.h" namespace net { diff --git a/chromium/net/der/input_unittest.cc b/chromium/net/der/input_unittest.cc index 9bd1f558333..c4064816059 100644 --- a/chromium/net/der/input_unittest.cc +++ b/chromium/net/der/input_unittest.cc @@ -4,7 +4,6 @@ #include "net/der/input.h" -#include "base/logging.h" #include "base/stl_util.h" #include "testing/gtest/include/gtest/gtest.h" diff --git a/chromium/net/der/parse_values.cc b/chromium/net/der/parse_values.cc index 5da54a4a95e..283607997dc 100644 --- a/chromium/net/der/parse_values.cc +++ b/chromium/net/der/parse_values.cc @@ -6,7 +6,8 @@ #include <tuple> -#include "base/logging.h" +#include "base/check_op.h" +#include "base/notreached.h" namespace net { diff --git a/chromium/net/der/parser.cc b/chromium/net/der/parser.cc index df7f11888c0..f12ed83085a 100644 --- a/chromium/net/der/parser.cc +++ b/chromium/net/der/parser.cc @@ -4,7 +4,7 @@ #include "net/der/parser.h" -#include "base/logging.h" +#include "base/check.h" #include "net/der/parse_values.h" namespace net { diff --git a/chromium/net/der/tag.cc b/chromium/net/der/tag.cc index a2b00747e3e..f4ef8461555 100644 --- a/chromium/net/der/tag.cc +++ b/chromium/net/der/tag.cc @@ -4,7 +4,7 @@ #include "net/der/tag.h" -#include "base/logging.h" +#include "base/check_op.h" namespace net { diff --git a/chromium/net/disk_cache/blockfile/addr.cc b/chromium/net/disk_cache/blockfile/addr.cc index cbe42f7f5fa..bf44bd78688 100644 --- a/chromium/net/disk_cache/blockfile/addr.cc +++ b/chromium/net/disk_cache/blockfile/addr.cc @@ -4,7 +4,7 @@ #include "net/disk_cache/blockfile/addr.h" -#include "base/logging.h" +#include "base/check.h" namespace disk_cache { diff --git a/chromium/net/disk_cache/blockfile/backend_impl.cc b/chromium/net/disk_cache/blockfile/backend_impl.cc index ef6535bfdec..951607c725c 100644 --- a/chromium/net/disk_cache/blockfile/backend_impl.cc +++ b/chromium/net/disk_cache/blockfile/backend_impl.cc @@ -110,8 +110,10 @@ bool InitExperiment(disk_cache::IndexHeader* header, bool cache_created) { } // A callback to perform final cleanup on the background thread. -void FinalCleanupCallback(disk_cache::BackendImpl* backend) { +void FinalCleanupCallback(disk_cache::BackendImpl* backend, + base::WaitableEvent* done) { backend->CleanupCache(); + done->Signal(); } class CacheThread : public base::Thread { @@ -159,9 +161,7 @@ BackendImpl::BackendImpl( block_files_(path), mask_(0), user_flags_(0), - net_log_(net_log), - done_(base::WaitableEvent::ResetPolicy::MANUAL, - base::WaitableEvent::InitialState::NOT_SIGNALED) { + net_log_(net_log) { TRACE_EVENT0("disk_cache", "BackendImpl::BackendImpl"); } @@ -177,9 +177,7 @@ BackendImpl::BackendImpl( block_files_(path), mask_(mask), user_flags_(kMask), - net_log_(net_log), - done_(base::WaitableEvent::ResetPolicy::MANUAL, - base::WaitableEvent::InitialState::NOT_SIGNALED) { + net_log_(net_log) { TRACE_EVENT0("disk_cache", "BackendImpl::BackendImpl"); } @@ -199,12 +197,15 @@ BackendImpl::~BackendImpl() { // Unit tests may use the same sequence for everything. CleanupCache(); } else { + // Signals the end of background work. + base::WaitableEvent done; + background_queue_.background_thread()->PostTask( - FROM_HERE, - base::BindOnce(&FinalCleanupCallback, base::Unretained(this))); + FROM_HERE, base::BindOnce(&FinalCleanupCallback, base::Unretained(this), + base::Unretained(&done))); // http://crbug.com/74623 base::ScopedAllowBaseSyncPrimitivesOutsideBlockingScope allow_wait; - done_.Wait(); + done.Wait(); } } @@ -348,7 +349,6 @@ void BackendImpl::CleanupCache() { FlushIndex(); index_ = nullptr; ptr_factory_.InvalidateWeakPtrs(); - done_.Signal(); } // ------------------------------------------------------------------------ diff --git a/chromium/net/disk_cache/blockfile/backend_impl.h b/chromium/net/disk_cache/blockfile/backend_impl.h index cefe8bb7c89..db2a43fed28 100644 --- a/chromium/net/disk_cache/blockfile/backend_impl.h +++ b/chromium/net/disk_cache/blockfile/backend_impl.h @@ -426,7 +426,6 @@ class NET_EXPORT_PRIVATE BackendImpl : public Backend { Stats stats_; // Usage statistics. std::unique_ptr<base::RepeatingTimer> timer_; // Usage timer. - base::WaitableEvent done_; // Signals the end of background work. base::WeakPtrFactory<BackendImpl> ptr_factory_{this}; DISALLOW_COPY_AND_ASSIGN(BackendImpl); diff --git a/chromium/net/disk_cache/blockfile/bitmap.cc b/chromium/net/disk_cache/blockfile/bitmap.cc index 016eaed43b5..a78dedac206 100644 --- a/chromium/net/disk_cache/blockfile/bitmap.cc +++ b/chromium/net/disk_cache/blockfile/bitmap.cc @@ -7,7 +7,7 @@ #include <algorithm> #include "base/bits.h" -#include "base/logging.h" +#include "base/check_op.h" namespace { // Returns the index of the first bit set to |value| from |word|. This code diff --git a/chromium/net/disk_cache/blockfile/eviction.cc b/chromium/net/disk_cache/blockfile/eviction.cc index 1ff15ab5c05..58975d0ed3f 100644 --- a/chromium/net/disk_cache/blockfile/eviction.cc +++ b/chromium/net/disk_cache/blockfile/eviction.cc @@ -33,10 +33,11 @@ #include <limits> #include "base/bind.h" +#include "base/check_op.h" #include "base/compiler_specific.h" #include "base/location.h" -#include "base/logging.h" #include "base/metrics/histogram_macros.h" +#include "base/notreached.h" #include "base/single_thread_task_runner.h" #include "base/strings/string_util.h" #include "base/threading/thread_task_runner_handle.h" diff --git a/chromium/net/disk_cache/blockfile/file_ios.cc b/chromium/net/disk_cache/blockfile/file_ios.cc index 984a34b18fc..89091faae7e 100644 --- a/chromium/net/disk_cache/blockfile/file_ios.cc +++ b/chromium/net/disk_cache/blockfile/file_ios.cc @@ -11,8 +11,8 @@ #include <utility> #include "base/bind.h" +#include "base/check.h" #include "base/location.h" -#include "base/logging.h" #include "base/macros.h" #include "base/task/post_task.h" #include "base/task/thread_pool.h" diff --git a/chromium/net/disk_cache/blockfile/file_posix.cc b/chromium/net/disk_cache/blockfile/file_posix.cc index b5921108c28..210d717012d 100644 --- a/chromium/net/disk_cache/blockfile/file_posix.cc +++ b/chromium/net/disk_cache/blockfile/file_posix.cc @@ -9,8 +9,8 @@ #include <utility> #include "base/bind.h" +#include "base/check.h" #include "base/location.h" -#include "base/logging.h" #include "base/run_loop.h" #include "base/task/post_task.h" #include "base/task/thread_pool.h" diff --git a/chromium/net/disk_cache/blockfile/file_win.cc b/chromium/net/disk_cache/blockfile/file_win.cc index 2225c16de47..250aece780a 100644 --- a/chromium/net/disk_cache/blockfile/file_win.cc +++ b/chromium/net/disk_cache/blockfile/file_win.cc @@ -40,7 +40,7 @@ static_assert(offsetof(MyOverlapped, context_) == 0, class CompletionHandler : public base::MessagePumpForIO::IOHandler, public base::RefCounted<CompletionHandler> { public: - CompletionHandler() = default; + CompletionHandler() : base::MessagePumpForIO::IOHandler(FROM_HERE) {} static CompletionHandler* Get(); private: diff --git a/chromium/net/disk_cache/blockfile/in_flight_backend_io.cc b/chromium/net/disk_cache/blockfile/in_flight_backend_io.cc index 3d2250a9246..aa2bae8ba04 100644 --- a/chromium/net/disk_cache/blockfile/in_flight_backend_io.cc +++ b/chromium/net/disk_cache/blockfile/in_flight_backend_io.cc @@ -8,9 +8,10 @@ #include "base/bind.h" #include "base/bind_helpers.h" +#include "base/check_op.h" #include "base/compiler_specific.h" #include "base/location.h" -#include "base/logging.h" +#include "base/notreached.h" #include "base/single_thread_task_runner.h" #include "net/base/net_errors.h" #include "net/disk_cache/blockfile/backend_impl.h" diff --git a/chromium/net/disk_cache/blockfile/mapped_file_avoid_mmap_posix.cc b/chromium/net/disk_cache/blockfile/mapped_file_avoid_mmap_posix.cc index 3936358236d..633aaa056fb 100644 --- a/chromium/net/disk_cache/blockfile/mapped_file_avoid_mmap_posix.cc +++ b/chromium/net/disk_cache/blockfile/mapped_file_avoid_mmap_posix.cc @@ -6,8 +6,8 @@ #include <stdlib.h> +#include "base/check.h" #include "base/files/file_path.h" -#include "base/logging.h" namespace disk_cache { diff --git a/chromium/net/disk_cache/blockfile/mapped_file_win.cc b/chromium/net/disk_cache/blockfile/mapped_file_win.cc index 1490212c143..5829dcc4a28 100644 --- a/chromium/net/disk_cache/blockfile/mapped_file_win.cc +++ b/chromium/net/disk_cache/blockfile/mapped_file_win.cc @@ -6,8 +6,8 @@ #include <memory> +#include "base/check.h" #include "base/files/file_path.h" -#include "base/logging.h" #include "net/disk_cache/disk_cache.h" #include <windows.h> diff --git a/chromium/net/disk_cache/blockfile/stats.cc b/chromium/net/disk_cache/blockfile/stats.cc index 43c6758ccfe..224e1c9d06a 100644 --- a/chromium/net/disk_cache/blockfile/stats.cc +++ b/chromium/net/disk_cache/blockfile/stats.cc @@ -4,13 +4,14 @@ #include "net/disk_cache/blockfile/stats.h" +#include "base/check.h" #include "base/format_macros.h" -#include "base/logging.h" #include "base/metrics/bucket_ranges.h" #include "base/metrics/histogram.h" #include "base/metrics/histogram_samples.h" #include "base/metrics/sample_vector.h" #include "base/metrics/statistics_recorder.h" +#include "base/notreached.h" #include "base/stl_util.h" #include "base/strings/string_util.h" #include "base/strings/stringprintf.h" diff --git a/chromium/net/disk_cache/disk_cache_fuzzer.cc b/chromium/net/disk_cache/disk_cache_fuzzer.cc index f88effda31f..ee4c1036e08 100644 --- a/chromium/net/disk_cache/disk_cache_fuzzer.cc +++ b/chromium/net/disk_cache/disk_cache_fuzzer.cc @@ -22,6 +22,7 @@ #include "base/numerics/checked_math.h" #include "base/strings/string_number_conversions.h" #include "base/test/task_environment.h" +#include "base/test/test_timeouts.h" #include "base/time/time.h" #include "net/base/cache_type.h" #include "net/base/interval.h" @@ -91,6 +92,10 @@ struct InitGlobals { print_comms_ = ::getenv("LPM_DUMP_NATIVE_INPUT"); + // TaskEnvironment requires TestTimeouts initialization to watch for + // problematic long-running tasks. + TestTimeouts::Initialize(); + // Mark this thread as an IO_THREAD with MOCK_TIME, and ensure that Now() // is driven from the same mock clock. task_environment_ = std::make_unique<base::test::TaskEnvironment>( diff --git a/chromium/net/disk_cache/disk_cache_test_util.cc b/chromium/net/disk_cache/disk_cache_test_util.cc index 651533b1fe6..959fa88b54e 100644 --- a/chromium/net/disk_cache/disk_cache_test_util.cc +++ b/chromium/net/disk_cache/disk_cache_test_util.cc @@ -4,9 +4,9 @@ #include "net/disk_cache/disk_cache_test_util.h" +#include "base/check_op.h" #include "base/files/file.h" #include "base/files/file_path.h" -#include "base/logging.h" #include "base/run_loop.h" #include "base/threading/thread_task_runner_handle.h" #include "net/base/net_errors.h" diff --git a/chromium/net/disk_cache/memory/mem_entry_impl.cc b/chromium/net/disk_cache/memory/mem_entry_impl.cc index 93680d2aec2..b46a807c0c5 100644 --- a/chromium/net/disk_cache/memory/mem_entry_impl.cc +++ b/chromium/net/disk_cache/memory/mem_entry_impl.cc @@ -8,8 +8,8 @@ #include <utility> #include "base/bind.h" +#include "base/check_op.h" #include "base/format_macros.h" -#include "base/logging.h" #include "base/metrics/histogram_macros.h" #include "base/numerics/safe_math.h" #include "base/strings/stringprintf.h" diff --git a/chromium/net/disk_cache/net_log_parameters.cc b/chromium/net/disk_cache/net_log_parameters.cc index 96e99bb0b0e..67afd8b1c26 100644 --- a/chromium/net/disk_cache/net_log_parameters.cc +++ b/chromium/net/disk_cache/net_log_parameters.cc @@ -6,7 +6,7 @@ #include <utility> -#include "base/logging.h" +#include "base/check_op.h" #include "base/values.h" #include "net/base/net_errors.h" #include "net/disk_cache/disk_cache.h" diff --git a/chromium/net/disk_cache/simple/post_doom_waiter.cc b/chromium/net/disk_cache/simple/post_doom_waiter.cc index 2f6464fd08a..0f355c33462 100644 --- a/chromium/net/disk_cache/simple/post_doom_waiter.cc +++ b/chromium/net/disk_cache/simple/post_doom_waiter.cc @@ -6,6 +6,7 @@ #include "base/bind.h" #include "base/callback.h" +#include "base/check_op.h" #include "net/disk_cache/simple/simple_histogram_macros.h" namespace disk_cache { diff --git a/chromium/net/disk_cache/simple/simple_entry_impl.cc b/chromium/net/disk_cache/simple/simple_entry_impl.cc index e59b6073527..2e3eadcb2d5 100644 --- a/chromium/net/disk_cache/simple/simple_entry_impl.cc +++ b/chromium/net/disk_cache/simple/simple_entry_impl.cc @@ -13,8 +13,9 @@ #include "base/bind.h" #include "base/bind_helpers.h" #include "base/callback.h" +#include "base/check_op.h" #include "base/location.h" -#include "base/logging.h" +#include "base/notreached.h" #include "base/stl_util.h" #include "base/task_runner.h" #include "base/task_runner_util.h" @@ -1743,8 +1744,10 @@ void SimpleEntryImpl::UpdateDataFromEntryStat( data_size_[i] = entry_stat.data_size(i); } sparse_data_size_ = entry_stat.sparse_data_size(); - if (doom_state_ == DOOM_NONE && backend_.get()) { - backend_->index()->UpdateEntrySize( + + SimpleBackendImpl* backend_ptr = backend_.get(); + if (doom_state_ == DOOM_NONE && backend_ptr) { + backend_ptr->index()->UpdateEntrySize( entry_hash_, base::checked_cast<uint32_t>(GetDiskUsage())); } } diff --git a/chromium/net/disk_cache/simple/simple_entry_operation.cc b/chromium/net/disk_cache/simple/simple_entry_operation.cc index 70a65564654..ebe9cada319 100644 --- a/chromium/net/disk_cache/simple/simple_entry_operation.cc +++ b/chromium/net/disk_cache/simple/simple_entry_operation.cc @@ -6,7 +6,6 @@ #include <limits.h> -#include "base/logging.h" #include "net/base/io_buffer.h" #include "net/disk_cache/disk_cache.h" #include "net/disk_cache/simple/simple_entry_impl.h" diff --git a/chromium/net/disk_cache/simple/simple_file_tracker.cc b/chromium/net/disk_cache/simple/simple_file_tracker.cc index 4d12cebfecd..5bea31b767f 100644 --- a/chromium/net/disk_cache/simple/simple_file_tracker.cc +++ b/chromium/net/disk_cache/simple/simple_file_tracker.cc @@ -10,6 +10,7 @@ #include <utility> #include "base/files/file.h" +#include "base/logging.h" #include "base/metrics/histogram_macros.h" #include "base/synchronization/lock.h" #include "net/disk_cache/simple/simple_histogram_enums.h" diff --git a/chromium/net/disk_cache/simple/simple_file_tracker_unittest.cc b/chromium/net/disk_cache/simple/simple_file_tracker_unittest.cc index d46362fa9a5..0c34224a5a4 100644 --- a/chromium/net/disk_cache/simple/simple_file_tracker_unittest.cc +++ b/chromium/net/disk_cache/simple/simple_file_tracker_unittest.cc @@ -8,7 +8,6 @@ #include "base/files/file.h" #include "base/files/file_path.h" #include "base/files/file_util.h" -#include "base/logging.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_piece.h" #include "base/strings/string_util.h" diff --git a/chromium/net/disk_cache/simple/simple_histogram_macros.h b/chromium/net/disk_cache/simple/simple_histogram_macros.h index 84d0a57e490..d7d36f38d2d 100644 --- a/chromium/net/disk_cache/simple/simple_histogram_macros.h +++ b/chromium/net/disk_cache/simple/simple_histogram_macros.h @@ -18,27 +18,28 @@ // TODO(pasko): add histograms for shader cache as soon as it becomes possible // for a user to get shader cache with the |SimpleBackendImpl| without altering // any flags. -// TODO(mythria): add histograms for generated_code_cache when we actually start -// using the generated_code_cache. -#define SIMPLE_CACHE_UMA(uma_type, uma_name, cache_type, ...) \ - do { \ - switch (cache_type) { \ - case net::DISK_CACHE: \ - SIMPLE_CACHE_THUNK(uma_type, \ - ("SimpleCache.Http." uma_name, ##__VA_ARGS__)); \ - break; \ - case net::APP_CACHE: \ - SIMPLE_CACHE_THUNK(uma_type, \ - ("SimpleCache.App." uma_name, ##__VA_ARGS__)); \ - break; \ - case net::GENERATED_BYTE_CODE_CACHE: \ - case net::GENERATED_NATIVE_CODE_CACHE: \ - case net::SHADER_CACHE: \ - break; \ - default: \ - NOTREACHED(); \ - break; \ - } \ +#define SIMPLE_CACHE_UMA(uma_type, uma_name, cache_type, ...) \ + do { \ + switch (cache_type) { \ + case net::DISK_CACHE: \ + SIMPLE_CACHE_THUNK(uma_type, \ + ("SimpleCache.Http." uma_name, ##__VA_ARGS__)); \ + break; \ + case net::APP_CACHE: \ + SIMPLE_CACHE_THUNK(uma_type, \ + ("SimpleCache.App." uma_name, ##__VA_ARGS__)); \ + break; \ + case net::GENERATED_BYTE_CODE_CACHE: \ + SIMPLE_CACHE_THUNK(uma_type, \ + ("SimpleCache.Code." uma_name, ##__VA_ARGS__)); \ + break; \ + case net::GENERATED_NATIVE_CODE_CACHE: \ + case net::SHADER_CACHE: \ + break; \ + default: \ + NOTREACHED(); \ + break; \ + } \ } while (0) #endif // NET_DISK_CACHE_SIMPLE_SIMPLE_HISTOGRAM_MACROS_H_ diff --git a/chromium/net/disk_cache/simple/simple_index.cc b/chromium/net/disk_cache/simple/simple_index.cc index 38ee9dca625..0775f57ff5a 100644 --- a/chromium/net/disk_cache/simple/simple_index.cc +++ b/chromium/net/disk_cache/simple/simple_index.cc @@ -11,8 +11,8 @@ #include "base/bind.h" #include "base/bind_helpers.h" +#include "base/check_op.h" #include "base/files/file_util.h" -#include "base/logging.h" #include "base/numerics/safe_conversions.h" #include "base/pickle.h" #include "base/strings/string_number_conversions.h" @@ -58,6 +58,11 @@ static const int kEstimatedEntryOverhead = 512; namespace disk_cache { +const base::Feature + SimpleIndex::kSimpleCacheDisableEvictionSizeHeuristicForCodeCache{ + "SimpleCacheDisableEvictionSizeHeuristicForCodeCache", + base::FEATURE_DISABLED_BY_DEFAULT}; + EntryMetadata::EntryMetadata() : last_used_time_seconds_since_epoch_(0), entry_size_256b_chunks_(0), @@ -417,6 +422,12 @@ void SimpleIndex::StartEvictionIfNeeded() { MEMORY_KB, "Eviction.MaxCacheSizeOnStart2", cache_type_, static_cast<base::HistogramBase::Sample>(max_size_ / kBytesInKb)); + bool use_size_heuristic = true; + if (cache_type_ == net::GENERATED_BYTE_CODE_CACHE) { + use_size_heuristic = !base::FeatureList::IsEnabled( + kSimpleCacheDisableEvictionSizeHeuristicForCodeCache); + } + // Flatten for sorting. std::vector<std::pair<uint64_t, const EntrySet::value_type*>> entries; entries.reserve(entries_set_.size()); @@ -428,7 +439,8 @@ void SimpleIndex::StartEvictionIfNeeded() { // // Will not overflow since we're multiplying two 32-bit values and storing // them in a 64-bit variable. - sort_value *= i->second.GetEntrySize() + kEstimatedEntryOverhead; + if (use_size_heuristic) + sort_value *= i->second.GetEntrySize() + kEstimatedEntryOverhead; // Subtract so we don't need a custom comparator. entries.emplace_back(std::numeric_limits<uint64_t>::max() - sort_value, &*i); diff --git a/chromium/net/disk_cache/simple/simple_index.h b/chromium/net/disk_cache/simple/simple_index.h index 17ca017582f..f8cdd3c102d 100644 --- a/chromium/net/disk_cache/simple/simple_index.h +++ b/chromium/net/disk_cache/simple/simple_index.h @@ -14,6 +14,7 @@ #include <vector> #include "base/callback.h" +#include "base/feature_list.h" #include "base/files/file_path.h" #include "base/gtest_prod_util.h" #include "base/memory/ref_counted.h" @@ -242,6 +243,8 @@ class NET_EXPORT_PRIVATE SimpleIndex FRIEND_TEST_ALL_PREFIXES(SimpleIndexTest, DiskWriteExecuted); FRIEND_TEST_ALL_PREFIXES(SimpleIndexTest, DiskWritePostponed); FRIEND_TEST_ALL_PREFIXES(SimpleIndexAppCacheTest, DiskWriteQueued); + FRIEND_TEST_ALL_PREFIXES(SimpleIndexCodeCacheTest, DisableEvictBySize); + FRIEND_TEST_ALL_PREFIXES(SimpleIndexCodeCacheTest, EnableEvictBySize); void StartEvictionIfNeeded(); void EvictionDone(int result); @@ -309,6 +312,9 @@ class NET_EXPORT_PRIVATE SimpleIndex // background we can write the index much more frequently, to insure fresh // index on next startup. bool app_on_background_ = false; + + static const base::Feature + kSimpleCacheDisableEvictionSizeHeuristicForCodeCache; }; } // namespace disk_cache diff --git a/chromium/net/disk_cache/simple/simple_index_file_unittest.cc b/chromium/net/disk_cache/simple/simple_index_file_unittest.cc index 0b59cb088dc..c193f72fd47 100644 --- a/chromium/net/disk_cache/simple/simple_index_file_unittest.cc +++ b/chromium/net/disk_cache/simple/simple_index_file_unittest.cc @@ -6,12 +6,12 @@ #include <memory> +#include "base/check.h" #include "base/files/file.h" #include "base/files/file_util.h" #include "base/files/scoped_temp_dir.h" #include "base/hash/hash.h" #include "base/location.h" -#include "base/logging.h" #include "base/pickle.h" #include "base/run_loop.h" #include "base/single_thread_task_runner.h" diff --git a/chromium/net/disk_cache/simple/simple_index_unittest.cc b/chromium/net/disk_cache/simple/simple_index_unittest.cc index d1b8fe15487..e6e8e932d64 100644 --- a/chromium/net/disk_cache/simple/simple_index_unittest.cc +++ b/chromium/net/disk_cache/simple/simple_index_unittest.cc @@ -12,11 +12,11 @@ #include "base/bind.h" #include "base/files/scoped_temp_dir.h" #include "base/hash/hash.h" -#include "base/logging.h" #include "base/pickle.h" #include "base/strings/stringprintf.h" #include "base/task_runner.h" #include "base/test/mock_entropy_provider.h" +#include "base/test/scoped_feature_list.h" #include "base/threading/platform_thread.h" #include "base/time/time.h" #include "net/base/cache_type.h" @@ -186,6 +186,13 @@ class SimpleIndexAppCacheTest : public SimpleIndexTest { net::CacheType CacheType() const override { return net::APP_CACHE; } }; +class SimpleIndexCodeCacheTest : public SimpleIndexTest { + protected: + net::CacheType CacheType() const override { + return net::GENERATED_BYTE_CODE_CACHE; + } +}; + TEST_F(EntryMetadataTest, Basics) { EntryMetadata entry_metadata; EXPECT_EQ(base::Time(), entry_metadata.GetLastUsedTime()); @@ -634,6 +641,74 @@ TEST_F(SimpleIndexTest, EvictBySize) { ASSERT_EQ(1u, last_doom_entry_hashes().size()); } +TEST_F(SimpleIndexCodeCacheTest, DisableEvictBySize) { + base::test::ScopedFeatureList scoped_feature_list; + scoped_feature_list.InitWithFeatures( + {SimpleIndex::kSimpleCacheDisableEvictionSizeHeuristicForCodeCache}, {}); + + base::Time now(base::Time::Now()); + index()->SetMaxSize(50000); + InsertIntoIndexFileReturn(hashes_.at<1>(), now - base::TimeDelta::FromDays(2), + 475u); + InsertIntoIndexFileReturn(hashes_.at<2>(), now - base::TimeDelta::FromDays(1), + 40000u); + ReturnIndexFile(); + WaitForTimeChange(); + + index()->Insert(hashes_.at<3>()); + // Confirm index is as expected: No eviction, everything there. + EXPECT_EQ(3, index()->GetEntryCount()); + EXPECT_EQ(0, doom_entries_calls()); + EXPECT_TRUE(index()->Has(hashes_.at<1>())); + EXPECT_TRUE(index()->Has(hashes_.at<2>())); + EXPECT_TRUE(index()->Has(hashes_.at<3>())); + + // Trigger an eviction, and make sure the right things are tossed. + // Since evict by size is supposed to be disabled, it evicts in LRU order, + // so entries 1 and 2 are both kicked out. + index()->UpdateEntrySize(hashes_.at<3>(), 40000u); + EXPECT_EQ(1, doom_entries_calls()); + EXPECT_EQ(1, index()->GetEntryCount()); + EXPECT_FALSE(index()->Has(hashes_.at<1>())); + EXPECT_FALSE(index()->Has(hashes_.at<2>())); + EXPECT_TRUE(index()->Has(hashes_.at<3>())); + ASSERT_EQ(2u, last_doom_entry_hashes().size()); +} + +TEST_F(SimpleIndexCodeCacheTest, EnableEvictBySize) { + base::test::ScopedFeatureList scoped_feature_list; + scoped_feature_list.InitWithFeatures( + {}, {SimpleIndex::kSimpleCacheDisableEvictionSizeHeuristicForCodeCache}); + + base::Time now(base::Time::Now()); + index()->SetMaxSize(50000); + InsertIntoIndexFileReturn(hashes_.at<1>(), now - base::TimeDelta::FromDays(2), + 475u); + InsertIntoIndexFileReturn(hashes_.at<2>(), now - base::TimeDelta::FromDays(1), + 40000u); + ReturnIndexFile(); + WaitForTimeChange(); + + index()->Insert(hashes_.at<3>()); + // Confirm index is as expected: No eviction, everything there. + EXPECT_EQ(3, index()->GetEntryCount()); + EXPECT_EQ(0, doom_entries_calls()); + EXPECT_TRUE(index()->Has(hashes_.at<1>())); + EXPECT_TRUE(index()->Has(hashes_.at<2>())); + EXPECT_TRUE(index()->Has(hashes_.at<3>())); + + // Trigger an eviction, and make sure the right things are tossed. + // This has size-weighting enabled, so it end sup kickicking out entry + // 2, which is biggest, and is enough, even though <1> is older. + index()->UpdateEntrySize(hashes_.at<3>(), 40000u); + EXPECT_EQ(1, doom_entries_calls()); + EXPECT_EQ(2, index()->GetEntryCount()); + EXPECT_TRUE(index()->Has(hashes_.at<1>())); + EXPECT_FALSE(index()->Has(hashes_.at<2>())); + EXPECT_TRUE(index()->Has(hashes_.at<3>())); + ASSERT_EQ(1u, last_doom_entry_hashes().size()); +} + // Same as test above, but using much older entries to make sure that small // things eventually get evictied. TEST_F(SimpleIndexTest, EvictBySize2) { diff --git a/chromium/net/disk_cache/simple/simple_net_log_parameters.cc b/chromium/net/disk_cache/simple/simple_net_log_parameters.cc index ce4889b81a0..ee3241ba989 100644 --- a/chromium/net/disk_cache/simple/simple_net_log_parameters.cc +++ b/chromium/net/disk_cache/simple/simple_net_log_parameters.cc @@ -7,9 +7,9 @@ #include <utility> #include "base/bind.h" +#include "base/check.h" #include "base/compiler_specific.h" #include "base/format_macros.h" -#include "base/logging.h" #include "base/strings/stringprintf.h" #include "base/values.h" #include "net/base/net_errors.h" diff --git a/chromium/net/disk_cache/simple/simple_util.cc b/chromium/net/disk_cache/simple/simple_util.cc index 41fc7e5954f..59d3b919418 100644 --- a/chromium/net/disk_cache/simple/simple_util.cc +++ b/chromium/net/disk_cache/simple/simple_util.cc @@ -6,10 +6,10 @@ #include <limits> +#include "base/check_op.h" #include "base/files/file_util.h" #include "base/format_macros.h" #include "base/hash/sha1.h" -#include "base/logging.h" #include "base/numerics/safe_conversions.h" #include "base/strings/string_number_conversions.h" #include "base/strings/stringprintf.h" diff --git a/chromium/net/disk_cache/simple/simple_util_unittest.cc b/chromium/net/disk_cache/simple/simple_util_unittest.cc index 442dc425f8c..675f310539e 100644 --- a/chromium/net/disk_cache/simple/simple_util_unittest.cc +++ b/chromium/net/disk_cache/simple/simple_util_unittest.cc @@ -5,7 +5,6 @@ #include <stdint.h> #include <string> -#include "base/logging.h" #include "net/disk_cache/simple/simple_util.h" #include "testing/gtest/include/gtest/gtest.h" diff --git a/chromium/net/dns/BUILD.gn b/chromium/net/dns/BUILD.gn index 29953f7ae26..74680eccfea 100644 --- a/chromium/net/dns/BUILD.gn +++ b/chromium/net/dns/BUILD.gn @@ -60,6 +60,8 @@ source_set("dns") { "dns_socket_pool.cc", "dns_socket_pool.h", "dns_transaction.cc", + "dns_udp_tracker.cc", + "dns_udp_tracker.h", "esni_content.cc", "host_cache.cc", "host_resolver.cc", @@ -382,6 +384,7 @@ source_set("tests") { "dns_session_unittest.cc", "dns_socket_pool_unittest.cc", "dns_transaction_unittest.cc", + "dns_udp_tracker_unittest.cc", "dns_util_unittest.cc", "esni_content_unittest.cc", "host_cache_unittest.cc", @@ -476,6 +479,16 @@ if (use_fuzzing_engine) { } } +fuzzer_test("net_dns_host_cache_fuzzer") { + sources = [ "host_cache_fuzzer.cc" ] + deps = [ + "//base", + "//net", + "//net:net_fuzzer_test_support", + ] + dict = "//testing/libfuzzer/fuzzers/dicts/json.dict" +} + fuzzer_test("net_dns_hosts_parse_fuzzer") { sources = [ "dns_hosts_parse_fuzzer.cc" ] deps = [ @@ -486,6 +499,15 @@ fuzzer_test("net_dns_hosts_parse_fuzzer") { dict = "//net/data/fuzzer_dictionaries/net_dns_hosts_parse_fuzzer.dict" } +fuzzer_test("net_dns_integrity_record_fuzzer") { + sources = [ "integrity_record_fuzzer.cc" ] + deps = [ + "//base", + "//net", + "//net:net_fuzzer_test_support", + ] +} + fuzzer_test("net_dns_record_fuzzer") { sources = [ "dns_record_fuzzer.cc" ] deps = [ diff --git a/chromium/net/dns/address_info_test_util.cc b/chromium/net/dns/address_info_test_util.cc index a457c90b8d5..708dd8ee6bc 100644 --- a/chromium/net/dns/address_info_test_util.cc +++ b/chromium/net/dns/address_info_test_util.cc @@ -4,7 +4,9 @@ #include "net/dns/address_info_test_util.h" -#include "base/logging.h" +#include <cstring> + +#include "base/check.h" #include "base/sys_byteorder.h" #include "net/base/sys_addrinfo.h" diff --git a/chromium/net/dns/address_sorter_posix_unittest.cc b/chromium/net/dns/address_sorter_posix_unittest.cc index 3a411b276c3..92a15b69e4e 100644 --- a/chromium/net/dns/address_sorter_posix_unittest.cc +++ b/chromium/net/dns/address_sorter_posix_unittest.cc @@ -8,8 +8,9 @@ #include <string> #include "base/bind.h" -#include "base/logging.h" +#include "base/check_op.h" #include "base/macros.h" +#include "base/notreached.h" #include "net/base/ip_address.h" #include "net/base/net_errors.h" #include "net/base/test_completion_callback.h" diff --git a/chromium/net/dns/address_sorter_unittest.cc b/chromium/net/dns/address_sorter_unittest.cc index 89d2afbe339..49ca0c2c57f 100644 --- a/chromium/net/dns/address_sorter_unittest.cc +++ b/chromium/net/dns/address_sorter_unittest.cc @@ -11,7 +11,7 @@ #include <utility> #include "base/bind.h" -#include "base/logging.h" +#include "base/check.h" #include "base/test/task_environment.h" #include "net/base/address_list.h" #include "net/base/completion_once_callback.h" diff --git a/chromium/net/dns/context_host_resolver.cc b/chromium/net/dns/context_host_resolver.cc index 96876d24146..0ae8cc862f7 100644 --- a/chromium/net/dns/context_host_resolver.cc +++ b/chromium/net/dns/context_host_resolver.cc @@ -7,7 +7,7 @@ #include <string> #include <utility> -#include "base/logging.h" +#include "base/check_op.h" #include "base/no_destructor.h" #include "base/strings/string_piece.h" #include "base/time/tick_clock.h" diff --git a/chromium/net/dns/dns_config_service.cc b/chromium/net/dns/dns_config_service.cc index ff2cf8dbe7d..a0f1fccb187 100644 --- a/chromium/net/dns/dns_config_service.cc +++ b/chromium/net/dns/dns_config_service.cc @@ -6,8 +6,9 @@ #include <string> -#include "base/logging.h" +#include "base/check_op.h" #include "base/metrics/histogram_macros.h" +#include "base/notreached.h" namespace net { diff --git a/chromium/net/dns/dns_config_service_posix.cc b/chromium/net/dns/dns_config_service_posix.cc index eaa5336c339..d8224724a89 100644 --- a/chromium/net/dns/dns_config_service_posix.cc +++ b/chromium/net/dns/dns_config_service_posix.cc @@ -14,6 +14,7 @@ #include "base/files/file_path_watcher.h" #include "base/lazy_instance.h" #include "base/location.h" +#include "base/logging.h" #include "base/macros.h" #include "base/metrics/histogram_macros.h" #include "base/single_thread_task_runner.h" diff --git a/chromium/net/dns/dns_config_service_win_unittest.cc b/chromium/net/dns/dns_config_service_win_unittest.cc index 8b1bc05d5c0..cd34aa1a997 100644 --- a/chromium/net/dns/dns_config_service_win_unittest.cc +++ b/chromium/net/dns/dns_config_service_win_unittest.cc @@ -4,7 +4,7 @@ #include "net/dns/dns_config_service_win.h" -#include "base/logging.h" +#include "base/check.h" #include "base/memory/free_deleter.h" #include "net/base/ip_address.h" #include "net/base/ip_endpoint.h" diff --git a/chromium/net/dns/dns_hosts.cc b/chromium/net/dns/dns_hosts.cc index 6bc655710dd..13ee84b7d0b 100644 --- a/chromium/net/dns/dns_hosts.cc +++ b/chromium/net/dns/dns_hosts.cc @@ -4,8 +4,8 @@ #include "net/dns/dns_hosts.h" +#include "base/check.h" #include "base/files/file_util.h" -#include "base/logging.h" #include "base/macros.h" #include "base/metrics/histogram_macros.h" #include "base/strings/string_util.h" diff --git a/chromium/net/dns/dns_parse_domain_ascii_win_fuzzer.cc b/chromium/net/dns/dns_parse_domain_ascii_win_fuzzer.cc index 9ae22e98155..bc675dc1646 100644 --- a/chromium/net/dns/dns_parse_domain_ascii_win_fuzzer.cc +++ b/chromium/net/dns/dns_parse_domain_ascii_win_fuzzer.cc @@ -10,6 +10,7 @@ #include <string> #include "base/strings/string_piece.h" +#include "base/strings/string_util.h" extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { if (size > 8 * 1024) diff --git a/chromium/net/dns/dns_reloader.cc b/chromium/net/dns/dns_reloader.cc index 1c014a65019..0c0d0d84325 100644 --- a/chromium/net/dns/dns_reloader.cc +++ b/chromium/net/dns/dns_reloader.cc @@ -10,9 +10,9 @@ #include <resolv.h> #include "base/lazy_instance.h" -#include "base/logging.h" #include "base/macros.h" #include "base/message_loop/message_loop_current.h" +#include "base/notreached.h" #include "base/synchronization/lock.h" #include "base/threading/thread_local.h" #include "net/base/network_change_notifier.h" diff --git a/chromium/net/dns/dns_response.cc b/chromium/net/dns/dns_response.cc index ffbad9281a9..523ccc2725b 100644 --- a/chromium/net/dns/dns_response.cc +++ b/chromium/net/dns/dns_response.cc @@ -363,8 +363,13 @@ bool DnsResponse::InitParse(size_t nbytes, const DnsQuery& query) { return false; } + // At this point, it has been validated that the response is at least large + // enough to read the ID field. + id_available_ = true; + // Match the query id. - if (base::NetToHost16(header()->id) != query.id()) + DCHECK(id()); + if (id().value() != query.id()) return false; // Not a response? @@ -391,6 +396,7 @@ bool DnsResponse::InitParseWithoutQuery(size_t nbytes) { if (nbytes < kHeaderSize || nbytes > io_buffer_size_) { return false; } + id_available_ = true; parser_ = DnsRecordParser(io_buffer_->data(), nbytes, kHeaderSize); @@ -409,6 +415,13 @@ bool DnsResponse::InitParseWithoutQuery(size_t nbytes) { return true; } +base::Optional<uint16_t> DnsResponse::id() const { + if (!id_available_) + return base::nullopt; + + return base::NetToHost16(header()->id); +} + bool DnsResponse::IsValid() const { return parser_.IsValid(); } diff --git a/chromium/net/dns/dns_response.h b/chromium/net/dns/dns_response.h index 33c63974718..75d69707345 100644 --- a/chromium/net/dns/dns_response.h +++ b/chromium/net/dns/dns_response.h @@ -169,6 +169,12 @@ class NET_EXPORT_PRIVATE DnsResponse { // if the response is constructed from a raw buffer. bool InitParseWithoutQuery(size_t nbytes); + // Does not require the response to be fully parsed and valid, but will return + // nullopt if the ID is unknown. The ID will only be known if the response is + // successfully constructed from data or if InitParse...() has been able to + // parse at least as far as the ID (not necessarily a fully successful parse). + base::Optional<uint16_t> id() const; + // Returns true if response is valid, that is, after successful InitParse, or // after successful construction of a new response from data. bool IsValid() const; @@ -220,6 +226,7 @@ class NET_EXPORT_PRIVATE DnsResponse { // Iterator constructed after InitParse positioned at the answer section. // It is never updated afterwards, so can be used in accessors. DnsRecordParser parser_; + bool id_available_ = false; DISALLOW_COPY_AND_ASSIGN(DnsResponse); }; diff --git a/chromium/net/dns/dns_response_unittest.cc b/chromium/net/dns/dns_response_unittest.cc index 41bf66edcf5..17705d7f3b7 100644 --- a/chromium/net/dns/dns_response_unittest.cc +++ b/chromium/net/dns/dns_response_unittest.cc @@ -4,6 +4,7 @@ #include "net/dns/dns_response.h" +#include <algorithm> #include <memory> #include "base/big_endian.h" @@ -17,6 +18,7 @@ #include "net/dns/dns_util.h" #include "net/dns/public/dns_protocol.h" #include "net/dns/record_rdata.h" +#include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" namespace net { @@ -297,26 +299,32 @@ TEST(DnsResponseTest, InitParse) { DnsResponse resp; memcpy(resp.io_buffer()->data(), response_data, sizeof(response_data)); + EXPECT_FALSE(resp.id()); + // Reject too short. EXPECT_FALSE(resp.InitParse(query->io_buffer()->size() - 1, *query)); EXPECT_FALSE(resp.IsValid()); + EXPECT_FALSE(resp.id()); // Reject wrong id. std::unique_ptr<DnsQuery> other_query = query->CloneWithNewId(0xbeef); EXPECT_FALSE(resp.InitParse(sizeof(response_data), *other_query)); EXPECT_FALSE(resp.IsValid()); + EXPECT_THAT(resp.id(), testing::Optional(0xcafe)); // Reject wrong question. std::unique_ptr<DnsQuery> wrong_query( new DnsQuery(0xcafe, qname, dns_protocol::kTypeCNAME)); EXPECT_FALSE(resp.InitParse(sizeof(response_data), *wrong_query)); EXPECT_FALSE(resp.IsValid()); + EXPECT_THAT(resp.id(), testing::Optional(0xcafe)); // Accept matching question. EXPECT_TRUE(resp.InitParse(sizeof(response_data), *query)); EXPECT_TRUE(resp.IsValid()); // Check header access. + EXPECT_THAT(resp.id(), testing::Optional(0xcafe)); EXPECT_EQ(0x8180, resp.flags()); EXPECT_EQ(0x0, resp.rcode()); EXPECT_EQ(2u, resp.answer_count()); @@ -384,6 +392,7 @@ TEST(DnsResponseTest, InitParseInvalidFlags) { EXPECT_FALSE(resp.InitParse(sizeof(response_data), *query)); EXPECT_FALSE(resp.IsValid()); + EXPECT_THAT(resp.id(), testing::Optional(0xcafe)); } TEST(DnsResponseTest, InitParseWithoutQuery) { @@ -441,6 +450,7 @@ TEST(DnsResponseTest, InitParseWithoutQueryNoQuestions) { EXPECT_TRUE(resp.InitParseWithoutQuery(sizeof(response_data))); // Check header access. + EXPECT_THAT(resp.id(), testing::Optional(0xcafe)); EXPECT_EQ(0x8180, resp.flags()); EXPECT_EQ(0x0, resp.rcode()); EXPECT_EQ(0x1u, resp.answer_count()); @@ -483,6 +493,7 @@ TEST(DnsResponseTest, InitParseWithoutQueryInvalidFlags) { memcpy(resp.io_buffer()->data(), response_data, sizeof(response_data)); EXPECT_FALSE(resp.InitParseWithoutQuery(sizeof(response_data))); + EXPECT_THAT(resp.id(), testing::Optional(0xcafe)); } TEST(DnsResponseTest, InitParseWithoutQueryTwoQuestions) { @@ -1181,6 +1192,7 @@ TEST(DnsResponseWriteTest, WrittenResponseCanBeParsed) { base::nullopt); ASSERT_NE(nullptr, response.io_buffer()); EXPECT_TRUE(response.IsValid()); + EXPECT_THAT(response.id(), testing::Optional(0x1234)); EXPECT_EQ(1u, response.answer_count()); EXPECT_EQ(1u, response.additional_answer_count()); auto parser = response.Parser(); diff --git a/chromium/net/dns/dns_session.h b/chromium/net/dns/dns_session.h index 27ee5c8f1ee..d9830c28949 100644 --- a/chromium/net/dns/dns_session.h +++ b/chromium/net/dns/dns_session.h @@ -16,6 +16,7 @@ #include "net/base/rand_callback.h" #include "net/dns/dns_config.h" #include "net/dns/dns_socket_pool.h" +#include "net/dns/dns_udp_tracker.h" namespace net { @@ -62,6 +63,7 @@ class NET_EXPORT_PRIVATE DnsSession : public base::RefCounted<DnsSession> { NetLog* net_log); const DnsConfig& config() const { return config_; } + DnsUdpTracker* udp_tracker() { return &udp_tracker_; } NetLog* net_log() const { return net_log_; } // Return the next random query ID. @@ -98,6 +100,7 @@ class NET_EXPORT_PRIVATE DnsSession : public base::RefCounted<DnsSession> { const DnsConfig config_; std::unique_ptr<DnsSocketPool> socket_pool_; + DnsUdpTracker udp_tracker_; RandCallback rand_callback_; NetLog* net_log_; diff --git a/chromium/net/dns/dns_transaction.cc b/chromium/net/dns/dns_transaction.cc index 426f49ce102..8c58aeca906 100644 --- a/chromium/net/dns/dns_transaction.cc +++ b/chromium/net/dns/dns_transaction.cc @@ -23,6 +23,7 @@ #include "base/memory/weak_ptr.h" #include "base/metrics/histogram_functions.h" #include "base/metrics/histogram_macros.h" +#include "base/optional.h" #include "base/rand_util.h" #include "base/single_thread_task_runner.h" #include "base/stl_util.h" @@ -47,6 +48,7 @@ #include "net/dns/dns_response.h" #include "net/dns/dns_server_iterator.h" #include "net/dns/dns_session.h" +#include "net/dns/dns_udp_tracker.h" #include "net/dns/dns_util.h" #include "net/dns/public/dns_over_https_server_config.h" #include "net/dns/public/dns_protocol.h" @@ -187,11 +189,13 @@ class DnsUDPAttempt : public DnsAttempt { public: DnsUDPAttempt(size_t server_index, std::unique_ptr<DnsSession::SocketLease> socket_lease, - std::unique_ptr<DnsQuery> query) + std::unique_ptr<DnsQuery> query, + DnsUdpTracker* udp_tracker) : DnsAttempt(server_index), next_state_(STATE_NONE), socket_lease_(std::move(socket_lease)), - query_(std::move(query)) {} + query_(std::move(query)), + udp_tracker_(udp_tracker) {} // DnsAttempt methods. @@ -200,6 +204,11 @@ class DnsUDPAttempt : public DnsAttempt { callback_ = std::move(callback); start_time_ = base::TimeTicks::Now(); next_state_ = STATE_SEND_QUERY; + + IPEndPoint local_address; + if (socket_lease_->socket()->GetLocalAddress(&local_address) == OK) + udp_tracker_->RecordQuery(local_address.port(), query_->id()); + return DoLoop(OK); } @@ -295,7 +304,11 @@ class DnsUDPAttempt : public DnsAttempt { return rv; DCHECK(rv); - if (!response_->InitParse(rv, *query_)) + bool parse_result = response_->InitParse(rv, *query_); + if (response_->id()) + udp_tracker_->RecordResponseId(query_->id(), response_->id().value()); + + if (!parse_result) return ERR_DNS_MALFORMED_RESPONSE; if (response_->flags() & dns_protocol::kFlagTC) return ERR_DNS_SERVER_REQUIRES_TCP; @@ -319,6 +332,10 @@ class DnsUDPAttempt : public DnsAttempt { std::unique_ptr<DnsSession::SocketLease> socket_lease_; std::unique_ptr<DnsQuery> query_; + // Should be owned by the DnsSession, to which the transaction should own a + // reference. + DnsUdpTracker* const udp_tracker_; + std::unique_ptr<DnsResponse> response_; CompletionOnceCallback callback_; @@ -334,6 +351,7 @@ class DnsHTTPAttempt : public DnsAttempt, public URLRequest::Delegate { const GURL& gurl_without_parameters, bool use_post, URLRequestContext* url_request_context, + const IsolationInfo& isolation_info, RequestPriority request_priority_) : DnsAttempt(doh_server_index), query_(std::move(query)) { GURL url; @@ -404,6 +422,7 @@ class DnsHTTPAttempt : public DnsAttempt, public URLRequest::Delegate { request_->SetLoadFlags(request_->load_flags() | LOAD_DISABLE_CACHE | LOAD_BYPASS_PROXY); request_->set_allow_credentials(false); + request_->set_isolation_info(isolation_info); } // DnsAttempt overrides. @@ -557,6 +576,7 @@ void ConstructDnsHTTPAttempt(DnsSession* session, const OptRecordRdata* opt_rdata, std::vector<std::unique_ptr<DnsAttempt>>* attempts, URLRequestContext* url_request_context, + const IsolationInfo& isolation_info, RequestPriority request_priority) { DCHECK(url_request_context); @@ -579,7 +599,7 @@ void ConstructDnsHTTPAttempt(DnsSession* session, attempts->push_back(std::make_unique<DnsHTTPAttempt>( doh_server_index, std::move(query), doh_config.server_template, gurl_without_parameters, doh_config.use_post, url_request_context, - request_priority)); + isolation_info, request_priority)); } class DnsTCPAttempt : public DnsAttempt { @@ -943,7 +963,7 @@ class DnsOverHttpsProbeRunner : public DnsProbeRunner { session_.get(), doh_server_index, formatted_probe_hostname_, dns_protocol::kTypeA, nullptr /* opt_rdata */, &probe_stats->probe_attempts, context_->url_request_context(), - RequestPriority::DEFAULT_PRIORITY); + context_->isolation_info(), RequestPriority::DEFAULT_PRIORITY); probe_stats->probe_attempts.back()->Start(base::BindOnce( &DnsOverHttpsProbeRunner::ProbeComplete, weak_ptr_factory_.GetWeakPtr(), @@ -1202,8 +1222,9 @@ class DnsTransactionImpl : public DnsTransaction, bool got_socket = !!lease.get(); - DnsUDPAttempt* attempt = new DnsUDPAttempt( - non_doh_server_index, std::move(lease), std::move(query)); + DnsUDPAttempt* attempt = + new DnsUDPAttempt(non_doh_server_index, std::move(lease), + std::move(query), session_->udp_tracker()); attempts_.push_back(base::WrapUnique(attempt)); ++attempts_count_; @@ -1233,7 +1254,8 @@ class DnsTransactionImpl : public DnsTransaction, unsigned attempt_number = attempts_.size(); ConstructDnsHTTPAttempt( session_.get(), doh_server_index, qnames_.front(), qtype_, opt_rdata_, - &attempts_, resolve_context_->url_request_context(), request_priority_); + &attempts_, resolve_context_->url_request_context(), + resolve_context_->isolation_info(), request_priority_); ++attempts_count_; int rv = attempts_.back()->Start(base::BindOnce( &DnsTransactionImpl::OnAttemptComplete, base::Unretained(this), diff --git a/chromium/net/dns/dns_transaction_unittest.cc b/chromium/net/dns/dns_transaction_unittest.cc index 138d9c121d4..e3196cfc21e 100644 --- a/chromium/net/dns/dns_transaction_unittest.cc +++ b/chromium/net/dns/dns_transaction_unittest.cc @@ -781,6 +781,22 @@ class DnsTransactionTestBase : public testing::Test { } EXPECT_TRUE(server_found); + EXPECT_TRUE( + request->isolation_info().network_isolation_key().IsTransient()); + + // All DoH requests for the same ResolveContext should use the same + // IsolationInfo, so network objects like sockets can be reused between + // requests. + if (!expect_multiple_isolation_infos_) { + if (!isolation_info_) { + isolation_info_ = + std::make_unique<IsolationInfo>(request->isolation_info()); + } else { + EXPECT_TRUE( + isolation_info_->IsEqualForTesting(request->isolation_info())); + } + } + EXPECT_EQ(PRIVACY_MODE_ENABLED, request->privacy_mode()); EXPECT_TRUE(request->disable_secure_dns()); @@ -858,6 +874,11 @@ class DnsTransactionTestBase : public testing::Test { filter->ClearHandlers(); } + void set_expect_multiple_isolation_infos( + bool expect_multiple_isolation_infos) { + expect_multiple_isolation_infos_ = expect_multiple_isolation_infos; + } + protected: int GetNextId(int min, int max) { EXPECT_FALSE(transaction_ids_.empty()); @@ -880,6 +901,15 @@ class DnsTransactionTestBase : public testing::Test { std::unique_ptr<DnsTransactionFactory> transaction_factory_; ResponseModifierCallback response_modifier_; DohJobMakerCallback doh_job_maker_; + + // Whether multiple IsolationInfos should be expected (due to there being + // multiple RequestContexts in use). + bool expect_multiple_isolation_infos_ = false; + + // IsolationInfo used by DoH requests. Populated on first DoH request, and + // compared to IsolationInfo used by all subsequent requests, unless + // |expect_multiple_isolation_infos_| is true. + std::unique_ptr<IsolationInfo> isolation_info_; }; class DnsTransactionTest : public DnsTransactionTestBase, @@ -2140,7 +2170,7 @@ TEST_F(DnsTransactionTest, SuccessfulTransactionStartedBeforeUnavailable) { } void MakeResponseWithCookie(URLRequest* request, HttpResponseInfo* info) { - info->headers->AddHeader("Set-Cookie: test-cookie=you-fail"); + info->headers->AddHeader("Set-Cookie", "test-cookie=you-fail"); } class CookieCallback { @@ -2205,7 +2235,7 @@ TEST_F(DnsTransactionTest, HttpsPostTestNoCookies) { cookie_url, "test-cookie=you-still-fail", base::Time::Now(), base::nullopt /* server_time */); request_context_->cookie_store()->SetCanonicalCookieAsync( - std::move(cookie), cookie_url.scheme(), CookieOptions(), + std::move(cookie), cookie_url, CookieOptions(), base::BindOnce(&CookieCallback::SetCookieCallback, base::Unretained(&callback))); EXPECT_TRUE(helper1.RunUntilDone(transaction_factory_.get())); @@ -2247,7 +2277,7 @@ TEST_F(DnsTransactionTest, HttpsPostWithBadRequestResponse) { void MakeResponseWrongType(URLRequest* request, HttpResponseInfo* info) { info->headers->RemoveHeader("Content-Type"); - info->headers->AddHeader("Content-Type: text/html"); + info->headers->AddHeader("Content-Type", "text/html"); } TEST_F(DnsTransactionTest, HttpsPostWithWrongType) { @@ -2265,8 +2295,8 @@ TEST_F(DnsTransactionTest, HttpsPostWithWrongType) { void MakeResponseRedirect(URLRequest* request, HttpResponseInfo* info) { if (request->url_chain().size() < 2) { info->headers->ReplaceStatusLine("HTTP/1.1 302 Found"); - info->headers->AddHeader("Location: /redirect-destination?" + - request->url().query()); + info->headers->AddHeader("Location", + "/redirect-destination?" + request->url().query()); } } @@ -2750,6 +2780,11 @@ TEST_F(DnsTransactionTestWithMockTime, MultipleProbeRunners) { } TEST_F(DnsTransactionTestWithMockTime, MultipleProbeRunners_SeparateContexts) { + // Each RequestContext uses its own transient IsolationInfo. Since there's + // typically only one RequestContext per URLRequestContext, there's no + // advantage in using the same IsolationInfo across RequestContexts. + set_expect_multiple_isolation_infos(true); + ConfigureDohServers(true /* use_post */, 1 /* num_doh_servers */, false /* make_available */); AddQueryAndResponse(4, kT4HostName, kT4Qtype, kT4ResponseDatagram, diff --git a/chromium/net/dns/dns_udp_tracker.cc b/chromium/net/dns/dns_udp_tracker.cc new file mode 100644 index 00000000000..ffd50c6c471 --- /dev/null +++ b/chromium/net/dns/dns_udp_tracker.cc @@ -0,0 +1,107 @@ +// Copyright 2020 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/dns/dns_udp_tracker.h" + +#include <algorithm> +#include <utility> + +#include "base/metrics/histogram_macros.h" +#include "base/numerics/safe_conversions.h" +#include "base/time/tick_clock.h" + +namespace net { + +// static +constexpr base::TimeDelta DnsUdpTracker::kMaxAge; + +// static +constexpr size_t DnsUdpTracker::kMaxRecordedQueries; + +struct DnsUdpTracker::QueryData { + uint16_t port; + uint16_t query_id; + base::TimeTicks time; +}; + +DnsUdpTracker::DnsUdpTracker() = default; +DnsUdpTracker::~DnsUdpTracker() = default; +DnsUdpTracker::DnsUdpTracker(DnsUdpTracker&&) = default; +DnsUdpTracker& DnsUdpTracker::operator=(DnsUdpTracker&&) = default; + +void DnsUdpTracker::RecordQuery(uint16_t port, uint16_t query_id) { + PurgeOldQueries(); + + int reused_port_count = base::checked_cast<int>(std::count_if( + recent_queries_.cbegin(), recent_queries_.cend(), + [port](const auto& recent_query) { return port == recent_query.port; })); + UMA_HISTOGRAM_CUSTOM_COUNTS("Net.DNS.DnsTransaction.UDP.ReusedPort.Count", + reused_port_count, 1, kMaxRecordedQueries, 50); + + base::TimeTicks now = tick_clock_->NowTicks(); + if (reused_port_count > 0) { + auto most_recent_match = std::find_if( + recent_queries_.crbegin(), recent_queries_.crend(), + [port](const auto& recent_query) { return port == recent_query.port; }); + DCHECK(most_recent_match != recent_queries_.crend()); + UMA_HISTOGRAM_LONG_TIMES( + "Net.DNS.DnsTransaction.UDP.ReusedPort.MostRecentAge", + now - most_recent_match->time); + } + + SaveQuery({port, query_id, now}); +} + +void DnsUdpTracker::RecordResponseId(uint16_t query_id, uint16_t response_id) { + PurgeOldQueries(); + + // Used in UMA (DNS.UdpIdMismatchStatus). Do not renumber or remove values. + enum class MismatchStatus { + kSuccessfulParse = 0, + kMismatchPreviouslyQueried = 1, + kMismatchUnknown = 2, + kMaxValue = kMismatchUnknown, + }; + + MismatchStatus status; + if (query_id == response_id) { + status = MismatchStatus::kSuccessfulParse; + } else { + auto oldest_matching_id = + std::find_if(recent_queries_.cbegin(), recent_queries_.cend(), + [&](const auto& recent_query) { + return response_id == recent_query.query_id; + }); + + if (oldest_matching_id == recent_queries_.cend()) { + status = MismatchStatus::kMismatchUnknown; + } else { + status = MismatchStatus::kMismatchPreviouslyQueried; + UMA_HISTOGRAM_LONG_TIMES( + "Net.DNS.DnsTransaction.UDP.IdMismatch.OldestMatchTime", + tick_clock_->NowTicks() - oldest_matching_id->time); + } + } + + UMA_HISTOGRAM_ENUMERATION("Net.DNS.DnsTransaction.UDP.IdMismatch", status); +} + +void DnsUdpTracker::PurgeOldQueries() { + base::TimeTicks now = tick_clock_->NowTicks(); + while (!recent_queries_.empty() && + (now - recent_queries_.front().time) > kMaxAge) { + recent_queries_.pop_front(); + } +} + +void DnsUdpTracker::SaveQuery(QueryData query) { + if (recent_queries_.size() == kMaxRecordedQueries) + recent_queries_.pop_front(); + DCHECK_LT(recent_queries_.size(), kMaxRecordedQueries); + + DCHECK(recent_queries_.empty() || query.time >= recent_queries_.back().time); + recent_queries_.push_back(std::move(query)); +} + +} // namespace net diff --git a/chromium/net/dns/dns_udp_tracker.h b/chromium/net/dns/dns_udp_tracker.h new file mode 100644 index 00000000000..6e58e64c104 --- /dev/null +++ b/chromium/net/dns/dns_udp_tracker.h @@ -0,0 +1,58 @@ +// Copyright 2020 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_DNS_DNS_UDP_TRACKER_H_ +#define NET_DNS_DNS_UDP_TRACKER_H_ + +#include <stdint.h> + +#include "base/containers/circular_deque.h" +#include "base/time/default_tick_clock.h" +#include "base/time/time.h" +#include "net/base/net_export.h" + +namespace base { +class TickClock; +} // namespace base + +namespace net { + +// Data tracker for DNS UDP and its usage of local ports. Intended to be owned +// by a DnsSession and thus keep track of the data session-wide. Responsible for +// related metrics and used to inform behavior based on the stored data. +// +// TODO(ericorth@chromium.org): Add methods to access the stored data or +// conclusions about it. +class NET_EXPORT_PRIVATE DnsUdpTracker { + public: + static constexpr base::TimeDelta kMaxAge = base::TimeDelta::FromMinutes(10); + static constexpr size_t kMaxRecordedQueries = 256; + + DnsUdpTracker(); + ~DnsUdpTracker(); + + DnsUdpTracker(DnsUdpTracker&&); + DnsUdpTracker& operator=(DnsUdpTracker&&); + + void RecordQuery(uint16_t port, uint16_t query_id); + void RecordResponseId(uint16_t query_id, uint16_t response_id); + + void set_tick_clock_for_testing(base::TickClock* tick_clock) { + tick_clock_ = tick_clock; + } + + private: + struct QueryData; + + void PurgeOldQueries(); + void SaveQuery(QueryData query); + + base::circular_deque<QueryData> recent_queries_; + + const base::TickClock* tick_clock_ = base::DefaultTickClock::GetInstance(); +}; + +} // namespace net + +#endif // NET_DNS_DNS_UDP_TRACKER_H_ diff --git a/chromium/net/dns/dns_udp_tracker_unittest.cc b/chromium/net/dns/dns_udp_tracker_unittest.cc new file mode 100644 index 00000000000..1b5681fde1d --- /dev/null +++ b/chromium/net/dns/dns_udp_tracker_unittest.cc @@ -0,0 +1,111 @@ +// Copyright 2020 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/dns/dns_udp_tracker.h" + +#include "base/test/simple_test_tick_clock.h" +#include "testing/gtest/include/gtest/gtest.h" + +namespace net { + +namespace { + +class DnsUdpTrackerTest : public testing::Test { + public: + DnsUdpTrackerTest() { + tracker_.set_tick_clock_for_testing(&test_tick_clock_); + } + + protected: + DnsUdpTracker tracker_; + base::SimpleTestTickClock test_tick_clock_; +}; + +// Just testing that nothing crashes given some standard calls. +// TODO(ericorth@chromium.org): Actually test behavior once interesting +// side effects or data access is added. + +TEST_F(DnsUdpTrackerTest, MatchingId) { + static const uint16_t kId = 56; + tracker_.RecordQuery(416 /* port */, kId); + tracker_.RecordResponseId(kId /* query_id */, kId /* response_id */); +} + +TEST_F(DnsUdpTrackerTest, ReusedMismatch) { + static const uint16_t kOldId = 786; + tracker_.RecordQuery(123 /* port */, kOldId); + static const uint16_t kNewId = 3456; + tracker_.RecordQuery(3889 /* port */, kNewId); + + tracker_.RecordResponseId(kNewId /* query_id */, kOldId /* response_id */); +} + +TEST_F(DnsUdpTrackerTest, ReusedMismatch_Expired) { + static const uint16_t kOldId = 786; + tracker_.RecordQuery(123 /* port */, kOldId); + + test_tick_clock_.Advance(DnsUdpTracker::kMaxAge + + base::TimeDelta::FromMilliseconds(1)); + static const uint16_t kNewId = 3456; + tracker_.RecordQuery(3889 /* port */, kNewId); + + tracker_.RecordResponseId(kNewId /* query_id */, kOldId /* response_id */); +} + +TEST_F(DnsUdpTrackerTest, ReusedMismatch_Full) { + static const uint16_t kOldId = 786; + tracker_.RecordQuery(123 /* port */, kOldId); + + uint16_t port = 124; + uint16_t id = 3457; + for (size_t i = 0; i < DnsUdpTracker::kMaxRecordedQueries; ++i) { + tracker_.RecordQuery(++port, ++id); + } + + tracker_.RecordResponseId(id /* query_id */, kOldId /* response_id */); +} + +TEST_F(DnsUdpTrackerTest, UnknownMismatch) { + static const uint16_t kId = 4332; + tracker_.RecordQuery(10014 /* port */, kId); + tracker_.RecordResponseId(kId /* query_id */, 743 /* response_id */); +} + +TEST_F(DnsUdpTrackerTest, ReusedPort) { + static const uint16_t kPort = 2135; + tracker_.RecordQuery(kPort, 579 /* query_id */); + + static const uint16_t kId = 580; + tracker_.RecordQuery(kPort, kId); + tracker_.RecordResponseId(kId /* query_id */, kId /* response_id */); +} + +TEST_F(DnsUdpTrackerTest, ReusedPort_Expired) { + static const uint16_t kPort = 2135; + tracker_.RecordQuery(kPort, 579 /* query_id */); + + test_tick_clock_.Advance(DnsUdpTracker::kMaxAge + + base::TimeDelta::FromMilliseconds(1)); + static const uint16_t kId = 580; + tracker_.RecordQuery(kPort, kId); + tracker_.RecordResponseId(kId /* query_id */, kId /* response_id */); +} + +TEST_F(DnsUdpTrackerTest, ReusedPort_Full) { + static const uint16_t kPort = 2135; + tracker_.RecordQuery(kPort, 579 /* query_id */); + + uint16_t port = 124; + uint16_t id = 3457; + for (size_t i = 0; i < DnsUdpTracker::kMaxRecordedQueries; ++i) { + tracker_.RecordQuery(++port, ++id); + } + + tracker_.RecordQuery(kPort, ++id); + tracker_.RecordResponseId(id /* query_id */, id /* response_id */); +} + +} // namespace + +} // namespace net diff --git a/chromium/net/dns/fuzzed_host_resolver_util.cc b/chromium/net/dns/fuzzed_host_resolver_util.cc index 701933044f7..0110c3d3194 100644 --- a/chromium/net/dns/fuzzed_host_resolver_util.cc +++ b/chromium/net/dns/fuzzed_host_resolver_util.cc @@ -16,10 +16,11 @@ #include <vector> #include "base/bind.h" -#include "base/logging.h" +#include "base/check.h" #include "base/macros.h" #include "base/memory/ref_counted.h" #include "base/memory/weak_ptr.h" +#include "base/notreached.h" #include "base/single_thread_task_runner.h" #include "base/threading/thread_task_runner_handle.h" #include "net/base/address_list.h" diff --git a/chromium/net/dns/host_cache.cc b/chromium/net/dns/host_cache.cc index 74029e925c9..647d44ae427 100644 --- a/chromium/net/dns/host_cache.cc +++ b/chromium/net/dns/host_cache.cc @@ -694,7 +694,8 @@ void HostCache::ClearForHosts( } void HostCache::GetAsListValue(base::ListValue* entry_list, - bool include_staleness) const { + bool include_staleness, + SerializationType serialization_type) const { DCHECK(entry_list); entry_list->Clear(); @@ -703,9 +704,17 @@ void HostCache::GetAsListValue(base::ListValue* entry_list, const Entry& entry = pair.second; base::Value network_isolation_key_value; - // Don't save entries associated with ephemeral NetworkIsolationKeys. - if (!key.network_isolation_key.ToValue(&network_isolation_key_value)) - continue; + if (serialization_type == SerializationType::kRestorable) { + // Don't save entries associated with ephemeral NetworkIsolationKeys. + if (!key.network_isolation_key.ToValue(&network_isolation_key_value)) + continue; + } else { + // ToValue() fails for transient NIKs, since they should never be + // serialized to disk in a restorable format, so use ToDebugString() when + // serializing for debugging instead of for restoring from disk. + network_isolation_key_value = + base::Value(key.network_isolation_key.ToDebugString()); + } auto entry_dict = std::make_unique<base::DictionaryValue>( entry.GetAsValue(include_staleness)); @@ -776,6 +785,7 @@ bool HostCache::RestoreFromListValue(const base::ListValue& old_cache) { entry_dict->FindKey(kNetworkIsolationKeyKey); NetworkIsolationKey network_isolation_key; if (!network_isolation_key_value || + network_isolation_key_value->type() == base::Value::Type::STRING || !NetworkIsolationKey::FromValue(*network_isolation_key_value, &network_isolation_key)) { return false; diff --git a/chromium/net/dns/host_cache.h b/chromium/net/dns/host_cache.h index 7b2e130c839..11f92932edd 100644 --- a/chromium/net/dns/host_cache.h +++ b/chromium/net/dns/host_cache.h @@ -280,6 +280,18 @@ class NET_EXPORT HostCache { using EntryMap = std::map<Key, Entry>; + // The two ways to serialize the cache to a value. + enum class SerializationType { + // Entries with transient NetworkIsolationKeys are not serialized, and + // RestoreFromListValue() can load the returned value. + kRestorable, + // Entries with transient NetworkIsolationKeys are serialized, and + // RestoreFromListValue() cannot load the returned value, since the debug + // serialization of NetworkIsolationKeys is used instead of the + // deserializable representation. + kDebug, + }; + // A HostCache::EntryStaleness representing a non-stale (fresh) cache entry. static const HostCache::EntryStaleness kNotStale; @@ -341,15 +353,10 @@ class NET_EXPORT HostCache { // Fills the provided base::ListValue with the contents of the cache for // serialization. |entry_list| must be non-null and will be cleared before - // adding the cache contents. Entries with ephemeral NetworkIsolationKeys will - // not be written to the resulting list. - // - // TODO(mmenke): This is used both in combination with RestoreFromListValue() - // and for NetLog. Update the NetLogViewer's display to handle - // NetworkIsolationKeys, and add some way for to get a result with ephemeral - // NIKs included. + // adding the cache contents. void GetAsListValue(base::ListValue* entry_list, - bool include_staleness) const; + bool include_staleness, + SerializationType serialization_type) const; // Takes a base::ListValue representing cache entries and stores them in the // cache, skipping any that already have entries. Returns true on success, // false on failure. diff --git a/chromium/net/dns/host_cache_fuzzer.cc b/chromium/net/dns/host_cache_fuzzer.cc new file mode 100644 index 00000000000..63b1057f0fe --- /dev/null +++ b/chromium/net/dns/host_cache_fuzzer.cc @@ -0,0 +1,54 @@ +// Copyright 2020 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <stddef.h> +#include <stdint.h> + +#include "base/json/json_reader.h" +#include "base/optional.h" +#include "base/strings/string_piece_forward.h" +#include "net/dns/host_cache.h" + +namespace net { + +struct Environment { + Environment() { logging::SetMinLogLevel(logging::LOG_ERROR); } +}; + +// This fuzzer checks that parsing a JSON list to a HostCache and then +// re-serializing it recreates the original JSON list. +// +// A side effect of this technique is that our distribution of HostCaches only +// contains HostCaches that can be generated by RestoreFromListValue. It's +// conceivable that this doesn't capture all possible HostCaches. +// +// TODO(dmcardle): Check the other direction of this property. Starting from an +// arbitrary HostCache, serialize it and then parse a different HostCache. +// Verify that the two HostCaches are equal. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + static Environment env; + + // Attempt to read a JSON list from the fuzzed string. + base::StringPiece data_view(reinterpret_cast<const char*>(data), size); + base::Optional<base::Value> value = base::JSONReader::Read(data_view); + if (!value || !value->is_list()) + return 0; + const base::ListValue& list_input = base::Value::AsListValue(*value); + + // Parse the HostCache. + constexpr size_t kMaxEntries = 1000; + HostCache host_cache(kMaxEntries); + if (!host_cache.RestoreFromListValue(list_input)) + return 0; + + // Serialize the HostCache. + base::ListValue serialized; + host_cache.GetAsListValue( + &serialized /* entry_list */, true /* include_staleness */, + HostCache::SerializationType::kRestorable /* serialization_type */); + + CHECK_EQ(list_input, serialized); + return 0; +} +} // namespace net diff --git a/chromium/net/dns/host_cache_unittest.cc b/chromium/net/dns/host_cache_unittest.cc index a4fe08611cb..b78a51f854c 100644 --- a/chromium/net/dns/host_cache_unittest.cc +++ b/chromium/net/dns/host_cache_unittest.cc @@ -908,7 +908,8 @@ TEST(HostCacheTest, SerializeAndDeserialize) { now += base::TimeDelta::FromSeconds(7); base::ListValue serialized_cache; - cache.GetAsListValue(&serialized_cache, /*include_staleness=*/false); + cache.GetAsListValue(&serialized_cache, false /* include_staleness */, + HostCache::SerializationType::kRestorable); HostCache restored_cache(kMaxCacheEntries); // Add entries for "foobar3.com" and "foobar4.com" to the cache before @@ -1018,7 +1019,8 @@ TEST(HostCacheTest, SerializeAndDeserializeWithNetworkIsolationKey) { EXPECT_EQ(2u, cache.size()); base::ListValue serialized_cache; - cache.GetAsListValue(&serialized_cache, /*include_staleness=*/false); + cache.GetAsListValue(&serialized_cache, false /* include_staleness */, + HostCache::SerializationType::kRestorable); HostCache restored_cache(kMaxCacheEntries); EXPECT_TRUE(restored_cache.RestoreFromListValue(serialized_cache)); EXPECT_EQ(1u, restored_cache.size()); @@ -1034,6 +1036,43 @@ TEST(HostCacheTest, SerializeAndDeserializeWithNetworkIsolationKey) { EXPECT_FALSE(restored_cache.Lookup(key2, now)); } +TEST(HostCacheTest, SerializeForDebugging) { + const char kHostname[] = "hostname.test"; + const base::TimeDelta kTTL = base::TimeDelta::FromSeconds(10); + const NetworkIsolationKey kNetworkIsolationKey = + NetworkIsolationKey::CreateTransient(); + + HostCache::Key key(kHostname, DnsQueryType::UNSPECIFIED, 0, + HostResolverSource::ANY, kNetworkIsolationKey); + IPEndPoint endpoint(IPAddress(1, 2, 3, 4), 0); + + HostCache::Entry entry = HostCache::Entry(OK, AddressList(endpoint), + HostCache::Entry::SOURCE_UNKNOWN); + + base::TimeTicks now; + HostCache cache(kMaxCacheEntries); + + cache.Set(key, entry, now, kTTL); + + EXPECT_TRUE(cache.Lookup(key, now)); + EXPECT_EQ(kNetworkIsolationKey, + cache.Lookup(key, now)->first.network_isolation_key); + EXPECT_EQ(1u, cache.size()); + + base::ListValue serialized_cache; + cache.GetAsListValue(&serialized_cache, false /* include_staleness */, + HostCache::SerializationType::kDebug); + HostCache restored_cache(kMaxCacheEntries); + EXPECT_FALSE(restored_cache.RestoreFromListValue(serialized_cache)); + + base::Value::ListView list = serialized_cache.GetList(); + ASSERT_EQ(1u, list.size()); + ASSERT_TRUE(list[0].is_dict()); + base::Value* nik_value = list[0].FindPath("network_isolation_key"); + ASSERT_TRUE(nik_value); + ASSERT_EQ(base::Value(kNetworkIsolationKey.ToDebugString()), *nik_value); +} + TEST(HostCacheTest, SerializeAndDeserialize_Text) { base::TimeTicks now; @@ -1050,7 +1089,8 @@ TEST(HostCacheTest, SerializeAndDeserialize_Text) { EXPECT_EQ(1u, cache.size()); base::ListValue serialized_cache; - cache.GetAsListValue(&serialized_cache, false /* include_staleness */); + cache.GetAsListValue(&serialized_cache, false /* include_staleness */, + HostCache::SerializationType::kRestorable); HostCache restored_cache(kMaxCacheEntries); restored_cache.RestoreFromListValue(serialized_cache); @@ -1089,7 +1129,8 @@ TEST(HostCacheTest, SerializeAndDeserialize_Esni) { EXPECT_EQ(1u, cache.size()); base::ListValue serialized_cache; - cache.GetAsListValue(&serialized_cache, false /* include_staleness */); + cache.GetAsListValue(&serialized_cache, false /* include_staleness */, + HostCache::SerializationType::kRestorable); HostCache restored_cache(kMaxCacheEntries); restored_cache.RestoreFromListValue(serialized_cache); @@ -1132,7 +1173,8 @@ class HostCacheMalformedEsniSerializationTest : public ::testing::Test { HostCache cache(kMaxCacheEntries); cache.Set(key, entry, now, ttl); EXPECT_EQ(1u, cache.size()); - cache.GetAsListValue(&serialized_cache_, true /* include_staleness */); + cache.GetAsListValue(&serialized_cache_, true /* include_staleness */, + HostCache::SerializationType::kRestorable); } base::ListValue serialized_cache_; @@ -1179,7 +1221,8 @@ TEST(HostCacheTest, SerializeAndDeserialize_Hostname) { EXPECT_EQ(1u, cache.size()); base::ListValue serialized_cache; - cache.GetAsListValue(&serialized_cache, false /* include_staleness */); + cache.GetAsListValue(&serialized_cache, false /* include_staleness */, + HostCache::SerializationType::kRestorable); HostCache restored_cache(kMaxCacheEntries); restored_cache.RestoreFromListValue(serialized_cache); diff --git a/chromium/net/dns/host_resolver.cc b/chromium/net/dns/host_resolver.cc index 4af28061178..4d7dee3f90c 100644 --- a/chromium/net/dns/host_resolver.cc +++ b/chromium/net/dns/host_resolver.cc @@ -7,9 +7,10 @@ #include <utility> #include "base/bind.h" -#include "base/logging.h" +#include "base/check.h" #include "base/macros.h" #include "base/no_destructor.h" +#include "base/notreached.h" #include "base/strings/string_number_conversions.h" #include "base/values.h" #include "net/base/address_list.h" diff --git a/chromium/net/dns/host_resolver_manager.cc b/chromium/net/dns/host_resolver_manager.cc index e6319716497..87bc925b8a0 100644 --- a/chromium/net/dns/host_resolver_manager.cc +++ b/chromium/net/dns/host_resolver_manager.cc @@ -1069,6 +1069,8 @@ class HostResolverManager::DnsTask : public base::SupportsWeakPtr<DnsTask> { virtual RequestPriority priority() const = 0; + virtual void AddTransactionTimeQueued(base::TimeDelta time_queued) = 0; + protected: Delegate() = default; virtual ~Delegate() = default; @@ -1135,6 +1137,12 @@ class HostResolverManager::DnsTask : public base::SupportsWeakPtr<DnsTask> { DnsQueryType type = transactions_needed_.front(); transactions_needed_.pop(); + // Record how long this transaction has been waiting to be created. + base::TimeDelta time_queued = tick_clock_->NowTicks() - task_start_time_; + UMA_HISTOGRAM_LONG_TIMES_100("Net.DNS.JobQueueTime.PerTransaction", + time_queued); + delegate_->AddTransactionTimeQueued(time_queued); + std::unique_ptr<DnsTransaction> transaction = CreateTransaction(type); transaction->Start(); transactions_started_.insert(std::move(transaction)); @@ -1739,7 +1747,8 @@ struct HostResolverManager::JobKey { ResolveContext* resolve_context; }; -// Aggregates all Requests for the same Key. Dispatched via PriorityDispatch. +// Aggregates all Requests for the same Key. Dispatched via +// PrioritizedDispatcher. class HostResolverManager::Job : public PrioritizedDispatcher::Job, public HostResolverManager::DnsTask::Delegate { public: @@ -2114,7 +2123,7 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, handle_ = dispatcher_->ChangePriority(handle_, priority()); } - // PriorityDispatch::Job: + // PrioritizedDispatcher::Job: void Start() override { handle_.Reset(); ++num_occupied_job_slots_; @@ -2273,6 +2282,9 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, if (!dns_task) return; + UMA_HISTOGRAM_LONG_TIMES_100("Net.DNS.JobQueueTime.Failure", + total_transaction_time_queued_); + if (duration < base::TimeDelta::FromMilliseconds(10)) { base::UmaHistogramSparse( secure ? "Net.DNS.SecureDnsTask.ErrorBeforeFallback.Fast" @@ -2321,6 +2333,9 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, UMA_HISTOGRAM_LONG_TIMES_100("Net.DNS.DnsTask.SuccessTime", duration); + UMA_HISTOGRAM_LONG_TIMES_100("Net.DNS.JobQueueTime.Success", + total_transaction_time_queued_); + // Reset the insecure DNS failure counter if an insecure DnsTask completed // successfully. if (!secure) @@ -2362,6 +2377,10 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, } } + void AddTransactionTimeQueued(base::TimeDelta time_queued) override { + total_transaction_time_queued_ += time_queued; + } + void StartMdnsTask() { // No flags are supported for MDNS except // HOST_RESOLVER_DEFAULT_FAMILY_SET_DUE_TO_NO_IPV6 (which is not actually an @@ -2698,6 +2717,8 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, // Iterator to |this| in the JobMap. |nullopt| if not owned by the JobMap. base::Optional<JobMap::iterator> self_iterator_; + base::TimeDelta total_transaction_time_queued_; + base::WeakPtrFactory<Job> weak_ptr_factory_{this}; }; diff --git a/chromium/net/dns/host_resolver_manager_fuzzer.cc b/chromium/net/dns/host_resolver_manager_fuzzer.cc index 2a2828cf66e..8380657fef5 100644 --- a/chromium/net/dns/host_resolver_manager_fuzzer.cc +++ b/chromium/net/dns/host_resolver_manager_fuzzer.cc @@ -11,7 +11,7 @@ #include <vector> #include "base/bind.h" -#include "base/logging.h" +#include "base/check_op.h" #include "base/run_loop.h" #include "base/test/task_environment.h" #include "net/base/address_family.h" @@ -21,6 +21,8 @@ #include "net/dns/context_host_resolver.h" #include "net/dns/fuzzed_host_resolver_util.h" #include "net/dns/host_resolver.h" +#include "net/dns/host_resolver_source.h" +#include "net/dns/public/dns_query_type.h" #include "net/log/net_log_with_source.h" #include "net/log/test_net_log.h" #include "net/net_buildflags.h" @@ -153,6 +155,10 @@ class DnsRequest { : net::HostResolver::ResolveHostParameters::CacheUsage::DISALLOWED; parameters.include_canonical_name = data_provider_->ConsumeBool(); + if (!IsParameterCombinationAllowed(parameters)) { + return net::ERR_FAILED; + } + const char* hostname = data_provider_->PickValueInArray(kHostNames); request_ = host_resolver_->CreateRequest( net::HostPortPair(hostname, 80), net::NetLogWithSource(), parameters); @@ -173,6 +179,27 @@ class DnsRequest { } } + // Some combinations of request parameters are disallowed and expected to + // DCHECK. Returns whether or not |parameters| represents one of those cases. + static bool IsParameterCombinationAllowed( + net::HostResolver::ResolveHostParameters parameters) { + // SYSTEM requests only support address types. + if (parameters.source == net::HostResolverSource::SYSTEM && + !net::IsAddressType(parameters.dns_query_type)) { + return false; + } + + // Multiple parameters disallowed for mDNS requests. + if (parameters.source == net::HostResolverSource::MULTICAST_DNS && + (parameters.include_canonical_name || parameters.loopback_only || + parameters.cache_usage != + net::HostResolver::ResolveHostParameters::CacheUsage::ALLOWED)) { + return false; + } + + return true; + } + // Cancel the request, if not already completed. Otherwise, does nothing. void Cancel() { request_.reset(); } diff --git a/chromium/net/dns/host_resolver_mdns_listener_impl.cc b/chromium/net/dns/host_resolver_mdns_listener_impl.cc index 6f18f77414f..88102dff25e 100644 --- a/chromium/net/dns/host_resolver_mdns_listener_impl.cc +++ b/chromium/net/dns/host_resolver_mdns_listener_impl.cc @@ -4,7 +4,8 @@ #include "net/dns/host_resolver_mdns_listener_impl.h" -#include "base/logging.h" +#include "base/check_op.h" +#include "base/notreached.h" #include "net/base/host_port_pair.h" #include "net/dns/host_cache.h" #include "net/dns/host_resolver_mdns_task.h" diff --git a/chromium/net/dns/host_resolver_mdns_task.cc b/chromium/net/dns/host_resolver_mdns_task.cc index d56dc587044..551ab7ae25c 100644 --- a/chromium/net/dns/host_resolver_mdns_task.cc +++ b/chromium/net/dns/host_resolver_mdns_task.cc @@ -8,7 +8,8 @@ #include <utility> #include "base/bind.h" -#include "base/logging.h" +#include "base/check_op.h" +#include "base/notreached.h" #include "base/strings/string_util.h" #include "net/base/ip_endpoint.h" #include "net/base/net_errors.h" diff --git a/chromium/net/dns/host_resolver_proc.cc b/chromium/net/dns/host_resolver_proc.cc index 7fe8e1d0197..9b8f30eda6f 100644 --- a/chromium/net/dns/host_resolver_proc.cc +++ b/chromium/net/dns/host_resolver_proc.cc @@ -8,7 +8,7 @@ #include "build/build_config.h" -#include "base/logging.h" +#include "base/check.h" #include "base/threading/scoped_blocking_call.h" #include "net/base/address_list.h" #include "net/base/net_errors.h" diff --git a/chromium/net/dns/integrity_record_fuzzer.cc b/chromium/net/dns/integrity_record_fuzzer.cc new file mode 100644 index 00000000000..e3091b0763c --- /dev/null +++ b/chromium/net/dns/integrity_record_fuzzer.cc @@ -0,0 +1,71 @@ +// Copyright 2020 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <limits> +#include <memory> +#include <string> +#include <vector> + +#include "base/check_op.h" +#include "base/optional.h" +#include "base/strings/string_piece.h" +#include "net/dns/record_rdata.h" + +namespace net { + +namespace { + +base::StringPiece MakeStringPiece(const std::vector<uint8_t>& vec) { + return base::StringPiece(reinterpret_cast<const char*>(vec.data()), + vec.size()); +} + +// For arbitrary data, check that parse(data).serialize() == data. +void ParseThenSerializeProperty(const std::vector<uint8_t>& data) { + auto parsed = IntegrityRecordRdata::Create(MakeStringPiece(data)); + CHECK(parsed); + base::Optional<std::vector<uint8_t>> maybe_serialized = parsed->Serialize(); + // Since |data| is chosen by a fuzzer, the record's digest is unlikely to + // match its nonce. As a result, |parsed->IsIntact()| may be false, and thus + // |parsed->Serialize()| may be |base::nullopt|. + CHECK_EQ(parsed->IsIntact(), !!maybe_serialized); + if (maybe_serialized) { + CHECK(data == *maybe_serialized); + } +} + +// For arbitrary IntegrityRecordRdata r, check that parse(r.serialize()) == r. +void SerializeThenParseProperty(const std::vector<uint8_t>& data) { + // Ensure that the nonce is not too long to be serialized. + if (data.size() > std::numeric_limits<uint16_t>::max()) { + // Property is vacuously true because the record is not serializable. + return; + } + // Build an IntegrityRecordRdata by treating |data| as a nonce. + IntegrityRecordRdata record(data); + CHECK(record.IsIntact()); + base::Optional<std::vector<uint8_t>> maybe_serialized = record.Serialize(); + CHECK(maybe_serialized.has_value()); + + // Parsing |serialized| always produces a record identical to the original. + auto parsed = + IntegrityRecordRdata::Create(MakeStringPiece(*maybe_serialized)); + CHECK(parsed); + CHECK(parsed->IsIntact()); + CHECK(parsed->IsEqual(&record)); +} + +} // namespace + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + const std::vector<uint8_t> data_vec(data, data + size); + ParseThenSerializeProperty(data_vec); + SerializeThenParseProperty(data_vec); + // Construct a random IntegrityRecordRdata to exercise that code path. No need + // to exercise parse/serialize since we already did that with |data|. + IntegrityRecordRdata rand_record(IntegrityRecordRdata::Random()); + return 0; +} + +} // namespace net diff --git a/chromium/net/dns/notify_watcher_mac.cc b/chromium/net/dns/notify_watcher_mac.cc index b7ab2a9d0ef..e69c9b2f2b3 100644 --- a/chromium/net/dns/notify_watcher_mac.cc +++ b/chromium/net/dns/notify_watcher_mac.cc @@ -7,7 +7,7 @@ #include <notify.h> #include "base/bind.h" -#include "base/logging.h" +#include "base/check_op.h" #include "base/mac/mac_util.h" #include "base/posix/eintr_wrapper.h" diff --git a/chromium/net/dns/public/dns_protocol.h b/chromium/net/dns/public/dns_protocol.h index f26e281fe69..ea9112feb00 100644 --- a/chromium/net/dns/public/dns_protocol.h +++ b/chromium/net/dns/public/dns_protocol.h @@ -158,6 +158,11 @@ static const uint16_t kTypeANY = 255; // https://tools.ietf.org/html/draft-ietf-tls-esni-04#section-8.3 static const uint16_t kExperimentalTypeEsniDraft4 = 65439; +// The INTEGRITY RR type exists purely for measuring how the DNS ecosystem +// handles new RR types. +// https://docs.google.com/document/d/14eCqVyT_3MSj7ydqNFl1Yl0yg1fs6g24qmYUUdi5V-k/edit?usp=sharing +static const uint16_t kExperimentalTypeIntegrity = 65521; + // DNS reply codes (RCODEs). // // https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-6 diff --git a/chromium/net/dns/public/doh_provider_list.cc b/chromium/net/dns/public/doh_provider_list.cc index 7a67bdb3c25..b5b2a50ef89 100644 --- a/chromium/net/dns/public/doh_provider_list.cc +++ b/chromium/net/dns/public/doh_provider_list.cc @@ -6,7 +6,7 @@ #include <utility> -#include "base/logging.h" +#include "base/check_op.h" #include "base/no_destructor.h" #include "net/dns/public/util.h" @@ -104,6 +104,12 @@ const std::vector<DohProviderEntry>& GetDohProviderList() { "" /* ui_name */, "" /* privacy_policy */, false /* display_globally */, {} /* display_countries */), + DohProviderEntry("Cznic", base::nullopt /* provider_id_for_histogram */, + {"185.43.135.1", "2001:148f:fffe::1"}, + {"odvr.nic.cz"} /* dns_over_tls_hostnames */, + "https://odvr.nic.cz/doh", "" /* ui_name */, + "" /* privacy_policy */, false /* display_globally */, + {} /* display_countries */), // Note: DNS.SB has separate entries for autoupgrade and settings UI to // allow the extra |no_ecs| parameter for autoupgrade. This parameter // disables EDNS Client Subnet (ECS) handling in order to match the @@ -175,6 +181,13 @@ const std::vector<DohProviderEntry>& GetDohProviderList() { "https://dns.quad9.net/dns-query", "Quad9 (9.9.9.9)" /* ui_name */, "https://www.quad9.net/home/privacy/" /* privacy_policy */, true /* display_globally */, {} /* display_countries */), + DohProviderEntry("Switch", base::nullopt /* provider_id_for_histogram */, + {"130.59.31.251", "130.59.31.248", "2001:620:0:ff::2", + "2001:620:0:ff::3"}, + {"dns.switch.ch"} /* dns_over_tls_hostnames */, + "https://dns.switch.ch/dns-query", "" /* ui_name */, + "" /* privacy_policy */, false /* display_globally */, + {} /* display_countries */), }}; return *providers; } diff --git a/chromium/net/dns/public/util.cc b/chromium/net/dns/public/util.cc index f740222e692..5aab840a2b3 100644 --- a/chromium/net/dns/public/util.cc +++ b/chromium/net/dns/public/util.cc @@ -7,7 +7,8 @@ #include <set> #include <unordered_map> -#include "base/logging.h" +#include "base/check.h" +#include "base/notreached.h" #include "build/build_config.h" #include "net/base/ip_address.h" #include "net/dns/public/dns_protocol.h" diff --git a/chromium/net/dns/record_parsed.cc b/chromium/net/dns/record_parsed.cc index 8b77b6664c9..1ca18d8d22c 100644 --- a/chromium/net/dns/record_parsed.cc +++ b/chromium/net/dns/record_parsed.cc @@ -65,6 +65,9 @@ std::unique_ptr<const RecordParsed> RecordParsed::CreateFrom( case EsniRecordRdata::kType: rdata = EsniRecordRdata::Create(record.rdata, *parser); break; + case IntegrityRecordRdata::kType: + rdata = IntegrityRecordRdata::Create(record.rdata); + break; default: DVLOG(1) << "Unknown RData type for received record: " << record.type; return std::unique_ptr<const RecordParsed>(); diff --git a/chromium/net/dns/record_rdata.cc b/chromium/net/dns/record_rdata.cc index 6aef7373ac0..74200808b57 100644 --- a/chromium/net/dns/record_rdata.cc +++ b/chromium/net/dns/record_rdata.cc @@ -6,9 +6,12 @@ #include <algorithm> #include <numeric> +#include <utility> #include "base/big_endian.h" +#include "base/logging.h" #include "base/memory/ptr_util.h" +#include "base/rand_util.h" #include "net/base/ip_address.h" #include "net/dns/dns_response.h" #include "net/dns/public/dns_protocol.h" @@ -512,4 +515,115 @@ bool EsniRecordRdata::IsEqual(const RecordRdata* other) const { addresses_ == esni_other->addresses_; } +IntegrityRecordRdata::IntegrityRecordRdata(Nonce nonce) + : nonce_(std::move(nonce)), digest_(Hash(nonce_)), is_intact_(true) {} + +IntegrityRecordRdata::IntegrityRecordRdata(Nonce nonce, + Digest digest, + size_t rdata_len) + : nonce_(std::move(nonce)), + digest_(digest), + is_intact_(rdata_len == LengthForSerialization(nonce_) && + Hash(nonce_) == digest_) {} + +IntegrityRecordRdata::IntegrityRecordRdata(IntegrityRecordRdata&&) = default; +IntegrityRecordRdata::IntegrityRecordRdata(const IntegrityRecordRdata&) = + default; +IntegrityRecordRdata::~IntegrityRecordRdata() = default; + +bool IntegrityRecordRdata::IsEqual(const RecordRdata* other) const { + if (other->Type() != Type()) + return false; + const IntegrityRecordRdata* integrity_other = + static_cast<const IntegrityRecordRdata*>(other); + return is_intact_ && integrity_other->is_intact_ && + nonce_ == integrity_other->nonce_ && + digest_ == integrity_other->digest_; +} + +uint16_t IntegrityRecordRdata::Type() const { + return kType; +} + +// static +std::unique_ptr<IntegrityRecordRdata> IntegrityRecordRdata::Create( + const base::StringPiece& data) { + base::BigEndianReader reader(data.data(), data.size()); + // Parse a U16-prefixed |Nonce| followed by a |Digest|. + base::StringPiece parsed_nonce, parsed_digest; + + // Note that even if this parse fails, we still want to create a record. + bool parse_success = reader.ReadU16LengthPrefixed(&parsed_nonce) && + reader.ReadPiece(&parsed_digest, kDigestLen); + + const std::string kZeroDigest = std::string(kDigestLen, 0); + if (!parse_success) { + parsed_nonce = base::StringPiece(); + parsed_digest = base::StringPiece(kZeroDigest); + } + + Digest digest_copy{}; + CHECK_EQ(parsed_digest.size(), digest_copy.size()); + std::copy_n(parsed_digest.begin(), parsed_digest.size(), digest_copy.begin()); + + auto record = base::WrapUnique( + new IntegrityRecordRdata(Nonce(parsed_nonce.begin(), parsed_nonce.end()), + digest_copy, data.size())); + + // A failed parse implies |!IsIntact()|, though the converse is not true. The + // record may be considered not intact if there were trailing bytes in |data| + // or if |parsed_digest| is not the hash of |parsed_nonce|. + if (!parse_success) + DCHECK(!record->IsIntact()); + return record; +} + +// static +IntegrityRecordRdata IntegrityRecordRdata::Random() { + constexpr uint16_t kMinNonceLen = 32; + constexpr uint16_t kMaxNonceLen = 512; + + // Construct random nonce. + const uint16_t nonce_len = base::RandInt(kMinNonceLen, kMaxNonceLen); + Nonce nonce(nonce_len); + base::RandBytes(nonce.data(), nonce.size()); + + return IntegrityRecordRdata(std::move(nonce)); +} + +base::Optional<std::vector<uint8_t>> IntegrityRecordRdata::Serialize() const { + if (!is_intact_) { + return base::nullopt; + } + + // Create backing buffer and writer. + std::vector<uint8_t> serialized(LengthForSerialization(nonce_)); + base::BigEndianWriter writer(reinterpret_cast<char*>(serialized.data()), + serialized.size()); + + // Writes will only fail if the buffer is too small. We are asserting here + // that our buffer is exactly the right size, which is expected to always be + // true if |is_intact_|. + CHECK(writer.WriteU16(nonce_.size())); + CHECK(writer.WriteBytes(nonce_.data(), nonce_.size())); + CHECK(writer.WriteBytes(digest_.data(), digest_.size())); + CHECK_EQ(writer.remaining(), 0u); + + return serialized; +} + +// static +IntegrityRecordRdata::Digest IntegrityRecordRdata::Hash(const Nonce& nonce) { + Digest digest{}; + SHA256(nonce.data(), nonce.size(), digest.data()); + return digest; +} + +// static +size_t IntegrityRecordRdata::LengthForSerialization(const Nonce& nonce) { + // A serialized INTEGRITY record consists of a U16-prefixed |nonce_|, followed + // by the bytes of |digest_|. + return sizeof(uint16_t) + nonce.size() + kDigestLen; +} + } // namespace net diff --git a/chromium/net/dns/record_rdata.h b/chromium/net/dns/record_rdata.h index e42c2285d52..42d7c1c6111 100644 --- a/chromium/net/dns/record_rdata.h +++ b/chromium/net/dns/record_rdata.h @@ -14,11 +14,13 @@ #include "base/compiler_specific.h" #include "base/logging.h" #include "base/macros.h" +#include "base/optional.h" #include "base/strings/string_piece.h" #include "net/base/io_buffer.h" #include "net/base/ip_address.h" #include "net/base/net_export.h" #include "net/dns/public/dns_protocol.h" +#include "third_party/boringssl/src/include/openssl/sha.h" namespace net { @@ -310,6 +312,81 @@ class NET_EXPORT EsniRecordRdata : public RecordRdata { DISALLOW_COPY_AND_ASSIGN(EsniRecordRdata); }; +// This class parses and serializes the INTEGRITY DNS record. +// +// This RR was invented for a preliminary HTTPSSVC experiment. See the public +// design doc: +// https://docs.google.com/document/d/14eCqVyT_3MSj7ydqNFl1Yl0yg1fs6g24qmYUUdi5V-k/edit?usp=sharing +// +// The wire format of INTEGRITY records consists of a U16-prefixed nonce +// followed by |kDigestLen| bytes, which should be equal to the SHA256 hash of +// the nonce contents. +class NET_EXPORT IntegrityRecordRdata : public RecordRdata { + public: + static constexpr uint16_t kType = dns_protocol::kExperimentalTypeIntegrity; + + static constexpr size_t kDigestLen = SHA256_DIGEST_LENGTH; + + using Nonce = std::vector<uint8_t>; + using Digest = std::array<uint8_t, kDigestLen>; + + IntegrityRecordRdata() = delete; + // Constructs a new record, computing the digest value from |nonce|. + explicit IntegrityRecordRdata(Nonce nonce); + IntegrityRecordRdata(IntegrityRecordRdata&&); + IntegrityRecordRdata(const IntegrityRecordRdata&); + ~IntegrityRecordRdata() override; + + IntegrityRecordRdata& operator=(const IntegrityRecordRdata&) = default; + IntegrityRecordRdata& operator=(IntegrityRecordRdata&&) = default; + + // RecordRdata: + bool IsEqual(const RecordRdata* other) const override; + uint16_t Type() const override; + + // Attempts to parse an INTEGRITY record from |data|. Never returns nullptr. + // The caller can check the intactness of the record with |IsIntact()|. + static std::unique_ptr<IntegrityRecordRdata> Create( + const base::StringPiece& data); + + // Generate an integrity record with a random nonce and corresponding digest. + // Postcondition: |IsIntact()| is true. + static IntegrityRecordRdata Random(); + + // Serialize |this| using the INTEGRITY wire format. Returns |base::nullopt| + // when |!IsIntact()|. + base::Optional<std::vector<uint8_t>> Serialize() const; + + // Precondition: |IsIntact()|. + const Nonce& nonce() const { + CHECK(is_intact_); + return nonce_; + } + + // Precondition: |IsIntact()|. + const Digest& digest() const { + CHECK(is_intact_); + return digest_; + } + + // To be considered intact, this record must have parsed successfully (if + // parsed by |Create()|) and the digest must match the hash of the nonce. + bool IsIntact() const { return is_intact_; } + + private: + IntegrityRecordRdata(Nonce nonce_, Digest digest_, size_t rdata_len); + + static Digest Hash(const Nonce& nonce); + + // Returns the exact number of bytes a record constructed from |nonce| would + // occupy when serialized. + static size_t LengthForSerialization(const Nonce& nonce); + + Nonce nonce_; + Digest digest_; + bool is_intact_; +}; + } // namespace net #endif // NET_DNS_RECORD_RDATA_H_ diff --git a/chromium/net/dns/record_rdata_unittest.cc b/chromium/net/dns/record_rdata_unittest.cc index e245c67be05..c70e674a2d9 100644 --- a/chromium/net/dns/record_rdata_unittest.cc +++ b/chromium/net/dns/record_rdata_unittest.cc @@ -6,8 +6,10 @@ #include <algorithm> #include <memory> +#include <utility> #include "base/big_endian.h" +#include "base/optional.h" #include "net/dns/dns_response.h" #include "net/dns/dns_test_util.h" #include "net/test/gtest_util.h" @@ -27,6 +29,10 @@ base::StringPiece MakeStringPiece(const uint8_t* data, unsigned size) { return base::StringPiece(data_cc, size); } +base::StringPiece MakeStringPiece(const std::vector<uint8_t>& vec) { + return MakeStringPiece(vec.data(), vec.size()); +} + TEST(RecordRdataTest, ParseSrvRecord) { // These are just the rdata portions of the DNS records, rather than complete // records, but it works well enough for this test. @@ -777,5 +783,142 @@ TEST(RecordRdataTest, AddOptToOptRecord) { EXPECT_THAT(rdata.buf(), ElementsAreArray(expected_rdata)); } +// Test that for arbitrary IntegrityRecordRdata r, Parse(Serialize(r)) == r. +TEST(RecordRdataTest, IntegrityParseSerializeInverseProperty) { + IntegrityRecordRdata record(IntegrityRecordRdata::Random()); + + EXPECT_TRUE(record.IsIntact()); + base::Optional<std::vector<uint8_t>> serialized = record.Serialize(); + EXPECT_TRUE(serialized); + + std::unique_ptr<IntegrityRecordRdata> reparsed = + IntegrityRecordRdata::Create(MakeStringPiece(*serialized)); + EXPECT_TRUE(reparsed); + EXPECT_TRUE(reparsed->IsEqual(&record)); +} + +TEST(RecordRdataTest, IntegrityEmptyNonceCornerCase) { + const IntegrityRecordRdata::Nonce empty_nonce; + IntegrityRecordRdata record(empty_nonce); + EXPECT_TRUE(record.IsIntact()); + + base::Optional<std::vector<uint8_t>> serialized = record.Serialize(); + EXPECT_TRUE(serialized); + std::unique_ptr<IntegrityRecordRdata> reparsed = + IntegrityRecordRdata::Create(MakeStringPiece(*serialized)); + EXPECT_TRUE(reparsed); + EXPECT_TRUE(reparsed->IsIntact()); + EXPECT_TRUE(reparsed->IsEqual(&record)); + EXPECT_EQ(reparsed->nonce().size(), 0u); +} + +TEST(RecordRdataTest, IntegrityMoveConstructor) { + IntegrityRecordRdata record_a(IntegrityRecordRdata::Random()); + EXPECT_TRUE(record_a.IsIntact()); + base::Optional<std::vector<uint8_t>> serialized_a = record_a.Serialize(); + EXPECT_TRUE(serialized_a); + + IntegrityRecordRdata record_b = std::move(record_a); + EXPECT_TRUE(record_b.IsIntact()); + base::Optional<std::vector<uint8_t>> serialized_b = record_b.Serialize(); + EXPECT_TRUE(serialized_b); + + EXPECT_EQ(serialized_a, serialized_b); +} + +TEST(RecordRdataTest, IntegrityRandomRecordsDiffer) { + IntegrityRecordRdata record_a(IntegrityRecordRdata::Random()); + IntegrityRecordRdata record_b(IntegrityRecordRdata::Random()); + EXPECT_TRUE(!record_a.IsEqual(&record_b)); +} + +TEST(RecordRdataTest, IntegritySerialize) { + IntegrityRecordRdata record({'A'}); + EXPECT_TRUE(record.IsIntact()); + const base::Optional<std::vector<uint8_t>> serialized = record.Serialize(); + EXPECT_TRUE(serialized); + + // Expected payload contains the SHA256 hash of 'A'. For the lazy: + // $ echo -n A | sha256sum | cut -f1 -d' ' | sed -e 's/\(..\)/0x\1, /g' + const std::vector<uint8_t> expected = { + 0, 1, 'A', // Length prefix and nonce + // Begin digest + 0x55, 0x9a, 0xea, 0xd0, 0x82, 0x64, 0xd5, 0x79, 0x5d, 0x39, 0x09, 0x71, + 0x8c, 0xdd, 0x05, 0xab, 0xd4, 0x95, 0x72, 0xe8, 0x4f, 0xe5, 0x55, 0x90, + 0xee, 0xf3, 0x1a, 0x88, 0xa0, 0x8f, 0xdf, 0xfd, // End digest + }; + + EXPECT_TRUE(*serialized == expected); +} + +TEST(RecordRdataTest, IntegrityParse) { + const std::vector<uint8_t> serialized = { + 0, 6, 'f', 'o', 'o', 'b', 'a', 'r', // Length prefix and nonce + 0xc3, 0xab, 0x8f, 0xf1, 0x37, 0x20, 0xe8, 0xad, 0x90, // Begin digest + 0x47, 0xdd, 0x39, 0x46, 0x6b, 0x3c, 0x89, 0x74, 0xe5, 0x92, 0xc2, + 0xfa, 0x38, 0x3d, 0x4a, 0x39, 0x60, 0x71, 0x4c, 0xae, 0xf0, 0xc4, + 0xf2, // End digest + }; + auto record = IntegrityRecordRdata::Create(MakeStringPiece(serialized)); + EXPECT_TRUE(record); + EXPECT_TRUE(record->IsIntact()); +} + +TEST(RecordRdataTest, IntegrityBadParseEmptyRdata) { + const std::vector<uint8_t> serialized = {}; + auto record = IntegrityRecordRdata::Create(MakeStringPiece(serialized)); + EXPECT_TRUE(record); + EXPECT_FALSE(record->IsIntact()); +} + +TEST(RecordRdataTest, IntegrityBadParseTruncatedNonce) { + const std::vector<uint8_t> serialized = { + 0, 6, 'f', 'o', 'o' // Length prefix and truncated nonce + }; + auto record = IntegrityRecordRdata::Create(MakeStringPiece(serialized)); + EXPECT_TRUE(record); + EXPECT_FALSE(record->IsIntact()); +} + +TEST(RecordRdataTest, IntegrityBadParseTruncatedDigest) { + const std::vector<uint8_t> serialized = { + 0, 6, 'f', 'o', 'o', 'b', 'a', 'r', // Length prefix and nonce + // Begin Digest + 0xc3, 0xab, 0x8f, 0xf1, 0x37, 0x20, 0xe8, 0xad, 0x90, 0x47, 0xdd, 0x39, + 0x46, 0x6b, 0x3c, 0x89, 0x74, 0xe5, 0x92, 0xc2, 0xfa, 0x38, 0x3d, + 0x4a, // End digest + }; + auto record = IntegrityRecordRdata::Create(MakeStringPiece(serialized)); + EXPECT_TRUE(record); + EXPECT_FALSE(record->IsIntact()); +} + +TEST(RecordRdataTest, IntegrityBadParseExtraBytes) { + const std::vector<uint8_t> serialized = { + 0, 6, 'f', 'o', 'o', 'b', 'a', 'r', // Length prefix and nonce + // Begin digest + 0xc3, 0xab, 0x8f, 0xf1, 0x37, 0x20, 0xe8, 0xad, 0x90, 0x47, 0xdd, 0x39, + 0x46, 0x6b, 0x3c, 0x89, 0x74, 0xe5, 0x92, 0xc2, 0xfa, 0x38, 0x3d, 0x4a, + 0x39, 0x60, 0x71, 0x4c, 0xae, 0xf0, 0xc4, 0xf2, // End digest + 'e', 'x', 't', 'r', 'a' // Trailing bytes + }; + auto record = IntegrityRecordRdata::Create(MakeStringPiece(serialized)); + EXPECT_TRUE(record); + EXPECT_FALSE(record->IsIntact()); +} + +TEST(RecordRdataTest, IntegrityCorruptedDigest) { + const std::vector<uint8_t> serialized = { + 0, 6, 'f', 'o', 'o', 'b', 'a', 'r', // Length prefix and nonce + 0xde, 0xad, 0xbe, 0xef, 0x37, 0x20, 0xe8, 0xad, 0x90, // Begin digest + 0x47, 0xdd, 0x39, 0x46, 0x6b, 0x3c, 0x89, 0x74, 0xe5, 0x92, 0xc2, + 0xfa, 0x38, 0x3d, 0x4a, 0x39, 0x60, 0x71, 0x4c, 0xae, 0xf0, 0xc4, + 0xf2, // End digest + }; + auto record = IntegrityRecordRdata::Create(MakeStringPiece(serialized)); + EXPECT_TRUE(record); + EXPECT_FALSE(record->IsIntact()); +} + } // namespace } // namespace net diff --git a/chromium/net/dns/resolve_context.cc b/chromium/net/dns/resolve_context.cc index 9504b9e6d36..fd7f7c6f17f 100644 --- a/chromium/net/dns/resolve_context.cc +++ b/chromium/net/dns/resolve_context.cc @@ -10,7 +10,7 @@ #include <string> #include <utility> -#include "base/logging.h" +#include "base/check_op.h" #include "base/metrics/bucket_ranges.h" #include "base/metrics/histogram.h" #include "base/metrics/histogram_base.h" @@ -99,7 +99,8 @@ ResolveContext::ServerStats::~ServerStats() = default; ResolveContext::ResolveContext(URLRequestContext* url_request_context, bool enable_caching) : url_request_context_(url_request_context), - host_cache_(enable_caching ? HostCache::CreateDefaultCache() : nullptr) { + host_cache_(enable_caching ? HostCache::CreateDefaultCache() : nullptr), + isolation_info_(IsolationInfo::CreateTransient()) { max_timeout_ = GetMaxTimeout(); } diff --git a/chromium/net/dns/resolve_context.h b/chromium/net/dns/resolve_context.h index fc09c17270e..8b3ec4fd388 100644 --- a/chromium/net/dns/resolve_context.h +++ b/chromium/net/dns/resolve_context.h @@ -14,6 +14,7 @@ #include "base/observer_list_types.h" #include "base/optional.h" #include "base/time/time.h" +#include "net/base/isolation_info.h" #include "net/base/net_export.h" #include "net/dns/dns_config.h" @@ -143,6 +144,15 @@ class NET_EXPORT_PRIVATE ResolveContext : public base::CheckedObserver { return current_session_.get(); } + // Returns IsolationInfo that should be used for DoH requests. Using a single + // transient IsolationInfo ensures that DNS requests aren't pooled with normal + // web requests, but still allows them to be pooled with each other, to allow + // reusing connections to the DoH server across different third party + // contexts. One downside of a transient IsolationInfo is that it means + // metadata about the DoH server itself will not be cached across restarts + // (alternative service info if it supports QUIC, for instance). + const IsolationInfo& isolation_info() const { return isolation_info_; } + private: friend DohDnsServerIterator; friend ClassicDnsServerIterator; @@ -225,6 +235,8 @@ class NET_EXPORT_PRIVATE ResolveContext : public base::CheckedObserver { std::vector<ServerStats> classic_server_stats_; // Track runtime statistics of each DoH server. std::vector<ServerStats> doh_server_stats_; + + const IsolationInfo isolation_info_; }; } // namespace net diff --git a/chromium/net/dns/serial_worker.cc b/chromium/net/dns/serial_worker.cc index 39d6a755b84..01f1711ca44 100644 --- a/chromium/net/dns/serial_worker.cc +++ b/chromium/net/dns/serial_worker.cc @@ -5,7 +5,9 @@ #include "net/dns/serial_worker.h" #include "base/bind.h" +#include "base/check_op.h" #include "base/location.h" +#include "base/notreached.h" #include "base/task/post_task.h" #include "base/task/thread_pool.h" #include "base/threading/sequenced_task_runner_handle.h" diff --git a/chromium/net/dns/system_dns_config_change_notifier.cc b/chromium/net/dns/system_dns_config_change_notifier.cc index 4575c9bb5d5..95232497043 100644 --- a/chromium/net/dns/system_dns_config_change_notifier.cc +++ b/chromium/net/dns/system_dns_config_change_notifier.cc @@ -8,8 +8,8 @@ #include <utility> #include "base/bind.h" +#include "base/check_op.h" #include "base/location.h" -#include "base/logging.h" #include "base/memory/weak_ptr.h" #include "base/sequence_checker.h" #include "base/sequenced_task_runner.h" diff --git a/chromium/net/docs/life-of-a-url-request.md b/chromium/net/docs/life-of-a-url-request.md index 4bf89d262ef..5b253d5bbd0 100644 --- a/chromium/net/docs/life-of-a-url-request.md +++ b/chromium/net/docs/life-of-a-url-request.md @@ -1,10 +1,13 @@ # Life of a URLRequest -This document is intended as an overview of the core layers of the network -stack and the network service, their basic responsibilities, and how they fit -together, without going into too much detail. This doc assumes the network -service is enabled, though the network service is not yet enabled by default -on any platform. +This document gives an overview of the browser's lower-layers for networking. + +Networking in the browser ranges from high level Javascript APIs like +`fetch()`, all the way down to writing encrypted bytes on a socket. + +This document assumes that requests for URLs are mediated through the browser's +[Network Service](../../services/network/README.md), and focuses on all the +layers below the Network Service, including key points of integration. It's particularly targeted at people new to the Chrome network stack, but should also be useful for team members who may be experts at some parts of the @@ -25,15 +28,16 @@ generally be assumed it's in //net/ and is in the net namespace. The top-level network stack object is the URLRequestContext. The context has non-owning pointers to everything needed to create and issue a URLRequest. The context must outlive all requests that use it. Creating a context is a rather -complicated process, and it's recommended that most consumers use -URLRequestContextBuilder to do this. +complicated process usually managed by URLRequestContextBuilder. The primary use of the URLRequestContext is to create URLRequest objects using URLRequestContext::CreateRequest(). The URLRequest is the main interface used -by direct consumers of the network stack. It use used to drive requests for -http, https, ftp, and some data URLs. Each URLRequest tracks a single request -across all redirects until an error occurs, it's canceled, or a final response -is received, with a (possibly empty) body. +by direct consumers of the network stack. It manages loading URLs with the +http, https, ws, and wss schemes. URLs for other schemes, such as file, +filesystem, blob, chrome, and data, are managed completely outside of //net. +Each URLRequest tracks a single request across all redirects until an error +occurs, it's canceled, or a final response is received, with a (possibly empty) +body. The HttpNetworkSession is another major network stack object. It owns the HttpStreamFactory, the socket pools, and the HTTP/2 and QUIC session pools. It @@ -64,13 +68,15 @@ The network service, which lives in //services/network/, wraps //net/ objects, and provides cross-process network APIs and their implementations for the rest of Chrome. The network service uses the namespace "network" for all its classes. The Mojo interfaces it provides are in the network::mojom namespace. Mojo is -Chrome's IPC layer. Generally there's a network::mojom::FooPtr proxy object in -the consumer's process which also implements the network::mojom::Foo interface. -When the proxy object's methods are invoked, it passes the call and all its -arguments over a Mojo IPC channel to another the implementation of the -network::mojom::Foo interface in the network service (typically implemented by a -class named network::Foo), which may be running in another process, or possibly -another thread in the consumer's process. +Chrome's IPC layer. Generally there's a `mojo::Remote<network::mojom::Foo>` +proxy object in the consumer's process which also implements +the network::mojom::Foo interface. When the proxy object's methods are invoked, +it passes the call and all its arguments over a Mojo IPC channel, using a +`mojo::Receiver<network::mojom::Foo>`, to an implementation of the +network::mojom::Foo interface in the network service (the implementation is +typically a class named network::Foo), which may be running in another process, +another thread in the consumer's process, or even the same thread in the +consumer's process. The network::NetworkService object is singleton that is used by Chrome to create all other network service objects. The primary objects it is used to create are @@ -97,16 +103,15 @@ on-disk data, depending on the Profile and the App. # Life of a Simple URLRequest -A request for data is dispatched from some other process which results in -creating a network::URLLoader in the network process. The URLLoader then -creates a URLRequest to drive the request. A protocol-specific job -(e.g. HTTP, data, file) is attached to the request. In the HTTP case, that job -first checks the cache, and then creates a network connection object, if -necessary, to actually fetch the data. That connection object interacts with -network socket pools to potentially re-use sockets; the socket pools create and -connect a socket if there is no appropriate existing socket. Once that socket -exists, the HTTP request is dispatched, the response read and parsed, and the -result returned back up the stack and sent over to the child process. +A request for data is dispatched from some process, which results in creating +a network::URLLoader in the network service (which, on desktop platform, is +typically in its own process). The URLLoader then creates a URLRequest to +drive the network request. That job first checks the HTTP cache, and then +creates a network transaction object, if necessary, to actually fetch the data. +That transaction tries to reuse a connection if available. If none is available, +it creates a new one. Once it has established a connection, the HTTP request is +dispatched, the response read and parsed, and the result returned back up the +stack and sent over to the caller. Of course, it's not quite that simple :-}. @@ -122,10 +127,12 @@ work. Summary: +* In the browser process, the network::mojom::NetworkContext interface is used +to create a network::mojom::URLLoaderFactory. * A consumer (e.g. the content::ResourceDispatcher for Blink, the content::NavigationURLLoaderImpl for frame navigations, or a network::SimpleURLLoader) passes a network::ResourceRequest object and -network::mojom::URLLoaderClient Mojo channel to a +network::mojom::URLLoaderClient Mojo channel to the network::mojom::URLLoaderFactory, and tells it to create and start a network::mojom::URLLoader. * Mojo sends the network::ResourceRequest over an IPC pipe to a @@ -140,17 +147,31 @@ multiple types of child processes (renderer, GPU, plugin, network, etc). The renderer processes are the ones that layout webpages and run HTML. The browser process creates the top level network::mojom::NetworkContext -objects, and uses them to create network::mojom::URLLoaderFactories, which it -can set some security-related options on, before vending them to child -processes. Child processes can then use them to directly talk to the network -service. - -A consumer that wants to make a network request gets a URLLoaderFactory through -some manner, assembles a bunch of parameters in the large ResourceRequest -object, creates a network::mojom::URLLoaderClient Mojo channel for the -network::mojom::URLLoader to use to talk back to it, and then passes them to -the URLLoaderFactory, which returns a URLLoader object that it can use to -manage the network request. +objects. The NetworkContext interface is privileged and can only be accessed +from the browser process. The browser process uses it to create +network::mojom::URLLoaderFactories, which can then be passed to less +privileged processes to allow them to load resources using the NetworkContext. +To create a URLLoaderFactory, a network::mojom::URLLoaderFactoryParams object +is passed to the NetworkContext to configure fields that other processes are +not trusted to set, for security and privacy reasons. + +One such field is the net::IsolationInfo field, which includes: +* A net::NetworkIsolationKey, which is used to enforce the +[privacy sandbox](https://www.chromium.org/Home/chromium-privacy/privacy-sandbox) +in the network stack, separating network resources used by different sites in +order to protect against tracking a user across sites. +* A net::SiteForCookies, which is used to determine which site to send SameSite +cookies for. SameSite cookies prevent cross-site attacks by only being +accessible when that site is the top-level site. +* How to update these values across redirects. + +A consumer, either in the browser process or a child process, that wants to +make a network request gets a URLLoaderFactory from the browser process through +some manner, assembles a bunch of parameters in the large +network::ResourceRequest object, creates a network::mojom::URLLoaderClient Mojo +channel for the network::mojom::URLLoader to use to talk back to it, and then +passes them all to the URLLoaderFactory, which returns a URLLoader object that +it can use to manage the network request. ### network::URLLoaderFactory sets up the request in the network service @@ -160,40 +181,46 @@ Summary: * network::URLLoader uses the network::NetworkContext's URLRequestContext to create and start a URLRequest. -The URLLoaderFactory, along with all NetworkContexts and most of the network -stack, lives on a single thread in the network service. It gets a reconstituted -ResourceRequest object from the Mojo pipe, does some checks to make sure it -can service the request, and if so, creates a URLLoader, passing the request and -the NetworkContext associated with the URLLoaderFactory. - -The URLLoader then calls into a URLRequestContext to create the URLRequest. The -URLRequestContext has pointers to all the network stack objects needed to issue -the request over the network, such as the cache, cookie store, and host -resolver. The URLLoader then calls into the ResourceScheduler, which may delay -starting the request, based on priority and other activity. Eventually, the -ResourceScheduler starts the request. +The network::URLLoaderFactory, along with all NetworkContexts and most of the +network stack, lives on a single thread in the network service. It gets a +reconstituted ResourceRequest object from the network::mojom::URLLoaderFactory +Mojo pipe, does some checks to make sure it can service the request, and if so, +creates a URLLoader, passing the request and the NetworkContext associated with +the URLLoaderFactory. + +The URLLoader then calls into the NetworkContext's net::URLRequestContext to +create the URLRequest. The URLRequestContext has pointers to all the network +stack objects needed to issue the request over the network, such as the cache, +cookie store, and host resolver. The URLLoader then calls into the +network::ResourceScheduler, which may delay starting the request, based on +priority and other activity. Eventually, the ResourceScheduler starts the +request. ### Check the cache, request an HttpStream Summary: -* The URLRequest asks the URLRequestJobFactory to create a URLRequestJob, in -this case, a URLRequestHttpJob. -* The URLRequestHttpJob asks the HttpCache to create an HttpTransaction -(always an HttpCache::Transaction). +* The URLRequest asks the URLRequestJobFactory to create a URLRequestJob, +and gets a URLRequestHttpJob. +* The URLRequestHttpJob asks the HttpCache to create an HttpTransaction, and +gets an HttpCache::Transaction, assuming caching is enabled. * The HttpCache::Transaction sees there's no cache entry for the request, and creates an HttpNetworkTransaction. * The HttpNetworkTransaction calls into the HttpStreamFactory to request an HttpStream. The URLRequest then calls into the URLRequestJobFactory to create a -URLRequestJob and then starts it. In the case of an HTTP or HTTPS request, this -will be a URLRequestHttpJob. The URLRequestHttpJob attaches cookies to the -request, if needed. +URLRequestHttpJob, a subclass of URLRequestJob, and then starts it +(historically, non-network URL schemes were also disptched through the +network stack, so there were a variety of job types.) The +URLRequestHttpJob attaches cookies to the request, if needed. Whether or +not SameSite cookies are attached depends on the IsolationInfo's +SiteForCookies, the URL, and the URLRequest's request_initiator field. The URLRequestHttpJob calls into the HttpCache to create an -HttpCache::Transaction. If there's no matching entry in the cache, the -HttpCache::Transaction will just call into the HttpNetworkLayer to create an +HttpCache::Transaction. The cache checks for an entry with the same URL +and NetworkIsolationKey. If there's no matching entry, the +HttpCache::Transaction will call into the HttpNetworkLayer to create an HttpNetworkTransaction, and transparently wrap it. The HttpNetworkTransaction then calls into the HttpStreamFactory to request an HttpStream to the server. @@ -560,13 +587,33 @@ priority socket request. ## Non-HTTP Schemes -The URLRequestJobFactory has a ProtocolHander for ftp, http, https, and data -URLs, though most data URLs are handled directly in the renderer. For other -schemes, and non-network code that can intercept HTTP/HTTPS requests (like -ServiceWorker, or extensions), there's typically another -network::mojom::URLLoaderFactory class that is used instead of -network::URLLoaderFactory. These URLLoaderFactories are not part of the -network service. Some of these are web standards and handled in content/ -code (like blob:// and file:// URLs), while other of these are -Chrome-specific, and implemented in chrome/ (like chrome:// and -chrome-extension:// URLs). +WebSockets requests (wss:// and ws://) start as HTTP requests with an HTTP +upgrade header. Once the handshake completes successfully, the connection +is used as a full-duplex communication channel to the server for WebSocket +frames, rather than to receive an HTTP response body. WebSockets have their +own Mojo interfaces and //net classes, but internally they reuse the full +URLRequest machinery up to the point headers are received from the server. +Then the connection is handed off to the WebSocket code to manage. + +Other schemes typically have their own network::mojom::URLLoaderFactory that +is not part of the network service. Standard schemes like file:// and blob:// +are handled by the content layer and its dependencies +(content::FileURLLoaderFactory and storage::BlobURLLoaderFactory, respectively, +for those two schemes). Chrome-specific schemes, like externalfile:// and +chrome-extension:// are often handled by a URLLoaderFactory in the chrome layer, +though chrome:// itself is actually handled in //content. + +data:// URLs are handled a bit differently from other schemes. If a renderer +process requests a data:// subresource, the renderer typically decodes it +internally, as sending it to an out-of-process URLLoader would be inefficient. +Navigations are a bit different. To navigate to a URL, the browser process +creates a URLLoader and passes it over to a renderer process. So in the +case of a navigation to a data:// URL, a URLLoader is created using a +content::DataURLLoaderFactory that lives in the browser process, and then a +mojo::Remote for the browser-hosted URLLoader is passed to a renderer +proceess. + +about:blank is similarly often handled in the renderer, though there is a +factory for that used in the case of navigations as well. Other about: URLs +are mapped to the corresponding Chrome URLs by the navigation code, rather +than having that logic live in a URLLoaderFactory. diff --git a/chromium/net/docs/proxy.md b/chromium/net/docs/proxy.md index 5c4f19dac0f..0f844f07fc0 100644 --- a/chromium/net/docs/proxy.md +++ b/chromium/net/docs/proxy.md @@ -540,8 +540,8 @@ proxy settings are externally controllable, as when using PAC scripts. Historical support in Chrome: -* Prior to M71 there were no implicit proxy bypass rules (except if using - `--winhttp-proxy-resolver`) +* Prior to M71 there were no implicit proxy bypass rules, except if using + [`--winhttp-proxy-resolver`](#winhttp_proxy_resolver-command-line-switch). * In M71 Chrome applied implicit proxy bypass rules to PAC scripts * In M72 Chrome generalized the implicit proxy bypass rules to manually configured proxies @@ -722,16 +722,13 @@ favor of a consistent policy. PAC scripts can invoke `myIpAddress()` to obtain the client's IP address. This function returns a single IP literal, or `"127.0.0.1"` on failure. -`myIpAddress()` is fundamentally broken for multi-homed hosts. +This API is [inherently ambiguous when used on multi-homed +hosts](#myIpAddress_myIpAddressEx_and-multi_homed-hosts), as such hosts can +have multiple IP addresses and yet the browser can pick just one to return. -Consider what happens when a machine has multiple network interfaces, each with -its own IP address. Answering "what is my IP address" depends on what interface -the request is sent out on. Which in turn depends on what the destination IP -is. Which in turn depends on the result of proxy resolution + fallback, which -is what we are currently blocked in! - -Chrome's algorithm uses these ordered steps to find an IP address -(short-circuiting when a candidate is found). +Chrome's algorithm for `myIpAddress()` favors returning the IP that would be +used if we were to connect to the public internet, by executing the following +ordered steps and short-circuiting once the first candidate IP is found: 1. Select the IP of an interface that can route to public Internet: * Probe for route to `8.8.8.8`. @@ -745,30 +742,16 @@ Chrome's algorithm uses these ordered steps to find an IP address * Probe for route to `192.168.0.0`. * Probe for route to `FC00::`. -When searching for candidate IP addresses, link-local and loopback addresses -are skipped over. Link-local or loopback address will only be returned as a +Note that when searching for candidate IP addresses, link-local and loopback +addresses are skipped over. Link-local or loopback address will only be returned as a last resort when no other IP address was found by following these steps. -This sequence of steps explicitly favors IPv4 over IPv6 results. +This sequence of steps explicitly favors IPv4 over IPv6 results, to match +Internet Explorer's IPv6 support. *Historical note*: Prior to M72, Chrome's implementation of `myIpAddress()` was effectively just `getaddrinfo(gethostname)`. This is now step 2 of the heuristic. -### What about pacUseMultihomedDNS? - -In Firefox, if you define a global variable named `pacUseMultihomedDNS` in your -PAC script, it causes `myIpAddress()` to report the IP address of the interface -that would (likely) have been used had we connected to it DIRECT. - -In particular, it will do a DNS resolution of the target host (the hostname of -the URL that the proxy resolution is being done for), and then -connect a datagram socket to get the source address. - -Chrome does not recognize the `pacUseMultihomedDNS` global as having special -meaning. A PAC script is free to define such a global, and it won't have -side-effects. Chrome has no APIs or settings to change `myIpAddress()`'s -algorithm. - ## Resolving client's IP address within a PAC script using myIpAddressEx() Chrome supports the [Microsoft PAC @@ -784,13 +767,13 @@ There are some differences with Chrome's implementation: * In Chrome the function is unconditionally defined, whereas in Internet Explorer one must have used the `FindProxyForURLEx` entrypoint. -* Chrome does not enumerate all of the host's network interfaces +* Chrome [does not necessarily enumerate all of the host's network + interfaces](#myIpAddress_myIpAddressEx_and-multi_homed-hosts) * Chrome does not return link-local or loopback addresses (except if no other addresses were found). The algorithm that Chrome uses is nearly identical to that of `myIpAddress()` -described earlier. The main difference is that we don't short-circuit -after finding the first candidate IP, so multiple IPs may be returned. +described earlier, but in certain cases may return multiple IPs. 1. Select all the IPs of interfaces that can route to public Internet: * Probe for route to `8.8.8.8`. @@ -809,6 +792,29 @@ Note that short-circuiting happens whenever steps 1-3 find a candidate IP. So for example if at least one IP address was discovered by checking routes to public Internet, only those IPs will be returned, and steps 2-3 will not run. +## myIpAddress() / myIpAddressEx() and multi-homed hosts + +`myIpAddress()` is a poor API for hosts that have multiple IP addresses, as it +can only return a single IP, which may or may not be the one you wanted. Both +`myIpAddress()` and `myIpAddressEx()` favor returning the IP for the interface +that would be used to route to the public internet. + +As an API, `myIpAddressEx()` offers more flexibility since it can return +multiple IP addresses. However Chrome's implementation restricts which IPs a +PAC script can see [due to privacy +concerns](https://bugs.chromium.org/p/chromium/issues/detail?id=905366). So +using `myIpAddressEx()` is not as powerful as enumerating all the host's IPs, +and may not address all use-cases. + +A more reliable strategy for PAC scripts to check which network(s) a user is on +is to probe test domains using `dnsResolve()` / `dnsResolveEx()`. + +Moreover, note that Chrome does not support the Firefox-specific +`pacUseMultihomedDNS` option, so adding that global to a PAC script has no +special side-effect in Chrome. Whereas in Firefox it reconfigures +`myIpAddress()` to be dependent on the target URL that `FindProxyForURL()` was +called with. + ## Android quirks Proxy resolving via PAC works differently on Android than other desktop Chrome @@ -918,3 +924,147 @@ The priority for encoding is determined in this order: When setting the `Content-Type`, servers should prefer using a mime type of `application/x-ns-proxy-autoconfig` or `application/x-javascript-config`. However in practice, Chrome does not enforce the mime type. + +## Capturing a Net Log for debugging proxy resolution issues + +Issues in proxy resolution are best investigated using a Net Log. + +A good starting point is to follow the [general instructions for +net-export](https://www.chromium.org/for-testers/providing-network-details), +*and while the Net Log is being captured perform these steps*: + +1. Reproduce the failure (ex: load a URL that fails) +2. If you can reproduce a success, do so (ex: load a different URL that succeeds). +3. In a new tab, navigate to `chrome://net-internals/#proxy` and click both + buttons ("Re-apply settings" and "Clear bad proxies"). +4. Repeat step (1) +5. Stop the Net Log and save the file. + +The resulting Net Log should have enough information to diagnose common +problems. It can be attached to a bug report, or explored using the [Net Log +Viewer](https://netlog-viewer.appspot.com/). See the next section for some tips +on analyzing it. + +## Analyzing Net Logs for proxy issues + +Load saved Net Logs using [Net Log Viewer](https://netlog-viewer.appspot.com/). + +### Proxy overview tab + +Start by getting a big-picture view of the proxy settings by clicking to the +"Proxy" tab on the left. This summarizes the proxy settings at the time the +_capture ended_. + +* Does the _original_ proxy settings match expectation? + The proxy settings might be coming from: + * Managed Chrome policy (chrome://policy) + * Command line flags (ex: `--proxy-server`) + * (per-profile) Chrome extensions (ex: [chrome.proxy](https://developer.chrome.com/extensions/proxy)) + * (per-network) System proxy settings + +* Was [proxy autodetect (WPAD)](#Web-Proxy-Auto_Discovery-WPAD) specified? In + this case the final URL probed will be reflected by the difference between + the "Effective" and "Original" settings. + +* Internally, proxy settings are per-NetworkContext. The proxy + overview tab shows settings for a *particular* NetworkContext, namely the + one associated with the Profile used to navigate to `chrome://net-export`. For + instance if the net-export was initiated from an Incognito window, it may + show different proxy settings here than a net-export capture initiated by a + non-Incognito window. When the net-export was triggered from command line + (`--log-net-log`) no particular NetworkContext is associated with the + capture and hence no proxy settings will be shown in this overview. + +* Were any proxies marked as bad? + +### Import tab + +Skim through the Import tab and look for relevant command line flags and active +field trials. A find-in-page for `proxy` is a good starting point. Be on the lookout for +[`--winhttp-proxy-resolver`](#winhttp_proxy_resolver-command-line-switch) which +has [known problems](https://bugs.chromium.org/p/chromium/issues/detail?id=644030). + +### Events tab + +To deep dive into proxy resolution, switch to the Events tab. + +You can start by filtering on `type:URL_REQUEST` to see all the top level +requests, and then keep click through the dependency links to +trace the proxy resolution steps and outcome. + +The most relevant events have either `PROXY_`, `PAC_`, or +`WPAD_` in their names. You can also try filtering for each of those. + +Documentation on specific events is available in +[net_log_event_type_list.h](https://chromium.googlesource.com/chromium/src/+/HEAD/net/log/net_log_event_type_list.h). + +Network change events can also be key to understanding proxy issues. After +switching networks (ex VPN), the effective proxy settings, as well as content +of any PAC scripts/auto-detect can change. + +## Web Proxy Auto-Discovery (WPAD) + +When configured to use WPAD (aka "autotmaticaly detect proxy settings"), Chrome +will prioritize: + +1. DHCP-based WPAD (option 252) +2. DNS-based WPAD + +These are tried in order, however DHCP-based WPAD is only supported for Chrome +on Windows and Chrome on Chrome OS. + +WPAD is the system default for many home and Enterprise users. + +### Chrome on macOS support for DHCP-based WPAD + +Chrome on macOS does not support DHCP-based WPAD when configured to use +"autodetect". + +However, macOS might perform DHCP-based WPAD and embed this discovered PAC URL +as part of the system proxy settings. So effectively when Chrome is configured +to "use system proxy settings" it may behave as if it supports DHCP-based WPAD. + +### Dangers of DNS-based WPAD and DNS search suffix list + +DNS-based WPAD involves probing for the non-FQDN `wpad`. This means +WPAD's performance and security is directly tied to the user's DNS search +suffix list. + +When resolving `wpad`, the host's DNS resolver will complete the hostname using +each of the suffixes in the search list: + +1. If the suffix list is long this process can very slow, as it triggers a + cascade of NXDOMAIN. +2. If the suffix list includes domains *outside of the administrative domain*, + WPAD may select an attacker controlled PAC server, and can subsequently + funnel the user's traffic through a proxy server of their choice. The + evolution of TLDs further increases this risk, since what were previously + private suffixes used by an enterprise can become publicly registerable. + See also [WPAD Name Collision + Vulnerability](https://www.us-cert.gov/ncas/alerts/TA16-144A) + +## --winhttp-proxy-resolver command line switch + +Passing the `--winhttp-proxy-resolver` command line argument instructs Chrome +to use the system libraries for *one narrow part of proxy resolution*: evaluating +a given PAC script. + +Use of this flag is NOT a supported mode, and has [known +problems](https://bugs.chromium.org/p/chromium/issues/detail?id=644030): It +can break Chrome extensions (`chrome.proxy` API), the interpretation of +Proxy policies, hurt performance, and doesn't ensure full fidelity +interpretation of system proxy settings. + +Another oddity of this switch is that it actually gets interpreted with a +smilar meaning on other platforms (macOS), despite its Windows-specific naming. + +This flag was historically exposed for debugging, and to mitigate unresolved +policy differences in PAC execution. In the future this switch [will be +removed](https://bugs.chromium.org/p/chromium/issues/detail?id=644030). + +Although Chrome would like full fidelity with Windows proxy settings, there are +limits to those integrations. Dependencies like NRPT for proxy +resolution necessitate using Windows proxy resolution libraries directly +instead of Chrome's. We hope these less common use cases will be fully +addressed by [this +feature](https://bugs.chromium.org/p/chromium/issues/detail?id=1032820) diff --git a/chromium/net/extras/preload_data/decoder.cc b/chromium/net/extras/preload_data/decoder.cc index 75b48249ddc..f20e955e0b0 100644 --- a/chromium/net/extras/preload_data/decoder.cc +++ b/chromium/net/extras/preload_data/decoder.cc @@ -3,7 +3,8 @@ // found in the LICENSE file. #include "net/extras/preload_data/decoder.h" -#include "base/logging.h" +#include "base/check_op.h" +#include "base/notreached.h" namespace net { diff --git a/chromium/net/extras/sqlite/sqlite_persistent_cookie_store_unittest.cc b/chromium/net/extras/sqlite/sqlite_persistent_cookie_store_unittest.cc index 9b432a75af6..7555e39ea88 100644 --- a/chromium/net/extras/sqlite/sqlite_persistent_cookie_store_unittest.cc +++ b/chromium/net/extras/sqlite/sqlite_persistent_cookie_store_unittest.cc @@ -1275,11 +1275,12 @@ TEST_F(SQLitePersistentCookieStoreTest, KeyInconsistency) { EXPECT_TRUE(cookie_scheme_callback1.result()); ResultSavingCookieCallback<CanonicalCookie::CookieInclusionStatus> set_cookie_callback; - auto cookie = CanonicalCookie::Create( - GURL("ftp://subdomain.ftperiffic.com/page"), "A=B; max-age=3600", - base::Time::Now(), base::nullopt /* server_time */); + GURL ftp_url("ftp://subdomain.ftperiffic.com/page/"); + auto cookie = + CanonicalCookie::Create(ftp_url, "A=B; max-age=3600", base::Time::Now(), + base::nullopt /* server_time */); cookie_monster->SetCanonicalCookieAsync( - std::move(cookie), "ftp", CookieOptions::MakeAllInclusive(), + std::move(cookie), ftp_url, CookieOptions::MakeAllInclusive(), base::BindOnce(&ResultSavingCookieCallback< CanonicalCookie::CookieInclusionStatus>::Run, base::Unretained(&set_cookie_callback))); @@ -1291,12 +1292,12 @@ TEST_F(SQLitePersistentCookieStoreTest, KeyInconsistency) { for (int i = 0; i < 50; ++i) { ResultSavingCookieCallback<CanonicalCookie::CookieInclusionStatus> set_cookie_callback2; - auto canonical_cookie = CanonicalCookie::Create( - GURL(base::StringPrintf("http://example%d.com/", i)), - "A=B; max-age=3600", base::Time::Now(), - base::nullopt /* server_time */); + GURL url(base::StringPrintf("http://example%d.com/", i)); + auto canonical_cookie = + CanonicalCookie::Create(url, "A=B; max-age=3600", base::Time::Now(), + base::nullopt /* server_time */); cookie_monster->SetCanonicalCookieAsync( - std::move(canonical_cookie), "http", CookieOptions::MakeAllInclusive(), + std::move(canonical_cookie), url, CookieOptions::MakeAllInclusive(), base::BindOnce(&ResultSavingCookieCallback< CanonicalCookie::CookieInclusionStatus>::Run, base::Unretained(&set_cookie_callback2))); @@ -1348,11 +1349,12 @@ TEST_F(SQLitePersistentCookieStoreTest, OpsIfInitFailed) { ResultSavingCookieCallback<CanonicalCookie::CookieInclusionStatus> set_cookie_callback; - auto cookie = CanonicalCookie::Create(GURL("http://www.example.com/"), - "A=B; max-age=3600", base::Time::Now(), - base::nullopt /* server_time */); + GURL url("http://www.example.com/"); + auto cookie = + CanonicalCookie::Create(url, "A=B; max-age=3600", base::Time::Now(), + base::nullopt /* server_time */); cookie_monster->SetCanonicalCookieAsync( - std::move(cookie), "http", CookieOptions::MakeAllInclusive(), + std::move(cookie), url, CookieOptions::MakeAllInclusive(), base::BindOnce(&ResultSavingCookieCallback< CanonicalCookie::CookieInclusionStatus>::Run, base::Unretained(&set_cookie_callback))); diff --git a/chromium/net/extras/sqlite/sqlite_persistent_store_backend_base.cc b/chromium/net/extras/sqlite/sqlite_persistent_store_backend_base.cc index a0a88a0a3f9..c894fc61864 100644 --- a/chromium/net/extras/sqlite/sqlite_persistent_store_backend_base.cc +++ b/chromium/net/extras/sqlite/sqlite_persistent_store_backend_base.cc @@ -9,6 +9,7 @@ #include "base/bind.h" #include "base/files/file_path.h" #include "base/files/file_util.h" +#include "base/logging.h" #include "base/metrics/histogram_functions.h" #include "base/sequenced_task_runner.h" #include "base/time/time.h" diff --git a/chromium/net/features.gni b/chromium/net/features.gni index 33b03ba90e4..ebf8a53bd17 100644 --- a/chromium/net/features.gni +++ b/chromium/net/features.gni @@ -44,6 +44,5 @@ declare_args() { # supported and may be switched between using the CertVerifierBuiltin feature # flag. This does not include platforms where the builtin cert verifier is # the only verifier supported. - builtin_cert_verifier_feature_supported = - is_desktop_linux || is_mac || is_chromeos + builtin_cert_verifier_feature_supported = is_mac } diff --git a/chromium/net/filter/brotli_source_stream.cc b/chromium/net/filter/brotli_source_stream.cc index 887a0f0c88a..662eb264142 100644 --- a/chromium/net/filter/brotli_source_stream.cc +++ b/chromium/net/filter/brotli_source_stream.cc @@ -6,7 +6,7 @@ #include "base/bind.h" #include "base/bit_cast.h" -#include "base/logging.h" +#include "base/check_op.h" #include "base/macros.h" #include "base/metrics/histogram_macros.h" #include "net/base/io_buffer.h" diff --git a/chromium/net/filter/brotli_source_stream_fuzzer.cc b/chromium/net/filter/brotli_source_stream_fuzzer.cc index 8c8ba18eb10..e721ee1e9f3 100644 --- a/chromium/net/filter/brotli_source_stream_fuzzer.cc +++ b/chromium/net/filter/brotli_source_stream_fuzzer.cc @@ -6,7 +6,6 @@ #include <fuzzer/FuzzedDataProvider.h> -#include "base/logging.h" #include "base/memory/ref_counted.h" #include "net/base/io_buffer.h" #include "net/base/test_completion_callback.h" diff --git a/chromium/net/filter/filter_source_stream.cc b/chromium/net/filter/filter_source_stream.cc index dae553e2eed..6ed1b1d7e2a 100644 --- a/chromium/net/filter/filter_source_stream.cc +++ b/chromium/net/filter/filter_source_stream.cc @@ -7,8 +7,9 @@ #include <utility> #include "base/bind.h" -#include "base/logging.h" +#include "base/check_op.h" #include "base/metrics/histogram_macros.h" +#include "base/notreached.h" #include "base/numerics/safe_conversions.h" #include "base/strings/string_util.h" #include "net/base/io_buffer.h" diff --git a/chromium/net/filter/filter_source_stream_test_util.cc b/chromium/net/filter/filter_source_stream_test_util.cc index 95c9fbd78d6..ec3b27f60e6 100644 --- a/chromium/net/filter/filter_source_stream_test_util.cc +++ b/chromium/net/filter/filter_source_stream_test_util.cc @@ -5,7 +5,7 @@ #include "net/filter/filter_source_stream_test_util.h" #include "base/bit_cast.h" -#include "base/logging.h" +#include "base/check_op.h" #include "third_party/zlib/zlib.h" namespace net { diff --git a/chromium/net/filter/gzip_header.cc b/chromium/net/filter/gzip_header.cc index 2ffd9eeb841..0dd2274a27f 100644 --- a/chromium/net/filter/gzip_header.cc +++ b/chromium/net/filter/gzip_header.cc @@ -4,9 +4,11 @@ #include "net/filter/gzip_header.h" +#include <string.h> + #include <algorithm> -#include "base/logging.h" +#include "base/check_op.h" #include "third_party/zlib/zlib.h" namespace net { diff --git a/chromium/net/filter/gzip_source_stream.cc b/chromium/net/filter/gzip_source_stream.cc index 629d7b70a74..13d55f3630b 100644 --- a/chromium/net/filter/gzip_source_stream.cc +++ b/chromium/net/filter/gzip_source_stream.cc @@ -9,8 +9,9 @@ #include "base/bind.h" #include "base/bit_cast.h" -#include "base/logging.h" +#include "base/check_op.h" #include "base/memory/ref_counted.h" +#include "base/notreached.h" #include "net/base/io_buffer.h" #include "third_party/zlib/zlib.h" diff --git a/chromium/net/filter/mock_source_stream.cc b/chromium/net/filter/mock_source_stream.cc index 2e898360a1c..55fbaa4b4e1 100644 --- a/chromium/net/filter/mock_source_stream.cc +++ b/chromium/net/filter/mock_source_stream.cc @@ -6,7 +6,7 @@ #include <utility> -#include "base/logging.h" +#include "base/check_op.h" #include "net/base/io_buffer.h" #include "testing/gtest/include/gtest/gtest.h" diff --git a/chromium/net/ftp/ftp_auth_cache.cc b/chromium/net/ftp/ftp_auth_cache.cc index 63da9aeff12..960bde6ce9e 100644 --- a/chromium/net/ftp/ftp_auth_cache.cc +++ b/chromium/net/ftp/ftp_auth_cache.cc @@ -4,7 +4,7 @@ #include "net/ftp/ftp_auth_cache.h" -#include "base/logging.h" +#include "base/check_op.h" #include "url/gurl.h" namespace net { diff --git a/chromium/net/ftp/ftp_ctrl_response_buffer.cc b/chromium/net/ftp/ftp_ctrl_response_buffer.cc index ae31f46f47f..2fce7381ce5 100644 --- a/chromium/net/ftp/ftp_ctrl_response_buffer.cc +++ b/chromium/net/ftp/ftp_ctrl_response_buffer.cc @@ -6,7 +6,7 @@ #include <utility> -#include "base/logging.h" +#include "base/check_op.h" #include "base/strings/string_piece.h" #include "base/values.h" #include "net/base/net_errors.h" diff --git a/chromium/net/ftp/ftp_network_layer.cc b/chromium/net/ftp/ftp_network_layer.cc index 9cb3b286cbe..3fb56aecb56 100644 --- a/chromium/net/ftp/ftp_network_layer.cc +++ b/chromium/net/ftp/ftp_network_layer.cc @@ -4,7 +4,7 @@ #include "net/ftp/ftp_network_layer.h" -#include "base/logging.h" +#include "base/check.h" #include "net/ftp/ftp_network_session.h" #include "net/ftp/ftp_network_transaction.h" #include "net/socket/client_socket_factory.h" diff --git a/chromium/net/ftp/ftp_util.cc b/chromium/net/ftp/ftp_util.cc index 4af3603079b..b70981c6c21 100644 --- a/chromium/net/ftp/ftp_util.cc +++ b/chromium/net/ftp/ftp_util.cc @@ -7,10 +7,10 @@ #include <map> #include <vector> +#include "base/check_op.h" #include "base/i18n/case_conversion.h" #include "base/i18n/char_iterator.h" #include "base/i18n/unicodestring.h" -#include "base/logging.h" #include "base/macros.h" #include "base/memory/singleton.h" #include "base/strings/string_number_conversions.h" diff --git a/chromium/net/http/alternative_service.cc b/chromium/net/http/alternative_service.cc index 1cf6b5481f8..56273b992fc 100644 --- a/chromium/net/http/alternative_service.cc +++ b/chromium/net/http/alternative_service.cc @@ -4,8 +4,10 @@ #include "net/http/alternative_service.h" -#include "base/logging.h" +#include "base/check_op.h" #include "base/metrics/histogram_macros.h" +#include "base/metrics/histogram_macros_local.h" +#include "base/notreached.h" #include "base/strings/stringprintf.h" namespace net { @@ -54,9 +56,9 @@ void HistogramAlternateProtocolUsage(AlternateProtocolUsage usage, bool proxy_server_used) { if (proxy_server_used) { DCHECK_LE(usage, ALTERNATE_PROTOCOL_USAGE_LOST_RACE); - UMA_HISTOGRAM_ENUMERATION("Net.QuicAlternativeProxy.Usage", - ConvertProtocolUsageToProxyUsage(usage), - ALTERNATIVE_PROXY_USAGE_MAX); + LOCAL_HISTOGRAM_ENUMERATION("Net.QuicAlternativeProxy.Usage", + ConvertProtocolUsageToProxyUsage(usage), + ALTERNATIVE_PROXY_USAGE_MAX); } else { UMA_HISTOGRAM_ENUMERATION("Net.AlternateProtocolUsage", usage, ALTERNATE_PROTOCOL_USAGE_MAX); @@ -133,8 +135,6 @@ AlternativeServiceInfo::AlternativeServiceInfo( : alternative_service_(alternative_service), expiration_(expiration) { if (alternative_service_.protocol == kProtoQUIC) { advertised_versions_ = advertised_versions; - std::sort(advertised_versions_.begin(), advertised_versions_.end(), - TransportVersionLessThan); } } diff --git a/chromium/net/http/alternative_service.h b/chromium/net/http/alternative_service.h index 908781b36a7..aaf32b77779 100644 --- a/chromium/net/http/alternative_service.h +++ b/chromium/net/http/alternative_service.h @@ -201,8 +201,7 @@ class NET_EXPORT_PRIVATE AlternativeServiceInfo { // Lists all the QUIC versions that are advertised by the server and supported // by Chrome. If empty, defaults to versions used by the current instance of - // the netstack. - // This list MUST be sorted in ascending order. + // the netstack. This list is sorted according to the server's preference. quic::ParsedQuicVersionVector advertised_versions_; }; diff --git a/chromium/net/http/failing_http_transaction_factory.cc b/chromium/net/http/failing_http_transaction_factory.cc index dc48ed844d3..7f367a8d38e 100644 --- a/chromium/net/http/failing_http_transaction_factory.cc +++ b/chromium/net/http/failing_http_transaction_factory.cc @@ -9,9 +9,10 @@ #include <utility> #include "base/bind.h" +#include "base/check_op.h" #include "base/compiler_specific.h" #include "base/location.h" -#include "base/logging.h" +#include "base/notreached.h" #include "base/single_thread_task_runner.h" #include "base/threading/thread_task_runner_handle.h" #include "net/base/completion_once_callback.h" diff --git a/chromium/net/http/http_auth_gssapi_posix_unittest.cc b/chromium/net/http/http_auth_gssapi_posix_unittest.cc index b9211485dfa..ac76434af06 100644 --- a/chromium/net/http/http_auth_gssapi_posix_unittest.cc +++ b/chromium/net/http/http_auth_gssapi_posix_unittest.cc @@ -8,8 +8,8 @@ #include "base/base_paths.h" #include "base/bind.h" +#include "base/check.h" #include "base/json/json_reader.h" -#include "base/logging.h" #include "base/native_library.h" #include "base/path_service.h" #include "base/stl_util.h" diff --git a/chromium/net/http/http_auth_handler.cc b/chromium/net/http/http_auth_handler.cc index fc89e546a8f..b62f870a755 100644 --- a/chromium/net/http/http_auth_handler.cc +++ b/chromium/net/http/http_auth_handler.cc @@ -8,7 +8,7 @@ #include "base/bind.h" #include "base/bind_helpers.h" -#include "base/logging.h" +#include "base/check_op.h" #include "net/base/net_errors.h" #include "net/http/http_auth_challenge_tokenizer.h" #include "net/log/net_log.h" diff --git a/chromium/net/http/http_basic_state.cc b/chromium/net/http/http_basic_state.cc index a0c19a51d02..937b0709a3a 100644 --- a/chromium/net/http/http_basic_state.cc +++ b/chromium/net/http/http_basic_state.cc @@ -6,7 +6,7 @@ #include <utility> -#include "base/logging.h" +#include "base/check_op.h" #include "base/stl_util.h" #include "net/base/io_buffer.h" #include "net/http/http_request_info.h" diff --git a/chromium/net/http/http_byte_range.cc b/chromium/net/http/http_byte_range.cc index ad12fa9847c..30a5d72629c 100644 --- a/chromium/net/http/http_byte_range.cc +++ b/chromium/net/http/http_byte_range.cc @@ -4,8 +4,8 @@ #include <algorithm> +#include "base/check.h" #include "base/format_macros.h" -#include "base/logging.h" #include "base/strings/stringprintf.h" #include "net/http/http_byte_range.h" diff --git a/chromium/net/http/http_cache_writers_unittest.cc b/chromium/net/http/http_cache_writers_unittest.cc index af3a7e59c91..56ada85bbd0 100644 --- a/chromium/net/http/http_cache_writers_unittest.cc +++ b/chromium/net/http/http_cache_writers_unittest.cc @@ -120,7 +120,7 @@ class WritersTest : public TestWithTaskEnvironment { base::RunLoop().RunUntilIdle(); response_info_ = *(network_transaction->GetResponseInfo()); if (content_encoding_present) - response_info_.headers->AddHeader("Content-Encoding: gzip"); + response_info_.headers->AddHeader("Content-Encoding", "gzip"); // Create a mock cache transaction. std::unique_ptr<TestHttpCacheTransaction> transaction = diff --git a/chromium/net/http/http_content_disposition.cc b/chromium/net/http/http_content_disposition.cc index df3f59060f6..4fbc43daadd 100644 --- a/chromium/net/http/http_content_disposition.cc +++ b/chromium/net/http/http_content_disposition.cc @@ -5,7 +5,7 @@ #include "net/http/http_content_disposition.h" #include "base/base64.h" -#include "base/logging.h" +#include "base/check_op.h" #include "base/strings/string_piece.h" #include "base/strings/string_tokenizer.h" #include "base/strings/string_util.h" diff --git a/chromium/net/http/http_network_layer.cc b/chromium/net/http/http_network_layer.cc index c7d36e62431..6c0030de675 100644 --- a/chromium/net/http/http_network_layer.cc +++ b/chromium/net/http/http_network_layer.cc @@ -4,7 +4,7 @@ #include "net/http/http_network_layer.h" -#include "base/logging.h" +#include "base/check_op.h" #include "base/power_monitor/power_monitor.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_split.h" diff --git a/chromium/net/http/http_network_session.cc b/chromium/net/http/http_network_session.cc index f786046f854..d5283730314 100644 --- a/chromium/net/http/http_network_session.cc +++ b/chromium/net/http/http_network_session.cc @@ -9,8 +9,9 @@ #include <utility> #include "base/atomic_sequence_num.h" +#include "base/check_op.h" #include "base/compiler_specific.h" -#include "base/logging.h" +#include "base/notreached.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_util.h" #include "base/strings/stringprintf.h" @@ -90,7 +91,7 @@ HttpNetworkSession::Params::Params() time_func(&base::TimeTicks::Now), enable_http2_alternative_service(false), enable_websocket_over_http2(false), - enable_quic(false), + enable_quic(true), enable_quic_proxies_for_https_urls(false), disable_idle_sockets_close_on_memory_pressure(false), key_auth_cache_server_entries_by_network_isolation_key(false) { @@ -283,8 +284,6 @@ std::unique_ptr<base::Value> HttpNetworkSession::QuicInfoToValue() const { quic_params->reduced_ping_timeout.InSeconds()); dict->SetBoolean("retry_without_alt_svc_on_quic_errors", quic_params->retry_without_alt_svc_on_quic_errors); - dict->SetBoolean("race_cert_verification", - quic_params->race_cert_verification); dict->SetBoolean("disable_bidirectional_streams", quic_params->disable_bidirectional_streams); dict->SetBoolean("close_sessions_on_ip_change", diff --git a/chromium/net/http/http_network_transaction_unittest.cc b/chromium/net/http/http_network_transaction_unittest.cc index abbce471780..86d5348164e 100644 --- a/chromium/net/http/http_network_transaction_unittest.cc +++ b/chromium/net/http/http_network_transaction_unittest.cc @@ -5586,7 +5586,7 @@ TEST_F(HttpNetworkTransactionTest, SameDestinationForDifferentProxyTypes) { std::make_unique<ProxyConfigServiceFixed>(ProxyConfigWithAnnotation( ProxyConfig::CreateAutoDetect(), TRAFFIC_ANNOTATION_FOR_TESTS)), std::make_unique<SameProxyWithDifferentSchemesProxyResolverFactory>(), - nullptr); + nullptr, /*quick_check_enabled=*/true); std::unique_ptr<HttpNetworkSession> session = CreateSession(&session_deps_); @@ -6007,7 +6007,7 @@ TEST_F(HttpNetworkTransactionTest, ProxyResolvedWithNetworkIsolationKey) { proxy_config, TRAFFIC_ANNOTATION_FOR_TESTS)), std::make_unique<CapturingProxyResolverFactory>( &capturing_proxy_resolver), - nullptr); + nullptr, /*quick_check_enabled=*/true); std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_)); @@ -6611,7 +6611,7 @@ TEST_F(HttpNetworkTransactionTest, ProxiedH2SessionAppearsDuringAuth) { proxy_config, TRAFFIC_ANNOTATION_FOR_TESTS)), std::make_unique<CapturingProxyResolverFactory>( &capturing_proxy_resolver), - nullptr); + nullptr, /*quick_check_enabled=*/true); std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_)); @@ -7150,7 +7150,7 @@ TEST_F(HttpNetworkTransactionTest, SpdyProxyIsolation1) { proxy_config, TRAFFIC_ANNOTATION_FOR_TESTS)), std::make_unique<CapturingProxyResolverFactory>( &capturing_proxy_resolver), - nullptr); + nullptr, /*quick_check_enabled=*/true); std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_)); @@ -7285,7 +7285,7 @@ TEST_F(HttpNetworkTransactionTest, SpdyProxyIsolation2) { proxy_config, TRAFFIC_ANNOTATION_FOR_TESTS)), std::make_unique<CapturingProxyResolverFactory>( &capturing_proxy_resolver), - nullptr); + nullptr, /*quick_check_enabled=*/true); std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_)); // Fetch https://proxy:70/ via HTTP/2. @@ -14184,7 +14184,7 @@ TEST_F(HttpNetworkTransactionTest, UseOriginNotAlternativeForProxy) { session_deps_.proxy_resolution_service = std::make_unique<ConfiguredProxyResolutionService>( std::move(proxy_config_service), std::move(proxy_resolver_factory), - &net_log); + &net_log, /*quick_check_enabled=*/true); session_deps_.net_log = &net_log; @@ -14265,7 +14265,7 @@ TEST_F(HttpNetworkTransactionTest, UseAlternativeServiceForTunneledNpnSpdy) { proxy_config, TRAFFIC_ANNOTATION_FOR_TESTS)), std::make_unique<CapturingProxyResolverFactory>( &capturing_proxy_resolver), - nullptr); + nullptr, /*quick_check_enabled=*/true); RecordingTestNetLog net_log; session_deps_.net_log = &net_log; @@ -17647,7 +17647,7 @@ TEST_F(HttpNetworkTransactionTest, DoNotUseSpdySessionIfCertDoesNotMatch) { std::make_unique<ConfiguredProxyResolutionService>( std::make_unique<ProxyConfigServiceFixed>(ProxyConfigWithAnnotation( proxy_config, TRAFFIC_ANNOTATION_FOR_TESTS)), - nullptr, nullptr); + nullptr, nullptr, /*quick_check_enabled=*/true); SSLSocketDataProvider ssl1(ASYNC, OK); // to the proxy ssl1.next_proto = kProtoHTTP2; @@ -19290,7 +19290,8 @@ TEST_F(HttpNetworkTransactionTest, ProxyResolutionFailsSync) { new ConfiguredProxyResolutionService( std::make_unique<ProxyConfigServiceFixed>(ProxyConfigWithAnnotation( proxy_config, TRAFFIC_ANNOTATION_FOR_TESTS)), - std::make_unique<FailingProxyResolverFactory>(), nullptr)); + std::make_unique<FailingProxyResolverFactory>(), nullptr, + /*quick_check_enabled=*/true)); HttpRequestInfo request; request.method = "GET"; @@ -19320,7 +19321,8 @@ TEST_F(HttpNetworkTransactionTest, ProxyResolutionFailsAsync) { new ConfiguredProxyResolutionService( std::make_unique<ProxyConfigServiceFixed>(ProxyConfigWithAnnotation( proxy_config, TRAFFIC_ANNOTATION_FOR_TESTS)), - base::WrapUnique(proxy_resolver_factory), nullptr)); + base::WrapUnique(proxy_resolver_factory), nullptr, + /*quick_check_enabled=*/true)); HttpRequestInfo request; request.method = "GET"; request.url = GURL("http://www.example.org/"); diff --git a/chromium/net/http/http_proxy_client_socket_fuzzer.cc b/chromium/net/http/http_proxy_client_socket_fuzzer.cc index a173b382cb6..1bb19eae83d 100644 --- a/chromium/net/http/http_proxy_client_socket_fuzzer.cc +++ b/chromium/net/http/http_proxy_client_socket_fuzzer.cc @@ -12,7 +12,7 @@ #include <memory> #include <string> -#include "base/logging.h" +#include "base/check_op.h" #include "base/strings/utf_string_conversions.h" #include "net/base/address_list.h" #include "net/base/auth.h" diff --git a/chromium/net/http/http_response_body_drainer.cc b/chromium/net/http/http_response_body_drainer.cc index bd60c429fe1..ee4f8705641 100644 --- a/chromium/net/http/http_response_body_drainer.cc +++ b/chromium/net/http/http_response_body_drainer.cc @@ -5,9 +5,10 @@ #include "net/http/http_response_body_drainer.h" #include "base/bind.h" +#include "base/check_op.h" #include "base/compiler_specific.h" -#include "base/logging.h" #include "base/memory/ptr_util.h" +#include "base/notreached.h" #include "net/base/io_buffer.h" #include "net/base/net_errors.h" #include "net/http/http_network_session.h" diff --git a/chromium/net/http/http_response_headers.cc b/chromium/net/http/http_response_headers.cc index a3d39a0f98d..4c1429239bb 100644 --- a/chromium/net/http/http_response_headers.cc +++ b/chromium/net/http/http_response_headers.cc @@ -35,7 +35,6 @@ #include "net/log/net_log_capture_mode.h" #include "net/log/net_log_values.h" -using base::StringPiece; using base::Time; using base::TimeDelta; @@ -169,13 +168,13 @@ HttpResponseHeaders::HttpResponseHeaders(const std::string& raw_input) // that would actually create a double call between the original // HttpResponseHeader that was serialized, and initialization of the // new object from that pickle. - UMA_HISTOGRAM_CUSTOM_ENUMERATION("Net.HttpResponseCode", - HttpUtil::MapStatusCodeForHistogram( - response_code_), - // Note the third argument is only - // evaluated once, see macro - // definition for details. - HttpUtil::GetStatusCodesForHistogram()); + UMA_HISTOGRAM_CUSTOM_ENUMERATION( + "Net.HttpResponseCode", + HttpUtil::MapStatusCodeForHistogram(response_code_), + // Note the third argument is only + // evaluated once, see macro + // definition for details. + HttpUtil::GetStatusCodesForHistogram()); } HttpResponseHeaders::HttpResponseHeaders(base::PickleIterator* iter) @@ -327,14 +326,13 @@ void HttpResponseHeaders::MergeWithHeaders(const std::string& raw_headers, Parse(new_raw_headers); } -void HttpResponseHeaders::RemoveHeader(const std::string& name) { +void HttpResponseHeaders::RemoveHeader(base::StringPiece name) { // Copy up to the null byte. This just copies the status line. std::string new_raw_headers(raw_headers_.c_str()); new_raw_headers.push_back('\0'); - std::string lowercase_name = base::ToLowerASCII(name); HeaderSet to_remove; - to_remove.insert(lowercase_name); + to_remove.insert(base::ToLowerASCII(name)); MergeWithHeaders(new_raw_headers, to_remove); } @@ -383,13 +381,16 @@ void HttpResponseHeaders::RemoveHeaderLine(const std::string& name, Parse(new_raw_headers); } -void HttpResponseHeaders::AddHeader(const std::string& header) { - CheckDoesNotHaveEmbeddedNulls(header); - DCHECK_EQ('\0', raw_headers_[raw_headers_.size() - 2]); - DCHECK_EQ('\0', raw_headers_[raw_headers_.size() - 1]); +void HttpResponseHeaders::AddHeader(base::StringPiece name, + base::StringPiece value) { + DCHECK(HttpUtil::IsValidHeaderName(name)); + DCHECK(HttpUtil::IsValidHeaderValue(value)); + // Don't copy the last null. std::string new_raw_headers(raw_headers_, 0, raw_headers_.size() - 1); - new_raw_headers.append(header); + new_raw_headers.append(name.begin(), name.end()); + new_raw_headers.append(": "); + new_raw_headers.append(value.begin(), value.end()); new_raw_headers.push_back('\0'); new_raw_headers.push_back('\0'); @@ -399,8 +400,14 @@ void HttpResponseHeaders::AddHeader(const std::string& header) { Parse(new_raw_headers); } +void HttpResponseHeaders::SetHeader(base::StringPiece name, + base::StringPiece value) { + RemoveHeader(name); + AddHeader(name, value); +} + void HttpResponseHeaders::AddCookie(const std::string& cookie_string) { - AddHeader("Set-Cookie: " + cookie_string); + AddHeader("Set-Cookie", cookie_string); } void HttpResponseHeaders::ReplaceStatusLine(const std::string& new_status) { @@ -433,9 +440,10 @@ void HttpResponseHeaders::UpdateWithNewRange(const HttpByteRange& byte_range, if (replace_status_line) ReplaceStatusLine("HTTP/1.1 206 Partial Content"); - AddHeader(base::StringPrintf("%s: bytes %" PRId64 "-%" PRId64 "/%" PRId64, - kRangeHeader, start, end, resource_size)); - AddHeader(base::StringPrintf("%s: %" PRId64, kLengthHeader, range_len)); + AddHeader(kRangeHeader, + base::StringPrintf("bytes %" PRId64 "-%" PRId64 "/%" PRId64, start, + end, resource_size)); + AddHeader(kLengthHeader, base::StringPrintf("%" PRId64, range_len)); } void HttpResponseHeaders::Parse(const std::string& raw_input) { @@ -447,9 +455,9 @@ void HttpResponseHeaders::Parse(const std::string& raw_input) { std::find(line_begin, raw_input.end(), '\0'); // has_headers = true, if there is any data following the status line. // Used by ParseStatusLine() to decide if a HTTP/0.9 is really a HTTP/1.0. - bool has_headers = (line_end != raw_input.end() && - (line_end + 1) != raw_input.end() && - *(line_end + 1) != '\0'); + bool has_headers = + (line_end != raw_input.end() && (line_end + 1) != raw_input.end() && + *(line_end + 1) != '\0'); ParseStatusLine(line_begin, line_end, has_headers); raw_headers_.push_back('\0'); // Terminate status line with a null. @@ -481,9 +489,7 @@ void HttpResponseHeaders::Parse(const std::string& raw_input) { HttpUtil::HeadersIterator headers(line_end + 1, raw_headers_.end(), std::string(1, '\0')); while (headers.GetNext()) { - AddHeader(headers.name_begin(), - headers.name_end(), - headers.values_begin(), + AddHeader(headers.name_begin(), headers.name_end(), headers.values_begin(), headers.values_end()); } @@ -491,7 +497,7 @@ void HttpResponseHeaders::Parse(const std::string& raw_input) { DCHECK_EQ('\0', raw_headers_[raw_headers_.size() - 1]); } -bool HttpResponseHeaders::GetNormalizedHeader(const std::string& name, +bool HttpResponseHeaders::GetNormalizedHeader(base::StringPiece name, std::string* value) const { // If you hit this assertion, please use EnumerateHeader instead! DCHECK(!HttpUtil::IsNonCoalescingHeader(name)); @@ -569,7 +575,7 @@ bool HttpResponseHeaders::EnumerateHeaderLines(size_t* iter, } bool HttpResponseHeaders::EnumerateHeader(size_t* iter, - const base::StringPiece& name, + base::StringPiece name, std::string* value) const { size_t i; if (!iter || !*iter) { @@ -594,8 +600,8 @@ bool HttpResponseHeaders::EnumerateHeader(size_t* iter, return true; } -bool HttpResponseHeaders::HasHeaderValue(const base::StringPiece& name, - const base::StringPiece& value) const { +bool HttpResponseHeaders::HasHeaderValue(base::StringPiece name, + base::StringPiece value) const { // The value has to be an exact match. This is important since // 'cache-control: no-cache' != 'cache-control: no-cache="foo"' size_t iter = 0; @@ -607,7 +613,7 @@ bool HttpResponseHeaders::HasHeaderValue(const base::StringPiece& name, return false; } -bool HttpResponseHeaders::HasHeader(const base::StringPiece& name) const { +bool HttpResponseHeaders::HasHeader(base::StringPiece name) const { return FindHeader(0, name) != std::string::npos; } @@ -713,7 +719,7 @@ void HttpResponseHeaders::ParseStatusLine( } raw_headers_.push_back(' '); raw_headers_.append(code, p); - base::StringToInt(StringPiece(code, p), &response_code_); + base::StringToInt(base::StringPiece(code, p), &response_code_); // Skip whitespace. while (p < line_end && *p == ' ') @@ -731,7 +737,7 @@ void HttpResponseHeaders::ParseStatusLine( } size_t HttpResponseHeaders::FindHeader(size_t from, - const base::StringPiece& search) const { + base::StringPiece search) const { for (size_t i = from; i < parsed_.size(); ++i) { if (parsed_[i].is_continuation()) continue; @@ -743,9 +749,9 @@ size_t HttpResponseHeaders::FindHeader(size_t from, return std::string::npos; } -bool HttpResponseHeaders::GetCacheControlDirective(const StringPiece& directive, +bool HttpResponseHeaders::GetCacheControlDirective(base::StringPiece directive, TimeDelta* result) const { - StringPiece name("cache-control"); + base::StringPiece name("cache-control"); std::string value; size_t directive_size = directive.size(); @@ -758,7 +764,7 @@ bool HttpResponseHeaders::GetCacheControlDirective(const StringPiece& directive, value[directive_size] == '=') { int64_t seconds; base::StringToInt64( - StringPiece(value.begin() + directive_size + 1, value.end()), + base::StringPiece(value.begin() + directive_size + 1, value.end()), &seconds); *result = TimeDelta::FromSeconds(seconds); return true; @@ -818,7 +824,7 @@ void HttpResponseHeaders::AddNonCacheableHeaders(HeaderSet* result) const { continue; } // if it doesn't end with a quote, then treat as malformed - if (value[value.size()-1] != '\"') + if (value[value.size() - 1] != '\"') continue; // process the value as a comma-separated list of items. Each @@ -937,11 +943,8 @@ bool HttpResponseHeaders::IsRedirect(std::string* location) const { bool HttpResponseHeaders::IsRedirectResponseCode(int response_code) { // Users probably want to see 300 (multiple choice) pages, so we don't count // them as redirects that need to be followed. - return (response_code == 301 || - response_code == 302 || - response_code == 303 || - response_code == 307 || - response_code == 308); + return (response_code == 301 || response_code == 302 || + response_code == 303 || response_code == 307 || response_code == 308); } // From RFC 2616 section 13.2.4: @@ -1240,8 +1243,8 @@ bool HttpResponseHeaders::IsKeepAlive() const { // NOTE: It is perhaps risky to assume that a Proxy-Connection header is // meaningful when we don't know that this response was from a proxy, but // Mozilla also does this, so we'll do the same. - static const char* const kConnectionHeaders[] = { - "connection", "proxy-connection"}; + static const char* const kConnectionHeaders[] = {"connection", + "proxy-connection"}; struct KeepAliveToken { const char* const token; bool keep_alive; @@ -1272,10 +1275,8 @@ bool HttpResponseHeaders::HasStrongValidators() const { EnumerateHeader(nullptr, "Last-Modified", &last_modified_header); std::string date_header; EnumerateHeader(nullptr, "Date", &date_header); - return HttpUtil::HasStrongValidators(GetHttpVersion(), - etag_header, - last_modified_header, - date_header); + return HttpUtil::HasStrongValidators(GetHttpVersion(), etag_header, + last_modified_header, date_header); } bool HttpResponseHeaders::HasValidators() const { @@ -1350,10 +1351,10 @@ base::Value HttpResponseHeaders::NetLogParams( bool HttpResponseHeaders::IsChunkEncoded() const { // Ignore spurious chunked responses from HTTP/1.0 servers and proxies. return GetHttpVersion() >= HttpVersion(1, 1) && - HasHeaderValue("Transfer-Encoding", "chunked"); + HasHeaderValue("Transfer-Encoding", "chunked"); } -bool HttpResponseHeaders::IsCookieResponseHeader(StringPiece name) { +bool HttpResponseHeaders::IsCookieResponseHeader(base::StringPiece name) { for (const char* cookie_header : kCookieResponseHeaders) { if (base::EqualsCaseInsensitiveASCII(cookie_header, name)) return true; diff --git a/chromium/net/http/http_response_headers.h b/chromium/net/http/http_response_headers.h index a0d74d9c539..dc1a74cdbe0 100644 --- a/chromium/net/http/http_response_headers.h +++ b/chromium/net/http/http_response_headers.h @@ -12,6 +12,7 @@ #include <unordered_set> #include <vector> +#include "base/callback.h" #include "base/macros.h" #include "base/memory/ref_counted.h" #include "base/strings/string_piece.h" @@ -95,7 +96,7 @@ class NET_EXPORT HttpResponseHeaders void Update(const HttpResponseHeaders& new_headers); // Removes all instances of a particular header. - void RemoveHeader(const std::string& name); + void RemoveHeader(base::StringPiece name); // Removes all instances of particular headers. void RemoveHeaders(const std::unordered_set<std::string>& header_names); @@ -104,12 +105,16 @@ class NET_EXPORT HttpResponseHeaders // case-insensitively. void RemoveHeaderLine(const std::string& name, const std::string& value); - // Adds a particular header. |header| has to be a single header without any - // EOL termination, just [<header-name>: <header-values>] - // If a header with the same name is already stored, the two headers are not - // merged together by this method; the one provided is simply put at the - // end of the list. - void AddHeader(const std::string& header); + // Adds the specified response header. If a header with the same name is + // already stored, the two headers are not merged together by this method; the + // one provided is simply put at the end of the list. + void AddHeader(base::StringPiece name, base::StringPiece value); + + // Sets the specified response header, removing any matching old one if + // present. The new header is added to the end of the header list, rather than + // replacing the old one. This is the same as calling RemoveHeader() followed + // be SetHeader(). + void SetHeader(base::StringPiece name, base::StringPiece value); // Adds a cookie header. |cookie_string| should be the header value without // the header name (Set-Cookie). @@ -135,7 +140,7 @@ class NET_EXPORT HttpResponseHeaders // NOTE: Do not make any assumptions about the encoding of this output // string. It may be non-ASCII, and the encoding used by the server is not // necessarily known to us. Do not assume that this output is UTF-8! - bool GetNormalizedHeader(const std::string& name, std::string* value) const; + bool GetNormalizedHeader(base::StringPiece name, std::string* value) const; // Returns the normalized status line. std::string GetStatusLine() const; @@ -186,17 +191,16 @@ class NET_EXPORT HttpResponseHeaders // To handle cases such as this, use GetNormalizedHeader to return the full // concatenated header, and then parse manually. bool EnumerateHeader(size_t* iter, - const base::StringPiece& name, + base::StringPiece name, std::string* value) const; // Returns true if the response contains the specified header-value pair. // Both name and value are compared case insensitively. - bool HasHeaderValue(const base::StringPiece& name, - const base::StringPiece& value) const; + bool HasHeaderValue(base::StringPiece name, base::StringPiece value) const; // Returns true if the response contains the specified header. // The name is compared case insensitively. - bool HasHeader(const base::StringPiece& name) const; + bool HasHeader(base::StringPiece name) const; // Get the mime type and charset values in lower case form from the headers. // Empty strings are returned if the values are not present. @@ -341,14 +345,14 @@ class NET_EXPORT HttpResponseHeaders std::string::const_iterator line_end, bool has_headers); - // Find the header in our list (case-insensitive) starting with parsed_ at + // Find the header in our list (case-insensitive) starting with |parsed_| at // index |from|. Returns string::npos if not found. - size_t FindHeader(size_t from, const base::StringPiece& name) const; + size_t FindHeader(size_t from, base::StringPiece name) const; // Search the Cache-Control header for a directive matching |directive|. If // present, treat its value as a time offset in seconds, write it to |result|, // and return true. - bool GetCacheControlDirective(const base::StringPiece& directive, + bool GetCacheControlDirective(base::StringPiece directive, base::TimeDelta* result) const; // Add a header->value pair to our list. If we already have header in our diff --git a/chromium/net/http/http_response_headers_unittest.cc b/chromium/net/http/http_response_headers_unittest.cc index f24fc6b1a9d..54ac9588a02 100644 --- a/chromium/net/http/http_response_headers_unittest.cc +++ b/chromium/net/http/http_response_headers_unittest.cc @@ -1766,59 +1766,64 @@ TEST(HttpResponseHeadersTest, GetNormalizedHeaderWithCommas) { EXPECT_FALSE(parsed->GetNormalizedHeader("f", &value)); } -struct AddHeaderTestData { - const char* orig_headers; - const char* new_header; - const char* expected_headers; -}; - -class AddHeaderTest - : public HttpResponseHeadersTest, - public ::testing::WithParamInterface<AddHeaderTestData> { -}; - -TEST_P(AddHeaderTest, AddHeader) { - const AddHeaderTestData test = GetParam(); - - std::string orig_headers(test.orig_headers); - HeadersToRaw(&orig_headers); - scoped_refptr<HttpResponseHeaders> parsed( - new HttpResponseHeaders(orig_headers)); - - std::string new_header(test.new_header); - parsed->AddHeader(new_header); +TEST(HttpResponseHeadersTest, AddHeader) { + scoped_refptr<HttpResponseHeaders> headers = HttpResponseHeaders::TryToCreate( + "HTTP/1.1 200 OK\n" + "connection: keep-alive\n" + "Cache-control: max-age=10000\n"); + ASSERT_TRUE(headers); - EXPECT_EQ(std::string(test.expected_headers), ToSimpleString(parsed)); + headers->AddHeader("Content-Length", "450"); + EXPECT_EQ( + "HTTP/1.1 200 OK\n" + "connection: keep-alive\n" + "Cache-control: max-age=10000\n" + "Content-Length: 450\n", + ToSimpleString(headers)); + + // Add a second Content-Length header with extra spaces in the value. It + // should be added to the end, and the extra spaces removed. + headers->AddHeader("Content-Length", " 42 "); + EXPECT_EQ( + "HTTP/1.1 200 OK\n" + "connection: keep-alive\n" + "Cache-control: max-age=10000\n" + "Content-Length: 450\n" + "Content-Length: 42\n", + ToSimpleString(headers)); } -const AddHeaderTestData add_header_tests[] = { - { "HTTP/1.1 200 OK\n" - "connection: keep-alive\n" - "Cache-control: max-age=10000\n", - - "Content-Length: 450", - - "HTTP/1.1 200 OK\n" - "connection: keep-alive\n" - "Cache-control: max-age=10000\n" - "Content-Length: 450\n" - }, - { "HTTP/1.1 200 OK\n" - "connection: keep-alive\n" - "Cache-control: max-age=10000 \n", +TEST(HttpResponseHeadersTest, SetHeader) { + scoped_refptr<HttpResponseHeaders> headers = HttpResponseHeaders::TryToCreate( + "HTTP/1.1 200 OK\n" + "connection: keep-alive\n" + "Cache-control: max-age=10000\n"); + ASSERT_TRUE(headers); - "Content-Length: 450 ", + headers->SetHeader("Content-Length", "450"); + EXPECT_EQ( + "HTTP/1.1 200 OK\n" + "connection: keep-alive\n" + "Cache-control: max-age=10000\n" + "Content-Length: 450\n", + ToSimpleString(headers)); - "HTTP/1.1 200 OK\n" - "connection: keep-alive\n" - "Cache-control: max-age=10000\n" - "Content-Length: 450\n" - }, -}; + headers->SetHeader("Content-Length", " 42 "); + EXPECT_EQ( + "HTTP/1.1 200 OK\n" + "connection: keep-alive\n" + "Cache-control: max-age=10000\n" + "Content-Length: 42\n", + ToSimpleString(headers)); -INSTANTIATE_TEST_SUITE_P(HttpResponseHeaders, - AddHeaderTest, - testing::ValuesIn(add_header_tests)); + headers->SetHeader("connection", "close"); + EXPECT_EQ( + "HTTP/1.1 200 OK\n" + "Cache-control: max-age=10000\n" + "Content-Length: 42\n" + "connection: close\n", + ToSimpleString(headers)); +} struct RemoveHeaderTestData { const char* orig_headers; diff --git a/chromium/net/http/http_security_headers.cc b/chromium/net/http/http_security_headers.cc index a975ab61064..0823356701d 100644 --- a/chromium/net/http/http_security_headers.cc +++ b/chromium/net/http/http_security_headers.cc @@ -5,6 +5,8 @@ #include <limits> #include "base/base64.h" +#include "base/check_op.h" +#include "base/notreached.h" #include "base/strings/string_piece.h" #include "base/strings/string_tokenizer.h" #include "base/strings/string_util.h" diff --git a/chromium/net/http/http_server_properties.cc b/chromium/net/http/http_server_properties.cc index c777169d91e..da1bf8335e9 100644 --- a/chromium/net/http/http_server_properties.cc +++ b/chromium/net/http/http_server_properties.cc @@ -5,9 +5,9 @@ #include "net/http/http_server_properties.h" #include "base/bind.h" +#include "base/check_op.h" #include "base/feature_list.h" #include "base/location.h" -#include "base/logging.h" #include "base/metrics/histogram_macros.h" #include "base/single_thread_task_runner.h" #include "base/stl_util.h" diff --git a/chromium/net/http/http_server_properties_manager_unittest.cc b/chromium/net/http/http_server_properties_manager_unittest.cc index 51419ece5a3..ab1cd3a3c49 100644 --- a/chromium/net/http/http_server_properties_manager_unittest.cc +++ b/chromium/net/http/http_server_properties_manager_unittest.cc @@ -1536,7 +1536,7 @@ TEST_F(HttpServerPropertiesManagerTest, PersistAdvertisedVersionsToPref) { "\"server_info\":\"quic_server_info1\"}]," "\"servers\":[" "{\"alternative_service\":[{" - "\"advertised_versions\":[43,46],\"expiration\":\"13756212000000000\"," + "\"advertised_versions\":[46,43],\"expiration\":\"13756212000000000\"," "\"port\":443,\"protocol_str\":\"quic\"},{\"advertised_versions\":[]," "\"expiration\":\"13758804000000000\",\"host\":\"www.google.com\"," "\"port\":1234,\"protocol_str\":\"h2\"}]," @@ -1703,7 +1703,7 @@ TEST_F(HttpServerPropertiesManagerTest, "\"server_id\":\"https://mail.google.com:80\"," "\"server_info\":\"quic_server_info1\"}]," "\"servers\":[" - "{\"alternative_service\":[{\"advertised_versions\":[43,46]," + "{\"alternative_service\":[{\"advertised_versions\":[46,43]," "\"expiration\":\"13756212000000000\",\"port\":443," "\"protocol_str\":\"quic\"}]," "\"isolation\":[]," @@ -1728,9 +1728,29 @@ TEST_F(HttpServerPropertiesManagerTest, http_server_props_->SetAlternativeServices(server_www, NetworkIsolationKey(), alternative_service_info_vector_3); - // No Prefs update. - EXPECT_EQ(0u, GetPendingMainThreadTaskCount()); + // Change in version ordering causes prefs update. EXPECT_EQ(0, pref_delegate_->GetAndClearNumPrefUpdates()); + EXPECT_NE(0u, GetPendingMainThreadTaskCount()); + FastForwardUntilNoTasksRemain(); + EXPECT_EQ(1, pref_delegate_->GetAndClearNumPrefUpdates()); + + // Verify preferences updated with new advertised versions. + const char expected_json_updated2[] = + "{\"quic_servers\":" + "[{\"isolation\":[]," + "\"server_id\":\"https://mail.google.com:80\"," + "\"server_info\":\"quic_server_info1\"}]," + "\"servers\":[" + "{\"alternative_service\":[{\"advertised_versions\":[43,46]," + "\"expiration\":\"13756212000000000\",\"port\":443," + "\"protocol_str\":\"quic\"}]," + "\"isolation\":[]," + "\"server\":\"https://www.google.com:80\"}]," + "\"supports_quic\":" + "{\"address\":\"127.0.0.1\",\"used_quic\":true},\"version\":5}"; + EXPECT_TRUE( + base::JSONWriter::Write(*http_server_properties, &preferences_json)); + EXPECT_EQ(expected_json_updated2, preferences_json); } TEST_F(HttpServerPropertiesManagerTest, UpdateCacheWithPrefs) { diff --git a/chromium/net/http/http_server_properties_unittest.cc b/chromium/net/http/http_server_properties_unittest.cc index adf30a10e36..f6d9c55593f 100644 --- a/chromium/net/http/http_server_properties_unittest.cc +++ b/chromium/net/http/http_server_properties_unittest.cc @@ -9,9 +9,9 @@ #include <vector> #include "base/bind.h" +#include "base/check.h" #include "base/feature_list.h" #include "base/json/json_writer.h" -#include "base/logging.h" #include "base/run_loop.h" #include "base/test/scoped_feature_list.h" #include "base/test/simple_test_clock.h" diff --git a/chromium/net/http/http_status_code.cc b/chromium/net/http/http_status_code.cc index fb7261b3001..84d8c23e36d 100644 --- a/chromium/net/http/http_status_code.cc +++ b/chromium/net/http/http_status_code.cc @@ -4,7 +4,9 @@ #include "net/http/http_status_code.h" -#include "base/logging.h" +#include <ostream> + +#include "base/notreached.h" namespace net { diff --git a/chromium/net/http/http_stream_factory.cc b/chromium/net/http/http_stream_factory.cc index eabab2c54fb..8a92dd2c069 100644 --- a/chromium/net/http/http_stream_factory.cc +++ b/chromium/net/http/http_stream_factory.cc @@ -7,8 +7,9 @@ #include <tuple> #include <utility> -#include "base/logging.h" +#include "base/check.h" #include "base/metrics/histogram_macros.h" +#include "base/notreached.h" #include "base/stl_util.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_split.h" diff --git a/chromium/net/http/http_stream_factory_job.cc b/chromium/net/http/http_stream_factory_job.cc index 1bc1d1746a5..b2a42a4bdfa 100644 --- a/chromium/net/http/http_stream_factory_job.cc +++ b/chromium/net/http/http_stream_factory_job.cc @@ -9,11 +9,12 @@ #include "base/bind.h" #include "base/bind_helpers.h" +#include "base/check_op.h" #include "base/feature_list.h" #include "base/location.h" -#include "base/logging.h" #include "base/metrics/histogram_macros.h" #include "base/metrics/sparse_histogram.h" +#include "base/notreached.h" #include "base/single_thread_task_runner.h" #include "base/stl_util.h" #include "base/strings/string_number_conversions.h" diff --git a/chromium/net/http/http_stream_factory_job_controller.cc b/chromium/net/http/http_stream_factory_job_controller.cc index 43cc640dcec..b99d74823a0 100644 --- a/chromium/net/http/http_stream_factory_job_controller.cc +++ b/chromium/net/http/http_stream_factory_job_controller.cc @@ -847,8 +847,6 @@ void HttpStreamFactory::JobController::OnAlternativeProxyJobFailed( DCHECK(alternative_job_->alternative_proxy_server() == alternative_job_->proxy_info().proxy_server()); - base::UmaHistogramSparse("Net.AlternativeProxyFailed", -net_error); - // Need to mark alt proxy as broken regardless of whether the job is bound. // The proxy will be marked bad until the proxy retry information is cleared // by an event such as a network change. @@ -1105,8 +1103,8 @@ quic::ParsedQuicVersion HttpStreamFactory::JobController::SelectQuicVersion( if (advertised_versions.empty()) return supported_versions[0]; - for (const quic::ParsedQuicVersion& supported : supported_versions) { - for (const quic::ParsedQuicVersion& advertised : advertised_versions) { + for (const quic::ParsedQuicVersion& advertised : advertised_versions) { + for (const quic::ParsedQuicVersion& supported : supported_versions) { if (supported == advertised) { DCHECK_NE(quic::UnsupportedQuicVersion(), supported); return supported; diff --git a/chromium/net/http/http_stream_factory_job_controller.h b/chromium/net/http/http_stream_factory_job_controller.h index 37484c9d341..bad49ec4b4b 100644 --- a/chromium/net/http/http_stream_factory_job_controller.h +++ b/chromium/net/http/http_stream_factory_job_controller.h @@ -250,11 +250,10 @@ class HttpStreamFactory::JobController HttpStreamRequest::Delegate* delegate, HttpStreamRequest::StreamType stream_type); - // Returns a quic::ParsedQuicVersion that has been advertised in - // |advertised_versions| and is supported. If more than one - // ParsedQuicVersions are supported, the first matched in the supported - // versions will be returned. If no mutually supported version is found, - // QUIC_VERSION_UNSUPPORTED_VERSION will be returned. + // Returns the first quic::ParsedQuicVersion that has been advertised in + // |advertised_versions| and is supported, following the order of + // |advertised_versions|. If no mutually supported version is found, + // quic::UnsupportedQuicVersion() will be returned. quic::ParsedQuicVersion SelectQuicVersion( const quic::ParsedQuicVersionVector& advertised_versions); diff --git a/chromium/net/http/http_stream_factory_job_controller_unittest.cc b/chromium/net/http/http_stream_factory_job_controller_unittest.cc index 1dfc39f5173..0c4ef067abd 100644 --- a/chromium/net/http/http_stream_factory_job_controller_unittest.cc +++ b/chromium/net/http/http_stream_factory_job_controller_unittest.cc @@ -178,6 +178,12 @@ class JobControllerPeer { stream_type); } + static quic::ParsedQuicVersion SelectQuicVersion( + HttpStreamFactory::JobController* job_controller, + const quic::ParsedQuicVersionVector& advertised_versions) { + return job_controller->SelectQuicVersion(advertised_versions); + } + static void SetAltJobFailedOnDefaultNetwork( HttpStreamFactory::JobController* job_controller) { DCHECK(job_controller->alternative_job() != nullptr); @@ -320,6 +326,10 @@ class HttpStreamFactoryJobControllerTest : public TestWithTaskEnvironment { bool alt_job_retried_on_non_default_network); void TestMainJobFailsAfterAltJobSucceeded( bool alt_job_retried_on_non_default_network); + void TestAltSvcVersionSelection( + const std::string& alt_svc_header, + const quic::ParsedQuicVersion& expected_version, + const quic::ParsedQuicVersionVector& supported_versions); RecordingBoundTestNetLog net_log_; TestJobFactory job_factory_; @@ -363,7 +373,8 @@ TEST_F(HttpStreamFactoryJobControllerTest, ProxyResolutionFailsSync) { new ConfiguredProxyResolutionService( std::make_unique<ProxyConfigServiceFixed>(ProxyConfigWithAnnotation( proxy_config, TRAFFIC_ANNOTATION_FOR_TESTS)), - std::make_unique<FailingProxyResolverFactory>(), nullptr)); + std::make_unique<FailingProxyResolverFactory>(), nullptr, + /*quick_check_enabled=*/true)); HttpRequestInfo request_info; request_info.method = "GET"; request_info.url = GURL("http://www.google.com"); @@ -401,7 +412,8 @@ TEST_F(HttpStreamFactoryJobControllerTest, ProxyResolutionFailsAsync) { new ConfiguredProxyResolutionService( std::make_unique<ProxyConfigServiceFixed>(ProxyConfigWithAnnotation( proxy_config, TRAFFIC_ANNOTATION_FOR_TESTS)), - base::WrapUnique(proxy_resolver_factory), nullptr)); + base::WrapUnique(proxy_resolver_factory), nullptr, + /*quick_check_enabled=*/true)); HttpRequestInfo request_info; request_info.method = "GET"; request_info.url = GURL("http://www.google.com"); @@ -3304,11 +3316,6 @@ TEST_F(HttpStreamFactoryJobControllerTest, GetAlternativeServiceInfoFor) { HttpStreamRequest::HTTP_STREAM); EXPECT_EQ(2u, alt_svc_info.advertised_versions().size()); // Verify that JobController returns the list of versions specified in set. - std::sort( - mixed_quic_versions.begin(), mixed_quic_versions.end(), - [](const quic::ParsedQuicVersion& a, const quic::ParsedQuicVersion& b) { - return a.transport_version < b.transport_version; - }); EXPECT_EQ(mixed_quic_versions, alt_svc_info.advertised_versions()); // Set alternative service for the same server with two unsupported QUIC @@ -3325,6 +3332,97 @@ TEST_F(HttpStreamFactoryJobControllerTest, GetAlternativeServiceInfoFor) { EXPECT_EQ(0u, alt_svc_info.advertised_versions().size()); } +void HttpStreamFactoryJobControllerTest::TestAltSvcVersionSelection( + const std::string& alt_svc_header, + const quic::ParsedQuicVersion& expected_version, + const quic::ParsedQuicVersionVector& supported_versions) { + quic_context_.params()->supported_versions = supported_versions; + HttpRequestInfo request_info; + request_info.method = "GET"; + request_info.url = GURL("https://example.com"); + Initialize(request_info); + url::SchemeHostPort origin(request_info.url); + NetworkIsolationKey network_isolation_key( + url::Origin::Create(GURL("https://example.com")), + url::Origin::Create(GURL("https://example.com"))); + scoped_refptr<HttpResponseHeaders> headers( + base::MakeRefCounted<HttpResponseHeaders>("")); + headers->AddHeader("alt-svc", alt_svc_header); + session_->http_stream_factory()->ProcessAlternativeServices( + session_.get(), network_isolation_key, headers.get(), origin); + AlternativeServiceInfo alt_svc_info = + JobControllerPeer::GetAlternativeServiceInfoFor( + job_controller_, request_info, &request_delegate_, + HttpStreamRequest::HTTP_STREAM); + quic::ParsedQuicVersionVector advertised_versions = + alt_svc_info.advertised_versions(); + quic::ParsedQuicVersion selected_version = + JobControllerPeer::SelectQuicVersion(job_controller_, + advertised_versions); + EXPECT_EQ(expected_version, selected_version) + << alt_svc_info.ToString() << " " + << quic::ParsedQuicVersionVectorToString(advertised_versions); +} + +TEST_F(HttpStreamFactoryJobControllerTest, + AltSvcVersionSelectionWithOldFormatFirst) { + TestAltSvcVersionSelection( + "quic=\":443\"; ma=2592000; v=\"46,43\"," + "h3-Q050=\":443\"; ma=2592000," + "h3-Q049=\":443\"; ma=2592000," + "h3-Q048=\":443\"; ma=2592000," + "h3-Q046=\":443\"; ma=2592000," + "h3-Q043=\":443\"; ma=2592000," + "h3-T050=\":443\"; ma=2592000", + quic::ParsedQuicVersion(quic::PROTOCOL_QUIC_CRYPTO, + quic::QUIC_VERSION_46), + quic::AllSupportedVersions()); +} + +TEST_F(HttpStreamFactoryJobControllerTest, + AltSvcVersionSelectionWithNewFormatFirst) { + TestAltSvcVersionSelection( + "h3-Q050=\":443\"; ma=2592000," + "h3-Q049=\":443\"; ma=2592000," + "h3-Q048=\":443\"; ma=2592000," + "h3-Q046=\":443\"; ma=2592000," + "h3-Q043=\":443\"; ma=2592000," + "h3-T050=\":443\"; ma=2592000," + "quic=\":443\"; ma=2592000; v=\"46,43\"", + quic::ParsedQuicVersion(quic::PROTOCOL_QUIC_CRYPTO, + quic::QUIC_VERSION_50), + quic::AllSupportedVersions()); +} + +TEST_F(HttpStreamFactoryJobControllerTest, + AltSvcVersionSelectionWithInverseOrderingOldFormat) { + // Server prefers Q043 but client prefers Q046. + TestAltSvcVersionSelection( + "quic=\":443\"; ma=2592000; v=\"43,46\"", + quic::ParsedQuicVersion(quic::PROTOCOL_QUIC_CRYPTO, + quic::QUIC_VERSION_43), + quic::ParsedQuicVersionVector{ + quic::ParsedQuicVersion(quic::PROTOCOL_QUIC_CRYPTO, + quic::QUIC_VERSION_46), + quic::ParsedQuicVersion(quic::PROTOCOL_QUIC_CRYPTO, + quic::QUIC_VERSION_43)}); +} + +TEST_F(HttpStreamFactoryJobControllerTest, + AltSvcVersionSelectionWithInverseOrderingNewFormat) { + // Server prefers Q043 but client prefers Q046. + TestAltSvcVersionSelection( + "h3-Q043=\":443\"; ma=2592000," + "h3-Q046=\":443\"; ma=2592000", + quic::ParsedQuicVersion(quic::PROTOCOL_QUIC_CRYPTO, + quic::QUIC_VERSION_43), + quic::ParsedQuicVersionVector{ + quic::ParsedQuicVersion(quic::PROTOCOL_QUIC_CRYPTO, + quic::QUIC_VERSION_46), + quic::ParsedQuicVersion(quic::PROTOCOL_QUIC_CRYPTO, + quic::QUIC_VERSION_43)}); +} + // Tests that if HttpNetworkSession has a non-empty QUIC host allowlist, // then GetAlternativeServiceFor() will not return any QUIC alternative service // that's not on the allowlist. diff --git a/chromium/net/http/http_stream_factory_unittest.cc b/chromium/net/http/http_stream_factory_unittest.cc index 116154f400f..756599802f7 100644 --- a/chromium/net/http/http_stream_factory_unittest.cc +++ b/chromium/net/http/http_stream_factory_unittest.cc @@ -3441,7 +3441,7 @@ TEST_F(ProcessAlternativeServicesTest, ProcessAltSvcClear) { scoped_refptr<HttpResponseHeaders> headers( base::MakeRefCounted<HttpResponseHeaders>("")); - headers->AddHeader("alt-svc: clear"); + headers->AddHeader("alt-svc", "clear"); session_->http_stream_factory()->ProcessAlternativeServices( session_.get(), network_isolation_key, headers.get(), origin); @@ -3471,7 +3471,7 @@ TEST_F(ProcessAlternativeServicesTest, ProcessAltSvcQuic) { scoped_refptr<HttpResponseHeaders> headers( base::MakeRefCounted<HttpResponseHeaders>("")); - headers->AddHeader("alt-svc: quic=\":443\"; v=\"99,50,49,48,47,46,43,39\""); + headers->AddHeader("alt-svc", "quic=\":443\"; v=\"99,50,49,48,47,46,43,39\""); session_->http_stream_factory()->ProcessAlternativeServices( session_.get(), network_isolation_key, headers.get(), origin); @@ -3507,7 +3507,7 @@ TEST_F(ProcessAlternativeServicesTest, AltSvcQuicDoesNotSupportTLSHandshake) { // Alt-Svc header only refers to PROTOCOL_QUIC_CRYPTO handshake. scoped_refptr<HttpResponseHeaders> headers( base::MakeRefCounted<HttpResponseHeaders>("")); - headers->AddHeader("alt-svc: quic=\":443\"; v=\"50,49\""); + headers->AddHeader("alt-svc", "quic=\":443\"; v=\"50,49\""); session_->http_stream_factory()->ProcessAlternativeServices( session_.get(), network_isolation_key, headers.get(), origin); @@ -3539,16 +3539,15 @@ TEST_F(ProcessAlternativeServicesTest, ProcessAltSvcQuicIetf) { scoped_refptr<HttpResponseHeaders> headers( base::MakeRefCounted<HttpResponseHeaders>("")); - headers->AddHeader( - "alt-svc: " - "h3-27=\":443\"," - "h3-25=\":443\"," - "h3-Q050=\":443\"," - "h3-Q049=\":443\"," - "h3-Q048=\":443\"," - "h3-Q047=\":443\"," - "h3-Q043=\":443\"," - "h3-Q039=\":443\""); + headers->AddHeader("alt-svc", + "h3-27=\":443\"," + "h3-25=\":443\"," + "h3-Q050=\":443\"," + "h3-Q049=\":443\"," + "h3-Q048=\":443\"," + "h3-Q047=\":443\"," + "h3-Q043=\":443\"," + "h3-Q039=\":443\""); session_->http_stream_factory()->ProcessAlternativeServices( session_.get(), network_isolation_key, headers.get(), origin); @@ -3586,7 +3585,7 @@ TEST_F(ProcessAlternativeServicesTest, ProcessAltSvcHttp2) { scoped_refptr<HttpResponseHeaders> headers( base::MakeRefCounted<HttpResponseHeaders>("")); - headers->AddHeader("alt-svc: h2=\"other.example.com:443\""); + headers->AddHeader("alt-svc", "h2=\"other.example.com:443\""); session_->http_stream_factory()->ProcessAlternativeServices( session_.get(), network_isolation_key, headers.get(), origin); diff --git a/chromium/net/http/http_stream_parser_fuzzer.cc b/chromium/net/http/http_stream_parser_fuzzer.cc index 03c2727546f..e5bd0a3b865 100644 --- a/chromium/net/http/http_stream_parser_fuzzer.cc +++ b/chromium/net/http/http_stream_parser_fuzzer.cc @@ -14,7 +14,7 @@ #include <string> #include <vector> -#include "base/logging.h" +#include "base/check_op.h" #include "base/macros.h" #include "base/memory/ref_counted.h" #include "net/base/io_buffer.h" diff --git a/chromium/net/http/http_stream_request.cc b/chromium/net/http/http_stream_request.cc index 82cca061cc8..3a38169db6e 100644 --- a/chromium/net/http/http_stream_request.cc +++ b/chromium/net/http/http_stream_request.cc @@ -7,7 +7,7 @@ #include <utility> #include "base/callback.h" -#include "base/logging.h" +#include "base/check.h" #include "base/stl_util.h" #include "net/http/bidirectional_stream_impl.h" #include "net/log/net_log_event_type.h" diff --git a/chromium/net/http/http_util.cc b/chromium/net/http/http_util.cc index c92b50b55cf..0ed79f0eb88 100644 --- a/chromium/net/http/http_util.cc +++ b/chromium/net/http/http_util.cc @@ -9,7 +9,7 @@ #include <algorithm> -#include "base/logging.h" +#include "base/check_op.h" #include "base/stl_util.h" #include "base/strings/strcat.h" #include "base/strings/string_number_conversions.h" diff --git a/chromium/net/http/http_util.h b/chromium/net/http/http_util.h index 14b638dc403..733e2bdcd82 100644 --- a/chromium/net/http/http_util.h +++ b/chromium/net/http/http_util.h @@ -326,7 +326,7 @@ class NET_EXPORT HttpUtil { // // This iterator is careful to skip over delimiters found inside an HTTP // quoted string. - class NET_EXPORT_PRIVATE ValuesIterator { + class NET_EXPORT ValuesIterator { public: ValuesIterator(std::string::const_iterator values_begin, std::string::const_iterator values_end, diff --git a/chromium/net/http/mock_gssapi_library_posix.cc b/chromium/net/http/mock_gssapi_library_posix.cc index e492bd99425..5daabe70a82 100644 --- a/chromium/net/http/mock_gssapi_library_posix.cc +++ b/chromium/net/http/mock_gssapi_library_posix.cc @@ -4,7 +4,6 @@ #include "net/http/mock_gssapi_library_posix.h" -#include "base/logging.h" #include "base/strings/string_util.h" #include "base/strings/stringprintf.h" #include "testing/gtest/include/gtest/gtest.h" diff --git a/chromium/net/http/mock_sspi_library_win.cc b/chromium/net/http/mock_sspi_library_win.cc index 543a1c24695..57d519b4660 100644 --- a/chromium/net/http/mock_sspi_library_win.cc +++ b/chromium/net/http/mock_sspi_library_win.cc @@ -8,7 +8,7 @@ #include <cstring> #include <memory> -#include "base/logging.h" +#include "base/check_op.h" #include "base/strings/string16.h" #include "base/strings/stringprintf.h" #include "base/strings/utf_string_conversions.h" diff --git a/chromium/net/http/partial_data.cc b/chromium/net/http/partial_data.cc index e0eb396c7a3..70239edc096 100644 --- a/chromium/net/http/partial_data.cc +++ b/chromium/net/http/partial_data.cc @@ -373,27 +373,24 @@ void PartialData::FixResponseHeaders(HttpResponseHeaders* headers, return; } - headers->RemoveHeader(kLengthHeader); - headers->RemoveHeader(kRangeHeader); - if (byte_range_.IsValid()) { headers->ReplaceStatusLine("HTTP/1.1 416 Requested Range Not Satisfiable"); - headers->AddHeader(base::StringPrintf("%s: bytes 0-0/%" PRId64, - kRangeHeader, resource_size_)); - headers->AddHeader(base::StringPrintf("%s: 0", kLengthHeader)); + headers->SetHeader( + kRangeHeader, base::StringPrintf("bytes 0-0/%" PRId64, resource_size_)); + headers->SetHeader(kLengthHeader, "0"); } else { // TODO(rvargas): Is it safe to change the protocol version? headers->ReplaceStatusLine("HTTP/1.1 200 OK"); DCHECK_NE(resource_size_, 0); - headers->AddHeader(base::StringPrintf("%s: %" PRId64, kLengthHeader, - resource_size_)); + headers->RemoveHeader(kRangeHeader); + headers->SetHeader(kLengthHeader, + base::StringPrintf("%" PRId64, resource_size_)); } } void PartialData::FixContentLength(HttpResponseHeaders* headers) { - headers->RemoveHeader(kLengthHeader); - headers->AddHeader(base::StringPrintf("%s: %" PRId64, kLengthHeader, - resource_size_)); + headers->SetHeader(kLengthHeader, + base::StringPrintf("%" PRId64, resource_size_)); } int PartialData::CacheRead(disk_cache::Entry* entry, diff --git a/chromium/net/http/structured_headers.cc b/chromium/net/http/structured_headers.cc index ddab1f40453..7d5c9218bd6 100644 --- a/chromium/net/http/structured_headers.cc +++ b/chromium/net/http/structured_headers.cc @@ -178,7 +178,11 @@ class StructuredHeaderParser { if (!member) return base::nullopt; } else { - member = ParameterizedMember{Item(true), {}}; + base::Optional<Parameters> parameters; + parameters = ReadParameters(); + if (!parameters) + return base::nullopt; + member = ParameterizedMember{Item(true), std::move(*parameters)}; } members[*key] = std::move(*member); SkipWhitespaces(); @@ -325,9 +329,17 @@ class StructuredHeaderParser { // Parses a Key ([SH09] 4.2.2, [SH15] 4.2.3.3). base::Optional<std::string> ReadKey() { - if (input_.empty() || !base::IsAsciiLower(input_.front())) { - LogParseError("ReadKey", "lcalpha"); - return base::nullopt; + if (version_ == kDraft09) { + if (input_.empty() || !base::IsAsciiLower(input_.front())) { + LogParseError("ReadKey", "lcalpha"); + return base::nullopt; + } + } else { + if (input_.empty() || + (!base::IsAsciiLower(input_.front()) && input_.front() != '*')) { + LogParseError("ReadKey", "lcalpha | *"); + return base::nullopt; + } } const char* allowed_chars = (version_ == kDraft09 ? kKeyChars09 : kKeyChars15); @@ -666,13 +678,16 @@ class StructuredHeaderSerializer { if (!WriteKey(dict.first)) return false; first = false; - if (dict_member.params.empty() && !dict_member.member_is_inner_list && + if (!dict_member.member_is_inner_list && dict_member.member.front().item.is_boolean() && - dict_member.member.front().item.GetBoolean()) - continue; - output_ << "="; - if (!WriteParameterizedMember(dict_member)) - return false; + dict_member.member.front().item.GetBoolean()) { + if (!WriteParameters(dict_member.params)) + return false; + } else { + output_ << "="; + if (!WriteParameterizedMember(dict_member)) + return false; + } } return true; } @@ -731,7 +746,7 @@ class StructuredHeaderSerializer { return false; if (value.find_first_not_of(kKeyChars15) != std::string::npos) return false; - if (!base::IsAsciiLower(value[0])) + if (!base::IsAsciiLower(value[0]) && value[0] != '*') return false; output_ << value; return true; diff --git a/chromium/net/http/structured_headers_generated_unittest.cc b/chromium/net/http/structured_headers_generated_unittest.cc new file mode 100644 index 00000000000..3cdcc17f151 --- /dev/null +++ b/chromium/net/http/structured_headers_generated_unittest.cc @@ -0,0 +1,2943 @@ +// Copyright 2020 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/http/structured_headers.h" + +#include <math.h> + +#include <limits> +#include <string> + +#include "testing/gtest/include/gtest/gtest.h" + +// This file contains tests cases for the Structured Header parser and +// serializer, taken from the public test case repository at +// https://github.com/httpwg/structured-header-tests. All of the tests are +// named, so a given test case can be found in the JSON files in that repository +// by searching for the test name. This file is generated, with the test cases +// being automatically translated from the JSON source to C++ unit tests. Please +// do not modify, as the contents will be overwritten when this is re-generated. + +// Generated on 2020-04-10 from structured-header-tests.git @ +// 0a8ab1b649080239abb21ecd3ca15a4aead419aa + +namespace net { +namespace structured_headers { +namespace { + +// Helpers to make test cases clearer + +Item Integer(int64_t value) { + return Item(value); +} + +std::pair<std::string, Item> BooleanParam(std::string key, bool value) { + return std::make_pair(key, Item(value)); +} + +std::pair<std::string, Item> DoubleParam(std::string key, double value) { + return std::make_pair(key, Item(value)); +} + +std::pair<std::string, Item> Param(std::string key, int64_t value) { + return std::make_pair(key, Item(value)); +} + +std::pair<std::string, Item> Param(std::string key, std::string value) { + return std::make_pair(key, Item(value)); +} + +std::pair<std::string, Item> TokenParam(std::string key, std::string value) { + return std::make_pair(key, Item(value, Item::kTokenType)); +} + +const struct ParameterizedItemTestCase { + const char* name; + const char* raw; + size_t raw_len; + const base::Optional<ParameterizedItem> + expected; // nullopt if parse error is expected. + const char* canonical; // nullptr if parse error is expected, or if canonical + // format is identical to raw. +} parameterized_item_test_cases[] = { + + // binary.json + {"basic binary", + ":aGVsbG8=:", + 10, + {{Item("hello", Item::kByteSequenceType), {}}}}, + {"empty binary", "::", 2, {{Item("", Item::kByteSequenceType), {}}}}, + {"bad paddding", + ":aGVsbG8:", + 9, + {{Item("hello", Item::kByteSequenceType), {}}}, + ":aGVsbG8=:"}, + {"bad end delimiter", ":aGVsbG8=", 9, base::nullopt}, + {"extra whitespace", ":aGVsb G8=:", 11, base::nullopt}, + {"extra chars", ":aGVsbG!8=:", 11, base::nullopt}, + {"suffix chars", ":aGVsbG8=!:", 11, base::nullopt}, + {"non-zero pad bits", + ":iZ==:", + 6, + {{Item("\211", Item::kByteSequenceType), {}}}, + ":iQ==:"}, + {"non-ASCII binary", + ":/+Ah:", + 6, + {{Item("\377\340!", Item::kByteSequenceType), {}}}}, + {"base64url binary", ":_-Ah:", 6, base::nullopt}, + // boolean.json + {"basic true boolean", "?1", 2, {{Item(true), {}}}}, + {"basic false boolean", "?0", 2, {{Item(false), {}}}}, + {"unknown boolean", "?Q", 2, base::nullopt}, + {"whitespace boolean", "? 1", 3, base::nullopt}, + {"negative zero boolean", "?-0", 3, base::nullopt}, + {"T boolean", "?T", 2, base::nullopt}, + {"F boolean", "?F", 2, base::nullopt}, + {"t boolean", "?t", 2, base::nullopt}, + {"f boolean", "?f", 2, base::nullopt}, + {"spelled-out True boolean", "?True", 5, base::nullopt}, + {"spelled-out False boolean", "?False", 6, base::nullopt}, + // examples.json + {"Foo-Example", + "2; foourl=\"https://foo.example.com/\"", + 36, + {{Integer(2), {Param("foourl", "https://foo.example.com/")}}}, + "2;foourl=\"https://foo.example.com/\""}, + {"Example-IntHeader", + "1; a; b=?0", + 10, + {{Integer(1), {BooleanParam("a", true), BooleanParam("b", false)}}}, + "1;a;b=?0"}, + {"Example-IntItemHeader", "5", 1, {{Integer(5), {}}}}, + {"Example-IntItemHeader (params)", + "5; foo=bar", + 10, + {{Integer(5), {TokenParam("foo", "bar")}}}, + "5;foo=bar"}, + {"Example-IntegerHeader", "42", 2, {{Integer(42), {}}}}, + {"Example-FloatHeader", "4.5", 3, {{Item(4.500000), {}}}}, + {"Example-StringHeader", + "\"hello world\"", + 13, + {{Item("hello world"), {}}}}, + {"Example-BinaryHdr", + ":cHJldGVuZCB0aGlzIGlzIGJpbmFyeSBjb250ZW50Lg==:", + 46, + {{Item("pretend this is binary content.", Item::kByteSequenceType), {}}}}, + {"Example-BoolHdr", "?1", 2, {{Item(true), {}}}}, + // item.json + {"empty item", "", 0, base::nullopt}, + {"leading space", " 1", 3, {{Integer(1), {}}}, "1"}, + {"trailing space", "1 ", 3, {{Integer(1), {}}}, "1"}, + {"leading and trailing space", " 1 ", 5, {{Integer(1), {}}}, "1"}, + {"leading and trailing whitespace", " 1 ", 8, {{Integer(1), {}}}, "1"}, + // number-generated.json + {"1 digits of zero", "0", 1, {{Integer(0), {}}}, "0"}, + {"1 digit small integer", "1", 1, {{Integer(1), {}}}}, + {"1 digit large integer", "9", 1, {{Integer(9), {}}}}, + {"2 digits of zero", "00", 2, {{Integer(0), {}}}, "0"}, + {"2 digit small integer", "11", 2, {{Integer(11), {}}}}, + {"2 digit large integer", "99", 2, {{Integer(99), {}}}}, + {"3 digits of zero", "000", 3, {{Integer(0), {}}}, "0"}, + {"3 digit small integer", "111", 3, {{Integer(111), {}}}}, + {"3 digit large integer", "999", 3, {{Integer(999), {}}}}, + {"4 digits of zero", "0000", 4, {{Integer(0), {}}}, "0"}, + {"4 digit small integer", "1111", 4, {{Integer(1111), {}}}}, + {"4 digit large integer", "9999", 4, {{Integer(9999), {}}}}, + {"5 digits of zero", "00000", 5, {{Integer(0), {}}}, "0"}, + {"5 digit small integer", "11111", 5, {{Integer(11111), {}}}}, + {"5 digit large integer", "99999", 5, {{Integer(99999), {}}}}, + {"6 digits of zero", "000000", 6, {{Integer(0), {}}}, "0"}, + {"6 digit small integer", "111111", 6, {{Integer(111111), {}}}}, + {"6 digit large integer", "999999", 6, {{Integer(999999), {}}}}, + {"7 digits of zero", "0000000", 7, {{Integer(0), {}}}, "0"}, + {"7 digit small integer", "1111111", 7, {{Integer(1111111), {}}}}, + {"7 digit large integer", "9999999", 7, {{Integer(9999999), {}}}}, + {"8 digits of zero", "00000000", 8, {{Integer(0), {}}}, "0"}, + {"8 digit small integer", "11111111", 8, {{Integer(11111111), {}}}}, + {"8 digit large integer", "99999999", 8, {{Integer(99999999), {}}}}, + {"9 digits of zero", "000000000", 9, {{Integer(0), {}}}, "0"}, + {"9 digit small integer", "111111111", 9, {{Integer(111111111), {}}}}, + {"9 digit large integer", "999999999", 9, {{Integer(999999999), {}}}}, + {"10 digits of zero", "0000000000", 10, {{Integer(0), {}}}, "0"}, + {"10 digit small integer", "1111111111", 10, {{Integer(1111111111), {}}}}, + {"10 digit large integer", "9999999999", 10, {{Integer(9999999999), {}}}}, + {"11 digits of zero", "00000000000", 11, {{Integer(0), {}}}, "0"}, + {"11 digit small integer", "11111111111", 11, {{Integer(11111111111), {}}}}, + {"11 digit large integer", "99999999999", 11, {{Integer(99999999999), {}}}}, + {"12 digits of zero", "000000000000", 12, {{Integer(0), {}}}, "0"}, + {"12 digit small integer", + "111111111111", + 12, + {{Integer(111111111111), {}}}}, + {"12 digit large integer", + "999999999999", + 12, + {{Integer(999999999999), {}}}}, + {"13 digits of zero", "0000000000000", 13, {{Integer(0), {}}}, "0"}, + {"13 digit small integer", + "1111111111111", + 13, + {{Integer(1111111111111), {}}}}, + {"13 digit large integer", + "9999999999999", + 13, + {{Integer(9999999999999), {}}}}, + {"14 digits of zero", "00000000000000", 14, {{Integer(0), {}}}, "0"}, + {"14 digit small integer", + "11111111111111", + 14, + {{Integer(11111111111111), {}}}}, + {"14 digit large integer", + "99999999999999", + 14, + {{Integer(99999999999999), {}}}}, + {"15 digits of zero", "000000000000000", 15, {{Integer(0), {}}}, "0"}, + {"15 digit small integer", + "111111111111111", + 15, + {{Integer(111111111111111), {}}}}, + {"15 digit large integer", + "999999999999999", + 15, + {{Integer(999999999999999), {}}}}, + {"2 digit 0, 1 fractional small decimal", + "0.1", + 3, + {{Item(0.100000), {}}}, + "0.1"}, + {"2 digit, 1 fractional 0 decimal", + "1.0", + 3, + {{Item(1.000000), {}}}, + "1.0"}, + {"2 digit, 1 fractional small decimal", "1.1", 3, {{Item(1.100000), {}}}}, + {"2 digit, 1 fractional large decimal", "9.9", 3, {{Item(9.900000), {}}}}, + {"3 digit 0, 2 fractional small decimal", + "0.11", + 4, + {{Item(0.110000), {}}}, + "0.11"}, + {"3 digit, 2 fractional 0 decimal", + "1.00", + 4, + {{Item(1.000000), {}}}, + "1.0"}, + {"3 digit, 2 fractional small decimal", "1.11", 4, {{Item(1.110000), {}}}}, + {"3 digit, 2 fractional large decimal", "9.99", 4, {{Item(9.990000), {}}}}, + {"4 digit 0, 3 fractional small decimal", + "0.111", + 5, + {{Item(0.111000), {}}}, + "0.111"}, + {"4 digit, 3 fractional 0 decimal", + "1.000", + 5, + {{Item(1.000000), {}}}, + "1.0"}, + {"4 digit, 3 fractional small decimal", "1.111", 5, {{Item(1.111000), {}}}}, + {"4 digit, 3 fractional large decimal", "9.999", 5, {{Item(9.999000), {}}}}, + {"3 digit 0, 1 fractional small decimal", + "00.1", + 4, + {{Item(0.100000), {}}}, + "0.1"}, + {"3 digit, 1 fractional 0 decimal", + "11.0", + 4, + {{Item(11.000000), {}}}, + "11.0"}, + {"3 digit, 1 fractional small decimal", "11.1", 4, {{Item(11.100000), {}}}}, + {"3 digit, 1 fractional large decimal", "99.9", 4, {{Item(99.900000), {}}}}, + {"4 digit 0, 2 fractional small decimal", + "00.11", + 5, + {{Item(0.110000), {}}}, + "0.11"}, + {"4 digit, 2 fractional 0 decimal", + "11.00", + 5, + {{Item(11.000000), {}}}, + "11.0"}, + {"4 digit, 2 fractional small decimal", + "11.11", + 5, + {{Item(11.110000), {}}}}, + {"4 digit, 2 fractional large decimal", + "99.99", + 5, + {{Item(99.990000), {}}}}, + {"5 digit 0, 3 fractional small decimal", + "00.111", + 6, + {{Item(0.111000), {}}}, + "0.111"}, + {"5 digit, 3 fractional 0 decimal", + "11.000", + 6, + {{Item(11.000000), {}}}, + "11.0"}, + {"5 digit, 3 fractional small decimal", + "11.111", + 6, + {{Item(11.111000), {}}}}, + {"5 digit, 3 fractional large decimal", + "99.999", + 6, + {{Item(99.999000), {}}}}, + {"4 digit 0, 1 fractional small decimal", + "000.1", + 5, + {{Item(0.100000), {}}}, + "0.1"}, + {"4 digit, 1 fractional 0 decimal", + "111.0", + 5, + {{Item(111.000000), {}}}, + "111.0"}, + {"4 digit, 1 fractional small decimal", + "111.1", + 5, + {{Item(111.100000), {}}}}, + {"4 digit, 1 fractional large decimal", + "999.9", + 5, + {{Item(999.900000), {}}}}, + {"5 digit 0, 2 fractional small decimal", + "000.11", + 6, + {{Item(0.110000), {}}}, + "0.11"}, + {"5 digit, 2 fractional 0 decimal", + "111.00", + 6, + {{Item(111.000000), {}}}, + "111.0"}, + {"5 digit, 2 fractional small decimal", + "111.11", + 6, + {{Item(111.110000), {}}}}, + {"5 digit, 2 fractional large decimal", + "999.99", + 6, + {{Item(999.990000), {}}}}, + {"6 digit 0, 3 fractional small decimal", + "000.111", + 7, + {{Item(0.111000), {}}}, + "0.111"}, + {"6 digit, 3 fractional 0 decimal", + "111.000", + 7, + {{Item(111.000000), {}}}, + "111.0"}, + {"6 digit, 3 fractional small decimal", + "111.111", + 7, + {{Item(111.111000), {}}}}, + {"6 digit, 3 fractional large decimal", + "999.999", + 7, + {{Item(999.999000), {}}}}, + {"5 digit 0, 1 fractional small decimal", + "0000.1", + 6, + {{Item(0.100000), {}}}, + "0.1"}, + {"5 digit, 1 fractional 0 decimal", + "1111.0", + 6, + {{Item(1111.000000), {}}}, + "1111.0"}, + {"5 digit, 1 fractional small decimal", + "1111.1", + 6, + {{Item(1111.100000), {}}}}, + {"5 digit, 1 fractional large decimal", + "9999.9", + 6, + {{Item(9999.900000), {}}}}, + {"6 digit 0, 2 fractional small decimal", + "0000.11", + 7, + {{Item(0.110000), {}}}, + "0.11"}, + {"6 digit, 2 fractional 0 decimal", + "1111.00", + 7, + {{Item(1111.000000), {}}}, + "1111.0"}, + {"6 digit, 2 fractional small decimal", + "1111.11", + 7, + {{Item(1111.110000), {}}}}, + {"6 digit, 2 fractional large decimal", + "9999.99", + 7, + {{Item(9999.990000), {}}}}, + {"7 digit 0, 3 fractional small decimal", + "0000.111", + 8, + {{Item(0.111000), {}}}, + "0.111"}, + {"7 digit, 3 fractional 0 decimal", + "1111.000", + 8, + {{Item(1111.000000), {}}}, + "1111.0"}, + {"7 digit, 3 fractional small decimal", + "1111.111", + 8, + {{Item(1111.111000), {}}}}, + {"7 digit, 3 fractional large decimal", + "9999.999", + 8, + {{Item(9999.999000), {}}}}, + {"6 digit 0, 1 fractional small decimal", + "00000.1", + 7, + {{Item(0.100000), {}}}, + "0.1"}, + {"6 digit, 1 fractional 0 decimal", + "11111.0", + 7, + {{Item(11111.000000), {}}}, + "11111.0"}, + {"6 digit, 1 fractional small decimal", + "11111.1", + 7, + {{Item(11111.100000), {}}}}, + {"6 digit, 1 fractional large decimal", + "99999.9", + 7, + {{Item(99999.900000), {}}}}, + {"7 digit 0, 2 fractional small decimal", + "00000.11", + 8, + {{Item(0.110000), {}}}, + "0.11"}, + {"7 digit, 2 fractional 0 decimal", + "11111.00", + 8, + {{Item(11111.000000), {}}}, + "11111.0"}, + {"7 digit, 2 fractional small decimal", + "11111.11", + 8, + {{Item(11111.110000), {}}}}, + {"7 digit, 2 fractional large decimal", + "99999.99", + 8, + {{Item(99999.990000), {}}}}, + {"8 digit 0, 3 fractional small decimal", + "00000.111", + 9, + {{Item(0.111000), {}}}, + "0.111"}, + {"8 digit, 3 fractional 0 decimal", + "11111.000", + 9, + {{Item(11111.000000), {}}}, + "11111.0"}, + {"8 digit, 3 fractional small decimal", + "11111.111", + 9, + {{Item(11111.111000), {}}}}, + {"8 digit, 3 fractional large decimal", + "99999.999", + 9, + {{Item(99999.999000), {}}}}, + {"7 digit 0, 1 fractional small decimal", + "000000.1", + 8, + {{Item(0.100000), {}}}, + "0.1"}, + {"7 digit, 1 fractional 0 decimal", + "111111.0", + 8, + {{Item(111111.000000), {}}}, + "111111.0"}, + {"7 digit, 1 fractional small decimal", + "111111.1", + 8, + {{Item(111111.100000), {}}}}, + {"7 digit, 1 fractional large decimal", + "999999.9", + 8, + {{Item(999999.900000), {}}}}, + {"8 digit 0, 2 fractional small decimal", + "000000.11", + 9, + {{Item(0.110000), {}}}, + "0.11"}, + {"8 digit, 2 fractional 0 decimal", + "111111.00", + 9, + {{Item(111111.000000), {}}}, + "111111.0"}, + {"8 digit, 2 fractional small decimal", + "111111.11", + 9, + {{Item(111111.110000), {}}}}, + {"8 digit, 2 fractional large decimal", + "999999.99", + 9, + {{Item(999999.990000), {}}}}, + {"9 digit 0, 3 fractional small decimal", + "000000.111", + 10, + {{Item(0.111000), {}}}, + "0.111"}, + {"9 digit, 3 fractional 0 decimal", + "111111.000", + 10, + {{Item(111111.000000), {}}}, + "111111.0"}, + {"9 digit, 3 fractional small decimal", + "111111.111", + 10, + {{Item(111111.111000), {}}}}, + {"9 digit, 3 fractional large decimal", + "999999.999", + 10, + {{Item(999999.999000), {}}}}, + {"8 digit 0, 1 fractional small decimal", + "0000000.1", + 9, + {{Item(0.100000), {}}}, + "0.1"}, + {"8 digit, 1 fractional 0 decimal", + "1111111.0", + 9, + {{Item(1111111.000000), {}}}, + "1111111.0"}, + {"8 digit, 1 fractional small decimal", + "1111111.1", + 9, + {{Item(1111111.100000), {}}}}, + {"8 digit, 1 fractional large decimal", + "9999999.9", + 9, + {{Item(9999999.900000), {}}}}, + {"9 digit 0, 2 fractional small decimal", + "0000000.11", + 10, + {{Item(0.110000), {}}}, + "0.11"}, + {"9 digit, 2 fractional 0 decimal", + "1111111.00", + 10, + {{Item(1111111.000000), {}}}, + "1111111.0"}, + {"9 digit, 2 fractional small decimal", + "1111111.11", + 10, + {{Item(1111111.110000), {}}}}, + {"9 digit, 2 fractional large decimal", + "9999999.99", + 10, + {{Item(9999999.990000), {}}}}, + {"10 digit 0, 3 fractional small decimal", + "0000000.111", + 11, + {{Item(0.111000), {}}}, + "0.111"}, + {"10 digit, 3 fractional 0 decimal", + "1111111.000", + 11, + {{Item(1111111.000000), {}}}, + "1111111.0"}, + {"10 digit, 3 fractional small decimal", + "1111111.111", + 11, + {{Item(1111111.111000), {}}}}, + {"10 digit, 3 fractional large decimal", + "9999999.999", + 11, + {{Item(9999999.999000), {}}}}, + {"9 digit 0, 1 fractional small decimal", + "00000000.1", + 10, + {{Item(0.100000), {}}}, + "0.1"}, + {"9 digit, 1 fractional 0 decimal", + "11111111.0", + 10, + {{Item(11111111.000000), {}}}, + "11111111.0"}, + {"9 digit, 1 fractional small decimal", + "11111111.1", + 10, + {{Item(11111111.100000), {}}}}, + {"9 digit, 1 fractional large decimal", + "99999999.9", + 10, + {{Item(99999999.900000), {}}}}, + {"10 digit 0, 2 fractional small decimal", + "00000000.11", + 11, + {{Item(0.110000), {}}}, + "0.11"}, + {"10 digit, 2 fractional 0 decimal", + "11111111.00", + 11, + {{Item(11111111.000000), {}}}, + "11111111.0"}, + {"10 digit, 2 fractional small decimal", + "11111111.11", + 11, + {{Item(11111111.110000), {}}}}, + {"10 digit, 2 fractional large decimal", + "99999999.99", + 11, + {{Item(99999999.990000), {}}}}, + {"11 digit 0, 3 fractional small decimal", + "00000000.111", + 12, + {{Item(0.111000), {}}}, + "0.111"}, + {"11 digit, 3 fractional 0 decimal", + "11111111.000", + 12, + {{Item(11111111.000000), {}}}, + "11111111.0"}, + {"11 digit, 3 fractional small decimal", + "11111111.111", + 12, + {{Item(11111111.111000), {}}}}, + {"11 digit, 3 fractional large decimal", + "99999999.999", + 12, + {{Item(99999999.999000), {}}}}, + {"10 digit 0, 1 fractional small decimal", + "000000000.1", + 11, + {{Item(0.100000), {}}}, + "0.1"}, + {"10 digit, 1 fractional 0 decimal", + "111111111.0", + 11, + {{Item(111111111.000000), {}}}, + "111111111.0"}, + {"10 digit, 1 fractional small decimal", + "111111111.1", + 11, + {{Item(111111111.100000), {}}}}, + {"10 digit, 1 fractional large decimal", + "999999999.9", + 11, + {{Item(999999999.900000), {}}}}, + {"11 digit 0, 2 fractional small decimal", + "000000000.11", + 12, + {{Item(0.110000), {}}}, + "0.11"}, + {"11 digit, 2 fractional 0 decimal", + "111111111.00", + 12, + {{Item(111111111.000000), {}}}, + "111111111.0"}, + {"11 digit, 2 fractional small decimal", + "111111111.11", + 12, + {{Item(111111111.110000), {}}}}, + {"11 digit, 2 fractional large decimal", + "999999999.99", + 12, + {{Item(999999999.990000), {}}}}, + {"12 digit 0, 3 fractional small decimal", + "000000000.111", + 13, + {{Item(0.111000), {}}}, + "0.111"}, + {"12 digit, 3 fractional 0 decimal", + "111111111.000", + 13, + {{Item(111111111.000000), {}}}, + "111111111.0"}, + {"12 digit, 3 fractional small decimal", + "111111111.111", + 13, + {{Item(111111111.111000), {}}}}, + {"12 digit, 3 fractional large decimal", + "999999999.999", + 13, + {{Item(999999999.999000), {}}}}, + {"11 digit 0, 1 fractional small decimal", + "0000000000.1", + 12, + {{Item(0.100000), {}}}, + "0.1"}, + {"11 digit, 1 fractional 0 decimal", + "1111111111.0", + 12, + {{Item(1111111111.000000), {}}}, + "1111111111.0"}, + {"11 digit, 1 fractional small decimal", + "1111111111.1", + 12, + {{Item(1111111111.100000), {}}}}, + {"11 digit, 1 fractional large decimal", + "9999999999.9", + 12, + {{Item(9999999999.900000), {}}}}, + {"12 digit 0, 2 fractional small decimal", + "0000000000.11", + 13, + {{Item(0.110000), {}}}, + "0.11"}, + {"12 digit, 2 fractional 0 decimal", + "1111111111.00", + 13, + {{Item(1111111111.000000), {}}}, + "1111111111.0"}, + {"12 digit, 2 fractional small decimal", + "1111111111.11", + 13, + {{Item(1111111111.110000), {}}}}, + {"12 digit, 2 fractional large decimal", + "9999999999.99", + 13, + {{Item(9999999999.990000), {}}}}, + {"13 digit 0, 3 fractional small decimal", + "0000000000.111", + 14, + {{Item(0.111000), {}}}, + "0.111"}, + {"13 digit, 3 fractional 0 decimal", + "1111111111.000", + 14, + {{Item(1111111111.000000), {}}}, + "1111111111.0"}, + {"13 digit, 3 fractional small decimal", + "1111111111.111", + 14, + {{Item(1111111111.111000), {}}}}, + {"13 digit, 3 fractional large decimal", + "9999999999.999", + 14, + {{Item(9999999999.999001), {}}}}, + {"12 digit 0, 1 fractional small decimal", + "00000000000.1", + 13, + {{Item(0.100000), {}}}, + "0.1"}, + {"12 digit, 1 fractional 0 decimal", + "11111111111.0", + 13, + {{Item(11111111111.000000), {}}}, + "11111111111.0"}, + {"12 digit, 1 fractional small decimal", + "11111111111.1", + 13, + {{Item(11111111111.100000), {}}}}, + {"12 digit, 1 fractional large decimal", + "99999999999.9", + 13, + {{Item(99999999999.899994), {}}}}, + {"13 digit 0, 2 fractional small decimal", + "00000000000.11", + 14, + {{Item(0.110000), {}}}, + "0.11"}, + {"13 digit, 2 fractional 0 decimal", + "11111111111.00", + 14, + {{Item(11111111111.000000), {}}}, + "11111111111.0"}, + {"13 digit, 2 fractional small decimal", + "11111111111.11", + 14, + {{Item(11111111111.110001), {}}}}, + {"13 digit, 2 fractional large decimal", + "99999999999.99", + 14, + {{Item(99999999999.990005), {}}}}, + {"14 digit 0, 3 fractional small decimal", + "00000000000.111", + 15, + {{Item(0.111000), {}}}, + "0.111"}, + {"14 digit, 3 fractional 0 decimal", + "11111111111.000", + 15, + {{Item(11111111111.000000), {}}}, + "11111111111.0"}, + {"14 digit, 3 fractional small decimal", + "11111111111.111", + 15, + {{Item(11111111111.111000), {}}}}, + {"14 digit, 3 fractional large decimal", + "99999999999.999", + 15, + {{Item(99999999999.998993), {}}}}, + {"13 digit 0, 1 fractional small decimal", + "000000000000.1", + 14, + {{Item(0.100000), {}}}, + "0.1"}, + {"13 digit, 1 fractional 0 decimal", + "111111111111.0", + 14, + {{Item(111111111111.000000), {}}}, + "111111111111.0"}, + {"13 digit, 1 fractional small decimal", + "111111111111.1", + 14, + {{Item(111111111111.100006), {}}}}, + {"13 digit, 1 fractional large decimal", + "999999999999.9", + 14, + {{Item(999999999999.900024), {}}}}, + {"14 digit 0, 2 fractional small decimal", + "000000000000.11", + 15, + {{Item(0.110000), {}}}, + "0.11"}, + {"14 digit, 2 fractional 0 decimal", + "111111111111.00", + 15, + {{Item(111111111111.000000), {}}}, + "111111111111.0"}, + {"14 digit, 2 fractional small decimal", + "111111111111.11", + 15, + {{Item(111111111111.110001), {}}}}, + {"14 digit, 2 fractional large decimal", + "999999999999.99", + 15, + {{Item(999999999999.989990), {}}}}, + {"15 digit 0, 3 fractional small decimal", + "000000000000.111", + 16, + {{Item(0.111000), {}}}, + "0.111"}, + {"15 digit, 3 fractional 0 decimal", + "111111111111.000", + 16, + {{Item(111111111111.000000), {}}}, + "111111111111.0"}, + {"15 digit, 3 fractional small decimal", + "111111111111.111", + 16, + {{Item(111111111111.110992), {}}}}, + {"15 digit, 3 fractional large decimal", + "999999999999.999", + 16, + {{Item(999999999999.999023), {}}}}, + {"too many digit 0 decimal", "000000000000000.0", 17, base::nullopt}, + {"too many fractional digits 0 decimal", "000000000000.0000", 17, + base::nullopt}, + {"too many digit 9 decimal", "999999999999999.9", 17, base::nullopt}, + {"too many fractional digits 9 decimal", "999999999999.9999", 17, + base::nullopt}, + // number.json + {"basic integer", "42", 2, {{Integer(42), {}}}}, + {"zero integer", "0", 1, {{Integer(0), {}}}}, + {"leading 0 zero", "00", 2, {{Integer(0), {}}}, "0"}, + {"negative zero", "-0", 2, {{Integer(0), {}}}, "0"}, + {"double negative zero", "--0", 3, base::nullopt}, + {"negative integer", "-42", 3, {{Integer(-42), {}}}}, + {"leading 0 integer", "042", 3, {{Integer(42), {}}}, "42"}, + {"leading 0 negative integer", "-042", 4, {{Integer(-42), {}}}, "-42"}, + {"leading 0 zero", "00", 2, {{Integer(0), {}}}, "0"}, + {"comma", "2,3", 3, base::nullopt}, + {"negative non-DIGIT first character", "-a23", 4, base::nullopt}, + {"sign out of place", "4-2", 3, base::nullopt}, + {"whitespace after sign", "- 42", 4, base::nullopt}, + {"long integer", "123456789012345", 15, {{Integer(123456789012345), {}}}}, + {"long negative integer", + "-123456789012345", + 16, + {{Integer(-123456789012345), {}}}}, + {"too long integer", "1234567890123456", 16, base::nullopt}, + {"negative too long integer", "-1234567890123456", 17, base::nullopt}, + {"simple decimal", "1.23", 4, {{Item(1.230000), {}}}}, + {"negative decimal", "-1.23", 5, {{Item(-1.230000), {}}}}, + {"decimal, whitespace after decimal", "1. 23", 5, base::nullopt}, + {"decimal, whitespace before decimal", "1 .23", 5, base::nullopt}, + {"negative decimal, whitespace after sign", "- 1.23", 6, base::nullopt}, + {"tricky precision decimal", + "123456789012.1", + 14, + {{Item(123456789012.100006), {}}}}, + {"double decimal decimal", "1.5.4", 5, base::nullopt}, + {"adjacent double decimal decimal", "1..4", 4, base::nullopt}, + {"decimal with three fractional digits", + "1.123", + 5, + {{Item(1.123000), {}}}}, + {"negative decimal with three fractional digits", + "-1.123", + 6, + {{Item(-1.123000), {}}}}, + {"decimal with four fractional digits", "1.1234", 6, base::nullopt}, + {"negative decimal with four fractional digits", "-1.1234", 7, + base::nullopt}, + {"decimal with thirteen integer digits", "1234567890123.0", 15, + base::nullopt}, + {"negative decimal with thirteen integer digits", "-1234567890123.0", 16, + base::nullopt}, + // string-generated.json + {"0x00 in string", "\" \000 \"", 5, base::nullopt}, + {"0x01 in string", "\" \001 \"", 5, base::nullopt}, + {"0x02 in string", "\" \002 \"", 5, base::nullopt}, + {"0x03 in string", "\" \003 \"", 5, base::nullopt}, + {"0x04 in string", "\" \004 \"", 5, base::nullopt}, + {"0x05 in string", "\" \005 \"", 5, base::nullopt}, + {"0x06 in string", "\" \006 \"", 5, base::nullopt}, + {"0x07 in string", "\" \a \"", 5, base::nullopt}, + {"0x08 in string", "\" \b \"", 5, base::nullopt}, + {"0x09 in string", "\" \t \"", 5, base::nullopt}, + {"0x0a in string", "\" \n \"", 5, base::nullopt}, + {"0x0b in string", "\" \v \"", 5, base::nullopt}, + {"0x0c in string", "\" \f \"", 5, base::nullopt}, + {"0x0d in string", "\" \r \"", 5, base::nullopt}, + {"0x0e in string", "\" \016 \"", 5, base::nullopt}, + {"0x0f in string", "\" \017 \"", 5, base::nullopt}, + {"0x10 in string", "\" \020 \"", 5, base::nullopt}, + {"0x11 in string", "\" \021 \"", 5, base::nullopt}, + {"0x12 in string", "\" \022 \"", 5, base::nullopt}, + {"0x13 in string", "\" \023 \"", 5, base::nullopt}, + {"0x14 in string", "\" \024 \"", 5, base::nullopt}, + {"0x15 in string", "\" \025 \"", 5, base::nullopt}, + {"0x16 in string", "\" \026 \"", 5, base::nullopt}, + {"0x17 in string", "\" \027 \"", 5, base::nullopt}, + {"0x18 in string", "\" \030 \"", 5, base::nullopt}, + {"0x19 in string", "\" \031 \"", 5, base::nullopt}, + {"0x1a in string", "\" \032 \"", 5, base::nullopt}, + {"0x1b in string", "\" \033 \"", 5, base::nullopt}, + {"0x1c in string", "\" \034 \"", 5, base::nullopt}, + {"0x1d in string", "\" \035 \"", 5, base::nullopt}, + {"0x1e in string", "\" \036 \"", 5, base::nullopt}, + {"0x1f in string", "\" \037 \"", 5, base::nullopt}, + {"0x20 in string", "\" \"", 5, {{Item(" "), {}}}}, + {"0x21 in string", "\" ! \"", 5, {{Item(" ! "), {}}}}, + {"0x22 in string", "\" \" \"", 5, base::nullopt}, + {"0x23 in string", "\" # \"", 5, {{Item(" # "), {}}}}, + {"0x24 in string", "\" $ \"", 5, {{Item(" $ "), {}}}}, + {"0x25 in string", "\" % \"", 5, {{Item(" % "), {}}}}, + {"0x26 in string", "\" & \"", 5, {{Item(" & "), {}}}}, + {"0x27 in string", "\" ' \"", 5, {{Item(" ' "), {}}}}, + {"0x28 in string", "\" ( \"", 5, {{Item(" ( "), {}}}}, + {"0x29 in string", "\" ) \"", 5, {{Item(" ) "), {}}}}, + {"0x2a in string", "\" * \"", 5, {{Item(" * "), {}}}}, + {"0x2b in string", "\" + \"", 5, {{Item(" + "), {}}}}, + {"0x2c in string", "\" , \"", 5, {{Item(" , "), {}}}}, + {"0x2d in string", "\" - \"", 5, {{Item(" - "), {}}}}, + {"0x2e in string", "\" . \"", 5, {{Item(" . "), {}}}}, + {"0x2f in string", "\" / \"", 5, {{Item(" / "), {}}}}, + {"0x30 in string", "\" 0 \"", 5, {{Item(" 0 "), {}}}}, + {"0x31 in string", "\" 1 \"", 5, {{Item(" 1 "), {}}}}, + {"0x32 in string", "\" 2 \"", 5, {{Item(" 2 "), {}}}}, + {"0x33 in string", "\" 3 \"", 5, {{Item(" 3 "), {}}}}, + {"0x34 in string", "\" 4 \"", 5, {{Item(" 4 "), {}}}}, + {"0x35 in string", "\" 5 \"", 5, {{Item(" 5 "), {}}}}, + {"0x36 in string", "\" 6 \"", 5, {{Item(" 6 "), {}}}}, + {"0x37 in string", "\" 7 \"", 5, {{Item(" 7 "), {}}}}, + {"0x38 in string", "\" 8 \"", 5, {{Item(" 8 "), {}}}}, + {"0x39 in string", "\" 9 \"", 5, {{Item(" 9 "), {}}}}, + {"0x3a in string", "\" : \"", 5, {{Item(" : "), {}}}}, + {"0x3b in string", "\" ; \"", 5, {{Item(" ; "), {}}}}, + {"0x3c in string", "\" < \"", 5, {{Item(" < "), {}}}}, + {"0x3d in string", "\" = \"", 5, {{Item(" = "), {}}}}, + {"0x3e in string", "\" > \"", 5, {{Item(" > "), {}}}}, + {"0x3f in string", "\" ? \"", 5, {{Item(" ? "), {}}}}, + {"0x40 in string", "\" @ \"", 5, {{Item(" @ "), {}}}}, + {"0x41 in string", "\" A \"", 5, {{Item(" A "), {}}}}, + {"0x42 in string", "\" B \"", 5, {{Item(" B "), {}}}}, + {"0x43 in string", "\" C \"", 5, {{Item(" C "), {}}}}, + {"0x44 in string", "\" D \"", 5, {{Item(" D "), {}}}}, + {"0x45 in string", "\" E \"", 5, {{Item(" E "), {}}}}, + {"0x46 in string", "\" F \"", 5, {{Item(" F "), {}}}}, + {"0x47 in string", "\" G \"", 5, {{Item(" G "), {}}}}, + {"0x48 in string", "\" H \"", 5, {{Item(" H "), {}}}}, + {"0x49 in string", "\" I \"", 5, {{Item(" I "), {}}}}, + {"0x4a in string", "\" J \"", 5, {{Item(" J "), {}}}}, + {"0x4b in string", "\" K \"", 5, {{Item(" K "), {}}}}, + {"0x4c in string", "\" L \"", 5, {{Item(" L "), {}}}}, + {"0x4d in string", "\" M \"", 5, {{Item(" M "), {}}}}, + {"0x4e in string", "\" N \"", 5, {{Item(" N "), {}}}}, + {"0x4f in string", "\" O \"", 5, {{Item(" O "), {}}}}, + {"0x50 in string", "\" P \"", 5, {{Item(" P "), {}}}}, + {"0x51 in string", "\" Q \"", 5, {{Item(" Q "), {}}}}, + {"0x52 in string", "\" R \"", 5, {{Item(" R "), {}}}}, + {"0x53 in string", "\" S \"", 5, {{Item(" S "), {}}}}, + {"0x54 in string", "\" T \"", 5, {{Item(" T "), {}}}}, + {"0x55 in string", "\" U \"", 5, {{Item(" U "), {}}}}, + {"0x56 in string", "\" V \"", 5, {{Item(" V "), {}}}}, + {"0x57 in string", "\" W \"", 5, {{Item(" W "), {}}}}, + {"0x58 in string", "\" X \"", 5, {{Item(" X "), {}}}}, + {"0x59 in string", "\" Y \"", 5, {{Item(" Y "), {}}}}, + {"0x5a in string", "\" Z \"", 5, {{Item(" Z "), {}}}}, + {"0x5b in string", "\" [ \"", 5, {{Item(" [ "), {}}}}, + {"0x5c in string", "\" \\ \"", 5, base::nullopt}, + {"0x5d in string", "\" ] \"", 5, {{Item(" ] "), {}}}}, + {"0x5e in string", "\" ^ \"", 5, {{Item(" ^ "), {}}}}, + {"0x5f in string", "\" _ \"", 5, {{Item(" _ "), {}}}}, + {"0x60 in string", "\" ` \"", 5, {{Item(" ` "), {}}}}, + {"0x61 in string", "\" a \"", 5, {{Item(" a "), {}}}}, + {"0x62 in string", "\" b \"", 5, {{Item(" b "), {}}}}, + {"0x63 in string", "\" c \"", 5, {{Item(" c "), {}}}}, + {"0x64 in string", "\" d \"", 5, {{Item(" d "), {}}}}, + {"0x65 in string", "\" e \"", 5, {{Item(" e "), {}}}}, + {"0x66 in string", "\" f \"", 5, {{Item(" f "), {}}}}, + {"0x67 in string", "\" g \"", 5, {{Item(" g "), {}}}}, + {"0x68 in string", "\" h \"", 5, {{Item(" h "), {}}}}, + {"0x69 in string", "\" i \"", 5, {{Item(" i "), {}}}}, + {"0x6a in string", "\" j \"", 5, {{Item(" j "), {}}}}, + {"0x6b in string", "\" k \"", 5, {{Item(" k "), {}}}}, + {"0x6c in string", "\" l \"", 5, {{Item(" l "), {}}}}, + {"0x6d in string", "\" m \"", 5, {{Item(" m "), {}}}}, + {"0x6e in string", "\" n \"", 5, {{Item(" n "), {}}}}, + {"0x6f in string", "\" o \"", 5, {{Item(" o "), {}}}}, + {"0x70 in string", "\" p \"", 5, {{Item(" p "), {}}}}, + {"0x71 in string", "\" q \"", 5, {{Item(" q "), {}}}}, + {"0x72 in string", "\" r \"", 5, {{Item(" r "), {}}}}, + {"0x73 in string", "\" s \"", 5, {{Item(" s "), {}}}}, + {"0x74 in string", "\" t \"", 5, {{Item(" t "), {}}}}, + {"0x75 in string", "\" u \"", 5, {{Item(" u "), {}}}}, + {"0x76 in string", "\" v \"", 5, {{Item(" v "), {}}}}, + {"0x77 in string", "\" w \"", 5, {{Item(" w "), {}}}}, + {"0x78 in string", "\" x \"", 5, {{Item(" x "), {}}}}, + {"0x79 in string", "\" y \"", 5, {{Item(" y "), {}}}}, + {"0x7a in string", "\" z \"", 5, {{Item(" z "), {}}}}, + {"0x7b in string", "\" { \"", 5, {{Item(" { "), {}}}}, + {"0x7c in string", "\" | \"", 5, {{Item(" | "), {}}}}, + {"0x7d in string", "\" } \"", 5, {{Item(" } "), {}}}}, + {"0x7e in string", "\" ~ \"", 5, {{Item(" ~ "), {}}}}, + {"0x7f in string", "\" \177 \"", 5, base::nullopt}, + {"0x00 in string", "\"\\\000\"", 4, base::nullopt}, + {"0x01 in string", "\"\\\001\"", 4, base::nullopt}, + {"0x02 in string", "\"\\\002\"", 4, base::nullopt}, + {"0x03 in string", "\"\\\003\"", 4, base::nullopt}, + {"0x04 in string", "\"\\\004\"", 4, base::nullopt}, + {"0x05 in string", "\"\\\005\"", 4, base::nullopt}, + {"0x06 in string", "\"\\\006\"", 4, base::nullopt}, + {"0x07 in string", "\"\\\a\"", 4, base::nullopt}, + {"0x08 in string", "\"\\\b\"", 4, base::nullopt}, + {"0x09 in string", "\"\\\t\"", 4, base::nullopt}, + {"0x0a in string", "\"\\\n\"", 4, base::nullopt}, + {"0x0b in string", "\"\\\v\"", 4, base::nullopt}, + {"0x0c in string", "\"\\\f\"", 4, base::nullopt}, + {"0x0d in string", "\"\\\r\"", 4, base::nullopt}, + {"0x0e in string", "\"\\\016\"", 4, base::nullopt}, + {"0x0f in string", "\"\\\017\"", 4, base::nullopt}, + {"0x10 in string", "\"\\\020\"", 4, base::nullopt}, + {"0x11 in string", "\"\\\021\"", 4, base::nullopt}, + {"0x12 in string", "\"\\\022\"", 4, base::nullopt}, + {"0x13 in string", "\"\\\023\"", 4, base::nullopt}, + {"0x14 in string", "\"\\\024\"", 4, base::nullopt}, + {"0x15 in string", "\"\\\025\"", 4, base::nullopt}, + {"0x16 in string", "\"\\\026\"", 4, base::nullopt}, + {"0x17 in string", "\"\\\027\"", 4, base::nullopt}, + {"0x18 in string", "\"\\\030\"", 4, base::nullopt}, + {"0x19 in string", "\"\\\031\"", 4, base::nullopt}, + {"0x1a in string", "\"\\\032\"", 4, base::nullopt}, + {"0x1b in string", "\"\\\033\"", 4, base::nullopt}, + {"0x1c in string", "\"\\\034\"", 4, base::nullopt}, + {"0x1d in string", "\"\\\035\"", 4, base::nullopt}, + {"0x1e in string", "\"\\\036\"", 4, base::nullopt}, + {"0x1f in string", "\"\\\037\"", 4, base::nullopt}, + {"0x20 in string", "\"\\ \"", 4, base::nullopt}, + {"0x21 in string", "\"\\!\"", 4, base::nullopt}, + {"0x22 in string", "\"\\\"\"", 4, {{Item("\""), {}}}}, + {"0x23 in string", "\"\\#\"", 4, base::nullopt}, + {"0x24 in string", "\"\\$\"", 4, base::nullopt}, + {"0x25 in string", "\"\\%\"", 4, base::nullopt}, + {"0x26 in string", "\"\\&\"", 4, base::nullopt}, + {"0x27 in string", "\"\\'\"", 4, base::nullopt}, + {"0x28 in string", "\"\\(\"", 4, base::nullopt}, + {"0x29 in string", "\"\\)\"", 4, base::nullopt}, + {"0x2a in string", "\"\\*\"", 4, base::nullopt}, + {"0x2b in string", "\"\\+\"", 4, base::nullopt}, + {"0x2c in string", "\"\\,\"", 4, base::nullopt}, + {"0x2d in string", "\"\\-\"", 4, base::nullopt}, + {"0x2e in string", "\"\\.\"", 4, base::nullopt}, + {"0x2f in string", "\"\\/\"", 4, base::nullopt}, + {"0x30 in string", "\"\\0\"", 4, base::nullopt}, + {"0x31 in string", "\"\\1\"", 4, base::nullopt}, + {"0x32 in string", "\"\\2\"", 4, base::nullopt}, + {"0x33 in string", "\"\\3\"", 4, base::nullopt}, + {"0x34 in string", "\"\\4\"", 4, base::nullopt}, + {"0x35 in string", "\"\\5\"", 4, base::nullopt}, + {"0x36 in string", "\"\\6\"", 4, base::nullopt}, + {"0x37 in string", "\"\\7\"", 4, base::nullopt}, + {"0x38 in string", "\"\\8\"", 4, base::nullopt}, + {"0x39 in string", "\"\\9\"", 4, base::nullopt}, + {"0x3a in string", "\"\\:\"", 4, base::nullopt}, + {"0x3b in string", "\"\\;\"", 4, base::nullopt}, + {"0x3c in string", "\"\\<\"", 4, base::nullopt}, + {"0x3d in string", "\"\\=\"", 4, base::nullopt}, + {"0x3e in string", "\"\\>\"", 4, base::nullopt}, + {"0x3f in string", "\"\\?\"", 4, base::nullopt}, + {"0x40 in string", "\"\\@\"", 4, base::nullopt}, + {"0x41 in string", "\"\\A\"", 4, base::nullopt}, + {"0x42 in string", "\"\\B\"", 4, base::nullopt}, + {"0x43 in string", "\"\\C\"", 4, base::nullopt}, + {"0x44 in string", "\"\\D\"", 4, base::nullopt}, + {"0x45 in string", "\"\\E\"", 4, base::nullopt}, + {"0x46 in string", "\"\\F\"", 4, base::nullopt}, + {"0x47 in string", "\"\\G\"", 4, base::nullopt}, + {"0x48 in string", "\"\\H\"", 4, base::nullopt}, + {"0x49 in string", "\"\\I\"", 4, base::nullopt}, + {"0x4a in string", "\"\\J\"", 4, base::nullopt}, + {"0x4b in string", "\"\\K\"", 4, base::nullopt}, + {"0x4c in string", "\"\\L\"", 4, base::nullopt}, + {"0x4d in string", "\"\\M\"", 4, base::nullopt}, + {"0x4e in string", "\"\\N\"", 4, base::nullopt}, + {"0x4f in string", "\"\\O\"", 4, base::nullopt}, + {"0x50 in string", "\"\\P\"", 4, base::nullopt}, + {"0x51 in string", "\"\\Q\"", 4, base::nullopt}, + {"0x52 in string", "\"\\R\"", 4, base::nullopt}, + {"0x53 in string", "\"\\S\"", 4, base::nullopt}, + {"0x54 in string", "\"\\T\"", 4, base::nullopt}, + {"0x55 in string", "\"\\U\"", 4, base::nullopt}, + {"0x56 in string", "\"\\V\"", 4, base::nullopt}, + {"0x57 in string", "\"\\W\"", 4, base::nullopt}, + {"0x58 in string", "\"\\X\"", 4, base::nullopt}, + {"0x59 in string", "\"\\Y\"", 4, base::nullopt}, + {"0x5a in string", "\"\\Z\"", 4, base::nullopt}, + {"0x5b in string", "\"\\[\"", 4, base::nullopt}, + {"0x5c in string", "\"\\\\\"", 4, {{Item("\\"), {}}}}, + {"0x5d in string", "\"\\]\"", 4, base::nullopt}, + {"0x5e in string", "\"\\^\"", 4, base::nullopt}, + {"0x5f in string", "\"\\_\"", 4, base::nullopt}, + {"0x60 in string", "\"\\`\"", 4, base::nullopt}, + {"0x61 in string", "\"\\a\"", 4, base::nullopt}, + {"0x62 in string", "\"\\b\"", 4, base::nullopt}, + {"0x63 in string", "\"\\c\"", 4, base::nullopt}, + {"0x64 in string", "\"\\d\"", 4, base::nullopt}, + {"0x65 in string", "\"\\e\"", 4, base::nullopt}, + {"0x66 in string", "\"\\f\"", 4, base::nullopt}, + {"0x67 in string", "\"\\g\"", 4, base::nullopt}, + {"0x68 in string", "\"\\h\"", 4, base::nullopt}, + {"0x69 in string", "\"\\i\"", 4, base::nullopt}, + {"0x6a in string", "\"\\j\"", 4, base::nullopt}, + {"0x6b in string", "\"\\k\"", 4, base::nullopt}, + {"0x6c in string", "\"\\l\"", 4, base::nullopt}, + {"0x6d in string", "\"\\m\"", 4, base::nullopt}, + {"0x6e in string", "\"\\n\"", 4, base::nullopt}, + {"0x6f in string", "\"\\o\"", 4, base::nullopt}, + {"0x70 in string", "\"\\p\"", 4, base::nullopt}, + {"0x71 in string", "\"\\q\"", 4, base::nullopt}, + {"0x72 in string", "\"\\r\"", 4, base::nullopt}, + {"0x73 in string", "\"\\s\"", 4, base::nullopt}, + {"0x74 in string", "\"\\t\"", 4, base::nullopt}, + {"0x75 in string", "\"\\u\"", 4, base::nullopt}, + {"0x76 in string", "\"\\v\"", 4, base::nullopt}, + {"0x77 in string", "\"\\w\"", 4, base::nullopt}, + {"0x78 in string", "\"\\x\"", 4, base::nullopt}, + {"0x79 in string", "\"\\y\"", 4, base::nullopt}, + {"0x7a in string", "\"\\z\"", 4, base::nullopt}, + {"0x7b in string", "\"\\{\"", 4, base::nullopt}, + {"0x7c in string", "\"\\|\"", 4, base::nullopt}, + {"0x7d in string", "\"\\}\"", 4, base::nullopt}, + {"0x7e in string", "\"\\~\"", 4, base::nullopt}, + {"0x7f in string", "\"\\\177\"", 4, base::nullopt}, + // string.json + {"basic string", "\"foo bar\"", 9, {{Item("foo bar"), {}}}}, + {"empty string", "\"\"", 2, {{Item(""), {}}}}, + {"long string", + "\"foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo " + "foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo " + "foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo " + "foo foo foo foo foo foo foo foo foo foo foo foo \"", + 262, + {{Item("foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo " + "foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo " + "foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo " + "foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo " + "foo "), + {}}}}, + {"whitespace string", "\" \"", 5, {{Item(" "), {}}}}, + {"non-ascii string", "\"f\374\374\"", 5, base::nullopt}, + {"tab in string", "\"\\t\"", 4, base::nullopt}, + {"newline in string", "\" \\n \"", 6, base::nullopt}, + {"single quoted string", "'foo'", 5, base::nullopt}, + {"unbalanced string", "\"foo", 4, base::nullopt}, + {"string quoting", + "\"foo \\\"bar\\\" \\\\ baz\"", + 20, + {{Item("foo \"bar\" \\ baz"), {}}}}, + {"bad string quoting", "\"foo \\,\"", 8, base::nullopt}, + {"ending string quote", "\"foo \\\"", 7, base::nullopt}, + {"abruptly ending string quote", "\"foo \\", 6, base::nullopt}, + // token-generated.json + {"0x00 in token", "a\000a", 3, base::nullopt}, + {"0x01 in token", "a\001a", 3, base::nullopt}, + {"0x02 in token", "a\002a", 3, base::nullopt}, + {"0x03 in token", "a\003a", 3, base::nullopt}, + {"0x04 in token", "a\004a", 3, base::nullopt}, + {"0x05 in token", "a\005a", 3, base::nullopt}, + {"0x06 in token", "a\006a", 3, base::nullopt}, + {"0x07 in token", "a\aa", 3, base::nullopt}, + {"0x08 in token", "a\ba", 3, base::nullopt}, + {"0x09 in token", "a\ta", 3, base::nullopt}, + {"0x0a in token", "a\na", 3, base::nullopt}, + {"0x0b in token", "a\va", 3, base::nullopt}, + {"0x0c in token", "a\fa", 3, base::nullopt}, + {"0x0d in token", "a\ra", 3, base::nullopt}, + {"0x0e in token", "a\016a", 3, base::nullopt}, + {"0x0f in token", "a\017a", 3, base::nullopt}, + {"0x10 in token", "a\020a", 3, base::nullopt}, + {"0x11 in token", "a\021a", 3, base::nullopt}, + {"0x12 in token", "a\022a", 3, base::nullopt}, + {"0x13 in token", "a\023a", 3, base::nullopt}, + {"0x14 in token", "a\024a", 3, base::nullopt}, + {"0x15 in token", "a\025a", 3, base::nullopt}, + {"0x16 in token", "a\026a", 3, base::nullopt}, + {"0x17 in token", "a\027a", 3, base::nullopt}, + {"0x18 in token", "a\030a", 3, base::nullopt}, + {"0x19 in token", "a\031a", 3, base::nullopt}, + {"0x1a in token", "a\032a", 3, base::nullopt}, + {"0x1b in token", "a\033a", 3, base::nullopt}, + {"0x1c in token", "a\034a", 3, base::nullopt}, + {"0x1d in token", "a\035a", 3, base::nullopt}, + {"0x1e in token", "a\036a", 3, base::nullopt}, + {"0x1f in token", "a\037a", 3, base::nullopt}, + {"0x20 in token", "a a", 3, base::nullopt}, + {"0x21 in token", "a!a", 3, {{Item("a!a", Item::kTokenType), {}}}}, + {"0x22 in token", "a\"a", 3, base::nullopt}, + {"0x23 in token", "a#a", 3, {{Item("a#a", Item::kTokenType), {}}}}, + {"0x24 in token", "a$a", 3, {{Item("a$a", Item::kTokenType), {}}}}, + {"0x25 in token", "a%a", 3, {{Item("a%a", Item::kTokenType), {}}}}, + {"0x26 in token", "a&a", 3, {{Item("a&a", Item::kTokenType), {}}}}, + {"0x27 in token", "a'a", 3, {{Item("a'a", Item::kTokenType), {}}}}, + {"0x28 in token", "a(a", 3, base::nullopt}, + {"0x29 in token", "a)a", 3, base::nullopt}, + {"0x2a in token", "a*a", 3, {{Item("a*a", Item::kTokenType), {}}}}, + {"0x2b in token", "a+a", 3, {{Item("a+a", Item::kTokenType), {}}}}, + {"0x2c in token", "a,a", 3, base::nullopt}, + {"0x2d in token", "a-a", 3, {{Item("a-a", Item::kTokenType), {}}}}, + {"0x2e in token", "a.a", 3, {{Item("a.a", Item::kTokenType), {}}}}, + {"0x2f in token", "a/a", 3, {{Item("a/a", Item::kTokenType), {}}}}, + {"0x30 in token", "a0a", 3, {{Item("a0a", Item::kTokenType), {}}}}, + {"0x31 in token", "a1a", 3, {{Item("a1a", Item::kTokenType), {}}}}, + {"0x32 in token", "a2a", 3, {{Item("a2a", Item::kTokenType), {}}}}, + {"0x33 in token", "a3a", 3, {{Item("a3a", Item::kTokenType), {}}}}, + {"0x34 in token", "a4a", 3, {{Item("a4a", Item::kTokenType), {}}}}, + {"0x35 in token", "a5a", 3, {{Item("a5a", Item::kTokenType), {}}}}, + {"0x36 in token", "a6a", 3, {{Item("a6a", Item::kTokenType), {}}}}, + {"0x37 in token", "a7a", 3, {{Item("a7a", Item::kTokenType), {}}}}, + {"0x38 in token", "a8a", 3, {{Item("a8a", Item::kTokenType), {}}}}, + {"0x39 in token", "a9a", 3, {{Item("a9a", Item::kTokenType), {}}}}, + {"0x3a in token", "a:a", 3, {{Item("a:a", Item::kTokenType), {}}}}, + {"0x3b in token", + "a;a", + 3, + {{Item("a", Item::kTokenType), {BooleanParam("a", true)}}}}, + {"0x3c in token", "a<a", 3, base::nullopt}, + {"0x3d in token", "a=a", 3, base::nullopt}, + {"0x3e in token", "a>a", 3, base::nullopt}, + {"0x3f in token", "a?a", 3, base::nullopt}, + {"0x40 in token", "a@a", 3, base::nullopt}, + {"0x41 in token", "aAa", 3, {{Item("aAa", Item::kTokenType), {}}}}, + {"0x42 in token", "aBa", 3, {{Item("aBa", Item::kTokenType), {}}}}, + {"0x43 in token", "aCa", 3, {{Item("aCa", Item::kTokenType), {}}}}, + {"0x44 in token", "aDa", 3, {{Item("aDa", Item::kTokenType), {}}}}, + {"0x45 in token", "aEa", 3, {{Item("aEa", Item::kTokenType), {}}}}, + {"0x46 in token", "aFa", 3, {{Item("aFa", Item::kTokenType), {}}}}, + {"0x47 in token", "aGa", 3, {{Item("aGa", Item::kTokenType), {}}}}, + {"0x48 in token", "aHa", 3, {{Item("aHa", Item::kTokenType), {}}}}, + {"0x49 in token", "aIa", 3, {{Item("aIa", Item::kTokenType), {}}}}, + {"0x4a in token", "aJa", 3, {{Item("aJa", Item::kTokenType), {}}}}, + {"0x4b in token", "aKa", 3, {{Item("aKa", Item::kTokenType), {}}}}, + {"0x4c in token", "aLa", 3, {{Item("aLa", Item::kTokenType), {}}}}, + {"0x4d in token", "aMa", 3, {{Item("aMa", Item::kTokenType), {}}}}, + {"0x4e in token", "aNa", 3, {{Item("aNa", Item::kTokenType), {}}}}, + {"0x4f in token", "aOa", 3, {{Item("aOa", Item::kTokenType), {}}}}, + {"0x50 in token", "aPa", 3, {{Item("aPa", Item::kTokenType), {}}}}, + {"0x51 in token", "aQa", 3, {{Item("aQa", Item::kTokenType), {}}}}, + {"0x52 in token", "aRa", 3, {{Item("aRa", Item::kTokenType), {}}}}, + {"0x53 in token", "aSa", 3, {{Item("aSa", Item::kTokenType), {}}}}, + {"0x54 in token", "aTa", 3, {{Item("aTa", Item::kTokenType), {}}}}, + {"0x55 in token", "aUa", 3, {{Item("aUa", Item::kTokenType), {}}}}, + {"0x56 in token", "aVa", 3, {{Item("aVa", Item::kTokenType), {}}}}, + {"0x57 in token", "aWa", 3, {{Item("aWa", Item::kTokenType), {}}}}, + {"0x58 in token", "aXa", 3, {{Item("aXa", Item::kTokenType), {}}}}, + {"0x59 in token", "aYa", 3, {{Item("aYa", Item::kTokenType), {}}}}, + {"0x5a in token", "aZa", 3, {{Item("aZa", Item::kTokenType), {}}}}, + {"0x5b in token", "a[a", 3, base::nullopt}, + {"0x5c in token", "a\\a", 3, base::nullopt}, + {"0x5d in token", "a]a", 3, base::nullopt}, + {"0x5e in token", "a^a", 3, {{Item("a^a", Item::kTokenType), {}}}}, + {"0x5f in token", "a_a", 3, {{Item("a_a", Item::kTokenType), {}}}}, + {"0x60 in token", "a`a", 3, {{Item("a`a", Item::kTokenType), {}}}}, + {"0x61 in token", "aaa", 3, {{Item("aaa", Item::kTokenType), {}}}}, + {"0x62 in token", "aba", 3, {{Item("aba", Item::kTokenType), {}}}}, + {"0x63 in token", "aca", 3, {{Item("aca", Item::kTokenType), {}}}}, + {"0x64 in token", "ada", 3, {{Item("ada", Item::kTokenType), {}}}}, + {"0x65 in token", "aea", 3, {{Item("aea", Item::kTokenType), {}}}}, + {"0x66 in token", "afa", 3, {{Item("afa", Item::kTokenType), {}}}}, + {"0x67 in token", "aga", 3, {{Item("aga", Item::kTokenType), {}}}}, + {"0x68 in token", "aha", 3, {{Item("aha", Item::kTokenType), {}}}}, + {"0x69 in token", "aia", 3, {{Item("aia", Item::kTokenType), {}}}}, + {"0x6a in token", "aja", 3, {{Item("aja", Item::kTokenType), {}}}}, + {"0x6b in token", "aka", 3, {{Item("aka", Item::kTokenType), {}}}}, + {"0x6c in token", "ala", 3, {{Item("ala", Item::kTokenType), {}}}}, + {"0x6d in token", "ama", 3, {{Item("ama", Item::kTokenType), {}}}}, + {"0x6e in token", "ana", 3, {{Item("ana", Item::kTokenType), {}}}}, + {"0x6f in token", "aoa", 3, {{Item("aoa", Item::kTokenType), {}}}}, + {"0x70 in token", "apa", 3, {{Item("apa", Item::kTokenType), {}}}}, + {"0x71 in token", "aqa", 3, {{Item("aqa", Item::kTokenType), {}}}}, + {"0x72 in token", "ara", 3, {{Item("ara", Item::kTokenType), {}}}}, + {"0x73 in token", "asa", 3, {{Item("asa", Item::kTokenType), {}}}}, + {"0x74 in token", "ata", 3, {{Item("ata", Item::kTokenType), {}}}}, + {"0x75 in token", "aua", 3, {{Item("aua", Item::kTokenType), {}}}}, + {"0x76 in token", "ava", 3, {{Item("ava", Item::kTokenType), {}}}}, + {"0x77 in token", "awa", 3, {{Item("awa", Item::kTokenType), {}}}}, + {"0x78 in token", "axa", 3, {{Item("axa", Item::kTokenType), {}}}}, + {"0x79 in token", "aya", 3, {{Item("aya", Item::kTokenType), {}}}}, + {"0x7a in token", "aza", 3, {{Item("aza", Item::kTokenType), {}}}}, + {"0x7b in token", "a{a", 3, base::nullopt}, + {"0x7c in token", "a|a", 3, {{Item("a|a", Item::kTokenType), {}}}}, + {"0x7d in token", "a}a", 3, base::nullopt}, + {"0x7e in token", "a~a", 3, {{Item("a~a", Item::kTokenType), {}}}}, + {"0x7f in token", "a\177a", 3, base::nullopt}, + {"0x00 starting an token", "\000a", 2, base::nullopt}, + {"0x01 starting an token", "\001a", 2, base::nullopt}, + {"0x02 starting an token", "\002a", 2, base::nullopt}, + {"0x03 starting an token", "\003a", 2, base::nullopt}, + {"0x04 starting an token", "\004a", 2, base::nullopt}, + {"0x05 starting an token", "\005a", 2, base::nullopt}, + {"0x06 starting an token", "\006a", 2, base::nullopt}, + {"0x07 starting an token", "\aa", 2, base::nullopt}, + {"0x08 starting an token", "\ba", 2, base::nullopt}, + {"0x09 starting an token", "\ta", 2, base::nullopt}, + {"0x0a starting an token", "\na", 2, base::nullopt}, + {"0x0b starting an token", "\va", 2, base::nullopt}, + {"0x0c starting an token", "\fa", 2, base::nullopt}, + {"0x0d starting an token", "\ra", 2, base::nullopt}, + {"0x0e starting an token", "\016a", 2, base::nullopt}, + {"0x0f starting an token", "\017a", 2, base::nullopt}, + {"0x10 starting an token", "\020a", 2, base::nullopt}, + {"0x11 starting an token", "\021a", 2, base::nullopt}, + {"0x12 starting an token", "\022a", 2, base::nullopt}, + {"0x13 starting an token", "\023a", 2, base::nullopt}, + {"0x14 starting an token", "\024a", 2, base::nullopt}, + {"0x15 starting an token", "\025a", 2, base::nullopt}, + {"0x16 starting an token", "\026a", 2, base::nullopt}, + {"0x17 starting an token", "\027a", 2, base::nullopt}, + {"0x18 starting an token", "\030a", 2, base::nullopt}, + {"0x19 starting an token", "\031a", 2, base::nullopt}, + {"0x1a starting an token", "\032a", 2, base::nullopt}, + {"0x1b starting an token", "\033a", 2, base::nullopt}, + {"0x1c starting an token", "\034a", 2, base::nullopt}, + {"0x1d starting an token", "\035a", 2, base::nullopt}, + {"0x1e starting an token", "\036a", 2, base::nullopt}, + {"0x1f starting an token", "\037a", 2, base::nullopt}, + {"0x20 starting an token", + " a", + 2, + {{Item("a", Item::kTokenType), {}}}, + "a"}, + {"0x21 starting an token", "!a", 2, base::nullopt}, + {"0x22 starting an token", "\"a", 2, base::nullopt}, + {"0x23 starting an token", "#a", 2, base::nullopt}, + {"0x24 starting an token", "$a", 2, base::nullopt}, + {"0x25 starting an token", "%a", 2, base::nullopt}, + {"0x26 starting an token", "&a", 2, base::nullopt}, + {"0x27 starting an token", "'a", 2, base::nullopt}, + {"0x28 starting an token", "(a", 2, base::nullopt}, + {"0x29 starting an token", ")a", 2, base::nullopt}, + {"0x2a starting an token", "*a", 2, {{Item("*a", Item::kTokenType), {}}}}, + {"0x2b starting an token", "+a", 2, base::nullopt}, + {"0x2c starting an token", ",a", 2, base::nullopt}, + {"0x2d starting an token", "-a", 2, base::nullopt}, + {"0x2e starting an token", ".a", 2, base::nullopt}, + {"0x2f starting an token", "/a", 2, base::nullopt}, + {"0x30 starting an token", "0a", 2, base::nullopt}, + {"0x31 starting an token", "1a", 2, base::nullopt}, + {"0x32 starting an token", "2a", 2, base::nullopt}, + {"0x33 starting an token", "3a", 2, base::nullopt}, + {"0x34 starting an token", "4a", 2, base::nullopt}, + {"0x35 starting an token", "5a", 2, base::nullopt}, + {"0x36 starting an token", "6a", 2, base::nullopt}, + {"0x37 starting an token", "7a", 2, base::nullopt}, + {"0x38 starting an token", "8a", 2, base::nullopt}, + {"0x39 starting an token", "9a", 2, base::nullopt}, + {"0x3a starting an token", ":a", 2, base::nullopt}, + {"0x3b starting an token", ";a", 2, base::nullopt}, + {"0x3c starting an token", "<a", 2, base::nullopt}, + {"0x3d starting an token", "=a", 2, base::nullopt}, + {"0x3e starting an token", ">a", 2, base::nullopt}, + {"0x3f starting an token", "?a", 2, base::nullopt}, + {"0x40 starting an token", "@a", 2, base::nullopt}, + {"0x41 starting an token", "Aa", 2, {{Item("Aa", Item::kTokenType), {}}}}, + {"0x42 starting an token", "Ba", 2, {{Item("Ba", Item::kTokenType), {}}}}, + {"0x43 starting an token", "Ca", 2, {{Item("Ca", Item::kTokenType), {}}}}, + {"0x44 starting an token", "Da", 2, {{Item("Da", Item::kTokenType), {}}}}, + {"0x45 starting an token", "Ea", 2, {{Item("Ea", Item::kTokenType), {}}}}, + {"0x46 starting an token", "Fa", 2, {{Item("Fa", Item::kTokenType), {}}}}, + {"0x47 starting an token", "Ga", 2, {{Item("Ga", Item::kTokenType), {}}}}, + {"0x48 starting an token", "Ha", 2, {{Item("Ha", Item::kTokenType), {}}}}, + {"0x49 starting an token", "Ia", 2, {{Item("Ia", Item::kTokenType), {}}}}, + {"0x4a starting an token", "Ja", 2, {{Item("Ja", Item::kTokenType), {}}}}, + {"0x4b starting an token", "Ka", 2, {{Item("Ka", Item::kTokenType), {}}}}, + {"0x4c starting an token", "La", 2, {{Item("La", Item::kTokenType), {}}}}, + {"0x4d starting an token", "Ma", 2, {{Item("Ma", Item::kTokenType), {}}}}, + {"0x4e starting an token", "Na", 2, {{Item("Na", Item::kTokenType), {}}}}, + {"0x4f starting an token", "Oa", 2, {{Item("Oa", Item::kTokenType), {}}}}, + {"0x50 starting an token", "Pa", 2, {{Item("Pa", Item::kTokenType), {}}}}, + {"0x51 starting an token", "Qa", 2, {{Item("Qa", Item::kTokenType), {}}}}, + {"0x52 starting an token", "Ra", 2, {{Item("Ra", Item::kTokenType), {}}}}, + {"0x53 starting an token", "Sa", 2, {{Item("Sa", Item::kTokenType), {}}}}, + {"0x54 starting an token", "Ta", 2, {{Item("Ta", Item::kTokenType), {}}}}, + {"0x55 starting an token", "Ua", 2, {{Item("Ua", Item::kTokenType), {}}}}, + {"0x56 starting an token", "Va", 2, {{Item("Va", Item::kTokenType), {}}}}, + {"0x57 starting an token", "Wa", 2, {{Item("Wa", Item::kTokenType), {}}}}, + {"0x58 starting an token", "Xa", 2, {{Item("Xa", Item::kTokenType), {}}}}, + {"0x59 starting an token", "Ya", 2, {{Item("Ya", Item::kTokenType), {}}}}, + {"0x5a starting an token", "Za", 2, {{Item("Za", Item::kTokenType), {}}}}, + {"0x5b starting an token", "[a", 2, base::nullopt}, + {"0x5c starting an token", "\\a", 2, base::nullopt}, + {"0x5d starting an token", "]a", 2, base::nullopt}, + {"0x5e starting an token", "^a", 2, base::nullopt}, + {"0x5f starting an token", "_a", 2, base::nullopt}, + {"0x60 starting an token", "`a", 2, base::nullopt}, + {"0x61 starting an token", "aa", 2, {{Item("aa", Item::kTokenType), {}}}}, + {"0x62 starting an token", "ba", 2, {{Item("ba", Item::kTokenType), {}}}}, + {"0x63 starting an token", "ca", 2, {{Item("ca", Item::kTokenType), {}}}}, + {"0x64 starting an token", "da", 2, {{Item("da", Item::kTokenType), {}}}}, + {"0x65 starting an token", "ea", 2, {{Item("ea", Item::kTokenType), {}}}}, + {"0x66 starting an token", "fa", 2, {{Item("fa", Item::kTokenType), {}}}}, + {"0x67 starting an token", "ga", 2, {{Item("ga", Item::kTokenType), {}}}}, + {"0x68 starting an token", "ha", 2, {{Item("ha", Item::kTokenType), {}}}}, + {"0x69 starting an token", "ia", 2, {{Item("ia", Item::kTokenType), {}}}}, + {"0x6a starting an token", "ja", 2, {{Item("ja", Item::kTokenType), {}}}}, + {"0x6b starting an token", "ka", 2, {{Item("ka", Item::kTokenType), {}}}}, + {"0x6c starting an token", "la", 2, {{Item("la", Item::kTokenType), {}}}}, + {"0x6d starting an token", "ma", 2, {{Item("ma", Item::kTokenType), {}}}}, + {"0x6e starting an token", "na", 2, {{Item("na", Item::kTokenType), {}}}}, + {"0x6f starting an token", "oa", 2, {{Item("oa", Item::kTokenType), {}}}}, + {"0x70 starting an token", "pa", 2, {{Item("pa", Item::kTokenType), {}}}}, + {"0x71 starting an token", "qa", 2, {{Item("qa", Item::kTokenType), {}}}}, + {"0x72 starting an token", "ra", 2, {{Item("ra", Item::kTokenType), {}}}}, + {"0x73 starting an token", "sa", 2, {{Item("sa", Item::kTokenType), {}}}}, + {"0x74 starting an token", "ta", 2, {{Item("ta", Item::kTokenType), {}}}}, + {"0x75 starting an token", "ua", 2, {{Item("ua", Item::kTokenType), {}}}}, + {"0x76 starting an token", "va", 2, {{Item("va", Item::kTokenType), {}}}}, + {"0x77 starting an token", "wa", 2, {{Item("wa", Item::kTokenType), {}}}}, + {"0x78 starting an token", "xa", 2, {{Item("xa", Item::kTokenType), {}}}}, + {"0x79 starting an token", "ya", 2, {{Item("ya", Item::kTokenType), {}}}}, + {"0x7a starting an token", "za", 2, {{Item("za", Item::kTokenType), {}}}}, + {"0x7b starting an token", "{a", 2, base::nullopt}, + {"0x7c starting an token", "|a", 2, base::nullopt}, + {"0x7d starting an token", "}a", 2, base::nullopt}, + {"0x7e starting an token", "~a", 2, base::nullopt}, + {"0x7f starting an token", "\177a", 2, base::nullopt}, + // token.json + {"basic token - item", + "a_b-c.d3:f%00/*", + 15, + {{Item("a_b-c.d3:f%00/*", Item::kTokenType), {}}}}, + {"token with capitals - item", + "fooBar", + 6, + {{Item("fooBar", Item::kTokenType), {}}}}, + {"token starting with capitals - item", + "FooBar", + 6, + {{Item("FooBar", Item::kTokenType), {}}}}, +}; + +const struct ListTestCase { + const char* name; + const char* raw; + size_t raw_len; + const base::Optional<List> expected; // nullopt if parse error is expected. + const char* canonical; // nullptr if parse error is expected, or if canonical + // format is identical to raw. +} list_test_cases[] = { + + // dictionary.json + {"tab separated dictionary", "a=1\t,\tb=2", 9, base::nullopt}, + // examples.json + {"Example-StrListHeader", + "\"foo\", \"bar\", \"It was the best of times.\"", + 41, + {{{Item("foo"), {}}, + {Item("bar"), {}}, + {Item("It was the best of times."), {}}}}}, + {"Example-Hdr (list on one line)", + "foo, bar", + 8, + {{{Item("foo", Item::kTokenType), {}}, + {Item("bar", Item::kTokenType), {}}}}}, + {"Example-Hdr (list on two lines)", + "foo, bar", + 8, + {{{Item("foo", Item::kTokenType), {}}, + {Item("bar", Item::kTokenType), {}}}}, + "foo, bar"}, + {"Example-StrListListHeader", + "(\"foo\" \"bar\"), (\"baz\"), (\"bat\" \"one\"), ()", + 41, + {{{{{Item("foo"), {}}, {Item("bar"), {}}}, {}}, + {{{Item("baz"), {}}}, {}}, + {{{Item("bat"), {}}, {Item("one"), {}}}, {}}, + {std::vector<ParameterizedItem>(), {}}}}}, + {"Example-ListListParam", + "(\"foo\"; a=1;b=2);lvl=5, (\"bar\" \"baz\");lvl=1", + 43, + {{{{{Item("foo"), {Param("a", 1), Param("b", 2)}}}, {Param("lvl", 5)}}, + {{{Item("bar"), {}}, {Item("baz"), {}}}, {Param("lvl", 1)}}}}, + "(\"foo\";a=1;b=2);lvl=5, (\"bar\" \"baz\");lvl=1"}, + {"Example-ParamListHeader", + "abc;a=1;b=2; cde_456, (ghi;jk=4 l);q=\"9\";r=w", + 44, + {{{Item("abc", Item::kTokenType), + {Param("a", 1), Param("b", 2), BooleanParam("cde_456", true)}}, + {{{Item("ghi", Item::kTokenType), {Param("jk", 4)}}, + {Item("l", Item::kTokenType), {}}}, + {Param("q", "9"), TokenParam("r", "w")}}}}, + "abc;a=1;b=2;cde_456, (ghi;jk=4 l);q=\"9\";r=w"}, + // key-generated.json + {"0x00 in parameterised list key", "foo; a\000a=1", 10, base::nullopt}, + {"0x01 in parameterised list key", "foo; a\001a=1", 10, base::nullopt}, + {"0x02 in parameterised list key", "foo; a\002a=1", 10, base::nullopt}, + {"0x03 in parameterised list key", "foo; a\003a=1", 10, base::nullopt}, + {"0x04 in parameterised list key", "foo; a\004a=1", 10, base::nullopt}, + {"0x05 in parameterised list key", "foo; a\005a=1", 10, base::nullopt}, + {"0x06 in parameterised list key", "foo; a\006a=1", 10, base::nullopt}, + {"0x07 in parameterised list key", "foo; a\aa=1", 10, base::nullopt}, + {"0x08 in parameterised list key", "foo; a\ba=1", 10, base::nullopt}, + {"0x09 in parameterised list key", "foo; a\ta=1", 10, base::nullopt}, + {"0x0a in parameterised list key", "foo; a\na=1", 10, base::nullopt}, + {"0x0b in parameterised list key", "foo; a\va=1", 10, base::nullopt}, + {"0x0c in parameterised list key", "foo; a\fa=1", 10, base::nullopt}, + {"0x0d in parameterised list key", "foo; a\ra=1", 10, base::nullopt}, + {"0x0e in parameterised list key", "foo; a\016a=1", 10, base::nullopt}, + {"0x0f in parameterised list key", "foo; a\017a=1", 10, base::nullopt}, + {"0x10 in parameterised list key", "foo; a\020a=1", 10, base::nullopt}, + {"0x11 in parameterised list key", "foo; a\021a=1", 10, base::nullopt}, + {"0x12 in parameterised list key", "foo; a\022a=1", 10, base::nullopt}, + {"0x13 in parameterised list key", "foo; a\023a=1", 10, base::nullopt}, + {"0x14 in parameterised list key", "foo; a\024a=1", 10, base::nullopt}, + {"0x15 in parameterised list key", "foo; a\025a=1", 10, base::nullopt}, + {"0x16 in parameterised list key", "foo; a\026a=1", 10, base::nullopt}, + {"0x17 in parameterised list key", "foo; a\027a=1", 10, base::nullopt}, + {"0x18 in parameterised list key", "foo; a\030a=1", 10, base::nullopt}, + {"0x19 in parameterised list key", "foo; a\031a=1", 10, base::nullopt}, + {"0x1a in parameterised list key", "foo; a\032a=1", 10, base::nullopt}, + {"0x1b in parameterised list key", "foo; a\033a=1", 10, base::nullopt}, + {"0x1c in parameterised list key", "foo; a\034a=1", 10, base::nullopt}, + {"0x1d in parameterised list key", "foo; a\035a=1", 10, base::nullopt}, + {"0x1e in parameterised list key", "foo; a\036a=1", 10, base::nullopt}, + {"0x1f in parameterised list key", "foo; a\037a=1", 10, base::nullopt}, + {"0x20 in parameterised list key", "foo; a a=1", 10, base::nullopt}, + {"0x21 in parameterised list key", "foo; a!a=1", 10, base::nullopt}, + {"0x22 in parameterised list key", "foo; a\"a=1", 10, base::nullopt}, + {"0x23 in parameterised list key", "foo; a#a=1", 10, base::nullopt}, + {"0x24 in parameterised list key", "foo; a$a=1", 10, base::nullopt}, + {"0x25 in parameterised list key", "foo; a%a=1", 10, base::nullopt}, + {"0x26 in parameterised list key", "foo; a&a=1", 10, base::nullopt}, + {"0x27 in parameterised list key", "foo; a'a=1", 10, base::nullopt}, + {"0x28 in parameterised list key", "foo; a(a=1", 10, base::nullopt}, + {"0x29 in parameterised list key", "foo; a)a=1", 10, base::nullopt}, + {"0x2a in parameterised list key", + "foo; a*a=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("a*a", 1)}}}}, + "foo;a*a=1"}, + {"0x2b in parameterised list key", "foo; a+a=1", 10, base::nullopt}, + {"0x2c in parameterised list key", "foo; a,a=1", 10, base::nullopt}, + {"0x2d in parameterised list key", + "foo; a-a=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("a-a", 1)}}}}, + "foo;a-a=1"}, + {"0x2e in parameterised list key", + "foo; a.a=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("a.a", 1)}}}}, + "foo;a.a=1"}, + {"0x2f in parameterised list key", "foo; a/a=1", 10, base::nullopt}, + {"0x30 in parameterised list key", + "foo; a0a=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("a0a", 1)}}}}, + "foo;a0a=1"}, + {"0x31 in parameterised list key", + "foo; a1a=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("a1a", 1)}}}}, + "foo;a1a=1"}, + {"0x32 in parameterised list key", + "foo; a2a=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("a2a", 1)}}}}, + "foo;a2a=1"}, + {"0x33 in parameterised list key", + "foo; a3a=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("a3a", 1)}}}}, + "foo;a3a=1"}, + {"0x34 in parameterised list key", + "foo; a4a=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("a4a", 1)}}}}, + "foo;a4a=1"}, + {"0x35 in parameterised list key", + "foo; a5a=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("a5a", 1)}}}}, + "foo;a5a=1"}, + {"0x36 in parameterised list key", + "foo; a6a=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("a6a", 1)}}}}, + "foo;a6a=1"}, + {"0x37 in parameterised list key", + "foo; a7a=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("a7a", 1)}}}}, + "foo;a7a=1"}, + {"0x38 in parameterised list key", + "foo; a8a=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("a8a", 1)}}}}, + "foo;a8a=1"}, + {"0x39 in parameterised list key", + "foo; a9a=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("a9a", 1)}}}}, + "foo;a9a=1"}, + {"0x3a in parameterised list key", "foo; a:a=1", 10, base::nullopt}, + {"0x3b in parameterised list key", + "foo; a;a=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("a", 1)}}}}, + "foo;a=1"}, + {"0x3c in parameterised list key", "foo; a<a=1", 10, base::nullopt}, + {"0x3d in parameterised list key", "foo; a=a=1", 10, base::nullopt}, + {"0x3e in parameterised list key", "foo; a>a=1", 10, base::nullopt}, + {"0x3f in parameterised list key", "foo; a?a=1", 10, base::nullopt}, + {"0x40 in parameterised list key", "foo; a@a=1", 10, base::nullopt}, + {"0x41 in parameterised list key", "foo; aAa=1", 10, base::nullopt}, + {"0x42 in parameterised list key", "foo; aBa=1", 10, base::nullopt}, + {"0x43 in parameterised list key", "foo; aCa=1", 10, base::nullopt}, + {"0x44 in parameterised list key", "foo; aDa=1", 10, base::nullopt}, + {"0x45 in parameterised list key", "foo; aEa=1", 10, base::nullopt}, + {"0x46 in parameterised list key", "foo; aFa=1", 10, base::nullopt}, + {"0x47 in parameterised list key", "foo; aGa=1", 10, base::nullopt}, + {"0x48 in parameterised list key", "foo; aHa=1", 10, base::nullopt}, + {"0x49 in parameterised list key", "foo; aIa=1", 10, base::nullopt}, + {"0x4a in parameterised list key", "foo; aJa=1", 10, base::nullopt}, + {"0x4b in parameterised list key", "foo; aKa=1", 10, base::nullopt}, + {"0x4c in parameterised list key", "foo; aLa=1", 10, base::nullopt}, + {"0x4d in parameterised list key", "foo; aMa=1", 10, base::nullopt}, + {"0x4e in parameterised list key", "foo; aNa=1", 10, base::nullopt}, + {"0x4f in parameterised list key", "foo; aOa=1", 10, base::nullopt}, + {"0x50 in parameterised list key", "foo; aPa=1", 10, base::nullopt}, + {"0x51 in parameterised list key", "foo; aQa=1", 10, base::nullopt}, + {"0x52 in parameterised list key", "foo; aRa=1", 10, base::nullopt}, + {"0x53 in parameterised list key", "foo; aSa=1", 10, base::nullopt}, + {"0x54 in parameterised list key", "foo; aTa=1", 10, base::nullopt}, + {"0x55 in parameterised list key", "foo; aUa=1", 10, base::nullopt}, + {"0x56 in parameterised list key", "foo; aVa=1", 10, base::nullopt}, + {"0x57 in parameterised list key", "foo; aWa=1", 10, base::nullopt}, + {"0x58 in parameterised list key", "foo; aXa=1", 10, base::nullopt}, + {"0x59 in parameterised list key", "foo; aYa=1", 10, base::nullopt}, + {"0x5a in parameterised list key", "foo; aZa=1", 10, base::nullopt}, + {"0x5b in parameterised list key", "foo; a[a=1", 10, base::nullopt}, + {"0x5c in parameterised list key", "foo; a\\a=1", 10, base::nullopt}, + {"0x5d in parameterised list key", "foo; a]a=1", 10, base::nullopt}, + {"0x5e in parameterised list key", "foo; a^a=1", 10, base::nullopt}, + {"0x5f in parameterised list key", + "foo; a_a=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("a_a", 1)}}}}, + "foo;a_a=1"}, + {"0x60 in parameterised list key", "foo; a`a=1", 10, base::nullopt}, + {"0x61 in parameterised list key", + "foo; aaa=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("aaa", 1)}}}}, + "foo;aaa=1"}, + {"0x62 in parameterised list key", + "foo; aba=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("aba", 1)}}}}, + "foo;aba=1"}, + {"0x63 in parameterised list key", + "foo; aca=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("aca", 1)}}}}, + "foo;aca=1"}, + {"0x64 in parameterised list key", + "foo; ada=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("ada", 1)}}}}, + "foo;ada=1"}, + {"0x65 in parameterised list key", + "foo; aea=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("aea", 1)}}}}, + "foo;aea=1"}, + {"0x66 in parameterised list key", + "foo; afa=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("afa", 1)}}}}, + "foo;afa=1"}, + {"0x67 in parameterised list key", + "foo; aga=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("aga", 1)}}}}, + "foo;aga=1"}, + {"0x68 in parameterised list key", + "foo; aha=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("aha", 1)}}}}, + "foo;aha=1"}, + {"0x69 in parameterised list key", + "foo; aia=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("aia", 1)}}}}, + "foo;aia=1"}, + {"0x6a in parameterised list key", + "foo; aja=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("aja", 1)}}}}, + "foo;aja=1"}, + {"0x6b in parameterised list key", + "foo; aka=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("aka", 1)}}}}, + "foo;aka=1"}, + {"0x6c in parameterised list key", + "foo; ala=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("ala", 1)}}}}, + "foo;ala=1"}, + {"0x6d in parameterised list key", + "foo; ama=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("ama", 1)}}}}, + "foo;ama=1"}, + {"0x6e in parameterised list key", + "foo; ana=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("ana", 1)}}}}, + "foo;ana=1"}, + {"0x6f in parameterised list key", + "foo; aoa=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("aoa", 1)}}}}, + "foo;aoa=1"}, + {"0x70 in parameterised list key", + "foo; apa=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("apa", 1)}}}}, + "foo;apa=1"}, + {"0x71 in parameterised list key", + "foo; aqa=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("aqa", 1)}}}}, + "foo;aqa=1"}, + {"0x72 in parameterised list key", + "foo; ara=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("ara", 1)}}}}, + "foo;ara=1"}, + {"0x73 in parameterised list key", + "foo; asa=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("asa", 1)}}}}, + "foo;asa=1"}, + {"0x74 in parameterised list key", + "foo; ata=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("ata", 1)}}}}, + "foo;ata=1"}, + {"0x75 in parameterised list key", + "foo; aua=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("aua", 1)}}}}, + "foo;aua=1"}, + {"0x76 in parameterised list key", + "foo; ava=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("ava", 1)}}}}, + "foo;ava=1"}, + {"0x77 in parameterised list key", + "foo; awa=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("awa", 1)}}}}, + "foo;awa=1"}, + {"0x78 in parameterised list key", + "foo; axa=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("axa", 1)}}}}, + "foo;axa=1"}, + {"0x79 in parameterised list key", + "foo; aya=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("aya", 1)}}}}, + "foo;aya=1"}, + {"0x7a in parameterised list key", + "foo; aza=1", + 10, + {{{Item("foo", Item::kTokenType), {Param("aza", 1)}}}}, + "foo;aza=1"}, + {"0x7b in parameterised list key", "foo; a{a=1", 10, base::nullopt}, + {"0x7c in parameterised list key", "foo; a|a=1", 10, base::nullopt}, + {"0x7d in parameterised list key", "foo; a}a=1", 10, base::nullopt}, + {"0x7e in parameterised list key", "foo; a~a=1", 10, base::nullopt}, + {"0x7f in parameterised list key", "foo; a\177a=1", 10, base::nullopt}, + {"0x00 starting a parameterised list key", "foo; \000a=1", 9, + base::nullopt}, + {"0x01 starting a parameterised list key", "foo; \001a=1", 9, + base::nullopt}, + {"0x02 starting a parameterised list key", "foo; \002a=1", 9, + base::nullopt}, + {"0x03 starting a parameterised list key", "foo; \003a=1", 9, + base::nullopt}, + {"0x04 starting a parameterised list key", "foo; \004a=1", 9, + base::nullopt}, + {"0x05 starting a parameterised list key", "foo; \005a=1", 9, + base::nullopt}, + {"0x06 starting a parameterised list key", "foo; \006a=1", 9, + base::nullopt}, + {"0x07 starting a parameterised list key", "foo; \aa=1", 9, base::nullopt}, + {"0x08 starting a parameterised list key", "foo; \ba=1", 9, base::nullopt}, + {"0x09 starting a parameterised list key", "foo; \ta=1", 9, base::nullopt}, + {"0x0a starting a parameterised list key", "foo; \na=1", 9, base::nullopt}, + {"0x0b starting a parameterised list key", "foo; \va=1", 9, base::nullopt}, + {"0x0c starting a parameterised list key", "foo; \fa=1", 9, base::nullopt}, + {"0x0d starting a parameterised list key", "foo; \ra=1", 9, base::nullopt}, + {"0x0e starting a parameterised list key", "foo; \016a=1", 9, + base::nullopt}, + {"0x0f starting a parameterised list key", "foo; \017a=1", 9, + base::nullopt}, + {"0x10 starting a parameterised list key", "foo; \020a=1", 9, + base::nullopt}, + {"0x11 starting a parameterised list key", "foo; \021a=1", 9, + base::nullopt}, + {"0x12 starting a parameterised list key", "foo; \022a=1", 9, + base::nullopt}, + {"0x13 starting a parameterised list key", "foo; \023a=1", 9, + base::nullopt}, + {"0x14 starting a parameterised list key", "foo; \024a=1", 9, + base::nullopt}, + {"0x15 starting a parameterised list key", "foo; \025a=1", 9, + base::nullopt}, + {"0x16 starting a parameterised list key", "foo; \026a=1", 9, + base::nullopt}, + {"0x17 starting a parameterised list key", "foo; \027a=1", 9, + base::nullopt}, + {"0x18 starting a parameterised list key", "foo; \030a=1", 9, + base::nullopt}, + {"0x19 starting a parameterised list key", "foo; \031a=1", 9, + base::nullopt}, + {"0x1a starting a parameterised list key", "foo; \032a=1", 9, + base::nullopt}, + {"0x1b starting a parameterised list key", "foo; \033a=1", 9, + base::nullopt}, + {"0x1c starting a parameterised list key", "foo; \034a=1", 9, + base::nullopt}, + {"0x1d starting a parameterised list key", "foo; \035a=1", 9, + base::nullopt}, + {"0x1e starting a parameterised list key", "foo; \036a=1", 9, + base::nullopt}, + {"0x1f starting a parameterised list key", "foo; \037a=1", 9, + base::nullopt}, + {"0x20 starting a parameterised list key", + "foo; a=1", + 9, + {{{Item("foo", Item::kTokenType), {Param("a", 1)}}}}, + "foo;a=1"}, + {"0x21 starting a parameterised list key", "foo; !a=1", 9, base::nullopt}, + {"0x22 starting a parameterised list key", "foo; \"a=1", 9, base::nullopt}, + {"0x23 starting a parameterised list key", "foo; #a=1", 9, base::nullopt}, + {"0x24 starting a parameterised list key", "foo; $a=1", 9, base::nullopt}, + {"0x25 starting a parameterised list key", "foo; %a=1", 9, base::nullopt}, + {"0x26 starting a parameterised list key", "foo; &a=1", 9, base::nullopt}, + {"0x27 starting a parameterised list key", "foo; 'a=1", 9, base::nullopt}, + {"0x28 starting a parameterised list key", "foo; (a=1", 9, base::nullopt}, + {"0x29 starting a parameterised list key", "foo; )a=1", 9, base::nullopt}, + {"0x2a starting a parameterised list key", + "foo; *a=1", + 9, + {{{Item("foo", Item::kTokenType), {Param("*a", 1)}}}}, + "foo;*a=1"}, + {"0x2b starting a parameterised list key", "foo; +a=1", 9, base::nullopt}, + {"0x2c starting a parameterised list key", "foo; ,a=1", 9, base::nullopt}, + {"0x2d starting a parameterised list key", "foo; -a=1", 9, base::nullopt}, + {"0x2e starting a parameterised list key", "foo; .a=1", 9, base::nullopt}, + {"0x2f starting a parameterised list key", "foo; /a=1", 9, base::nullopt}, + {"0x30 starting a parameterised list key", "foo; 0a=1", 9, base::nullopt}, + {"0x31 starting a parameterised list key", "foo; 1a=1", 9, base::nullopt}, + {"0x32 starting a parameterised list key", "foo; 2a=1", 9, base::nullopt}, + {"0x33 starting a parameterised list key", "foo; 3a=1", 9, base::nullopt}, + {"0x34 starting a parameterised list key", "foo; 4a=1", 9, base::nullopt}, + {"0x35 starting a parameterised list key", "foo; 5a=1", 9, base::nullopt}, + {"0x36 starting a parameterised list key", "foo; 6a=1", 9, base::nullopt}, + {"0x37 starting a parameterised list key", "foo; 7a=1", 9, base::nullopt}, + {"0x38 starting a parameterised list key", "foo; 8a=1", 9, base::nullopt}, + {"0x39 starting a parameterised list key", "foo; 9a=1", 9, base::nullopt}, + {"0x3a starting a parameterised list key", "foo; :a=1", 9, base::nullopt}, + {"0x3b starting a parameterised list key", "foo; ;a=1", 9, base::nullopt}, + {"0x3c starting a parameterised list key", "foo; <a=1", 9, base::nullopt}, + {"0x3d starting a parameterised list key", "foo; =a=1", 9, base::nullopt}, + {"0x3e starting a parameterised list key", "foo; >a=1", 9, base::nullopt}, + {"0x3f starting a parameterised list key", "foo; ?a=1", 9, base::nullopt}, + {"0x40 starting a parameterised list key", "foo; @a=1", 9, base::nullopt}, + {"0x41 starting a parameterised list key", "foo; Aa=1", 9, base::nullopt}, + {"0x42 starting a parameterised list key", "foo; Ba=1", 9, base::nullopt}, + {"0x43 starting a parameterised list key", "foo; Ca=1", 9, base::nullopt}, + {"0x44 starting a parameterised list key", "foo; Da=1", 9, base::nullopt}, + {"0x45 starting a parameterised list key", "foo; Ea=1", 9, base::nullopt}, + {"0x46 starting a parameterised list key", "foo; Fa=1", 9, base::nullopt}, + {"0x47 starting a parameterised list key", "foo; Ga=1", 9, base::nullopt}, + {"0x48 starting a parameterised list key", "foo; Ha=1", 9, base::nullopt}, + {"0x49 starting a parameterised list key", "foo; Ia=1", 9, base::nullopt}, + {"0x4a starting a parameterised list key", "foo; Ja=1", 9, base::nullopt}, + {"0x4b starting a parameterised list key", "foo; Ka=1", 9, base::nullopt}, + {"0x4c starting a parameterised list key", "foo; La=1", 9, base::nullopt}, + {"0x4d starting a parameterised list key", "foo; Ma=1", 9, base::nullopt}, + {"0x4e starting a parameterised list key", "foo; Na=1", 9, base::nullopt}, + {"0x4f starting a parameterised list key", "foo; Oa=1", 9, base::nullopt}, + {"0x50 starting a parameterised list key", "foo; Pa=1", 9, base::nullopt}, + {"0x51 starting a parameterised list key", "foo; Qa=1", 9, base::nullopt}, + {"0x52 starting a parameterised list key", "foo; Ra=1", 9, base::nullopt}, + {"0x53 starting a parameterised list key", "foo; Sa=1", 9, base::nullopt}, + {"0x54 starting a parameterised list key", "foo; Ta=1", 9, base::nullopt}, + {"0x55 starting a parameterised list key", "foo; Ua=1", 9, base::nullopt}, + {"0x56 starting a parameterised list key", "foo; Va=1", 9, base::nullopt}, + {"0x57 starting a parameterised list key", "foo; Wa=1", 9, base::nullopt}, + {"0x58 starting a parameterised list key", "foo; Xa=1", 9, base::nullopt}, + {"0x59 starting a parameterised list key", "foo; Ya=1", 9, base::nullopt}, + {"0x5a starting a parameterised list key", "foo; Za=1", 9, base::nullopt}, + {"0x5b starting a parameterised list key", "foo; [a=1", 9, base::nullopt}, + {"0x5c starting a parameterised list key", "foo; \\a=1", 9, base::nullopt}, + {"0x5d starting a parameterised list key", "foo; ]a=1", 9, base::nullopt}, + {"0x5e starting a parameterised list key", "foo; ^a=1", 9, base::nullopt}, + {"0x5f starting a parameterised list key", "foo; _a=1", 9, base::nullopt}, + {"0x60 starting a parameterised list key", "foo; `a=1", 9, base::nullopt}, + {"0x61 starting a parameterised list key", + "foo; aa=1", + 9, + {{{Item("foo", Item::kTokenType), {Param("aa", 1)}}}}, + "foo;aa=1"}, + {"0x62 starting a parameterised list key", + "foo; ba=1", + 9, + {{{Item("foo", Item::kTokenType), {Param("ba", 1)}}}}, + "foo;ba=1"}, + {"0x63 starting a parameterised list key", + "foo; ca=1", + 9, + {{{Item("foo", Item::kTokenType), {Param("ca", 1)}}}}, + "foo;ca=1"}, + {"0x64 starting a parameterised list key", + "foo; da=1", + 9, + {{{Item("foo", Item::kTokenType), {Param("da", 1)}}}}, + "foo;da=1"}, + {"0x65 starting a parameterised list key", + "foo; ea=1", + 9, + {{{Item("foo", Item::kTokenType), {Param("ea", 1)}}}}, + "foo;ea=1"}, + {"0x66 starting a parameterised list key", + "foo; fa=1", + 9, + {{{Item("foo", Item::kTokenType), {Param("fa", 1)}}}}, + "foo;fa=1"}, + {"0x67 starting a parameterised list key", + "foo; ga=1", + 9, + {{{Item("foo", Item::kTokenType), {Param("ga", 1)}}}}, + "foo;ga=1"}, + {"0x68 starting a parameterised list key", + "foo; ha=1", + 9, + {{{Item("foo", Item::kTokenType), {Param("ha", 1)}}}}, + "foo;ha=1"}, + {"0x69 starting a parameterised list key", + "foo; ia=1", + 9, + {{{Item("foo", Item::kTokenType), {Param("ia", 1)}}}}, + "foo;ia=1"}, + {"0x6a starting a parameterised list key", + "foo; ja=1", + 9, + {{{Item("foo", Item::kTokenType), {Param("ja", 1)}}}}, + "foo;ja=1"}, + {"0x6b starting a parameterised list key", + "foo; ka=1", + 9, + {{{Item("foo", Item::kTokenType), {Param("ka", 1)}}}}, + "foo;ka=1"}, + {"0x6c starting a parameterised list key", + "foo; la=1", + 9, + {{{Item("foo", Item::kTokenType), {Param("la", 1)}}}}, + "foo;la=1"}, + {"0x6d starting a parameterised list key", + "foo; ma=1", + 9, + {{{Item("foo", Item::kTokenType), {Param("ma", 1)}}}}, + "foo;ma=1"}, + {"0x6e starting a parameterised list key", + "foo; na=1", + 9, + {{{Item("foo", Item::kTokenType), {Param("na", 1)}}}}, + "foo;na=1"}, + {"0x6f starting a parameterised list key", + "foo; oa=1", + 9, + {{{Item("foo", Item::kTokenType), {Param("oa", 1)}}}}, + "foo;oa=1"}, + {"0x70 starting a parameterised list key", + "foo; pa=1", + 9, + {{{Item("foo", Item::kTokenType), {Param("pa", 1)}}}}, + "foo;pa=1"}, + {"0x71 starting a parameterised list key", + "foo; qa=1", + 9, + {{{Item("foo", Item::kTokenType), {Param("qa", 1)}}}}, + "foo;qa=1"}, + {"0x72 starting a parameterised list key", + "foo; ra=1", + 9, + {{{Item("foo", Item::kTokenType), {Param("ra", 1)}}}}, + "foo;ra=1"}, + {"0x73 starting a parameterised list key", + "foo; sa=1", + 9, + {{{Item("foo", Item::kTokenType), {Param("sa", 1)}}}}, + "foo;sa=1"}, + {"0x74 starting a parameterised list key", + "foo; ta=1", + 9, + {{{Item("foo", Item::kTokenType), {Param("ta", 1)}}}}, + "foo;ta=1"}, + {"0x75 starting a parameterised list key", + "foo; ua=1", + 9, + {{{Item("foo", Item::kTokenType), {Param("ua", 1)}}}}, + "foo;ua=1"}, + {"0x76 starting a parameterised list key", + "foo; va=1", + 9, + {{{Item("foo", Item::kTokenType), {Param("va", 1)}}}}, + "foo;va=1"}, + {"0x77 starting a parameterised list key", + "foo; wa=1", + 9, + {{{Item("foo", Item::kTokenType), {Param("wa", 1)}}}}, + "foo;wa=1"}, + {"0x78 starting a parameterised list key", + "foo; xa=1", + 9, + {{{Item("foo", Item::kTokenType), {Param("xa", 1)}}}}, + "foo;xa=1"}, + {"0x79 starting a parameterised list key", + "foo; ya=1", + 9, + {{{Item("foo", Item::kTokenType), {Param("ya", 1)}}}}, + "foo;ya=1"}, + {"0x7a starting a parameterised list key", + "foo; za=1", + 9, + {{{Item("foo", Item::kTokenType), {Param("za", 1)}}}}, + "foo;za=1"}, + {"0x7b starting a parameterised list key", "foo; {a=1", 9, base::nullopt}, + {"0x7c starting a parameterised list key", "foo; |a=1", 9, base::nullopt}, + {"0x7d starting a parameterised list key", "foo; }a=1", 9, base::nullopt}, + {"0x7e starting a parameterised list key", "foo; ~a=1", 9, base::nullopt}, + {"0x7f starting a parameterised list key", "foo; \177a=1", 9, + base::nullopt}, + // list.json + {"basic list", "1, 42", 5, {{{Integer(1), {}}, {Integer(42), {}}}}}, + {"empty list", "", 0, {List()}}, + {"leading SP list", + " 42, 43", + 8, + {{{Integer(42), {}}, {Integer(43), {}}}}, + "42, 43"}, + {"single item list", "42", 2, {{{Integer(42), {}}}}}, + {"no whitespace list", + "1,42", + 4, + {{{Integer(1), {}}, {Integer(42), {}}}}, + "1, 42"}, + {"extra whitespace list", + "1 , 42", + 6, + {{{Integer(1), {}}, {Integer(42), {}}}}, + "1, 42"}, + {"tab separated list", "1\t,\t42", 6, base::nullopt}, + {"two line list", + "1, 42", + 5, + {{{Integer(1), {}}, {Integer(42), {}}}}, + "1, 42"}, + {"trailing comma list", "1, 42,", 6, base::nullopt}, + {"empty item list", "1,,42", 5, base::nullopt}, + // listlist.json + {"basic list of lists", + "(1 2), (42 43)", + 14, + {{{{{Integer(1), {}}, {Integer(2), {}}}, {}}, + {{{Integer(42), {}}, {Integer(43), {}}}, {}}}}}, + {"single item list of lists", "(42)", 4, {{{{{Integer(42), {}}}, {}}}}}, + {"empty item list of lists", + "()", + 2, + {{{std::vector<ParameterizedItem>(), {}}}}}, + {"empty middle item list of lists", + "(1),(),(42)", + 11, + {{{{{Integer(1), {}}}, {}}, + {std::vector<ParameterizedItem>(), {}}, + {{{Integer(42), {}}}, {}}}}, + "(1), (), (42)"}, + {"extra whitespace list of lists", + "( 1 42 )", + 11, + {{{{{Integer(1), {}}, {Integer(42), {}}}, {}}}}, + "(1 42)"}, + {"wrong whitespace list of lists", "(1\t 42)", 7, base::nullopt}, + {"no trailing parenthesis list of lists", "(1 42", 5, base::nullopt}, + {"no trailing parenthesis middle list of lists", "(1 2, (42 43)", 13, + base::nullopt}, + {"no spaces in inner-list", "(abc\"def\"?0123*dXZ3*xyz)", 24, + base::nullopt}, + // param-list.json + {"basic parameterised list", + "abc_123;a=1;b=2; cdef_456, ghi;q=9;r=\"+w\"", + 41, + {{{Item("abc_123", Item::kTokenType), + {Param("a", 1), Param("b", 2), BooleanParam("cdef_456", true)}}, + {Item("ghi", Item::kTokenType), {Param("q", 9), Param("r", "+w")}}}}, + "abc_123;a=1;b=2;cdef_456, ghi;q=9;r=\"+w\""}, + {"single item parameterised list", + "text/html;q=1.0", + 15, + {{{Item("text/html", Item::kTokenType), {DoubleParam("q", 1.000000)}}}}}, + {"missing parameter value parameterised list", + "text/html;a;q=1.0", + 17, + {{{Item("text/html", Item::kTokenType), + {BooleanParam("a", true), DoubleParam("q", 1.000000)}}}}}, + {"missing terminal parameter value parameterised list", + "text/html;q=1.0;a", + 17, + {{{Item("text/html", Item::kTokenType), + {DoubleParam("q", 1.000000), BooleanParam("a", true)}}}}}, + {"no whitespace parameterised list", + "text/html,text/plain;q=0.5", + 26, + {{{Item("text/html", Item::kTokenType), {}}, + {Item("text/plain", Item::kTokenType), {DoubleParam("q", 0.500000)}}}}, + "text/html, text/plain;q=0.5"}, + {"whitespace before = parameterised list", "text/html, text/plain;q =0.5", + 28, base::nullopt}, + {"whitespace after = parameterised list", "text/html, text/plain;q= 0.5", + 28, base::nullopt}, + {"whitespace before ; parameterised list", "text/html, text/plain ;q=0.5", + 28, base::nullopt}, + {"whitespace after ; parameterised list", + "text/html, text/plain; q=0.5", + 28, + {{{Item("text/html", Item::kTokenType), {}}, + {Item("text/plain", Item::kTokenType), {DoubleParam("q", 0.500000)}}}}, + "text/html, text/plain;q=0.5"}, + {"extra whitespace parameterised list", + "text/html , text/plain; q=0.5; charset=utf-8", + 48, + {{{Item("text/html", Item::kTokenType), {}}, + {Item("text/plain", Item::kTokenType), + {DoubleParam("q", 0.500000), TokenParam("charset", "utf-8")}}}}, + "text/html, text/plain;q=0.5;charset=utf-8"}, + {"two lines parameterised list", + "text/html, text/plain;q=0.5", + 27, + {{{Item("text/html", Item::kTokenType), {}}, + {Item("text/plain", Item::kTokenType), {DoubleParam("q", 0.500000)}}}}, + "text/html, text/plain;q=0.5"}, + {"trailing comma parameterised list", "text/html,text/plain;q=0.5,", 27, + base::nullopt}, + {"empty item parameterised list", "text/html,,text/plain;q=0.5,", 28, + base::nullopt}, + // token.json + {"basic token - list", + "a_b-c3/*", + 8, + {{{Item("a_b-c3/*", Item::kTokenType), {}}}}}, + {"token with capitals - list", + "fooBar", + 6, + {{{Item("fooBar", Item::kTokenType), {}}}}}, + {"token starting with capitals - list", + "FooBar", + 6, + {{{Item("FooBar", Item::kTokenType), {}}}}}, +}; + +const struct DictionaryTestCase { + const char* name; + const char* raw; + size_t raw_len; + const base::Optional<Dictionary> + expected; // nullopt if parse error is expected. + const char* canonical; // nullptr if parse error is expected, or if canonical + // format is identical to raw. +} dictionary_test_cases[] = { + + // dictionary.json + {"basic dictionary", + "en=\"Applepie\", da=:w4ZibGV0w6ZydGUK:", + 36, + {Dictionary{{{"en", {Item("Applepie"), {}}}, + {"da", + {Item("\303\206blet\303\246rte\n", Item::kByteSequenceType), + {}}}}}}}, + {"empty dictionary", "", 0, {Dictionary{{}}}}, + {"single item dictionary", + "a=1", + 3, + {Dictionary{{{"a", {Integer(1), {}}}}}}}, + {"list item dictionary", + "a=(1 2)", + 7, + {Dictionary{{{"a", {{{Integer(1), {}}, {Integer(2), {}}}, {}}}}}}}, + {"single list item dictionary", + "a=(1)", + 5, + {Dictionary{{{"a", {{{Integer(1), {}}}, {}}}}}}}, + {"empty list item dictionary", + "a=()", + 4, + {Dictionary{{{"a", {std::vector<ParameterizedItem>(), {}}}}}}}, + {"no whitespace dictionary", + "a=1,b=2", + 7, + {Dictionary{{{"a", {Integer(1), {}}}, {"b", {Integer(2), {}}}}}}, + "a=1, b=2"}, + {"extra whitespace dictionary", + "a=1 , b=2", + 10, + {Dictionary{{{"a", {Integer(1), {}}}, {"b", {Integer(2), {}}}}}}, + "a=1, b=2"}, + {"leading whitespace dictionary", + " a=1 , b=2", + 15, + {Dictionary{{{"a", {Integer(1), {}}}, {"b", {Integer(2), {}}}}}}, + "a=1, b=2"}, + {"whitespace before = dictionary", "a =1, b=2", 9, base::nullopt}, + {"whitespace after = dictionary", "a=1, b= 2", 9, base::nullopt}, + {"two lines dictionary", + "a=1, b=2", + 8, + {Dictionary{{{"a", {Integer(1), {}}}, {"b", {Integer(2), {}}}}}}, + "a=1, b=2"}, + {"missing value dictionary", + "a=1, b, c=3", + 11, + {Dictionary{{{"a", {Integer(1), {}}}, + {"b", {Item(true), {}}}, + {"c", {Integer(3), {}}}}}}}, + {"all missing value dictionary", + "a, b, c", + 7, + {Dictionary{{{"a", {Item(true), {}}}, + {"b", {Item(true), {}}}, + {"c", {Item(true), {}}}}}}}, + {"start missing value dictionary", + "a, b=2", + 6, + {Dictionary{{{"a", {Item(true), {}}}, {"b", {Integer(2), {}}}}}}}, + {"end missing value dictionary", + "a=1, b", + 6, + {Dictionary{{{"a", {Integer(1), {}}}, {"b", {Item(true), {}}}}}}}, + {"missing value with params dictionary", + "a=1, b;foo=9, c=3", + 17, + {Dictionary{{{"a", {Integer(1), {}}}, + {"b", {Item(true), {Param("foo", 9)}}}, + {"c", {Integer(3), {}}}}}}}, + {"explicit true value with params dictionary", + "a=1, b=?1;foo=9, c=3", + 20, + {Dictionary{{{"a", {Integer(1), {}}}, + {"b", {Item(true), {Param("foo", 9)}}}, + {"c", {Integer(3), {}}}}}}, + "a=1, b;foo=9, c=3"}, + {"trailing comma dictionary", "a=1, b=2,", 9, base::nullopt}, + {"empty item dictionary", "a=1,,b=2,", 9, base::nullopt}, + {"duplicate key dictionary", + "a=1,b=2,a=3", + 11, + {Dictionary{{{"a", {Integer(3), {}}}, {"b", {Integer(2), {}}}}}}, + "a=3, b=2"}, + {"numeric key dictionary", "a=1,1b=2,a=1", 12, base::nullopt}, + {"uppercase key dictionary", "a=1,B=2,a=1", 11, base::nullopt}, + {"bad key dictionary", "a=1,b!=2,a=1", 12, base::nullopt}, + // examples.json + {"Example-DictHeader", + "en=\"Applepie\", da=:w4ZibGV0w6ZydGU=:", + 36, + {Dictionary{ + {{"en", {Item("Applepie"), {}}}, + {"da", + {Item("\303\206blet\303\246rte", Item::kByteSequenceType), {}}}}}}}, + {"Example-DictHeader", + "a=?0, b, c; foo=bar", + 19, + {Dictionary{{{"a", {Item(false), {}}}, + {"b", {Item(true), {}}}, + {"c", {Item(true), {TokenParam("foo", "bar")}}}}}}, + "a=?0, b, c;foo=bar"}, + {"Example-DictListHeader", + "rating=1.5, feelings=(joy sadness)", + 34, + {Dictionary{{{"rating", {Item(1.500000), {}}}, + {"feelings", + {{{Item("joy", Item::kTokenType), {}}, + {Item("sadness", Item::kTokenType), {}}}, + {}}}}}}}, + {"Example-MixDict", + "a=(1 2), b=3, c=4;aa=bb, d=(5 6);valid", + 38, + {Dictionary{{{"a", {{{Integer(1), {}}, {Integer(2), {}}}, {}}}, + {"b", {Integer(3), {}}}, + {"c", {Integer(4), {TokenParam("aa", "bb")}}}, + {"d", + {{{Integer(5), {}}, {Integer(6), {}}}, + {BooleanParam("valid", true)}}}}}}, + "a=(1 2), b=3, c=4;aa=bb, d=(5 6);valid"}, + {"Example-Hdr (dictionary on one line)", + "foo=1, bar=2", + 12, + {Dictionary{{{"foo", {Integer(1), {}}}, {"bar", {Integer(2), {}}}}}}}, + {"Example-Hdr (dictionary on two lines)", + "foo=1, bar=2", + 12, + {Dictionary{{{"foo", {Integer(1), {}}}, {"bar", {Integer(2), {}}}}}}, + "foo=1, bar=2"}, + // key-generated.json + {"0x00 in dictionary key", "a\000a=1", 5, base::nullopt}, + {"0x01 in dictionary key", "a\001a=1", 5, base::nullopt}, + {"0x02 in dictionary key", "a\002a=1", 5, base::nullopt}, + {"0x03 in dictionary key", "a\003a=1", 5, base::nullopt}, + {"0x04 in dictionary key", "a\004a=1", 5, base::nullopt}, + {"0x05 in dictionary key", "a\005a=1", 5, base::nullopt}, + {"0x06 in dictionary key", "a\006a=1", 5, base::nullopt}, + {"0x07 in dictionary key", "a\aa=1", 5, base::nullopt}, + {"0x08 in dictionary key", "a\ba=1", 5, base::nullopt}, + {"0x09 in dictionary key", "a\ta=1", 5, base::nullopt}, + {"0x0a in dictionary key", "a\na=1", 5, base::nullopt}, + {"0x0b in dictionary key", "a\va=1", 5, base::nullopt}, + {"0x0c in dictionary key", "a\fa=1", 5, base::nullopt}, + {"0x0d in dictionary key", "a\ra=1", 5, base::nullopt}, + {"0x0e in dictionary key", "a\016a=1", 5, base::nullopt}, + {"0x0f in dictionary key", "a\017a=1", 5, base::nullopt}, + {"0x10 in dictionary key", "a\020a=1", 5, base::nullopt}, + {"0x11 in dictionary key", "a\021a=1", 5, base::nullopt}, + {"0x12 in dictionary key", "a\022a=1", 5, base::nullopt}, + {"0x13 in dictionary key", "a\023a=1", 5, base::nullopt}, + {"0x14 in dictionary key", "a\024a=1", 5, base::nullopt}, + {"0x15 in dictionary key", "a\025a=1", 5, base::nullopt}, + {"0x16 in dictionary key", "a\026a=1", 5, base::nullopt}, + {"0x17 in dictionary key", "a\027a=1", 5, base::nullopt}, + {"0x18 in dictionary key", "a\030a=1", 5, base::nullopt}, + {"0x19 in dictionary key", "a\031a=1", 5, base::nullopt}, + {"0x1a in dictionary key", "a\032a=1", 5, base::nullopt}, + {"0x1b in dictionary key", "a\033a=1", 5, base::nullopt}, + {"0x1c in dictionary key", "a\034a=1", 5, base::nullopt}, + {"0x1d in dictionary key", "a\035a=1", 5, base::nullopt}, + {"0x1e in dictionary key", "a\036a=1", 5, base::nullopt}, + {"0x1f in dictionary key", "a\037a=1", 5, base::nullopt}, + {"0x20 in dictionary key", "a a=1", 5, base::nullopt}, + {"0x21 in dictionary key", "a!a=1", 5, base::nullopt}, + {"0x22 in dictionary key", "a\"a=1", 5, base::nullopt}, + {"0x23 in dictionary key", "a#a=1", 5, base::nullopt}, + {"0x24 in dictionary key", "a$a=1", 5, base::nullopt}, + {"0x25 in dictionary key", "a%a=1", 5, base::nullopt}, + {"0x26 in dictionary key", "a&a=1", 5, base::nullopt}, + {"0x27 in dictionary key", "a'a=1", 5, base::nullopt}, + {"0x28 in dictionary key", "a(a=1", 5, base::nullopt}, + {"0x29 in dictionary key", "a)a=1", 5, base::nullopt}, + {"0x2a in dictionary key", + "a*a=1", + 5, + {Dictionary{{{"a*a", {Integer(1), {}}}}}}}, + {"0x2b in dictionary key", "a+a=1", 5, base::nullopt}, + {"0x2c in dictionary key", + "a,a=1", + 5, + {Dictionary{{{"a", {Integer(1), {}}}}}}, + "a=1"}, + {"0x2d in dictionary key", + "a-a=1", + 5, + {Dictionary{{{"a-a", {Integer(1), {}}}}}}}, + {"0x2e in dictionary key", + "a.a=1", + 5, + {Dictionary{{{"a.a", {Integer(1), {}}}}}}}, + {"0x2f in dictionary key", "a/a=1", 5, base::nullopt}, + {"0x30 in dictionary key", + "a0a=1", + 5, + {Dictionary{{{"a0a", {Integer(1), {}}}}}}}, + {"0x31 in dictionary key", + "a1a=1", + 5, + {Dictionary{{{"a1a", {Integer(1), {}}}}}}}, + {"0x32 in dictionary key", + "a2a=1", + 5, + {Dictionary{{{"a2a", {Integer(1), {}}}}}}}, + {"0x33 in dictionary key", + "a3a=1", + 5, + {Dictionary{{{"a3a", {Integer(1), {}}}}}}}, + {"0x34 in dictionary key", + "a4a=1", + 5, + {Dictionary{{{"a4a", {Integer(1), {}}}}}}}, + {"0x35 in dictionary key", + "a5a=1", + 5, + {Dictionary{{{"a5a", {Integer(1), {}}}}}}}, + {"0x36 in dictionary key", + "a6a=1", + 5, + {Dictionary{{{"a6a", {Integer(1), {}}}}}}}, + {"0x37 in dictionary key", + "a7a=1", + 5, + {Dictionary{{{"a7a", {Integer(1), {}}}}}}}, + {"0x38 in dictionary key", + "a8a=1", + 5, + {Dictionary{{{"a8a", {Integer(1), {}}}}}}}, + {"0x39 in dictionary key", + "a9a=1", + 5, + {Dictionary{{{"a9a", {Integer(1), {}}}}}}}, + {"0x3a in dictionary key", "a:a=1", 5, base::nullopt}, + {"0x3b in dictionary key", + "a;a=1", + 5, + {Dictionary{{{"a", {Item(true), {Param("a", 1)}}}}}}}, + {"0x3c in dictionary key", "a<a=1", 5, base::nullopt}, + {"0x3d in dictionary key", "a=a=1", 5, base::nullopt}, + {"0x3e in dictionary key", "a>a=1", 5, base::nullopt}, + {"0x3f in dictionary key", "a?a=1", 5, base::nullopt}, + {"0x40 in dictionary key", "a@a=1", 5, base::nullopt}, + {"0x41 in dictionary key", "aAa=1", 5, base::nullopt}, + {"0x42 in dictionary key", "aBa=1", 5, base::nullopt}, + {"0x43 in dictionary key", "aCa=1", 5, base::nullopt}, + {"0x44 in dictionary key", "aDa=1", 5, base::nullopt}, + {"0x45 in dictionary key", "aEa=1", 5, base::nullopt}, + {"0x46 in dictionary key", "aFa=1", 5, base::nullopt}, + {"0x47 in dictionary key", "aGa=1", 5, base::nullopt}, + {"0x48 in dictionary key", "aHa=1", 5, base::nullopt}, + {"0x49 in dictionary key", "aIa=1", 5, base::nullopt}, + {"0x4a in dictionary key", "aJa=1", 5, base::nullopt}, + {"0x4b in dictionary key", "aKa=1", 5, base::nullopt}, + {"0x4c in dictionary key", "aLa=1", 5, base::nullopt}, + {"0x4d in dictionary key", "aMa=1", 5, base::nullopt}, + {"0x4e in dictionary key", "aNa=1", 5, base::nullopt}, + {"0x4f in dictionary key", "aOa=1", 5, base::nullopt}, + {"0x50 in dictionary key", "aPa=1", 5, base::nullopt}, + {"0x51 in dictionary key", "aQa=1", 5, base::nullopt}, + {"0x52 in dictionary key", "aRa=1", 5, base::nullopt}, + {"0x53 in dictionary key", "aSa=1", 5, base::nullopt}, + {"0x54 in dictionary key", "aTa=1", 5, base::nullopt}, + {"0x55 in dictionary key", "aUa=1", 5, base::nullopt}, + {"0x56 in dictionary key", "aVa=1", 5, base::nullopt}, + {"0x57 in dictionary key", "aWa=1", 5, base::nullopt}, + {"0x58 in dictionary key", "aXa=1", 5, base::nullopt}, + {"0x59 in dictionary key", "aYa=1", 5, base::nullopt}, + {"0x5a in dictionary key", "aZa=1", 5, base::nullopt}, + {"0x5b in dictionary key", "a[a=1", 5, base::nullopt}, + {"0x5c in dictionary key", "a\\a=1", 5, base::nullopt}, + {"0x5d in dictionary key", "a]a=1", 5, base::nullopt}, + {"0x5e in dictionary key", "a^a=1", 5, base::nullopt}, + {"0x5f in dictionary key", + "a_a=1", + 5, + {Dictionary{{{"a_a", {Integer(1), {}}}}}}}, + {"0x60 in dictionary key", "a`a=1", 5, base::nullopt}, + {"0x61 in dictionary key", + "aaa=1", + 5, + {Dictionary{{{"aaa", {Integer(1), {}}}}}}}, + {"0x62 in dictionary key", + "aba=1", + 5, + {Dictionary{{{"aba", {Integer(1), {}}}}}}}, + {"0x63 in dictionary key", + "aca=1", + 5, + {Dictionary{{{"aca", {Integer(1), {}}}}}}}, + {"0x64 in dictionary key", + "ada=1", + 5, + {Dictionary{{{"ada", {Integer(1), {}}}}}}}, + {"0x65 in dictionary key", + "aea=1", + 5, + {Dictionary{{{"aea", {Integer(1), {}}}}}}}, + {"0x66 in dictionary key", + "afa=1", + 5, + {Dictionary{{{"afa", {Integer(1), {}}}}}}}, + {"0x67 in dictionary key", + "aga=1", + 5, + {Dictionary{{{"aga", {Integer(1), {}}}}}}}, + {"0x68 in dictionary key", + "aha=1", + 5, + {Dictionary{{{"aha", {Integer(1), {}}}}}}}, + {"0x69 in dictionary key", + "aia=1", + 5, + {Dictionary{{{"aia", {Integer(1), {}}}}}}}, + {"0x6a in dictionary key", + "aja=1", + 5, + {Dictionary{{{"aja", {Integer(1), {}}}}}}}, + {"0x6b in dictionary key", + "aka=1", + 5, + {Dictionary{{{"aka", {Integer(1), {}}}}}}}, + {"0x6c in dictionary key", + "ala=1", + 5, + {Dictionary{{{"ala", {Integer(1), {}}}}}}}, + {"0x6d in dictionary key", + "ama=1", + 5, + {Dictionary{{{"ama", {Integer(1), {}}}}}}}, + {"0x6e in dictionary key", + "ana=1", + 5, + {Dictionary{{{"ana", {Integer(1), {}}}}}}}, + {"0x6f in dictionary key", + "aoa=1", + 5, + {Dictionary{{{"aoa", {Integer(1), {}}}}}}}, + {"0x70 in dictionary key", + "apa=1", + 5, + {Dictionary{{{"apa", {Integer(1), {}}}}}}}, + {"0x71 in dictionary key", + "aqa=1", + 5, + {Dictionary{{{"aqa", {Integer(1), {}}}}}}}, + {"0x72 in dictionary key", + "ara=1", + 5, + {Dictionary{{{"ara", {Integer(1), {}}}}}}}, + {"0x73 in dictionary key", + "asa=1", + 5, + {Dictionary{{{"asa", {Integer(1), {}}}}}}}, + {"0x74 in dictionary key", + "ata=1", + 5, + {Dictionary{{{"ata", {Integer(1), {}}}}}}}, + {"0x75 in dictionary key", + "aua=1", + 5, + {Dictionary{{{"aua", {Integer(1), {}}}}}}}, + {"0x76 in dictionary key", + "ava=1", + 5, + {Dictionary{{{"ava", {Integer(1), {}}}}}}}, + {"0x77 in dictionary key", + "awa=1", + 5, + {Dictionary{{{"awa", {Integer(1), {}}}}}}}, + {"0x78 in dictionary key", + "axa=1", + 5, + {Dictionary{{{"axa", {Integer(1), {}}}}}}}, + {"0x79 in dictionary key", + "aya=1", + 5, + {Dictionary{{{"aya", {Integer(1), {}}}}}}}, + {"0x7a in dictionary key", + "aza=1", + 5, + {Dictionary{{{"aza", {Integer(1), {}}}}}}}, + {"0x7b in dictionary key", "a{a=1", 5, base::nullopt}, + {"0x7c in dictionary key", "a|a=1", 5, base::nullopt}, + {"0x7d in dictionary key", "a}a=1", 5, base::nullopt}, + {"0x7e in dictionary key", "a~a=1", 5, base::nullopt}, + {"0x7f in dictionary key", "a\177a=1", 5, base::nullopt}, + {"0x00 starting an dictionary key", "\000a=1", 4, base::nullopt}, + {"0x01 starting an dictionary key", "\001a=1", 4, base::nullopt}, + {"0x02 starting an dictionary key", "\002a=1", 4, base::nullopt}, + {"0x03 starting an dictionary key", "\003a=1", 4, base::nullopt}, + {"0x04 starting an dictionary key", "\004a=1", 4, base::nullopt}, + {"0x05 starting an dictionary key", "\005a=1", 4, base::nullopt}, + {"0x06 starting an dictionary key", "\006a=1", 4, base::nullopt}, + {"0x07 starting an dictionary key", "\aa=1", 4, base::nullopt}, + {"0x08 starting an dictionary key", "\ba=1", 4, base::nullopt}, + {"0x09 starting an dictionary key", "\ta=1", 4, base::nullopt}, + {"0x0a starting an dictionary key", "\na=1", 4, base::nullopt}, + {"0x0b starting an dictionary key", "\va=1", 4, base::nullopt}, + {"0x0c starting an dictionary key", "\fa=1", 4, base::nullopt}, + {"0x0d starting an dictionary key", "\ra=1", 4, base::nullopt}, + {"0x0e starting an dictionary key", "\016a=1", 4, base::nullopt}, + {"0x0f starting an dictionary key", "\017a=1", 4, base::nullopt}, + {"0x10 starting an dictionary key", "\020a=1", 4, base::nullopt}, + {"0x11 starting an dictionary key", "\021a=1", 4, base::nullopt}, + {"0x12 starting an dictionary key", "\022a=1", 4, base::nullopt}, + {"0x13 starting an dictionary key", "\023a=1", 4, base::nullopt}, + {"0x14 starting an dictionary key", "\024a=1", 4, base::nullopt}, + {"0x15 starting an dictionary key", "\025a=1", 4, base::nullopt}, + {"0x16 starting an dictionary key", "\026a=1", 4, base::nullopt}, + {"0x17 starting an dictionary key", "\027a=1", 4, base::nullopt}, + {"0x18 starting an dictionary key", "\030a=1", 4, base::nullopt}, + {"0x19 starting an dictionary key", "\031a=1", 4, base::nullopt}, + {"0x1a starting an dictionary key", "\032a=1", 4, base::nullopt}, + {"0x1b starting an dictionary key", "\033a=1", 4, base::nullopt}, + {"0x1c starting an dictionary key", "\034a=1", 4, base::nullopt}, + {"0x1d starting an dictionary key", "\035a=1", 4, base::nullopt}, + {"0x1e starting an dictionary key", "\036a=1", 4, base::nullopt}, + {"0x1f starting an dictionary key", "\037a=1", 4, base::nullopt}, + {"0x20 starting an dictionary key", + " a=1", + 4, + {Dictionary{{{"a", {Integer(1), {}}}}}}, + "a=1"}, + {"0x21 starting an dictionary key", "!a=1", 4, base::nullopt}, + {"0x22 starting an dictionary key", "\"a=1", 4, base::nullopt}, + {"0x23 starting an dictionary key", "#a=1", 4, base::nullopt}, + {"0x24 starting an dictionary key", "$a=1", 4, base::nullopt}, + {"0x25 starting an dictionary key", "%a=1", 4, base::nullopt}, + {"0x26 starting an dictionary key", "&a=1", 4, base::nullopt}, + {"0x27 starting an dictionary key", "'a=1", 4, base::nullopt}, + {"0x28 starting an dictionary key", "(a=1", 4, base::nullopt}, + {"0x29 starting an dictionary key", ")a=1", 4, base::nullopt}, + {"0x2a starting an dictionary key", + "*a=1", + 4, + {Dictionary{{{"*a", {Integer(1), {}}}}}}}, + {"0x2b starting an dictionary key", "+a=1", 4, base::nullopt}, + {"0x2c starting an dictionary key", ",a=1", 4, base::nullopt}, + {"0x2d starting an dictionary key", "-a=1", 4, base::nullopt}, + {"0x2e starting an dictionary key", ".a=1", 4, base::nullopt}, + {"0x2f starting an dictionary key", "/a=1", 4, base::nullopt}, + {"0x30 starting an dictionary key", "0a=1", 4, base::nullopt}, + {"0x31 starting an dictionary key", "1a=1", 4, base::nullopt}, + {"0x32 starting an dictionary key", "2a=1", 4, base::nullopt}, + {"0x33 starting an dictionary key", "3a=1", 4, base::nullopt}, + {"0x34 starting an dictionary key", "4a=1", 4, base::nullopt}, + {"0x35 starting an dictionary key", "5a=1", 4, base::nullopt}, + {"0x36 starting an dictionary key", "6a=1", 4, base::nullopt}, + {"0x37 starting an dictionary key", "7a=1", 4, base::nullopt}, + {"0x38 starting an dictionary key", "8a=1", 4, base::nullopt}, + {"0x39 starting an dictionary key", "9a=1", 4, base::nullopt}, + {"0x3a starting an dictionary key", ":a=1", 4, base::nullopt}, + {"0x3b starting an dictionary key", ";a=1", 4, base::nullopt}, + {"0x3c starting an dictionary key", "<a=1", 4, base::nullopt}, + {"0x3d starting an dictionary key", "=a=1", 4, base::nullopt}, + {"0x3e starting an dictionary key", ">a=1", 4, base::nullopt}, + {"0x3f starting an dictionary key", "?a=1", 4, base::nullopt}, + {"0x40 starting an dictionary key", "@a=1", 4, base::nullopt}, + {"0x41 starting an dictionary key", "Aa=1", 4, base::nullopt}, + {"0x42 starting an dictionary key", "Ba=1", 4, base::nullopt}, + {"0x43 starting an dictionary key", "Ca=1", 4, base::nullopt}, + {"0x44 starting an dictionary key", "Da=1", 4, base::nullopt}, + {"0x45 starting an dictionary key", "Ea=1", 4, base::nullopt}, + {"0x46 starting an dictionary key", "Fa=1", 4, base::nullopt}, + {"0x47 starting an dictionary key", "Ga=1", 4, base::nullopt}, + {"0x48 starting an dictionary key", "Ha=1", 4, base::nullopt}, + {"0x49 starting an dictionary key", "Ia=1", 4, base::nullopt}, + {"0x4a starting an dictionary key", "Ja=1", 4, base::nullopt}, + {"0x4b starting an dictionary key", "Ka=1", 4, base::nullopt}, + {"0x4c starting an dictionary key", "La=1", 4, base::nullopt}, + {"0x4d starting an dictionary key", "Ma=1", 4, base::nullopt}, + {"0x4e starting an dictionary key", "Na=1", 4, base::nullopt}, + {"0x4f starting an dictionary key", "Oa=1", 4, base::nullopt}, + {"0x50 starting an dictionary key", "Pa=1", 4, base::nullopt}, + {"0x51 starting an dictionary key", "Qa=1", 4, base::nullopt}, + {"0x52 starting an dictionary key", "Ra=1", 4, base::nullopt}, + {"0x53 starting an dictionary key", "Sa=1", 4, base::nullopt}, + {"0x54 starting an dictionary key", "Ta=1", 4, base::nullopt}, + {"0x55 starting an dictionary key", "Ua=1", 4, base::nullopt}, + {"0x56 starting an dictionary key", "Va=1", 4, base::nullopt}, + {"0x57 starting an dictionary key", "Wa=1", 4, base::nullopt}, + {"0x58 starting an dictionary key", "Xa=1", 4, base::nullopt}, + {"0x59 starting an dictionary key", "Ya=1", 4, base::nullopt}, + {"0x5a starting an dictionary key", "Za=1", 4, base::nullopt}, + {"0x5b starting an dictionary key", "[a=1", 4, base::nullopt}, + {"0x5c starting an dictionary key", "\\a=1", 4, base::nullopt}, + {"0x5d starting an dictionary key", "]a=1", 4, base::nullopt}, + {"0x5e starting an dictionary key", "^a=1", 4, base::nullopt}, + {"0x5f starting an dictionary key", "_a=1", 4, base::nullopt}, + {"0x60 starting an dictionary key", "`a=1", 4, base::nullopt}, + {"0x61 starting an dictionary key", + "aa=1", + 4, + {Dictionary{{{"aa", {Integer(1), {}}}}}}}, + {"0x62 starting an dictionary key", + "ba=1", + 4, + {Dictionary{{{"ba", {Integer(1), {}}}}}}}, + {"0x63 starting an dictionary key", + "ca=1", + 4, + {Dictionary{{{"ca", {Integer(1), {}}}}}}}, + {"0x64 starting an dictionary key", + "da=1", + 4, + {Dictionary{{{"da", {Integer(1), {}}}}}}}, + {"0x65 starting an dictionary key", + "ea=1", + 4, + {Dictionary{{{"ea", {Integer(1), {}}}}}}}, + {"0x66 starting an dictionary key", + "fa=1", + 4, + {Dictionary{{{"fa", {Integer(1), {}}}}}}}, + {"0x67 starting an dictionary key", + "ga=1", + 4, + {Dictionary{{{"ga", {Integer(1), {}}}}}}}, + {"0x68 starting an dictionary key", + "ha=1", + 4, + {Dictionary{{{"ha", {Integer(1), {}}}}}}}, + {"0x69 starting an dictionary key", + "ia=1", + 4, + {Dictionary{{{"ia", {Integer(1), {}}}}}}}, + {"0x6a starting an dictionary key", + "ja=1", + 4, + {Dictionary{{{"ja", {Integer(1), {}}}}}}}, + {"0x6b starting an dictionary key", + "ka=1", + 4, + {Dictionary{{{"ka", {Integer(1), {}}}}}}}, + {"0x6c starting an dictionary key", + "la=1", + 4, + {Dictionary{{{"la", {Integer(1), {}}}}}}}, + {"0x6d starting an dictionary key", + "ma=1", + 4, + {Dictionary{{{"ma", {Integer(1), {}}}}}}}, + {"0x6e starting an dictionary key", + "na=1", + 4, + {Dictionary{{{"na", {Integer(1), {}}}}}}}, + {"0x6f starting an dictionary key", + "oa=1", + 4, + {Dictionary{{{"oa", {Integer(1), {}}}}}}}, + {"0x70 starting an dictionary key", + "pa=1", + 4, + {Dictionary{{{"pa", {Integer(1), {}}}}}}}, + {"0x71 starting an dictionary key", + "qa=1", + 4, + {Dictionary{{{"qa", {Integer(1), {}}}}}}}, + {"0x72 starting an dictionary key", + "ra=1", + 4, + {Dictionary{{{"ra", {Integer(1), {}}}}}}}, + {"0x73 starting an dictionary key", + "sa=1", + 4, + {Dictionary{{{"sa", {Integer(1), {}}}}}}}, + {"0x74 starting an dictionary key", + "ta=1", + 4, + {Dictionary{{{"ta", {Integer(1), {}}}}}}}, + {"0x75 starting an dictionary key", + "ua=1", + 4, + {Dictionary{{{"ua", {Integer(1), {}}}}}}}, + {"0x76 starting an dictionary key", + "va=1", + 4, + {Dictionary{{{"va", {Integer(1), {}}}}}}}, + {"0x77 starting an dictionary key", + "wa=1", + 4, + {Dictionary{{{"wa", {Integer(1), {}}}}}}}, + {"0x78 starting an dictionary key", + "xa=1", + 4, + {Dictionary{{{"xa", {Integer(1), {}}}}}}}, + {"0x79 starting an dictionary key", + "ya=1", + 4, + {Dictionary{{{"ya", {Integer(1), {}}}}}}}, + {"0x7a starting an dictionary key", + "za=1", + 4, + {Dictionary{{{"za", {Integer(1), {}}}}}}}, + {"0x7b starting an dictionary key", "{a=1", 4, base::nullopt}, + {"0x7c starting an dictionary key", "|a=1", 4, base::nullopt}, + {"0x7d starting an dictionary key", "}a=1", 4, base::nullopt}, + {"0x7e starting an dictionary key", "~a=1", 4, base::nullopt}, + {"0x7f starting an dictionary key", "\177a=1", 4, base::nullopt}, + // param-dict.json + {"basic parameterised dict", + "abc=123;a=1;b=2, def=456, ghi=789;q=9;r=\"+w\"", + 44, + {Dictionary{ + {{"abc", {Integer(123), {Param("a", 1), Param("b", 2)}}}, + {"def", {Integer(456), {}}}, + {"ghi", {Integer(789), {Param("q", 9), Param("r", "+w")}}}}}}}, + {"single item parameterised dict", + "a=b; q=1.0", + 10, + {Dictionary{ + {{"a", {Item("b", Item::kTokenType), {DoubleParam("q", 1.000000)}}}}}}, + "a=b;q=1.0"}, + {"list item parameterised dictionary", + "a=(1 2); q=1.0", + 14, + {Dictionary{{{"a", + {{{Integer(1), {}}, {Integer(2), {}}}, + {DoubleParam("q", 1.000000)}}}}}}, + "a=(1 2);q=1.0"}, + {"missing parameter value parameterised dict", + "a=3;c;d=5", + 9, + {Dictionary{ + {{"a", {Integer(3), {BooleanParam("c", true), Param("d", 5)}}}}}}}, + {"terminal missing parameter value parameterised dict", + "a=3;c=5;d", + 9, + {Dictionary{ + {{"a", {Integer(3), {Param("c", 5), BooleanParam("d", true)}}}}}}}, + {"no whitespace parameterised dict", + "a=b;c=1,d=e;f=2", + 15, + {Dictionary{{{"a", {Item("b", Item::kTokenType), {Param("c", 1)}}}, + {"d", {Item("e", Item::kTokenType), {Param("f", 2)}}}}}}, + "a=b;c=1, d=e;f=2"}, + {"whitespace before = parameterised dict", "a=b;q =0.5", 10, base::nullopt}, + {"whitespace after = parameterised dict", "a=b;q= 0.5", 10, base::nullopt}, + {"whitespace before ; parameterised dict", "a=b ;q=0.5", 10, base::nullopt}, + {"whitespace after ; parameterised dict", + "a=b; q=0.5", + 10, + {Dictionary{ + {{"a", {Item("b", Item::kTokenType), {DoubleParam("q", 0.500000)}}}}}}, + "a=b;q=0.5"}, + {"extra whitespace parameterised dict", + "a=b; c=1 , d=e; f=2; g=3", + 27, + {Dictionary{ + {{"a", {Item("b", Item::kTokenType), {Param("c", 1)}}}, + {"d", + {Item("e", Item::kTokenType), {Param("f", 2), Param("g", 3)}}}}}}, + "a=b;c=1, d=e;f=2;g=3"}, + {"two lines parameterised list", + "a=b;c=1, d=e;f=2", + 16, + {Dictionary{{{"a", {Item("b", Item::kTokenType), {Param("c", 1)}}}, + {"d", {Item("e", Item::kTokenType), {Param("f", 2)}}}}}}, + "a=b;c=1, d=e;f=2"}, + {"trailing comma parameterised list", "a=b; q=1.0,", 11, base::nullopt}, + {"empty item parameterised list", "a=b; q=1.0,,c=d", 15, base::nullopt}, +}; +} // namespace + +TEST(StructuredHeaderGeneratedTest, ParseItem) { + for (const auto& c : parameterized_item_test_cases) { + if (c.raw) { + SCOPED_TRACE(c.name); + std::string raw{c.raw, c.raw_len}; + base::Optional<ParameterizedItem> result = ParseItem(raw); + EXPECT_EQ(result, c.expected); + } + } +} + +TEST(StructuredHeaderGeneratedTest, ParseList) { + for (const auto& c : list_test_cases) { + if (c.raw) { + SCOPED_TRACE(c.name); + std::string raw{c.raw, c.raw_len}; + base::Optional<List> result = ParseList(raw); + EXPECT_EQ(result, c.expected); + } + } +} + +TEST(StructuredHeaderGeneratedTest, ParseDictionary) { + for (const auto& c : dictionary_test_cases) { + if (c.raw) { + SCOPED_TRACE(c.name); + std::string raw{c.raw, c.raw_len}; + base::Optional<Dictionary> result = ParseDictionary(raw); + EXPECT_EQ(result, c.expected); + } + } +} + +TEST(StructuredHeaderGeneratedTest, SerializeItem) { + for (const auto& c : parameterized_item_test_cases) { + SCOPED_TRACE(c.name); + if (c.expected) { + base::Optional<std::string> result = SerializeItem(*c.expected); + if (c.raw || c.canonical) { + EXPECT_TRUE(result.has_value()); + EXPECT_EQ(result.value(), + std::string(c.canonical ? c.canonical : c.raw)); + } else { + EXPECT_FALSE(result.has_value()); + } + } + } +} + +TEST(StructuredHeaderGeneratedTest, SerializeList) { + for (const auto& c : list_test_cases) { + SCOPED_TRACE(c.name); + if (c.expected) { + base::Optional<std::string> result = SerializeList(*c.expected); + if (c.raw || c.canonical) { + EXPECT_TRUE(result.has_value()); + EXPECT_EQ(result.value(), + std::string(c.canonical ? c.canonical : c.raw)); + } else { + EXPECT_FALSE(result.has_value()); + } + } + } +} + +TEST(StructuredHeaderGeneratedTest, SerializeDictionary) { + for (const auto& c : dictionary_test_cases) { + SCOPED_TRACE(c.name); + if (c.expected) { + base::Optional<std::string> result = SerializeDictionary(*c.expected); + if (c.raw || c.canonical) { + EXPECT_TRUE(result.has_value()); + EXPECT_EQ(result.value(), + std::string(c.canonical ? c.canonical : c.raw)); + } else { + EXPECT_FALSE(result.has_value()); + } + } + } +} + +} // namespace structured_headers +} // namespace net diff --git a/chromium/net/http/structured_headers_unittest.cc b/chromium/net/http/structured_headers_unittest.cc index b49eaf975bf..ea97a577fad 100644 --- a/chromium/net/http/structured_headers_unittest.cc +++ b/chromium/net/http/structured_headers_unittest.cc @@ -55,8 +55,9 @@ std::pair<std::string, Item> TokenParam(std::string key, std::string value) { return std::make_pair(key, Token(value)); } -// Most test cases are taken from -// https://github.com/httpwg/structured-header-tests. +// Test cases taken from https://github.com/httpwg/structured-header-tests can +// be found in structured_headers_generated_unittest.cc + const struct ItemTestCase { const char* name; const char* raw; @@ -65,350 +66,19 @@ const struct ItemTestCase { // format is identical to raw. } item_test_cases[] = { // Token - {"basic token - item", "a_b-c.d3:f%00/*", Token("a_b-c.d3:f%00/*")}, - {"token with capitals - item", "fooBar", Token("fooBar")}, - {"token starting with capitals - item", "FooBar", Token("FooBar")}, {"bad token - item", "abc$@%!", base::nullopt}, {"leading whitespace", " foo", Token("foo"), "foo"}, {"trailing whitespace", "foo ", Token("foo"), "foo"}, {"leading asterisk", "*foo", Token("*foo")}, // Number - {"basic integer", "42", Integer(42L)}, - {"zero integer", "0", Integer(0L)}, - {"leading 0 zero", "00", Integer(0L), "0"}, - {"negative zero", "-0", Integer(0L), "0"}, - {"double negative zero", "--0", base::nullopt}, - {"negative integer", "-42", Integer(-42L)}, - {"leading zero integer", "042", Integer(42L), "42"}, - {"leading zero negative integer", "-042", Integer(-42L), "-42"}, - {"comma", "2,3", base::nullopt}, - {"negative non-DIGIT first character", "-a23", base::nullopt}, - {"sign out of place", "4-2", base::nullopt}, - {"whitespace after sign", "- 42", base::nullopt}, {"long integer", "999999999999999", Integer(999999999999999L)}, {"long negative integer", "-999999999999999", Integer(-999999999999999L)}, {"too long integer", "1000000000000000", base::nullopt}, {"negative too long integer", "-1000000000000000", base::nullopt}, - {"simple decimal", "1.23", Item(1.23)}, - {"negative decimal", "-1.23", Item(-1.23)}, {"integral decimal", "1.0", Item(1.0)}, - {"decimal, whitespace after decimal", "1. 23", base::nullopt}, - {"decimal, whitespace before decimal", "1 .23", base::nullopt}, - {"negative decimal, whitespace after sign", "- 1.23", base::nullopt}, - {"double decimal decimal", "1.5.4", base::nullopt}, - {"adjacent double decimal decimal", "1..4", base::nullopt}, - {"decimal with three fractional digits", "1.123", Item(1.123)}, - {"negative decimal with three fractional digits", "-1.123", Item(-1.123)}, - {"decimal with four fractional digits", "1.1234", base::nullopt}, - {"negative decimal with four fractional digits", "-1.1234", base::nullopt}, - {"decimal with thirteen integer digits", "1234567890123.0", base::nullopt}, - {"negative decimal with thirteen integer digits", "-1234567890123.0", - base::nullopt}, - // Generated number tests - {"1 digits of zero", "0", Integer(0), "0"}, - {"1 digit small integer", "1", Integer(1)}, - {"1 digit large integer", "9", Integer(9)}, - {"2 digits of zero", "00", Integer(0), "0"}, - {"2 digit small integer", "11", Integer(11)}, - {"2 digit large integer", "99", Integer(99)}, - {"3 digits of zero", "000", Integer(0), "0"}, - {"3 digit small integer", "111", Integer(111)}, - {"3 digit large integer", "999", Integer(999)}, - {"4 digits of zero", "0000", Integer(0), "0"}, - {"4 digit small integer", "1111", Integer(1111)}, - {"4 digit large integer", "9999", Integer(9999)}, - {"5 digits of zero", "00000", Integer(0), "0"}, - {"5 digit small integer", "11111", Integer(11111)}, - {"5 digit large integer", "99999", Integer(99999)}, - {"6 digits of zero", "000000", Integer(0), "0"}, - {"6 digit small integer", "111111", Integer(111111)}, - {"6 digit large integer", "999999", Integer(999999)}, - {"7 digits of zero", "0000000", Integer(0), "0"}, - {"7 digit small integer", "1111111", Integer(1111111)}, - {"7 digit large integer", "9999999", Integer(9999999)}, - {"8 digits of zero", "00000000", Integer(0), "0"}, - {"8 digit small integer", "11111111", Integer(11111111)}, - {"8 digit large integer", "99999999", Integer(99999999)}, - {"9 digits of zero", "000000000", Integer(0), "0"}, - {"9 digit small integer", "111111111", Integer(111111111)}, - {"9 digit large integer", "999999999", Integer(999999999)}, - {"10 digits of zero", "0000000000", Integer(0), "0"}, - {"10 digit small integer", "1111111111", Integer(1111111111)}, - {"10 digit large integer", "9999999999", Integer(9999999999)}, - {"11 digits of zero", "00000000000", Integer(0), "0"}, - {"11 digit small integer", "11111111111", Integer(11111111111)}, - {"11 digit large integer", "99999999999", Integer(99999999999)}, - {"12 digits of zero", "000000000000", Integer(0), "0"}, - {"12 digit small integer", "111111111111", Integer(111111111111)}, - {"12 digit large integer", "999999999999", Integer(999999999999)}, - {"13 digits of zero", "0000000000000", Integer(0), "0"}, - {"13 digit small integer", "1111111111111", Integer(1111111111111)}, - {"13 digit large integer", "9999999999999", Integer(9999999999999)}, - {"14 digits of zero", "00000000000000", Integer(0), "0"}, - {"14 digit small integer", "11111111111111", Integer(11111111111111)}, - {"14 digit large integer", "99999999999999", Integer(99999999999999)}, - {"15 digits of zero", "000000000000000", Integer(0), "0"}, - {"15 digit small integer", "111111111111111", Integer(111111111111111)}, - {"15 digit large integer", "999999999999999", Integer(999999999999999)}, - {"2 digit 0, 1 fractional small decimal", "0.1", Item(0.1), "0.1"}, - {"2 digit, 1 fractional 0 decimal", "1.0", Item(1.0), "1.0"}, - {"2 digit, 1 fractional small decimal", "1.1", Item(1.1)}, - {"2 digit, 1 fractional large decimal", "9.9", Item(9.9)}, - {"3 digit 0, 2 fractional small decimal", "0.11", Item(0.11), "0.11"}, - {"3 digit, 2 fractional 0 decimal", "1.00", Item(1.0), "1.0"}, - {"3 digit, 2 fractional small decimal", "1.11", Item(1.11)}, - {"3 digit, 2 fractional large decimal", "9.99", Item(9.99)}, - {"4 digit 0, 3 fractional small decimal", "0.111", Item(0.111), "0.111"}, - {"4 digit, 3 fractional 0 decimal", "1.000", Item(1.0), "1.0"}, - {"4 digit, 3 fractional small decimal", "1.111", Item(1.111)}, - {"4 digit, 3 fractional large decimal", "9.999", Item(9.999)}, - {"3 digit 0, 1 fractional small decimal", "00.1", Item(0.1), "0.1"}, - {"3 digit, 1 fractional 0 decimal", "11.0", Item(11.0), "11.0"}, - {"3 digit, 1 fractional small decimal", "11.1", Item(11.1)}, - {"3 digit, 1 fractional large decimal", "99.9", Item(99.9)}, - {"4 digit 0, 2 fractional small decimal", "00.11", Item(0.11), "0.11"}, - {"4 digit, 2 fractional 0 decimal", "11.00", Item(11.0), "11.0"}, - {"4 digit, 2 fractional small decimal", "11.11", Item(11.11)}, - {"4 digit, 2 fractional large decimal", "99.99", Item(99.99)}, - {"5 digit 0, 3 fractional small decimal", "00.111", Item(0.111), "0.111"}, - {"5 digit, 3 fractional 0 decimal", "11.000", Item(11.0), "11.0"}, - {"5 digit, 3 fractional small decimal", "11.111", Item(11.111)}, - {"5 digit, 3 fractional large decimal", "99.999", Item(99.999)}, - {"4 digit 0, 1 fractional small decimal", "000.1", Item(0.1), "0.1"}, - {"4 digit, 1 fractional 0 decimal", "111.0", Item(111.0), "111.0"}, - {"4 digit, 1 fractional small decimal", "111.1", Item(111.1)}, - {"4 digit, 1 fractional large decimal", "999.9", Item(999.9)}, - {"5 digit 0, 2 fractional small decimal", "000.11", Item(0.11), "0.11"}, - {"5 digit, 2 fractional 0 decimal", "111.00", Item(111.0), "111.0"}, - {"5 digit, 2 fractional small decimal", "111.11", Item(111.11)}, - {"5 digit, 2 fractional large decimal", "999.99", Item(999.99)}, - {"6 digit 0, 3 fractional small decimal", "000.111", Item(0.111), "0.111"}, - {"6 digit, 3 fractional 0 decimal", "111.000", Item(111.0), "111.0"}, - {"6 digit, 3 fractional small decimal", "111.111", Item(111.111)}, - {"6 digit, 3 fractional large decimal", "999.999", Item(999.999)}, - {"5 digit 0, 1 fractional small decimal", "0000.1", Item(0.1), "0.1"}, - {"5 digit, 1 fractional 0 decimal", "1111.0", Item(1111.0), "1111.0"}, - {"5 digit, 1 fractional small decimal", "1111.1", Item(1111.1)}, - {"5 digit, 1 fractional large decimal", "9999.9", Item(9999.9)}, - {"6 digit 0, 2 fractional small decimal", "0000.11", Item(0.11), "0.11"}, - {"6 digit, 2 fractional 0 decimal", "1111.00", Item(1111.0), "1111.0"}, - {"6 digit, 2 fractional small decimal", "1111.11", Item(1111.11)}, - {"6 digit, 2 fractional large decimal", "9999.99", Item(9999.99)}, - {"7 digit 0, 3 fractional small decimal", "0000.111", Item(0.111), "0.111"}, - {"7 digit, 3 fractional 0 decimal", "1111.000", Item(1111.0), "1111.0"}, - {"7 digit, 3 fractional small decimal", "1111.111", Item(1111.111)}, - {"7 digit, 3 fractional large decimal", "9999.999", Item(9999.999)}, - {"6 digit 0, 1 fractional small decimal", "00000.1", Item(0.1), "0.1"}, - {"6 digit, 1 fractional 0 decimal", "11111.0", Item(11111.0), "11111.0"}, - {"6 digit, 1 fractional small decimal", "11111.1", Item(11111.1)}, - {"6 digit, 1 fractional large decimal", "99999.9", Item(99999.9)}, - {"7 digit 0, 2 fractional small decimal", "00000.11", Item(0.11), "0.11"}, - {"7 digit, 2 fractional 0 decimal", "11111.00", Item(11111.0), "11111.0"}, - {"7 digit, 2 fractional small decimal", "11111.11", Item(11111.11)}, - {"7 digit, 2 fractional large decimal", "99999.99", Item(99999.99)}, - {"8 digit 0, 3 fractional small decimal", "00000.111", Item(0.111), - "0.111"}, - {"8 digit, 3 fractional 0 decimal", "11111.000", Item(11111.0), "11111.0"}, - {"8 digit, 3 fractional small decimal", "11111.111", Item(11111.111)}, - {"8 digit, 3 fractional large decimal", "99999.999", Item(99999.999)}, - {"7 digit 0, 1 fractional small decimal", "000000.1", Item(0.1), "0.1"}, - {"7 digit, 1 fractional 0 decimal", "111111.0", Item(111111.0), "111111.0"}, - {"7 digit, 1 fractional small decimal", "111111.1", Item(111111.1)}, - {"7 digit, 1 fractional large decimal", "999999.9", Item(999999.9)}, - {"8 digit 0, 2 fractional small decimal", "000000.11", Item(0.11), "0.11"}, - {"8 digit, 2 fractional 0 decimal", "111111.00", Item(111111.0), - "111111.0"}, - {"8 digit, 2 fractional small decimal", "111111.11", Item(111111.11)}, - {"8 digit, 2 fractional large decimal", "999999.99", Item(999999.99)}, - {"9 digit 0, 3 fractional small decimal", "000000.111", Item(0.111), - "0.111"}, - {"9 digit, 3 fractional 0 decimal", "111111.000", Item(111111.0), - "111111.0"}, - {"9 digit, 3 fractional small decimal", "111111.111", Item(111111.111)}, - {"9 digit, 3 fractional large decimal", "999999.999", Item(999999.999)}, - {"8 digit 0, 1 fractional small decimal", "0000000.1", Item(0.1), "0.1"}, - {"8 digit, 1 fractional 0 decimal", "1111111.0", Item(1111111.0), - "1111111.0"}, - {"8 digit, 1 fractional small decimal", "1111111.1", Item(1111111.1)}, - {"8 digit, 1 fractional large decimal", "9999999.9", Item(9999999.9)}, - {"9 digit 0, 2 fractional small decimal", "0000000.11", Item(0.11), "0.11"}, - {"9 digit, 2 fractional 0 decimal", "1111111.00", Item(1111111.0), - "1111111.0"}, - {"9 digit, 2 fractional small decimal", "1111111.11", Item(1111111.11)}, - {"9 digit, 2 fractional large decimal", "9999999.99", Item(9999999.99)}, - {"10 digit 0, 3 fractional small decimal", "0000000.111", Item(0.111), - "0.111"}, - {"10 digit, 3 fractional 0 decimal", "1111111.000", Item(1111111.0), - "1111111.0"}, - {"10 digit, 3 fractional small decimal", "1111111.111", Item(1111111.111)}, - {"10 digit, 3 fractional large decimal", "9999999.999", Item(9999999.999)}, - {"9 digit 0, 1 fractional small decimal", "00000000.1", Item(0.1), "0.1"}, - {"9 digit, 1 fractional 0 decimal", "11111111.0", Item(11111111.0), - "11111111.0"}, - {"9 digit, 1 fractional small decimal", "11111111.1", Item(11111111.1)}, - {"9 digit, 1 fractional large decimal", "99999999.9", Item(99999999.9)}, - {"10 digit 0, 2 fractional small decimal", "00000000.11", Item(0.11), - "0.11"}, - {"10 digit, 2 fractional 0 decimal", "11111111.00", Item(11111111.0), - "11111111.0"}, - {"10 digit, 2 fractional small decimal", "11111111.11", Item(11111111.11)}, - {"10 digit, 2 fractional large decimal", "99999999.99", Item(99999999.99)}, - {"11 digit 0, 3 fractional small decimal", "00000000.111", Item(0.111), - "0.111"}, - {"11 digit, 3 fractional 0 decimal", "11111111.000", Item(11111111.0), - "11111111.0"}, - {"11 digit, 3 fractional small decimal", "11111111.111", - Item(11111111.111)}, - {"11 digit, 3 fractional large decimal", "99999999.999", - Item(99999999.999)}, - {"10 digit 0, 1 fractional small decimal", "000000000.1", Item(0.1), "0.1"}, - {"10 digit, 1 fractional 0 decimal", "111111111.0", Item(111111111.0), - "111111111.0"}, - {"10 digit, 1 fractional small decimal", "111111111.1", Item(111111111.1)}, - {"10 digit, 1 fractional large decimal", "999999999.9", Item(999999999.9)}, - {"11 digit 0, 2 fractional small decimal", "000000000.11", Item(0.11), - "0.11"}, - {"11 digit, 2 fractional 0 decimal", "111111111.00", Item(111111111.0), - "111111111.0"}, - {"11 digit, 2 fractional small decimal", "111111111.11", - Item(111111111.11)}, - {"11 digit, 2 fractional large decimal", "999999999.99", - Item(999999999.99)}, - {"12 digit 0, 3 fractional small decimal", "000000000.111", Item(0.111), - "0.111"}, - {"12 digit, 3 fractional 0 decimal", "111111111.000", Item(111111111.0), - "111111111.0"}, - {"12 digit, 3 fractional small decimal", "111111111.111", - Item(111111111.111)}, - {"12 digit, 3 fractional large decimal", "999999999.999", - Item(999999999.999)}, - {"11 digit 0, 1 fractional small decimal", "0000000000.1", Item(0.1), - "0.1"}, - {"11 digit, 1 fractional 0 decimal", "1111111111.0", Item(1111111111.0), - "1111111111.0"}, - {"11 digit, 1 fractional small decimal", "1111111111.1", - Item(1111111111.1)}, - {"11 digit, 1 fractional large decimal", "9999999999.9", - Item(9999999999.9)}, - {"12 digit 0, 2 fractional small decimal", "0000000000.11", Item(0.11), - "0.11"}, - {"12 digit, 2 fractional 0 decimal", "1111111111.00", Item(1111111111.0), - "1111111111.0"}, - {"12 digit, 2 fractional small decimal", "1111111111.11", - Item(1111111111.11)}, - {"12 digit, 2 fractional large decimal", "9999999999.99", - Item(9999999999.99)}, - {"13 digit 0, 3 fractional small decimal", "0000000000.111", Item(0.111), - "0.111"}, - {"13 digit, 3 fractional 0 decimal", "1111111111.000", Item(1111111111.0), - "1111111111.0"}, - {"13 digit, 3 fractional small decimal", "1111111111.111", - Item(1111111111.111)}, - {"13 digit, 3 fractional large decimal", "9999999999.999", - Item(9999999999.999)}, - {"12 digit 0, 1 fractional small decimal", "00000000000.1", Item(0.1), - "0.1"}, - {"12 digit, 1 fractional 0 decimal", "11111111111.0", Item(11111111111.0), - "11111111111.0"}, - {"12 digit, 1 fractional small decimal", "11111111111.1", - Item(11111111111.1)}, - {"12 digit, 1 fractional large decimal", "99999999999.9", - Item(99999999999.9)}, - {"13 digit 0, 2 fractional small decimal", "00000000000.11", Item(0.11), - "0.11"}, - {"13 digit, 2 fractional 0 decimal", "11111111111.00", Item(11111111111.0), - "11111111111.0"}, - {"13 digit, 2 fractional small decimal", "11111111111.11", - Item(11111111111.11)}, - {"13 digit, 2 fractional large decimal", "99999999999.99", - Item(99999999999.99)}, - {"14 digit 0, 3 fractional small decimal", "00000000000.111", Item(0.111), - "0.111"}, - {"14 digit, 3 fractional 0 decimal", "11111111111.000", Item(11111111111.0), - "11111111111.0"}, - {"14 digit, 3 fractional small decimal", "11111111111.111", - Item(11111111111.111)}, - {"14 digit, 3 fractional large decimal", "99999999999.999", - Item(99999999999.999)}, - {"13 digit 0, 1 fractional small decimal", "000000000000.1", Item(0.1), - "0.1"}, - {"13 digit, 1 fractional 0 decimal", "111111111111.0", Item(111111111111.0), - "111111111111.0"}, - {"13 digit, 1 fractional small decimal", "111111111111.1", - Item(111111111111.1)}, - {"13 digit, 1 fractional large decimal", "999999999999.9", - Item(999999999999.9)}, - {"14 digit 0, 2 fractional small decimal", "000000000000.11", Item(0.11), - "0.11"}, - {"14 digit, 2 fractional 0 decimal", "111111111111.00", - Item(111111111111.0), "111111111111.0"}, - {"14 digit, 2 fractional small decimal", "111111111111.11", - Item(111111111111.11)}, - {"14 digit, 2 fractional large decimal", "999999999999.99", - Item(999999999999.99)}, - {"15 digit 0, 3 fractional small decimal", "000000000000.111", Item(0.111), - "0.111"}, - {"15 digit, 3 fractional 0 decimal", "111111111111.000", - Item(111111111111.0), "111111111111.0"}, - {"15 digit, 3 fractional small decimal", "111111111111.111", - Item(111111111111.111)}, - {"15 digit, 3 fractional large decimal", "999999999999.999", - Item(999999999999.999)}, - {"too many digit 0 decimal", "000000000000000.0", base::nullopt}, - {"too many fractional digits 0 decimal", "000000000000.0000", - base::nullopt}, - {"too many digit 9 decimal", "999999999999999.9", base::nullopt}, - {"too many fractional digits 9 decimal", "999999999999.9999", - base::nullopt}, - // Boolean - {"basic true boolean", "?1", Item(true)}, - {"basic false boolean", "?0", Item(false)}, - {"unknown boolean", "?Q", base::nullopt}, - {"whitespace boolean", "? 1", base::nullopt}, - {"negative zero boolean", "?-0", base::nullopt}, - {"T boolean", "?T", base::nullopt}, - {"F boolean", "?F", base::nullopt}, - {"t boolean", "?t", base::nullopt}, - {"f boolean", "?f", base::nullopt}, - {"spelled-out True boolean", "?True", base::nullopt}, - {"spelled-out False boolean", "?False", base::nullopt}, - // Byte Sequence - {"basic binary", ":aGVsbG8=:", Item("hello", Item::kByteSequenceType)}, - {"empty binary", "::", Item("", Item::kByteSequenceType)}, - {"bad paddding", ":aGVsbG8:", Item("hello", Item::kByteSequenceType), - ":aGVsbG8=:"}, - {"bad end delimiter", ":aGVsbG8=", base::nullopt}, - {"extra whitespace", ":aGVsb G8=:", base::nullopt}, - {"extra chars", ":aGVsbG!8=:", base::nullopt}, - {"suffix chars", ":aGVsbG8=!:", base::nullopt}, - {"non-zero pad bits", ":iZ==:", Item("\x89", Item::kByteSequenceType), - ":iQ==:"}, - {"non-ASCII binary", ":/+Ah:", Item("\xFF\xE0!", Item::kByteSequenceType)}, - {"base64url binary", ":_-Ah:", base::nullopt}, // String {"basic string", "\"foo\"", Item("foo")}, - {"empty string", "\"\"", Item("")}, - {"long string", - "\"foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo " - "foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo " - "foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo " - "foo foo foo foo foo foo foo foo foo foo foo foo foo foo \"", - Item("foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo " - "foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo " - "foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo " - "foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo foo " - "foo ")}, - {"whitespace string", "\" \"", Item(" ")}, {"non-ascii string", "\"f\xC3\xBC\xC3\xBC\"", base::nullopt}, - {"tab in string", "\"\t\"", base::nullopt}, - {"newline in string", "\" \n \"", base::nullopt}, - {"single quoted string", "'foo'", base::nullopt}, - {"unbalanced string", "\"foo", base::nullopt}, - {"string quoting", "\"foo \\\"bar\\\" \\\\ baz\"", - Item("foo \"bar\" \\ baz")}, - {"bad string quoting", "\"foo \\,\"", base::nullopt}, - {"ending string quote", "\"foo \\\"", base::nullopt}, - {"abruptly ending string quote", "\"foo \\", base::nullopt}, // Additional tests {"valid quoting containing \\n", "\"\\\\n\"", Item("\\n")}, {"valid quoting containing \\t", "\"\\\\t\"", Item("\\t")}, @@ -497,40 +167,11 @@ const struct ListTestCase { const char* canonical; // nullptr if parse error is expected, or if canonical // format is identical to raw. } list_test_cases[] = { - // Basic lists - {"basic list", "1, 42", {{{Integer(1L), {}}, {Integer(42L), {}}}}}, - {"empty list", "", List()}, - {"single item list", "42", {{{Integer(42L), {}}}}}, - {"no whitespace list", - "1,42", - {{{Integer(1L), {}}, {Integer(42L), {}}}}, - "1, 42"}, - {"trailing comma list", "1, 42,", base::nullopt}, - {"empty item list", "1,,42", base::nullopt}, // Lists of lists - {"basic list of lists", - "(1 2), (42 43)", - {{{{{Integer(1L), {}}, {Integer(2L), {}}}, {}}, - {{{Integer(42L), {}}, {Integer(43L), {}}}, {}}}}}, - {"single item list of lists", - "(42)", - {{{std::vector<ParameterizedItem>{{Integer(42L), {}}}, {}}}}}, - {"empty item list of lists", - "()", - {{{std::vector<ParameterizedItem>(), {}}}}}, - {"empty middle item list of lists", - "(1),(),(42)", - {{{std::vector<ParameterizedItem>{{Integer(1L), {}}}, {}}, - {std::vector<ParameterizedItem>(), {}}, - {std::vector<ParameterizedItem>{{Integer(42L), {}}}, {}}}}, - "(1), (), (42)"}, {"extra whitespace list of lists", "(1 42)", {{{{{Integer(1L), {}}, {Integer(42L), {}}}, {}}}}, "(1 42)"}, - {"no trailing parenthesis list of lists", "(1 42", base::nullopt}, - {"no trailing parenthesis middle list of lists", "(1 2, (42 43)", - base::nullopt}, // Parameterized Lists {"basic parameterised list", "abc_123;a=1;b=2; cdef_456, ghi;q=\"9\";r=\"+w\"", @@ -538,41 +179,6 @@ const struct ListTestCase { {Param("a", 1), Param("b", 2), BooleanParam("cdef_456", true)}}, {Token("ghi"), {Param("q", "9"), Param("r", "+w")}}}}, "abc_123;a=1;b=2;cdef_456, ghi;q=\"9\";r=\"+w\""}, - {"single item parameterised list", - "text/html;q=1.0", - {{{Token("text/html"), {DoubleParam("q", 1)}}}}}, - {"missing parameter value parameterised list", - "text/html;a;q=1.0", - {{{Token("text/html"), {BooleanParam("a", true), DoubleParam("q", 1)}}}}}, - {"missing terminal parameter value parameterised list", - "text/html;q=1.0;a", - {{{Token("text/html"), {DoubleParam("q", 1), BooleanParam("a", true)}}}}}, - {"no whitespace parameterised list", - "text/html,text/plain;q=0.5", - {{{Token("text/html"), {}}, - {Token("text/plain"), {DoubleParam("q", 0.5)}}}}, - "text/html, text/plain;q=0.5"}, - {"whitespace before = parameterised list", "text/html, text/plain;q =0.5", - base::nullopt}, - {"whitespace after = parameterised list", "text/html, text/plain;q= 0.5", - base::nullopt}, - {"whitespace before ; parameterised list", "text/html, text/plain ;q=0.5", - base::nullopt}, - {"whitespace after ; parameterised list", - "text/html, text/plain; q=0.5", - {{{Token("text/html"), {}}, - {Token("text/plain"), {DoubleParam("q", 0.5)}}}}, - "text/html, text/plain;q=0.5"}, - {"extra whitespace parameterised list", - "text/html , text/plain; q=0.5; charset=utf-8", - {{{Token("text/html"), {}}, - {Token("text/plain"), - {DoubleParam("q", 0.5), TokenParam("charset", "utf-8")}}}}, - "text/html, text/plain;q=0.5;charset=utf-8"}, - {"trailing comma parameterised list", "text/html,text/plain;q=0.5,", - base::nullopt}, - {"empty item parameterised list", "text/html,,text/plain;q=0.5", - base::nullopt}, // Parameterized inner lists {"parameterised basic list of lists", "(1;a=1.0 2), (42 43)", @@ -630,113 +236,29 @@ const struct DictionaryTestCase { "en=\"Applepie\", da=:aGVsbG8=:", {Dictionary{{{"en", {Item("Applepie"), {}}}, {"da", {Item("hello", Item::kByteSequenceType), {}}}}}}}, - {"empty dictionary", "", Dictionary()}, - {"single item dictionary", "a=1", {Dictionary{{{"a", {Integer(1L), {}}}}}}}, - {"list item dictionary", - "a=(1 2)", - {Dictionary{{{"a", {{{Integer(1L), {}}, {Integer(2L), {}}}, {}}}}}}}, - {"single list item dictionary", - "a=(1)", - {Dictionary{ - {{"a", {std::vector<ParameterizedItem>{{Integer(1L), {}}}, {}}}}}}}, - {"empty list item dictionary", - "a=()", - {Dictionary{{{"a", {std::vector<ParameterizedItem>(), {}}}}}}}, - {"no whitespace dictionary", - "a=1,b=2", - {Dictionary{{{"a", {Integer(1L), {}}}, {"b", {Integer(2L), {}}}}}}, - "a=1, b=2"}, - {"extra whitespace dictionary", - "a=1 , b=2", - {Dictionary{{{"a", {Integer(1L), {}}}, {"b", {Integer(2L), {}}}}}}, - "a=1, b=2"}, {"tab separated dictionary", "a=1\t,\tb=2", base::nullopt}, - {"leading whitespace dictionary", - " a=1 , b=2", - {Dictionary{{{"a", {Integer(1L), {}}}, {"b", {Integer(2L), {}}}}}}, - "a=1, b=2"}, - {"whitespace before = dictionary", "a =1, b=2", base::nullopt}, - {"whitespace after = dictionary", "a=1, b= 2", base::nullopt}, - {"missing value dictionary", - "a=1, b, c=3", - {Dictionary{{{"a", {Integer(1L), {}}}, - {"b", {Item(true), {}}}, - {"c", {Integer(3L), {}}}}}}}, - {"all missing value dictionary", - "a, b, c", - {Dictionary{{{"a", {Item(true), {}}}, - {"b", {Item(true), {}}}, - {"c", {Item(true), {}}}}}}}, - {"start missing value dictionary", - "a, b=2", - {Dictionary{{{"a", {Item(true), {}}}, {"b", {Integer(2L), {}}}}}}}, - {"end missing value dictionary", - "a=1, b", - {Dictionary{{{"a", {Integer(1L), {}}}, {"b", {Item(true), {}}}}}}}, {"missing value with params dictionary", - "a=1, b=?1;foo=9, c=3", + "a=1, b;foo=9, c=3", {Dictionary{{{"a", {Integer(1L), {}}}, {"b", {Item(true), {Param("foo", 9)}}}, {"c", {Integer(3L), {}}}}}}}, - {"trailing comma dictionary", "a=1, b=2,", base::nullopt}, - {"empty item dictionary", "a=1,,b=2,", base::nullopt}, - {"duplicate key dictionary", - "a=1,b=2,a=3", - {Dictionary{{{"a", {Integer(3L), {}}}, {"b", {Integer(2L), {}}}}}}, - "a=3, b=2"}, - {"numeric key dictionary", "a=1,1b=2,a=1", base::nullopt}, - {"uppercase key dictionary", "a=1,B=2,a=1", base::nullopt}, - {"bad key dictionary", "a=1,b!=2,a=1", base::nullopt}, // Parameterised dictionary tests - {"basic parameterised dict", - "abc=123;a=1;b=2, def=456, ghi=789;q=9;r=\"+w\"", - {Dictionary{ - {{"abc", {Integer(123), {Param("a", 1), Param("b", 2)}}}, - {"def", {Integer(456), {}}}, - {"ghi", {Integer(789), {Param("q", 9), Param("r", "+w")}}}}}}}, - {"single item parameterised dict", - "a=b; q=1.0", - {Dictionary{{{"a", {Token("b"), {DoubleParam("q", 1.0)}}}}}}, - "a=b;q=1.0"}, - {"list item parameterised dictionary", - "a=(1 2); q=1.0", - {Dictionary{{{"a", - {{{Integer(1L), {}}, {Integer(2L), {}}}, - {DoubleParam("q", 1.0)}}}}}}, - "a=(1 2);q=1.0"}, - {"missing parameter value parameterised dict", - "a=3;c;d=5", - {Dictionary{ - {{"a", {Integer(3), {BooleanParam("c", true), Param("d", 5)}}}}}}}, - {"terminal missing parameter value parameterised dict", - "a=3;c=5;d", - {Dictionary{ - {{"a", {Integer(3), {Param("c", 5), BooleanParam("d", true)}}}}}}}, - {"no whitespace parameterised dict", - "a=b;c=1,d=e;f=2", - {Dictionary{{{"a", {Token("b"), {Param("c", 1)}}}, - {"d", {Token("e"), {Param("f", 2)}}}}}}, - "a=b;c=1, d=e;f=2"}, - {"whitespace before = parameterised dict", "a=b;q =0.5", base::nullopt}, - {"whitespace after = parameterised dict", "a=b;q= 0.5", base::nullopt}, - {"whitespace before ; parameterised dict", "a=b ;q=0.5", base::nullopt}, - {"whitespace after ; parameterised dict", - "a=b; q=0.5", - {Dictionary{{{"a", {Token("b"), {DoubleParam("q", 0.5)}}}}}}, - "a=b;q=0.5"}, - {"extra whitespace parameterised dict", - "a=b; c=1 , d=e; f=2; g=3", - {Dictionary{{{"a", {Token("b"), {Param("c", 1)}}}, - {"d", {Token("e"), {Param("f", 2), Param("g", 3)}}}}}}, - "a=b;c=1, d=e;f=2;g=3"}, - {"trailing comma parameterised dict", "a=b; q=1.0,", base::nullopt}, - {"empty item parameterised dict", "a=b; q=1.0,,c=d", base::nullopt}, {"parameterised inner list member dict", "a=(\"1\";b=1;c=?0 \"2\");d=\"e\"", {Dictionary{{{"a", {{{Item("1"), {Param("b", 1), BooleanParam("c", false)}}, {Item("2"), {}}}, {Param("d", "e")}}}}}}}, + {"explicit true value with parameter", + "a=?1;b=1", + {Dictionary{{{"a", {Item(true), {Param("b", 1)}}}}}}, + "a;b=1"}, + {"implicit true value with parameter", + "a;b=1", + {Dictionary{{{"a", {Item(true), {Param("b", 1)}}}}}}}, + {"implicit true value with implicitly-valued parameter", + "a;b", + {Dictionary{{{"a", {Item(true), {BooleanParam("b", true)}}}}}}}, }; } // namespace @@ -993,7 +515,6 @@ TEST(StructuredHeaderTest, UnserializableKeys) { {"begins with colon", ":token"}, {"begins with percent", "%token"}, {"begins with period", ".token"}, - {"begins with asterisk", "*token"}, {"begins with slash", "/token"}, }; for (const auto& bad_key : bad_keys) { diff --git a/chromium/net/http/transport_security_persister.cc b/chromium/net/http/transport_security_persister.cc index 52c2d83bb4d..ce625c788b1 100644 --- a/chromium/net/http/transport_security_persister.cc +++ b/chromium/net/http/transport_security_persister.cc @@ -210,6 +210,12 @@ bool DeserializeExpectCTState(const base::DictionaryValue* parsed, return true; } +void OnWriteFinishedTask(scoped_refptr<base::SequencedTaskRunner> task_runner, + base::OnceClosure callback, + bool result) { + task_runner->PostTask(FROM_HERE, std::move(callback)); +} + } // namespace TransportSecurityPersister::TransportSecurityPersister( @@ -252,16 +258,18 @@ void TransportSecurityPersister::WriteNow(TransportSecurityState* state, writer_.RegisterOnNextWriteCallbacks( base::OnceClosure(), - base::BindOnce(&TransportSecurityPersister::OnWriteFinished, - weak_ptr_factory_.GetWeakPtr(), std::move(callback))); + base::BindOnce( + &OnWriteFinishedTask, foreground_runner_, + base::BindOnce(&TransportSecurityPersister::OnWriteFinished, + weak_ptr_factory_.GetWeakPtr(), std::move(callback)))); auto data = std::make_unique<std::string>(); SerializeData(data.get()); writer_.WriteNow(std::move(data)); } -void TransportSecurityPersister::OnWriteFinished(base::OnceClosure callback, - bool result) { - foreground_runner_->PostTask(FROM_HERE, std::move(callback)); +void TransportSecurityPersister::OnWriteFinished(base::OnceClosure callback) { + DCHECK(foreground_runner_->RunsTasksInCurrentSequence()); + std::move(callback).Run(); } bool TransportSecurityPersister::SerializeData(std::string* output) { diff --git a/chromium/net/http/transport_security_persister.h b/chromium/net/http/transport_security_persister.h index c8ba1d88216..a7a92839c32 100644 --- a/chromium/net/http/transport_security_persister.h +++ b/chromium/net/http/transport_security_persister.h @@ -67,6 +67,7 @@ class NET_EXPORT TransportSecurityPersister // Called by the TransportSecurityState when it changes its state. void StateIsDirty(TransportSecurityState*) override; // Called when the TransportSecurityState should be written immediately. + // |callback| is called after data is persisted. void WriteNow(TransportSecurityState* state, base::OnceClosure callback) override; @@ -121,7 +122,7 @@ class NET_EXPORT TransportSecurityPersister TransportSecurityState* state); void CompleteLoad(const std::string& state); - void OnWriteFinished(base::OnceClosure callback, bool result); + void OnWriteFinished(base::OnceClosure callback); TransportSecurityState* transport_security_state_; diff --git a/chromium/net/http/transport_security_persister_unittest.cc b/chromium/net/http/transport_security_persister_unittest.cc index 1645ea0ae3c..db952591974 100644 --- a/chromium/net/http/transport_security_persister_unittest.cc +++ b/chromium/net/http/transport_security_persister_unittest.cc @@ -38,8 +38,12 @@ class TransportSecurityPersisterTest : public TestWithTaskEnvironment { void SetUp() override { ASSERT_TRUE(temp_dir_.CreateUniqueTempDir()); ASSERT_TRUE(base::MessageLoopCurrentForIO::IsSet()); + scoped_refptr<base::SequencedTaskRunner> background_runner( + base::ThreadPool::CreateSequencedTaskRunner( + {base::MayBlock(), base::TaskPriority::BEST_EFFORT, + base::TaskShutdownBehavior::BLOCK_SHUTDOWN})); persister_ = std::make_unique<TransportSecurityPersister>( - &state_, temp_dir_.GetPath(), base::ThreadTaskRunnerHandle::Get()); + &state_, temp_dir_.GetPath(), std::move(background_runner)); } protected: diff --git a/chromium/net/http/transport_security_state_static.json b/chromium/net/http/transport_security_state_static.json index 5de114f0c55..6f54b439db4 100644 --- a/chromium/net/http/transport_security_state_static.json +++ b/chromium/net/http/transport_security_state_static.json @@ -262,6 +262,7 @@ // Domains on the public suffix list that have requested to be preloaded. { "name": "bmoattachments.org", "policy": "public-suffix", "mode": "force-https", "include_subdomains": true }, { "name": "now.sh", "policy": "public-suffix", "mode": "force-https", "include_subdomains": true }, + { "name": "cnpy.gdn", "policy": "public-suffix", "mode": "force-https", "include_subdomains": true }, // Google domains using Expect-CT. { @@ -1547,7 +1548,6 @@ { "name": "shiinko.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thorncreek.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tno.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "translatoruk.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wepay.in.th", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "zixiao.wang", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ahoyconference.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -1650,7 +1650,6 @@ { "name": "gizzo.sk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "itshost.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jmedved.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "jwilsson.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "keepclean.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "leonardcamacho.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mdfnet.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -1692,11 +1691,7 @@ { "name": "myvirtualserver.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "neftaly.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nu3.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "nu3.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "nu3.dk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nu3.fi", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "nu3.no", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "nu3.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ovenapp.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ruudkoot.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "seomobo.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -2106,7 +2101,6 @@ { "name": "ankakaak.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "anonym-surfen.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "apps-for-fishing.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "arteseideias.com.pt", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "athenelive.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "aurainfosec.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "aurainfosec.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -2165,7 +2159,6 @@ { "name": "mall.sk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "malwre.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "markayapilandirma.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "markhaehnel.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mattfin.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mehmetince.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mh-bloemen.co.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -2518,7 +2511,6 @@ { "name": "ezimoeko.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "eztv.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "feedthebot.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "feminists.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "festember.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fidelapp.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "floweslawncare.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -2537,7 +2529,6 @@ { "name": "hobbyspeed.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "holymoly.lu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "imagr.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "infogrfx.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "j-lsolutions.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jacobparry.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jacuzziprozone.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -3516,7 +3507,6 @@ { "name": "adhs-chaoten.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ageg.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "alpca.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "americanbio.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "amoory.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "appmobile.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "aussiecable.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -4143,7 +4133,6 @@ { "name": "nametiles.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "netbrief.ml", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nevadafiber.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "noima.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "noisetrap.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "onespiritinc.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "orderswift.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -4578,7 +4567,6 @@ { "name": "concord-group.co.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "count.sh", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "culinae.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "cvjm-memmingen.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "decafu.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dergeilstestammderwelt.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dibiphp.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -4619,7 +4607,6 @@ { "name": "interaffairs.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "isitamor.pm", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jamesconroyfinn.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "johngallias.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kanna.cf", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kilobyte22.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "komoju.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -4940,7 +4927,6 @@ { "name": "narach.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nb.zone", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nbg-ha.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "negai.moe", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "neko-life.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "netfs.pl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "netfxharmonics.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -5322,7 +5308,6 @@ { "name": "mobiletraff.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "moneromerchant.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "monitzer.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "mygreatjobs.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nearby.in.th", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "netsystems.pro", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "neuralgic.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -5521,7 +5506,6 @@ { "name": "beanjuice.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "beardydave.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "beinad.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "believablebook.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bely-mishka.by", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bendemaree.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bendingtheending.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -5563,7 +5547,6 @@ { "name": "bregnedalsystems.dk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "brickoo.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bridholm.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "bronevichok.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "brunoramos.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "brunoramos.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bsalyzer.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -5632,7 +5615,6 @@ { "name": "critical.today", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "criticalaim.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cryptoisnotacrime.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "csapak.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "csokolade.hu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cssu.in", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cthomas.work", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -5879,7 +5861,6 @@ { "name": "jamon.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "janario.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jaqen.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "jarsater.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jasonamorrow.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jastoria.pl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jazzanet.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -6450,8 +6431,6 @@ { "name": "artmoney.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "artspac.es", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "arvamus.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "as200753.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "as200753.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "as9178.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "assekuranzjobs.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "audisto.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -6935,7 +6914,6 @@ { "name": "sudo.li", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sundayfundayjapan.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "swansdoor.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "swiss-cyber-experts.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "swmd5c.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "swyn.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sxbk.pw", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -7033,7 +7011,6 @@ { "name": "420dongstorm.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "4ourty2.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "960news.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "aboutmyip.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "agroline.by", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "amazing-gaming.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "andrewtebert.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -7097,8 +7074,6 @@ { "name": "fierlafijn.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "finenet.com.tw", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fortnine.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "franta.biz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "franta.email", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gilcloud.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "glittersjabloon.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gmw-hannover.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -7760,7 +7735,6 @@ { "name": "trell.co.in", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "trineco.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "trineco.fi", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "tuxz.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "uangteman.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "umassfive.coop", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "unicef.pl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -7938,17 +7912,14 @@ { "name": "papeda.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pauspam.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "petplus.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "plaettliaktion.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ploup.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "portalzine.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "qiwi.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "qwant.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rage4.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "regalpalms.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "reox.at", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "romaimperator.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rubysecurity.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "santanderideas.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sapience.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sarisonproductions.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "saunas.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -7961,7 +7932,6 @@ { "name": "sp.rw", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "spiritbionic.ro", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "stanandjerre.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "stay.black", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "stjohnin.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "storvann.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "storvann.no", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -8195,7 +8165,6 @@ { "name": "awxg.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "axeny.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "azimut.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "aztrix.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "babacasino.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "babyhouse.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "babystep.tv", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -8375,7 +8344,6 @@ { "name": "chiaramail.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chihiro.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chikan-beacon.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "childcaresolutionscny.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chilihosting.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "china-line.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chinternet.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -8711,7 +8679,6 @@ { "name": "firehost.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "firstmall.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fit4medien.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "fitbylo.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fitiapp.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fitnesswerk.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fitzsim.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -8894,7 +8861,6 @@ { "name": "haskovec.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "haveforeningen-enghaven.dk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "havellab.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "hawksguild.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hd-gaming.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hdhoang.space", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "heartmdinstitute.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -9164,7 +9130,6 @@ { "name": "learnflakes.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "learnfrenchfluently.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "learningorder.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "leesilvey.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "legarage.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "leilonorte.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "leiyun.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -9280,7 +9245,6 @@ { "name": "megakiste.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mehrwert.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "meillard-auto-ecole.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "mein-webportal.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "meincenter-meinemeinung.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "meine-email-im.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "melody-lyrics.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -9635,7 +9599,6 @@ { "name": "psicologia.co.ve", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pste.pw", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pugliese.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "pvtschlag.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pxx.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pyol.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pysays.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -9667,7 +9630,6 @@ { "name": "raitza.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "randc.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "randomcage.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "rannseier.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rapido.nu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ratajczak.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ratd.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -9713,7 +9675,6 @@ { "name": "resc.la", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "resist.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "restrito.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "retrotracks.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "revamed.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "revensoftware.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "reverie.pw", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -9731,7 +9692,6 @@ { "name": "rocksberg.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rolandreed.cn", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "romeoferraris.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ron2k.za.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "root.eu.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rootswitch.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rotterdamjazz.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -9793,7 +9753,6 @@ { "name": "seen.life", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "segitz.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "selectruckscalltrackingreports.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "semen3325.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "semps-servers.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "semps.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "semyonov.su", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -9828,7 +9787,6 @@ { "name": "sichere-kartenakzeptanz.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sieh.es", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "silicagelpackets.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "silver-drachenkrieger.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "silverbowflyshop.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "silvistefi.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "simobilklub.si", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -9904,7 +9862,6 @@ { "name": "spauted.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "spaysy.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "speculor.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "speedyprep.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "speidel.com.tr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "spicydog.tk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "spirit-dev.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -9945,7 +9902,6 @@ { "name": "strictlysudo.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "stroeercrm.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "studenckiemetody.pl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "stupendous.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "stuur.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "stw-group.at", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "styleci.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -9999,7 +9955,6 @@ { "name": "tech-rat.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "techmajesty.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "techpointed.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "tecnogaming.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tedovo.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "teemo.gg", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "telefonkonferenz.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -10300,7 +10255,6 @@ { "name": "xn--3lqp21gwna.xn--fiqz9s", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "xn--79q87uvkclvgd56ahq5a.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "xn--pbt947am3ab71g.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "xnode.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "xoffy.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "xrockx.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "xsmobile.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -10370,7 +10324,6 @@ { "name": "about.ge", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "aderal.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "acsemb.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "abseits.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "abeus.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "adamoutler.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "acslimited.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -10433,7 +10386,6 @@ { "name": "atnis.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "aww.moe", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "badbee.cc", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "bacontreeconsulting.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "azino777.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "badoo.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ballmerpeak.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -10774,7 +10726,6 @@ { "name": "illegalpornography.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hussam.eu.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "imguploaden.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "iltisim.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "indicateurs-flash.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ikocik.sk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "integrityingovernmentidaho.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -11003,7 +10954,6 @@ { "name": "nikksno.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nitropur.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nicolasklotz.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "nicolasbettag.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nibiisclaim.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nicestudio.co.il", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nixmag.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -11027,7 +10977,6 @@ { "name": "onarto.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "openbsd.id", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ogogoshop.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "oneminutefilm.tv", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ogocare.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "optimista.soy", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "oogami.name", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -11275,7 +11224,6 @@ { "name": "tenni.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thebigdatacompany.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thecapitalbank.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "telefisk.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thecharlestonwaldorf.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tfl.lu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thelaimlife.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -11626,9 +11574,6 @@ { "name": "fashionunited.com.ar", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fashionunited.hk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fashionunited.hu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "fashionunited.ie", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "fashionunited.mx", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "fashionunited.nz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fashionunited.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fenster-bank.at", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fenster-bank.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -11655,8 +11600,6 @@ { "name": "furiffic.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "furnation.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "futurestarsusa.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "g2links.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "g2soft.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "galoisvpn.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gdax.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gedankenbude.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -11703,7 +11646,6 @@ { "name": "hengelsportdeal.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "herds.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "herringsresidence.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "hexed.it", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "heywoodtown.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hiddenrefuge.eu.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hiitcentre.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -11793,7 +11735,6 @@ { "name": "laxiongames.es", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "le42mars.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "leakforums.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "lee-fuller.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lerku.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lfgss.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "li-ke.co.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -11941,7 +11882,6 @@ { "name": "pzme.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "qedcon.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "qivonline.pt", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "qrlfinancial.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "r-core.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "r-core.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rachaelrussell.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -12128,7 +12068,6 @@ { "name": "xpi.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "xroot.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yarcom.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "yinfor.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yooooex.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "youngandunited.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yoyoost.duckdns.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -12271,7 +12210,6 @@ { "name": "bardiharborow.tk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "baysse.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bb-shiokaze.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "beatnikbreaks.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "beerians.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "beetman.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "belani.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -12602,7 +12540,6 @@ { "name": "familie-sprink.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "farhadexchange.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fashionholic.my", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "fashionunited.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fedoramagazine.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fehnladen.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "feistyduck.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -12860,7 +12797,6 @@ { "name": "johnnybet.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "johnroach.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jonferwerda.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "jonnystoten.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jonoalderson.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jonsno.ws", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "joran.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -13082,7 +13018,6 @@ { "name": "myfrenchtattoo.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mygpsite.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "myimmitracker.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "mymotor.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mypaperwriter.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "myrepublic.co.id", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "myschoolphoto.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -13195,7 +13130,6 @@ { "name": "philsturgeon.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "phonenumberinfo.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "photographyforchange.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "phpbbchinese.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "phpmyadmin.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "phpprime.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "physicaltherapist.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -13435,7 +13369,6 @@ { "name": "snow.dog", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sokolkarvina.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sol-computers.es", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "soledadpenades.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "solus-project.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "solvops.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "somanao.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -14307,7 +14240,6 @@ { "name": "greencircleplantnursery.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "geder.at", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hacker1.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "geekariom.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "glasen-hardt.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gillet-cros.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gta-arabs.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -14754,7 +14686,6 @@ { "name": "members-only-shopping.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "longhorn.id.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "myms.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "nibb13.tech", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nico.one", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mytraiteurs.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "n0paste.tk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -15056,7 +14987,6 @@ { "name": "senmendai-reform.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sebi.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "shentengtu.idv.tw", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "schubergphilis.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "silqueskineyeserum.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sep23.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "serafin.tech", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -15338,7 +15268,6 @@ { "name": "vician.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "whatwebcando.today", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wowjs.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "web-vision.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "webthings.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wait.moe", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wemakemenus.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -15364,7 +15293,6 @@ { "name": "xuyh0120.win", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "urbpic.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wernerschaeffer.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "wbuntu.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "woffs.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "willi-graf-os.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "weissman.agency", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -15373,7 +15301,6 @@ { "name": "uscurrency.gov", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wearepapermill.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wobblylang.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "who.pm", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sitennisclub.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wobble.ninja", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wollwerk.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -15562,7 +15489,6 @@ { "name": "biz4x.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bangkok.dating", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "askizzy.org.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "aur.rocks", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "be-ka-tec.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "borowski.pw", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "asuhe.cc", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -15645,7 +15571,6 @@ { "name": "cavzodiaco.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cwage.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "coincoin.eu.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "corporatesubscriptions.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cosmundi.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cuetoems.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "compartir.party", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -15988,7 +15913,6 @@ { "name": "inoa8.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ila.fi", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jarondl.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "isara.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "intrp.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hoiku-map.tokyo", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jarrettgraham.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -16024,7 +15948,6 @@ { "name": "ipty.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "igiftcards.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jakarta.dating", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "kevinratcliff.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "iora.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "karhm.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jasonian-photo.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -16101,7 +16024,6 @@ { "name": "leaks.directory", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "link-sanitizer.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "linksanitizer.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "letitfly.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "leola.sk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kultmobil.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lincolnwayflorist.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -16480,7 +16402,6 @@ { "name": "smartbuyelectric.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "simonhirscher.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sedussa.ro", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ninebennink.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sml.lc", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "smileawei.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "smeetsengraas.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -16881,7 +16802,6 @@ { "name": "arnaudb.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "atlseccon.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "autoparts.sh", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "aucubin.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "artisense.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ascgathering.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "24sihu.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -17512,7 +17432,6 @@ { "name": "gamek.es", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gene-drives.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "general-anaesthesia.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "getshifter.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "garagemhermetica.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "giri.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "geekchimp.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -18415,7 +18334,6 @@ { "name": "saxoncreative.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rugby.video", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "scepticism.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "saludsis.mil.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "savageorgiev.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "selegiline.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "semianalog.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -19420,7 +19338,6 @@ { "name": "cnbs.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "coreum.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "confuddledpenguin.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "colapsys.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cloudbased.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "corderoscleaning.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cmso-cal.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -19705,7 +19622,6 @@ { "name": "expokohler.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "femaledom.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "felicifia.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "fashionunited.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "erasmusplusrooms.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "faehler.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "egweb.tv", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -20256,7 +20172,6 @@ { "name": "lilapmedia.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "isognattori.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lilyfarmfreshskincare.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "lbarrios.es", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "likegeeks.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "leilautourdumon.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lojj.pt", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -20402,7 +20317,6 @@ { "name": "moosemanstudios.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mkfs.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mofohome.dyndns.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "lucasgaland.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "miya.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "misericordiasegrate.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "meine-plancha.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -20888,7 +20802,6 @@ { "name": "schatzibaers.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "secwall.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rue-de-la-vieille.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "scoutnet.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sebastianhampl.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "shanekoster.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "shareoffice.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -21304,7 +21217,6 @@ { "name": "winbuzzer.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "windholz.us", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "windwoodmedia.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "windwoodweb.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wemakeonlinereviews.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "webhelyesarcu.hu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "werner-ema.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -21339,7 +21251,6 @@ { "name": "wissl.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wilane.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wirelesswatch.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "wildtrip.blog", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "x378.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "willow.technology", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "xgusto.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -21375,7 +21286,6 @@ { "name": "youdungoofd.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "xn--d1acj9c.xn--90ais", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yukonrefugees.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "yubi.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "zeds-official.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wildcard.hu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "xor-a.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -21423,7 +21333,6 @@ { "name": "yveshield.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "zivava.ge", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "zymmm.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "testuje.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yourhair.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "xn--6cv66l79sp0n0ibo7s9ne.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "xpenology-fr.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -21560,7 +21469,6 @@ { "name": "bitcoinindia.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bitmainwarranty.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "blackmirror.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "blokuhaka.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bloomzoomy.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "boatme.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bocamo.it", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -21653,7 +21561,6 @@ { "name": "crawcial.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "creativebites.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "creativecommons.cl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "creativecommons.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "creativeink.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "creators-design.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "creerunsitepro.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -21663,7 +21570,6 @@ { "name": "cyberdos.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "d-toys.com.ua", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "d4rkdeagle.tk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "dahl-pind.dk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "damasexpress.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "daniel-mosquera.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "danielehniss.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -21726,7 +21632,6 @@ { "name": "einsatzstiefel.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ekedp.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "electionsdatabase.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "emanuelemazzotta.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "emmagraystore.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "emmaliddell.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "emperor.blog", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -21969,7 +21874,6 @@ { "name": "lupinencyclopedia.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "luxuryweddingsindonesia.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lzahq.tech", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "mabulledu.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "macha.cloud", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mader.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "magazin3513.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -22100,7 +22004,6 @@ { "name": "oscloud.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "osereso.tn", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ospree.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "osx86spain.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "otellio.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "otellio.it", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "outka.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -22257,7 +22160,6 @@ { "name": "spielland.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "spirella-shop.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "springerundpartner.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "squido.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sslping.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "stalkerteam.pl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "stamparmakarije.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -22319,7 +22221,6 @@ { "name": "tinkerboard.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tittarpuls.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tmhlive.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "tmi.news", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tobiassachs.tk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tofa-koeln.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tofe.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -22659,7 +22560,6 @@ { "name": "am8888.top", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "amadoraslindas.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ambiancestudio.ro", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "amcchemical.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "americanfoundationbr.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "americasbasementcontractor.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "amf.to", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -22886,7 +22786,6 @@ { "name": "bltc.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bltc.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bltc.org.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "bluecon.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bluefrag.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "blues-and-pictures.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bluteklab.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23081,7 +22980,6 @@ { "name": "claytoncondon.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "clearblueday.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "clearchatsandbox.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "cleysense.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cliftons.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "clnet.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "clojurescript.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23246,7 +23144,6 @@ { "name": "dankeblog.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dankredues.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "danmark.guide", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "darinkotter.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "darkengine.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dartsdon.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "datovyaudit.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23402,7 +23299,6 @@ { "name": "ecolala.my", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "econativa.pt", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "economy.st", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ecosoftconsult.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "eden-mobility.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "educatio.tech", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "eductf.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23530,7 +23426,6 @@ { "name": "faroes.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "faroes.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "farsil.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "fashionunited.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fastbackmbg.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fastrevision.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fbcopy.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23559,7 +23454,6 @@ { "name": "filmreviewonline.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "finalvpn.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "finelovedolls.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "finsprings.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fintechnics.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "firebugmusic.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "first-house.no", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -24232,7 +24126,6 @@ { "name": "lauchundei.at", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "laufpix.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "laurasplacefamilysupport.org.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "lavaux.lv", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lawnuk.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ldcraft.pw", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "le-palantir.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -24602,7 +24495,6 @@ { "name": "mymed.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mymp3singer.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mymp3singer.site", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "mymsr.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "myonlinedating.club", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "myperfumecollection.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "myrig.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -24689,7 +24581,6 @@ { "name": "novilaw.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "novtest.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nowloading.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "nrd.li", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nso.ie", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nsp.ua", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nu-pogodi.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25081,7 +24972,6 @@ { "name": "resl20.servehttp.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ressl.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "restaurantesimonetti.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "retro.sx", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "revelaciones.tv", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "review.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "reviewjust.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25133,7 +25023,6 @@ { "name": "rothnater.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rougechocolat.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "royalnissanparts.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "royalrangers.fi", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "royalty-market.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rozalynne-dawn.ga", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rrudnik.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25194,7 +25083,6 @@ { "name": "sarkisozleri.us", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sarndipity.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "satanichia.moe", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "sauer-systems.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "saurel.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "savecashindia.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sawyerroofing.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25208,7 +25096,6 @@ { "name": "schippers-it.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "schmelzle.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "schmitt.ovh", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "schmitt.ws", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "schnyder-werbung.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "schsrch.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "schwarzwald-flirt.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25361,7 +25248,6 @@ { "name": "slwilde.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "smime.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "smksultanismail2.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "snapserv.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sneak.berlin", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sneeuwhoogtes.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "snight.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25705,7 +25591,6 @@ { "name": "unite-ka.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "unitedpsychological.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "universal-happiness.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "unruh.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "unx.dk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "upbeatrobot.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "uporoops.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25835,11 +25720,9 @@ { "name": "wenode.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "werkkrew.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wewillgo.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "wewillgo.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wheatgra.in", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wheelwright.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "whitehathackers.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "whitejaguars.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "whiterabbit.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wiapply.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wiebetaaltdat.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25884,7 +25767,6 @@ { "name": "wrfu.co.nz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "writereditor.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wsdcap.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "wssv.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wug.news", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wwgc2011.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "www-507.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -26058,7 +25940,6 @@ { "name": "03-09-2016.wedding", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "5ece.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "adamfontenot.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "acceleratenetworks.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "accelerate.network", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "0573wk.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "accuritpresence.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -26804,7 +26685,6 @@ { "name": "diadorafitness.es", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dogoo.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "diadorafitness.it", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "dogear.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "diagonale-deco.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dmdre.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cmn-group.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -26977,7 +26857,6 @@ { "name": "extradesktops.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "evodation.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "eteapparel.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "fashionunited.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ewallet-optimizer.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "facilitiessurvey.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "espacetemps.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27034,7 +26913,6 @@ { "name": "faraslot8.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fassi-sport.it", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "faraslot8.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "fleursdesoleil.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "feisim.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fetclips.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "florentynadawn.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27133,7 +27011,6 @@ { "name": "gestormensajeria.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "erf-neuilly.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "getyourphix.tk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "gentoo-blog.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "georgebrighton.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "george-brighton.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gallun-shop.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27227,7 +27104,6 @@ { "name": "harukakikuchi.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gratitudeabundancepassion.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gvchannel.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "grolimur.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "habeo.si", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "guichet-qualifications.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gritte.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27238,7 +27114,6 @@ { "name": "gugert.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "harveyauzorst.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hammer-schnaps.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "gedankenworks.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hanfox.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "handyglas.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gynaecology.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27654,7 +27529,6 @@ { "name": "lewisdatasecurity.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lilismartinis.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "josepbel.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "laemen.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lheinrich.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "letsgetchecked.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "liquidinternet.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27671,7 +27545,6 @@ { "name": "lightning-ashe.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lidl-holidays.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "leponton-lorient.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "laemen.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "librairie-asie.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jordanstrustcompany.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "locker3.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27696,7 +27569,6 @@ { "name": "locapos.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lacigf.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "longhaircareforum.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "limules.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kotausaha.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "linuxiuvat.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "linearaudio.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27746,7 +27618,6 @@ { "name": "maisretorno.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lysergion.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lisgade.dk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "luismaier.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "loanmatch.sg", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "magentaize.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "macstore.pe", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27874,7 +27745,6 @@ { "name": "mobil-bei-uns.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lookart.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "millionairessecrets.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "meu-solutions.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mixnshake.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "montychristie.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "monloyer.quebec", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28234,7 +28104,6 @@ { "name": "pony.tf", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "playwhyyza.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "portalcarriers.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "pixelfou.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "plut.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "plaque-funeraire.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "phdwuda.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28740,7 +28609,6 @@ { "name": "suzukimarinepress.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "synergyworkingdogclub.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "supes.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "supercreepsvideo.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "stylewish.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sja-se-training.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "survivebox.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28751,7 +28619,6 @@ { "name": "soontm.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sikko.biz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "systoolbox.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "tam7t.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tattvaayoga.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tdsbhack.cf", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "szybkiebieganie.pl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28783,7 +28650,6 @@ { "name": "teamupturn.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tabithawebb.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tabino.top", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "snafarms.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "teddybradford.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "taartenfeesies.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "suzi3d.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28802,7 +28668,6 @@ { "name": "teaparty.id", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tb-devel.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "techtuts.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "spillersfamily.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tantei100.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tenerife-villas.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "talkreal.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28970,7 +28835,6 @@ { "name": "tsng.co.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thesuppercircle.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "uedaviolin.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "tous-travaux.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "undercovercondoms.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "urcentral.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "utopialgb.org.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29463,7 +29327,6 @@ { "name": "amoozesh98.ir", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "astral.gq", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "acendealuz.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "amorimendes.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "apaginastore.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "anglictina-sojcak.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "arthermitage.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29558,7 +29421,6 @@ { "name": "biomodra.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "breadandlife.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "braviskindenjeugd.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "bitedge.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bravisziekenhuis.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bro.hk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bunnyvishal.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29576,7 +29438,6 @@ { "name": "bonita.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "aquariumaccessories.shop", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bulkwholesalesweets.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "blogonblogspot.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "c2o2.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "buturyu.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "campcambodia.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29597,7 +29458,6 @@ { "name": "buenotour.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "brinquedoseducativos.art.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cbr-xml-daily.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "capacitacionyautoempleo.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "carefour.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cencalvia.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cbw.sh", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29694,7 +29554,6 @@ { "name": "cryptorival.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cookingcrusade.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "csharpmarc.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "controlarlaansiedad.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "csinfo.us", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cultofperf.org.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "colyakootees.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29856,7 +29715,6 @@ { "name": "en4rab.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "emergenzalavoro.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ecohostingservices.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ecole-iaf.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "elpoderdelespiritu.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "erverydown.ml", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "eightyfour.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29875,7 +29733,6 @@ { "name": "evio.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "estoniantrade.ee", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "exchangecoordinator.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "eapestudioweb.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ethaligan.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "elexel.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "experticon.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30089,7 +29946,6 @@ { "name": "icyapril.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hondenoppasfraneker.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hm773.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "hfbg.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "html5media.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hinterposemuckel.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "idealtruss.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30830,7 +30686,6 @@ { "name": "sarkarikhoj.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "scholarly.ph", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rufabula-com.appspot.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "recetasfacilesdehacer.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "saudeintimadamulher.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "schrodingersscat.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "schrodingersscat.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30895,7 +30750,6 @@ { "name": "shadowsocks.software", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sidongkim.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sepie.gob.es", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "serienstream.to", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sfg-nordholz.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sheratan.web.id", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sellmoretires.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -31470,7 +31324,6 @@ { "name": "noodweer.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pristal.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "leuenhagen.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "pascalmathis.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sujoydhar.in", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "online-results.dk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "photo-paysage.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -31484,9 +31337,7 @@ { "name": "littleservice.cn", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dnplegal.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "privatebin.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ppmathis.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "purikore.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "pascalmathis.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "seattleprivacy.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tokobungadijambi.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "okeeferanch.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -31515,7 +31366,6 @@ { "name": "enoou.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "0fl.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ripmixmake.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "pascalmathis.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "scrumbleship.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sidpod.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "saintaardvarkthecarpeted.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -31536,7 +31386,6 @@ { "name": "secumail.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "world-education-association.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "8522.am", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "snapserv.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "limeres.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "v4s.ro", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "injust.gq", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -31551,7 +31400,6 @@ { "name": "jungleculture.co.za", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "www-8522.am", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "savecrypto.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ppmathis.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rickmartensen.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vigoxatelier.tech", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sproing.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -31640,7 +31488,6 @@ { "name": "educatoys.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "emporiodosperfumes.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "equinecoaching.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "equipeferramentas.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "esite.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "esprit-cloture.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "faciledireto.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -31956,7 +31803,6 @@ { "name": "bourqu.in", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bowlsheet.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "brasilien.guide", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "breathedreamgo.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bretcarmichael.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bs.sb", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "btku.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -32172,7 +32018,6 @@ { "name": "limodo-shop.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "listen.dk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "livekortti.fi", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "lockr.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "logiciel-entreprise-seurann.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "love4taylor.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lovemysafetynet.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -32266,7 +32111,6 @@ { "name": "pluggedhead.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pomocniczy.eu.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "popi.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "posoiu.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "prescriptionrex.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "primordialsnooze.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "principalstest.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -32362,7 +32206,6 @@ { "name": "tavsys.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "taxi-24std.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tech-value.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "techarea.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "technicabv.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "teskalabs.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "teva-li.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -32883,7 +32726,6 @@ { "name": "comicrelief.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "comicwiki.dk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "community-cupboard.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "comopuededejardefumar.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "compostatebien.com.ar", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "concertengine.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "conciliumnotaire.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -33042,7 +32884,6 @@ { "name": "esp.community", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "esslm.sk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "estespr.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "etccooperative.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "etincelle.ml", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "evailoil.ee", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "everydaywot.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -33120,7 +32961,6 @@ { "name": "freeexampapers.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "freelandinnovation.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fridayfoucoud.ma", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "froh.co.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "frozen-geek.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fs-maistadt.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fscott.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -33481,7 +33321,6 @@ { "name": "maxrandolph.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "maydex.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mazyun.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "mazzotta.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mbits.solutions", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "media-pi.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mediadandy.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -33589,7 +33428,6 @@ { "name": "nfluence.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "niadd.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nickguyver.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "nickmorri.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "niclasreich.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nien.gq", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nienkeslop.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -33662,7 +33500,6 @@ { "name": "pcvirusclear.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "perfectbalance.tech", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "peuterspeelzaalhoekvanholland.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "pg-forum.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "phdhub.it", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "photodeal.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "piedfeed.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -33935,7 +33772,6 @@ { "name": "suvidhaapay.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sw33tp34.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "swiftconf.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "switch.moe", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "synecek11.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "synthetik.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tacotown.tk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -34174,7 +34010,6 @@ { "name": "zyciedlazwierzat.pl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "188522.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "arai21.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "arto.bg", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "arvutiladu.ee", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "awf0.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "axel-fischer.science", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -34260,7 +34095,6 @@ { "name": "autobedrijfschalkoort.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "averageinspired.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "axel-fischer.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "baconismagic.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "baito-j.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "baptiste-destombes.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bartbania.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -34389,7 +34223,6 @@ { "name": "extratorrent.red", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "extratorrent.world", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fag.wtf", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "faithgrowth.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "familylawhotline.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "famoushostels.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fashion4ever.pl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -34420,7 +34253,6 @@ { "name": "geek.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "genehightower.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "genneve.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "geschmackspiloten.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "getfirstalert.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "giglink.club", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gittigidiyor.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -35205,7 +35037,6 @@ { "name": "chengtongled.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cherrydropscandycarts.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "chertseybouncycastles.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "chez.moe", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "childrensentertainmentleicester.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "childrenspartiesrus.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "chloescastles.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -35238,7 +35069,6 @@ { "name": "colourfulcastles.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "comcol.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cometbot.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "comodormirmasrapido.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "conejovalleyelectrical.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "connectmath.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "constancechen.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -36122,7 +35952,6 @@ { "name": "thepieslicer.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "theplaydaysbus.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "theplayspot.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "theruizes.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "theskingym.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thetapirsmouth.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thewebsitedoctors.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -36625,7 +36454,6 @@ { "name": "hlucas.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hoahau.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "holisticacupuncture.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "holygrail.games", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hostinglogin.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hotnewhiphop.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "href.one", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -36781,7 +36609,6 @@ { "name": "opfin.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "optiekzien.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "orchidlive.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "organica.co.za", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ouestsolutions.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "packetlinux.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "paducaheic.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -37406,7 +37233,6 @@ { "name": "pricesniffer.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "priverify.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "prknje.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "procens.us", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "procensus.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "procinorte.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pronto-intervento.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -37489,7 +37315,6 @@ { "name": "u-master.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ump45.moe", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "unblocked.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "unipig.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "unripple.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ur.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "urcentral.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -38436,7 +38261,6 @@ { "name": "commco.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "comoeliminarlaspapulasperladasenelglande.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "comosatisfaceraunhombreenlacamaydejarloloco.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "compeat.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "compusolve.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "concertsenboite.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "contentdesign.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -38769,7 +38593,6 @@ { "name": "hebocon.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "heijdel.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "heinemann.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "heinemeier.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "heistheguy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "helpfute.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "helpverif.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -38945,7 +38768,6 @@ { "name": "kwench.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kyprexxo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "la-compagnie-des-elfes.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "laatjeniethackmaken.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "laboutiquedejuliette.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lachosetypo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ladyanna.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -39563,7 +39385,6 @@ { "name": "totodil.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "totolabs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "touchweb.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "touhou.fm", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tourtrektrip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tovp.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "toyota-kinenkan.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -39836,7 +39657,6 @@ { "name": "bephoenix.org.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bequiia.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bestattungen-kammerer.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "bestattungshaus-kammerer.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bestpaintings.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bforb.sk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "biano-ai.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -40178,10 +39998,8 @@ { "name": "leadinfo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "led-tl-wereld.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ledscontato.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "lesterchan.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "linkthis.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "litcc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "livinghealthywithchocolate.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "locationvoituresuede.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "logexplorer.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "logze.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -40800,7 +40618,6 @@ { "name": "deutsche-tageszeitungen.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "deutscher-bericht.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "devopers.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "dewinter.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "die-seide.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "digitalmaniac.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dnacloud.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -40947,7 +40764,6 @@ { "name": "injapan.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "inlabo.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "insureon.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "interstellarhyperdrive.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "inup.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "inventum.cloud", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "investigatore.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -41179,7 +40995,6 @@ { "name": "reachhead.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "reactor92.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "recipeyak.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "redelectrical.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "redhandedsecurity.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "regis.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "rehabilitation.network", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -41210,7 +41025,6 @@ { "name": "scitopia.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "scoop6.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sealoffantasy.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "searx.pw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "searx.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "seibert.ninja", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "seitai-nabejun.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -41265,7 +41079,6 @@ { "name": "systematic-momo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "systematic-momo.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tandempartnerships.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "tangemann.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "teamusec.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "technoswag.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "telefonabonnement.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -41316,7 +41129,6 @@ { "name": "ubercalculator.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "uberestimator.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ubezpieczeniepsa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ukbc.london", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ultraseopro.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "unboxforteams.work", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "unicorntooling.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -44019,7 +43831,6 @@ { "name": "n-man.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "n7.education", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nasme.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "nax.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nbgrooves.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nbhorsetraining.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ncic.gg", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -44325,7 +44136,6 @@ { "name": "airconsfourways.co.za", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "airconsmidrand.co.za", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "airconssandton.co.za", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "alexmroberts.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "allarmi.roma.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "allcarecorrectionalpharmacy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "amg-exterieur.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -44721,7 +44531,6 @@ { "name": "maxundlara.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "megarex.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "megustariasaber.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "miki-boras.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "motoreflex.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "musikzentrale.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "my4thtelco.sg", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -44745,7 +44554,6 @@ { "name": "novaorbis.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "novilidery.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "novodiegomaia.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "obitech.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "office-discount.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "onionplay.live", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "onyxgen.duckdns.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -44814,7 +44622,6 @@ { "name": "unece-deta.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "univstore.win", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "urinedrugtesthq.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "v2cn.win", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vatsalyagoel.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "verwayen.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "viris.si", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -44895,7 +44702,6 @@ { "name": "athenadynamics.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "atimbertownservices.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "atlasdev.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "atsoftware.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "aucielrose.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "audioonly.stream", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "audiophix.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -44909,12 +44715,10 @@ { "name": "barpodsosnami.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "basementfinishingohio.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "batch.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "bbj.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "betterweb.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bezr.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "biehlsoft.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bifrost.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "bigshort.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bijouxcherie.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "binarization.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bluerootsmarketing.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -45100,7 +44904,6 @@ { "name": "fuckobr.su", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "fur.red", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "future-moves.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "g5.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gameblabla.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gamesaviour.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gamesided.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -45339,7 +45142,6 @@ { "name": "oakesfam.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "objectif-leger.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "odpikedoslike.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ogyaa.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "okotoksbeach.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "olgun.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ollieowlsblog.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -45386,7 +45188,6 @@ { "name": "qx.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "rahadiana.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "rawdutch.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "rcd.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "redgoose.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "redwaterhost.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "referdell.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -45548,7 +45349,6 @@ { "name": "wpspeed.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "wrdx.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "wsl.sh", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "www.govt.nz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "xentox.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "xinex.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "xinnixwebshop.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -45703,7 +45503,6 @@ { "name": "coriver.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "corkedwinebar.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "crazyfamily11.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "crazynoisybizarre.town", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "crecips.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "creteangle.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "croisedanslemetro.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -45736,7 +45535,6 @@ { "name": "die-bergfuehrer.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "digitalfuturenow.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dinkommunikasjon.no", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "dionysos-ios.gr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "discover-shaken.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "diving.photo", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "diygod.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -45753,7 +45551,6 @@ { "name": "drusillas.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dsdalismerkezi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dumbfunded.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "duobus.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dybuster.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dybuster.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dylanspcrepairs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -45783,7 +45580,6 @@ { "name": "fegame.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "felsmalerei.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ferrousmoon.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "filezilla.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "filmitis.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "filmsite-studio.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "fimsquad.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -46555,7 +46351,6 @@ { "name": "edsby.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "edu-kingdom.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "edvgarbe.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "efg-darmstadt.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "egles.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "eheliche-disziplin.schule", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ehmtheblueline.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -46993,7 +46788,6 @@ { "name": "rajkapoordas.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "raltha.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "rangercollege.edu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "rappet.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "raziskovalec-resnice.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "recoveryonline.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "redicals.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -47035,7 +46829,6 @@ { "name": "se-theories.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "securecomms.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "securitypuppy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "selea.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "selfoutlet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "seolaba.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ser-it.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -47061,7 +46854,6 @@ { "name": "sotthewes.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "spakurort.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "speechmore.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "spiroduct.gr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sporara.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "staff.direct", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "statebuildinggroup.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -47124,7 +46916,6 @@ { "name": "tufashionista.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tvhshop.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tvseries.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "twistdevelopment.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tycho.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "udvoukocek.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ultratech.software", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -47157,7 +46948,6 @@ { "name": "wbudd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "wby.gd", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "webdevxp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "webexample.win", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "webvisum.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "webz.one", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "welcomescuba.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -47218,7 +47008,6 @@ { "name": "3tribes.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "40acts.org.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "4553vip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "51acg.eu.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6664553.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "666668722.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6z3.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -48481,7 +48270,6 @@ { "name": "ascendprime.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "asciiwwdc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "astarforu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "atpnutrition.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "audiolot.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "auszeit-walsrode.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "auto.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -48534,13 +48322,11 @@ { "name": "bueroschwarz.design", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "buttonrun.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "byronkg.us", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "caleb.host", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "canicaprice.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cardios.srv.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cargorestraintsystems.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "carlocksmithfallbrook.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "carlosfelic.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "carrentalsathens.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "casabouquet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "casadellecose.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cbd.casa", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -48597,7 +48383,6 @@ { "name": "delid.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "denizdesign.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dennismurphy.biz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "derk-jan.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "devcf.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "devirc.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "digitalezukunft.nrw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -48741,7 +48526,6 @@ { "name": "humbledot.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "huyvu.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hxp.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "hydrabit.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ia1000.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "iamtonyarthur.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ichbinein.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -48930,7 +48714,6 @@ { "name": "natureword.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ncdc.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "neocoding.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "neojames.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nerdbox.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "net-share.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "netfuture.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -48964,7 +48747,6 @@ { "name": "pasalt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pavio.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pdf-archive.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "pentoo.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "personaltrainer-senti.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "peteboc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pflanzen-shop.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -48998,7 +48780,6 @@ { "name": "rapidoo.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "raspii.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "rctalk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "rdv-prefecture.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "rebtoor.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "rectecforum.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "redcatrampageforum.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -49533,7 +49314,6 @@ { "name": "travis.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "trucchibellezza.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "trustocean.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "tugers.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tunity.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tunnelbear.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tvipper.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -49675,8 +49455,6 @@ { "name": "auroz.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "auroz.video", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "autodidactic.ai", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "autodidacticstudios.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "autodidacticstudios.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "autodidacticstudios.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "autosecurityfinance.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "avidmode-dev.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -49751,7 +49529,6 @@ { "name": "bonito.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "boost.fyi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bourgdepabos.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "boxmoe.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "boyfriendcookbook.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "brasildxn.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "brnojebozi.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -50009,7 +49786,6 @@ { "name": "gabeb1920.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gachimuchi.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gachiyase.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "gaiavanderzeyp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "galanight.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "galilahiskye.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gameplaysforkids.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -50173,7 +49949,6 @@ { "name": "jzcapital.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "k3508.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "k4law.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "kalolina.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kashinavi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "katja-und-ronny.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kaverti.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -50371,7 +50146,6 @@ { "name": "ospf.sk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "otakuyun.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ottoversand.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ouin.land", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "our-box.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ourdocuments.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "p1cn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -50616,7 +50390,6 @@ { "name": "supermae.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "surgiclinic.gr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "svetdrzaku.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "svht.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "svobodnyblog.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sweak.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "swiftpcbassembly.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -50639,7 +50412,6 @@ { "name": "tellcorpassessoria.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "termux.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tetraetc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "the-bermanns.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "the-woods.org.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thebarrens.nu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thebestpersonin.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -51313,7 +51085,6 @@ { "name": "stromaci.sk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "stromzivota.sk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "studiobergaminloja.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "studyspy.ac.nz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "suited21.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sunset.im", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sunsong.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -51394,7 +51165,6 @@ { "name": "viqo.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "virtualcommodities.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "visalist.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "visiondirectionaldrilling.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vitra-showrooms.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vrij-links.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vwo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -51491,7 +51261,6 @@ { "name": "bk-wife.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "blui.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bombe-lacrymogene.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "botguard.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "boyntonobserver.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "brakpanplumber24-7.co.za", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "brandonlui.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -51941,7 +51710,6 @@ { "name": "aos-llc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "aptitudetests.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "araraexpress.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "arletalibrary.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "armanozak.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "arviksa.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "asproni.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -52004,7 +51772,6 @@ { "name": "cg.al", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cgurtner.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "chabik.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "chang-feng.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "chbk.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "chilimathwords.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "chovancova.sk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -52109,7 +51876,6 @@ { "name": "feross.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "feybiblia.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "filestartest.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "findcarspecs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "firesuite.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "flanga.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "fletemaritimo.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -52564,7 +52330,6 @@ { "name": "ryyule.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "s4q.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "safeguardhosting.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "sakuracommunity.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "salva.re", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "samin.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "samitechnic.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -53747,7 +53512,6 @@ { "name": "amandadamsphotography.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "antaresmedia.com.py", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "anwalt.us", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "aoil.gr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "argonium.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "armin-cme.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "armin-cpe.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -53849,7 +53613,6 @@ { "name": "eliaskordelakos.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "elielaloum.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "eligibilis.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "elo-forum.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "epicdowney.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "esc.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "estetistarimini.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -53921,7 +53684,6 @@ { "name": "iwyc.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jack2celebrities.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jacksorrell.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "javik.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jazminguaramato.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jazzy-feet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jikegu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -54027,7 +53789,6 @@ { "name": "ntsb.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nutrition.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nvtc.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "obrienswine.ie", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ocni-ambulance-most.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "okurapictures.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "oldsticker.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -54472,7 +54233,6 @@ { "name": "movacare.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mukilteodentalarts.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mukilteoeuropeanautorepair.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "musa.gallery", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "musicdemons.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "muurlingoogzorg.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "myonlinevehicleinsurance.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -54812,7 +54572,6 @@ { "name": "candguchocolat.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "candidaturedunprix.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "capitalfps.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "capitalmediaventures.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "capsulesubs.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "carburetorcycleoi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "carpetandhardwoodflooringpros.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -55629,7 +55388,6 @@ { "name": "traintimes.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "traintimes.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "traintimes.ie", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "traintimes.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "traintimes.lu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "traintimes.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "traintimes.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -55643,7 +55401,6 @@ { "name": "trueduality.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "truetraveller.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "trustednewssites.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "trypineapple.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tulumplayarealestate.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "turnierplanung.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tutorialehtml.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -55683,11 +55440,9 @@ { "name": "vlakjebak.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vochuys.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vodicak.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "voipdigit.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vollmondstollen.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "voltahurt.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "voyageofyume.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "vpsvz.cloud", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "w1n73r.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "w889889.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "w889889.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -56038,7 +55793,6 @@ { "name": "cloudland.club", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cmc.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cmcelectrical.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "cmv.gr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cnnet.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cobaltis.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "code-vikings.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -56072,7 +55826,6 @@ { "name": "criscitos.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "crownaffairs.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cruisemoab.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "cryogenix.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "crystal-zone.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "crystalzoneshop.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "csgo.design", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -56129,10 +55882,8 @@ { "name": "disinfestazioni.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dist-it.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "distro.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "div.im", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "divegearexpress.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "djroynomden.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "dkwedding.gr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dmaglobal.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "docplexus.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "doctabaila.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -56233,7 +55984,6 @@ { "name": "ethers.news", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ethiopiannews247.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "etrolleybizstore.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "etssquare.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "eurheilu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "euwid-energie.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "evrotrust.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -56341,7 +56091,6 @@ { "name": "greywolf.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gricargo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "grove-archiv.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "gruver.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gtoepfer.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gtxmail.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "guannan.net.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -56930,7 +56679,6 @@ { "name": "puestifiestas.mx", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "puestosdeferia.mx", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "punchlinetheatre.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "purenvi.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pussr.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "putin.red", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pycoder.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -57047,7 +56795,6 @@ { "name": "shuhacksoc.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "siamdevsqua.re", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "siamdevsquare.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "sibertakvim.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "signrightsigns.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sikecikcomel.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "silvesrom.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -57438,7 +57185,6 @@ { "name": "deumavan.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "diaroma.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "diebestengutscheine.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "digitalroar.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "discordservers.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "djlinux.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dontbeevil.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -57677,7 +57423,6 @@ { "name": "straphael-holyangels.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ststanislaus.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "studio-happyvalley.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "surrealcoder.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "swkdevserver.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "swktestserver.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tadj-mahalat.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -57747,7 +57492,6 @@ { "name": "yourbittorrent.icu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "yourbittorrent.pw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "yourbittorrent2.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "yourtrainer.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zenluxuryliving.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zhangshuqiao.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zhih.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -57778,8 +57522,6 @@ { "name": "aadw.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "acgmoon.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "acousticsoundrecords.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "adappt.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "adapptlabs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "adativos.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "adelianz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "administrator.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -57798,7 +57540,6 @@ { "name": "amazingraymond.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "aminullrouted.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ampleroads.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "anlovegeek.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "antiaz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "antilaserpriority.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "antonuotila.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -57940,7 +57681,6 @@ { "name": "defineatheist.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dentechnica.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "derbyware.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "derivedata.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "desertmedaesthetics.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "devswag.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dexonrest.azurewebsites.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -58035,7 +57775,6 @@ { "name": "gowancommunications.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "grapevine.is", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "graz2020.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "greekmusic.academy", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "greenpaws.ee", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gridsmartercities.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "groomscroft.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -58198,7 +57937,6 @@ { "name": "mikewrites.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "milakirschner.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "milkameglepetes.hu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "minisoft4u.ir", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mixmister.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mizuhobank.co.id", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mneerup.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -58212,7 +57950,6 @@ { "name": "motionvideos.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "muunnin.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mwamitours.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "mycoupons.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "myfae.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "myndcoin.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mypay.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -58992,7 +58729,6 @@ { "name": "enotefile.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "envide.no", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "enviro-umweltservice.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "epinesdeparadis.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "erlebnisarchaeologie-bayern.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ernsteisprung.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "estefan.dyndns.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -59013,7 +58749,6 @@ { "name": "fastinviter.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "fbrief.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "federicoparty.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "feedermarket.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "feixiang.eu.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "felix-hirner.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "fidufinance.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -59167,7 +58902,6 @@ { "name": "integrata.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "internetgardener.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "intropickup.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "investinturkey.com.tr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ipripojeni.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ipso.paris", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "irismq.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -59197,7 +58931,6 @@ { "name": "jime-hlavou.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "joesniderman.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "johngadenne.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "jordiescudero.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jorsev.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "joshhoffer.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "julm.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -59208,7 +58941,6 @@ { "name": "jwz.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jzgj088.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kamen-master.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "keepitsecure24.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kennedyinsurancesolutions.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kevindienst.blog", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kiarayoga.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -59292,7 +59024,6 @@ { "name": "lockwoodchristmastreefarm.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "locus-dashboard.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "locusmap.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "lonay.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lostsandal.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lostsandal.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "louisapolicefoundation.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -59432,7 +59163,6 @@ { "name": "nexter.cloud", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nguyencucthanh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nice.im", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "nickmorris.name", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nicolaiteglskov.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nikpool.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ningbo.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -59506,7 +59236,6 @@ { "name": "pearlsonly.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pearlsonly.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "peckcloths.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "peepsfoundation.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pencil2d.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "penzionvzahrade.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pepfar.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -59727,7 +59456,6 @@ { "name": "teektalk.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "test-greavesindia.pantheonsite.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "testingbot.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "tetragir.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "th-music-finder.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thcdev.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "the-jeuxflash.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -59752,7 +59480,6 @@ { "name": "thermo-recetas.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thesage.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thesanta.biz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "thetechbasket.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thurn.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thymiaturtle.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tib1.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -60090,7 +59817,6 @@ { "name": "ladotech.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ladotech.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lagunakitchenandbath.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "lapshore.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lavka-konditera.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lazau.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "liftoff.rocks", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -60283,7 +60009,6 @@ { "name": "blockchainevents.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bloglyric.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "blubop.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "boleyn.su", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "brewspark.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "brushcreekyachts.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bunix.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -60647,7 +60372,6 @@ { "name": "banderasdelmundo.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "barneveldcentrum.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "basics.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "bawbby.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bazinga-events.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bcubic.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bebeautiful.business", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -60668,7 +60392,6 @@ { "name": "chemco.mu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ciclista.roma.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "citywidealarms.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "clo.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cloud255.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "codeandsupply.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "coincircle.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -60790,7 +60513,6 @@ { "name": "linkst.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "linkyou.top", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lippu1.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "lisahh-jayne.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "living-with-outlook-2010.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "localegroup.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ltlec.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -60916,7 +60638,6 @@ { "name": "smaltimentoamianto.campania.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "smartphone-pliable.wtf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "snwsjz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "socialmedia-manager.gr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sonaraamat.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "southwesteventhire.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sozialstation-ritterhude.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -60972,7 +60693,6 @@ { "name": "valimised.ee", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "valuehost.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "veggiesecret.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "velassoltas.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vexsoluciones.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "virtualizy.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vista-research-group.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -61034,7 +60754,6 @@ { "name": "avelinodiaz.gal", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "baileybae.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bee-removal-dublin.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "benediktgeissler.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bereginy.com.ua", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bettercareclinic.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bhserralheria.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -61477,7 +61196,6 @@ { "name": "esthernariyoshi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "etwalldentalpractice.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "everlastingoak.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "expressglobal.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "fabrykowski.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "factorit.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "fashiontrendsetter.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -61685,7 +61403,6 @@ { "name": "takipone.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tech-ninja.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "teetje-doko.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "terrybutler.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "textbrawlers.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tgbabyzoo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thconsulting.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -61823,7 +61540,6 @@ { "name": "daniel-milnes.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "daniel.domains", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "daop.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "datagir.ir", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "deals.ms", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "degit.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "demoakasafe2.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -61902,7 +61618,6 @@ { "name": "it-inside.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ja-zur-gs.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jadehotel.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "jakobdenlinger.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jd777.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jeerbl.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jesiensredniowiecza.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -62240,7 +61955,6 @@ { "name": "dimagrimentoincorso.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "doggo.dance", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "download.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "drgiyaseddin.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dronesz.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dutchsailors.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ealadel.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -62303,7 +62017,6 @@ { "name": "hinaryazan.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hitechgr.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hoberg.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "homelab.farm", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hotcamvids.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hothiphopmusic.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hugh-dancy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -62713,7 +62426,6 @@ { "name": "haju.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hamikala.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hatcher.cloud", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "hellenicmusicacademy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hikawa.top", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hillier-swift.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hitrost.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -62790,7 +62502,6 @@ { "name": "mysticconsult.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "namu.games", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nanisiyou.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "nasserver-test.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "natehobi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ncpimd001.spdns.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nectir-staging.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -62910,7 +62621,6 @@ { "name": "wb2288.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "well-around-the-world.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "westcoastheatingair.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "weyhmueller.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "wifimb.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "wingsofacow.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "wowgenial.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -63029,7 +62739,6 @@ { "name": "falegname.roma.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "floridaengineering.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "flyinghigh.co.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "frazell.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "freeaf.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "furniturezoneboone.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ga-part.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -63347,7 +63056,6 @@ { "name": "detao.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "determapp.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dhelixnet.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "dhemant.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "die-pleners.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "direct.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "directscripts.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -63444,7 +63152,6 @@ { "name": "kolitel.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kollegamenti.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kowabit.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "kromax.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "krommo.pe", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kulopo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kutip.id", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -63525,7 +63232,6 @@ { "name": "personalitymax.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pirateproxy.id", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "playsprout.industries", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "pmbsteelbuildings.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pocketpasta.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pollev.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "port5060.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -63896,7 +63602,6 @@ { "name": "nibouw.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nico.today", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nikitashevchenko.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "nikunjcementarticles.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nimbo.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nixnet.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nlayer.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -63999,7 +63704,6 @@ { "name": "tiergear.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tjxxzy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tom.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "transdyne.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "treefelling-durban.co.za", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "treeremovalsboksburg.co.za", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tryplo.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -64087,7 +63791,6 @@ { "name": "595380.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "5conejos.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "5in.win", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "611135.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "657660.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "657990.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "671660.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -64098,7 +63801,6 @@ { "name": "675660.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "675990.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "679660.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6848.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "692660.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "692990.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "695660.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -64184,7 +63886,6 @@ { "name": "ashridgetrees.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "atahualpa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "attuned.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "atuendomr.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "aura7chakr.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "autocartruck.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "automationsmarthome.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -64523,7 +64224,6 @@ { "name": "hsn-tsn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "htcp99.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "huangjia777.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "hubbroker.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hudobniny.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hugolegrand.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "huizenvlees.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -65160,7 +64860,6 @@ { "name": "vpsvz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vtul.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "w4solutions.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "wa.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "walma.re", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "webini.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "wecho.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -65438,12 +65137,10 @@ { "name": "livada.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "liztattoo.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "llbcpa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "logicaccountingsolutions.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lokalna.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lonwan.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lunite.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lycetre.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "magicroom.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "malenaamatomd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "maniaiti.nz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mantachiepharmacy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -65456,7 +65153,6 @@ { "name": "meridianoshop.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mezzehuis.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "microlz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "mindofmedia.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mistine.com.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mistine.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mobydog.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -65800,7 +65496,6 @@ { "name": "9297e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9297p.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "962312.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "9728.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "98198823.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "989868888.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "99818adc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -65824,7 +65519,6 @@ { "name": "alplogopedia.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "amao999.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "amplead.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "andrewpucci.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "annalitvinova.pro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "apc.ec", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "appassionata.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -65906,7 +65600,6 @@ { "name": "cryptizy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "csjministriesfoundation.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "css125.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "culan.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "curacaodiveguide.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cxq77128.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dadahen.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -65922,7 +65615,6 @@ { "name": "decidio.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dein-baumdienst.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "demibaguette.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "dhedegaard.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "digicode.hu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "digitalredshirts.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "digitalspiders.pk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -66032,7 +65724,6 @@ { "name": "joodari.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "josephbarela.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jydwz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "k819.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kaioken.bar", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kandofu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kiczela.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -66096,7 +65787,6 @@ { "name": "monsecretariat.pro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "moonboys.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "morvo.mx", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "mrnordic.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mt1016.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mtechprecisioninc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mulk.hopto.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -66170,7 +65860,6 @@ { "name": "serviciales.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "servmaslt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sesamecare.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "sewamobilperdana.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sf3223.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "shiji456.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "shuai1122.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -66426,7 +66115,6 @@ { "name": "9297yy.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9297z.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9297zz.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "9397.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9397a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9397aa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9397b.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -66434,7 +66122,6 @@ { "name": "9397c.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9397cc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9397dd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "9397dh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9397e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9397ee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9397f.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -66443,17 +66130,13 @@ { "name": "9397gg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9397h.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9397hb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "9397hd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9397hh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9397i.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9397ii.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "9397j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9397jj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9397kk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "9397l.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9397ll.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9397m.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "9397mm.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9397n.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9397nn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9397o.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -66480,7 +66163,6 @@ { "name": "9397yy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9397z.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9397zz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "9721.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9721a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9721aa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9721b.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -66489,7 +66171,6 @@ { "name": "9721cc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9721d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9721dd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "9721dh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9721e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9721ee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9721f.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -66497,18 +66178,14 @@ { "name": "9721g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9721gg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9721h.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "9721hd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9721hh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9721i.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9721j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9721jj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9721k.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "9721kk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9721l.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9721ll.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9721m.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "9721mm.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "9721n.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9721nn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9721o.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9721oo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -66531,7 +66208,6 @@ { "name": "9721x.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9721xx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9721y.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "9721yy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9721z.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9721zz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9728a.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -66689,7 +66365,6 @@ { "name": "e5197.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "e9297.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "e9397.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "e9721.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "e9728.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "easyenrollment.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ecsupplyinc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -66853,7 +66528,6 @@ { "name": "ll5197.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ll9297.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ll9397.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ll9721.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ll9728.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "location-appartement-dakar.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "luminary.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -66916,7 +66590,6 @@ { "name": "o5197.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "o9297.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "o9397.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "o9721.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "o9728.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "oasiristorantebagno.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "octavus.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -66968,7 +66641,6 @@ { "name": "qq5197.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "qq9297.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "qq9397.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "qq9721.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "qq9728.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "quedos.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "r5197.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -67035,7 +66707,6 @@ { "name": "ss5197.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ss9297.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ss9397.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ss9721.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ss9728.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "stassi.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "stbarnabashospice.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -67090,7 +66761,6 @@ { "name": "v9297.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "v9728.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "v9728.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "vakaconsulting.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vancoevents.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vanderlest.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vehiclematsuk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -67196,7 +66866,6 @@ { "name": "yy5197.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "yy9297.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "yy9297.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "yy9397.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "yy9721.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "yy9728.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "z5197.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -67432,7 +67101,6 @@ { "name": "helijobs.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hghanbarimd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "homeeducator.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "hostiberi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hostmywebsite.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "htb.click", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "iberiserver.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -67899,7 +67567,6 @@ { "name": "reviewu.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "rexxworld.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ristrutturazioneappartamenti.milano.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "rolob.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "rolobio.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ronsguideservice.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "roofconsultants-inc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -67915,7 +67582,6 @@ { "name": "sample-site.click", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "saucelabs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "scale.milano.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "schimmelnagelspecialist.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "schweingehabt.expert", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "scienceofpeople.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sdyzmun.club", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -67960,7 +67626,6 @@ { "name": "teramind.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thegroovecartel.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thejimmyw.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "theta.eu.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thsc.us", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thscpac.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tmachinery.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -68110,8 +67775,6 @@ { "name": "6729dd.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6729dd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6729dh.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6729dns.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6729dz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6729e.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6729e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6729ee.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -68317,7 +67980,6 @@ { "name": "918tw.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "918uh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "918um.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "918vb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "918ve.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "918vi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "918vz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -68488,7 +68150,6 @@ { "name": "emissary.coffee", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "emrah.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "emulovers.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "erikw.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ethicalconsumer.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "exploretsp.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "f6729.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -68569,7 +68230,6 @@ { "name": "interviewme.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "investigatore.roma.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "investigazione.roma.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ipdsols.co.za", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ips-consult.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "iryogakkai.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ithelfer.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -68632,7 +68292,6 @@ { "name": "madwarlock.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "maesinox.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "magdeburg.directory", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "mariasbonitas.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "marktguru.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "marktguru.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "marolu.one", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -68641,7 +68300,6 @@ { "name": "mdrsp.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "medialys.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "medlabmediagroup.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "menshealthinsurance.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "midt.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mishkan-israel.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "missblisshair.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -68794,7 +68452,6 @@ { "name": "thealchemistatelier.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "theantarticx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "theaviationagency.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "thecavalries.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thecr3ative.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thecr3ative.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thedailyshirts.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -68945,7 +68602,6 @@ { "name": "6957rr.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "918bhh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "918ma.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "918qz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "918sa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "a1post.bg", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "a6729.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -68992,7 +68648,6 @@ { "name": "baroloboys.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bb6729.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bbc67.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "bea.expert", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bebe2luxe.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bebe2luxe.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bellamy.cloud", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -69127,7 +68782,6 @@ { "name": "hyperv.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ibloggospel.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ichitaso.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "iglobus.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ii6729.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ilacrehberi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "indigojewelers.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -69146,7 +68800,6 @@ { "name": "jxi.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "k6729.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "karinwerner.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "kashadriskill.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kintana.ovh", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kirakirasoft.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kiumie.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -69287,7 +68940,6 @@ { "name": "storzrealty.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "suksesbisnisonline.id", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sunshine-cleaners.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "surnet.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "svia.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "svisa.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sx6729.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -69388,7 +69040,6 @@ { "name": "abogadoscav.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "acceptancerecoverycenter.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "activephoto.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "adrian2023.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "aglc8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "agworkers.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "aidmycomputer.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -69738,7 +69389,6 @@ { "name": "rubylabs.am", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sajter.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sanyasingh.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "saobancrafts.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sarae.id", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "schack.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sensorville.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -70010,7 +69660,6 @@ { "name": "javaweb.site", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jellysquid.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jenniferlucia.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "julia-thonig.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jupuglia.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kaffeeringe.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kaseban.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -70115,7 +69764,6 @@ { "name": "samuelebencini.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sanctumwealth.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "santanderibc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "sasquatt.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "savebees.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "scolasti.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sen.bo", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -70209,7 +69857,6 @@ { "name": "afterpay.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ag3131a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ag6211.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ag88110.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ag88220.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "agyacht.club", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ai-media.tv", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -71195,8 +70842,6 @@ { "name": "588e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "58w66.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "62222.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "7minutemiles.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "8092d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "8102d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "88btt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "91milk.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -71287,7 +70932,6 @@ { "name": "d88girls.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "d88md03.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "d88md29.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "daidr.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "danel.ski", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "danelska.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "danelski.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -71452,7 +71096,6 @@ { "name": "nyerjakekszekkel.hu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "omie.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "on-the-wave.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "onecloud.lt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "optizym.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "orangecat.tw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "orvitdesign.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -71656,7 +71299,6 @@ { "name": "36506555.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "36506777.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "36506999.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "3elife.vn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "428northampton.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "456666365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "4761.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -71667,7 +71309,6 @@ { "name": "7214.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "8207d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "8822d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "8826d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "8850d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "91d71.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "91d72.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -71736,7 +71377,6 @@ { "name": "ad4msan.win", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "adonai.eti.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "advens.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "agks131.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "airanyumi.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "americorps.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "andesnevadotours.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -71882,10 +71522,8 @@ { "name": "huabanxs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "huimiquan.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "humanlocation.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "hy88win.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "idlewildflowers.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "igondola.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "incrementation.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "indemnityinsurance.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "indianjewellery.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "infivalle.gov.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -72078,7 +71716,6 @@ { "name": "stemcellclinic.world", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "studay.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sulytics-tool.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "suste.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "szs.space", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tazarelax.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "teeautomat-teemaschine.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -72244,27 +71881,6 @@ { "name": "2033a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "2033b.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "2033c.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "2033d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "2033e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "2033f.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "2033g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "2033h.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "2033i.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "2033j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "2033l.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "2033m.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "2033n.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "2033o.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "2033p.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "2033q.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "2033r.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "2033s.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "2033t.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "2033u.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "2033v.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "2033w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "2033x.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "2033y.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "2033z.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "20n13.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "222b58.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -72779,14 +72395,12 @@ { "name": "906vv.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "90920.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "90n13.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "918-siteinfo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "918aav.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "918aff.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "918bip.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "918bis.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "918bit.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "918nn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "918ze.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "91d91.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "940365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "946773.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -73151,7 +72765,6 @@ { "name": "btt829.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "btt830g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "btt889g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "btt918958.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "btta16.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "buddy-acceptance-authentication-api.azurewebsites.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "buddy-acceptance-profiles-api.azurewebsites.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -73368,7 +72981,6 @@ { "name": "dieta-figura.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "differentgirleveryday.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dimitrovi.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "directed.ir", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "directlendingsolutions.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dirk-dogs.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "disabuse.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -73759,8 +73371,6 @@ { "name": "jinsha8888888.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jinsha99999.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "johan-koffeman.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "johnpenny.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "johnpenny.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jolfamarket.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jomsolat.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jongcaxent.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -74051,7 +73661,6 @@ { "name": "nevergirl.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "new-smile.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "newillusion.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "newimage.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "newlovers.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "newlovers.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "newlytricks.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -75340,7 +74949,6 @@ { "name": "demonbuster.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "demopanel.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "denatured.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "dendelft.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "denkmalsetzung.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "departmentofdefense.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "desish.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -75675,7 +75283,6 @@ { "name": "life-in-hell.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lightsfromspace.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lilai18.ph", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "lilai634.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "limstash.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lince-bonares.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lineshop.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -75817,7 +75424,6 @@ { "name": "mirokon.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mistlake.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mithgol.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "mixify.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mixmix.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mmwb.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mobilebooster.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -76120,7 +75726,6 @@ { "name": "rarece.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "rarename.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "rastabooks.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "raya.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "razborpoletov.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "razborpoletov.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "razborpoletov.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -76996,7 +76601,6 @@ { "name": "efoood.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "efzh2so1cuskp9j3evlqa1m68id-m9p1tzb05zo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "enjin.zone", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "envoker.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "epidastudio.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "erisys.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "erkenntniswen.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -77140,7 +76744,6 @@ { "name": "otzyvy2.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ovodev.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pagamentosdigitais.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "paradordelgitano.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "parsuv.ir", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "payment.ac.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pepime.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -77292,7 +76895,6 @@ { "name": "yooptopian.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "yorkshiregardensheds.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "yuce518.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "yugodi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "yy366.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "yzh8.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zeroanarchy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -77331,7 +76933,6 @@ { "name": "alonas.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "alonas.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "alonas.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "alxyjc.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "angora.freesite.host", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "antispam.group", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "apometria.site", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -77419,7 +77020,6 @@ { "name": "ehealthfest.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "einquiz.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "eisenhowerlibrary.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "elasticshift.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "emergency-federal-register.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "enerte.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "epicginger.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -77452,7 +77052,6 @@ { "name": "gooty.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "groupeatrium.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "grupoattia.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "gslaw.edu.gh", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gtapg.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "guilde-dissection.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gunstatus.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -77869,7 +77468,6 @@ { "name": "esehospitalsabanagrande.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "eumr.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ews1.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "exegese.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "facturama.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "familie-witzik.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "festival-transform.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -77993,7 +77591,6 @@ { "name": "netfolio.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nix13.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "note64.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "notmyserver.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nuva.hu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nxtgenbroadband.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nylasercenter.com.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -78235,7 +77832,6 @@ { "name": "gentledance.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gentledance.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "getalitools.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "giaphaco.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "globalesm.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "go-datasecurity.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "go889w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -78650,7 +78246,6 @@ { "name": "helkyn.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hella-secure.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "herd-kaufen.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "hgyoseo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "highclasseducation.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "holacannx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "holacbdoils.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -78794,7 +78389,6 @@ { "name": "sipstix.co.za", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "skaginn.tv", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "skalec.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "sktorrent.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "smaksbanken.no", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "snizl.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "songesdeplumes.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -78863,7 +78457,6 @@ { "name": "2000.is", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "2255motion.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "2monkeysandme.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "967you.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "acicj.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "acs-nettoyage-entretien-immeuble.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "actionverb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -79036,7 +78629,6 @@ { "name": "locksmithservice-cypress.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "logactiond.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ltlec.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "lucacastelnuovo.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lukaszwojcik.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "luvhacks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mahalux.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -79149,7 +78741,6 @@ { "name": "suomika.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "swatee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "t00ts.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ta-nuth.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "taxicab4you.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "telcodb.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tenber.ge", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -79174,7 +78765,6 @@ { "name": "vaxxwatch.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vectomatic.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vijoe.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "vinicius.sl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vipcards.top", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vlamir.dynu.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vote2019.appspot.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -79203,7 +78793,6 @@ { "name": "z6.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "znn.co.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "0x15.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "122kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "131ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "162229.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "22i.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -79343,8 +78932,6 @@ { "name": "jeansdiscounter.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "junglevet.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "justin-p.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "kb702.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "kb7474.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kilbi-reussbuehl.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kingdominnergy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kingshome.gr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -79871,7 +79458,6 @@ { "name": "surveil.site", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "swoffordconstruction.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tarife.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "tauedu.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "technicaloffice.gr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "temariogratis.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "terass.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -79896,7 +79482,6 @@ { "name": "twdtulelo.hu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "twistfix.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tylervigario.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ucnedu.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "unique-tutorials.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "universal-edge.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "usa-viagra.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -79932,12 +79517,8 @@ { "name": "ysuna.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "z33d.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zanjirzanane-shanbeghazan.ir", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "0311z6.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "0376z6.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "0517z6.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "0553z6.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "0571z6.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "0717z6.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "09am8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "1u0m.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "3333ylc.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -80082,7 +79663,6 @@ { "name": "fantasticservicesgroup.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "fastboyscouts.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "fastboyscouts.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "felixduart.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "fengchuiyudaqu.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "flightright.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "flightright.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -80788,7 +80368,6 @@ { "name": "bxdj4.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bxdj5.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bxdj6.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "bxdj66.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bxdj666.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bxdj7.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bxdj8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -80851,18 +80430,8 @@ { "name": "df5ee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dfafacts.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "digimaat.agency", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "digital-sign.com.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "digitalarchives.tw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ditec.sk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "djvip1.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "djvip10.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "djvip2.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "djvip3.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "djvip4.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "djvip5.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "djvip6.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "djvip7.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "djvip9.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "domainevanina.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "donsremovals.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dragowebdesign.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -80943,7 +80512,6 @@ { "name": "isigmaonline.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "j00228.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jaimesotelo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "jebengotai.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jenslody.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jessietessiephptrouble.herokuapp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jftw.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -81005,7 +80573,6 @@ { "name": "midlandslotus.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mindseyesolutions.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mlohr.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "mml.cx", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mojitoparty-articlespara.website", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "momentumcoach.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mountbatten.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -81017,7 +80584,6 @@ { "name": "mythoughtmachine.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "naidonline.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nccfa.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "nei.st", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nemzetizaszlok.hu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "novonegoc.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nr-sputnik.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -81594,7 +81160,6 @@ { "name": "my-sex-cam.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mywindscreen.my", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nbclinic.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "neilsonmarketing.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nfl.ddns.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ng911services.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nickkallis.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -81691,7 +81256,6 @@ { "name": "soulcraft-cracked.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "southpointcollision.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "spacehighways.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "spiritualites.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sportticino.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "st42.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "stacktrace.sh", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -81841,31 +81405,14 @@ { "name": "36533t.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "36533u.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "365q01.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "365q02.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "365q03.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "365q04.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "365q05.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "365q06.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "365q07.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "365q08.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "365q10.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "365q11.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "365q12.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "365q13.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "365q14.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "365q15.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "4151365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "420screen.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "427552.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "457552.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "487552.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6666365q.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "7777365q.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "77zxdy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "8225.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "8888365q.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "889vip5.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "9999365q.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "a36533.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "aaainfosystems.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "abrikos.group", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -81947,7 +81494,6 @@ { "name": "d36533.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dandan101.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "datacommissioner.gov.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "de8468.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "defendtheweb.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dekel.co.il", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "delhitalkie.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -82023,7 +81569,6 @@ { "name": "hardfloorcleaninglondon.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "heathersmithcommercial.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hermiu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "heyapakabar.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hifly.com.tw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "himalayanyogashram.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hobby-freizeit.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -82306,10 +81851,8 @@ { "name": "zlol.lg.ua", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zuim.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zurlin.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "018k8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "031373.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "0cp8778.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "115lc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "116lc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "2002712.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "22lc8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -82607,7 +82150,6 @@ { "name": "k-jtan.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "k801.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "k80608.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "k80998.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "k811.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "k811.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "k8158.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -82657,7 +82199,6 @@ { "name": "k885.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "k886.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "k889.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "k8927.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "k8994.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kaibo.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kanyingba.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -82708,7 +82249,6 @@ { "name": "lc2121g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lc245.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lc2500.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "lc3729.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lc3738.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lc3744.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lc3745.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -82824,7 +82364,6 @@ { "name": "le802.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lecheng2.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lecheng3.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "lecheng31.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lecheng7.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lecheng88.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lemonrotools.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -82958,7 +82497,6 @@ { "name": "sslsecurity.ooo", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sssldurban.co.za", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "steuerberater-bayreuth.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "stevenuniverse.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "supergmtransport.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "swtun.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sylvainboudou.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -83414,7 +82952,6 @@ { "name": "royaleagletourism.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "rtfch.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "runicspells.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "russianescortsmumbai.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "rvdbict.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sabkappers.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "saferequest.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -83679,7 +83216,6 @@ { "name": "disproweb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "distrishow.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "do-pro.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "docskiff.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "doitexperience.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "domyhomework123.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "doolz.co.nz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -83892,7 +83428,6 @@ { "name": "netferie.no", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "newcomm.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "newendsoft.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "nhakhoabella.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nic.ads", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nic.android", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nic.app", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -84213,7 +83748,6 @@ { "name": "arcinapoli.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "arkantos.agency", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "asociaciontrastea.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "assistenciamultitec.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "atelier-origami.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "atis-ars.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "autowise.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -84305,7 +83839,6 @@ { "name": "dailychristianpodcast.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dailyrenewblog.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "davidgroup.co.id", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "davidops.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dcave.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dcmarvelunited.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "deerwoodrvpark.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -84387,7 +83920,6 @@ { "name": "hceu-performance.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hennesshop.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hethakhout.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "himpler.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hiteshjoshi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hitfront.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hiwannz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -84451,7 +83983,6 @@ { "name": "kreativklinik.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "krypto-geld.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kurhotel-am-reischberg.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "kweb.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "laab.gv.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "laby.life", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lajkatheme.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -84712,7 +84243,6 @@ { "name": "wear-referrals.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "webbricks.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "webce.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "webcloud.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "webrox.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "weymouthslowik.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "whi.tw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -84826,7 +84356,6 @@ { "name": "afcmrstest.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "afgaim.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "afterschoolprogramsoflancaster.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "agingstats.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "agrobaza.com.ua", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "airbrake.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "akvitens.com.ua", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -85204,7 +84733,6 @@ { "name": "fancypantsfit.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "fapcoholic.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "fbvstore.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "feelingmassage.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "feistore.com.tw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "feng-in.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "feng-in.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -85461,7 +84989,6 @@ { "name": "provide-your-image.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "proxybay.red", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pruna.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "puntoseguro.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "puredayshop.com.tw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pyrohandel.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "r18.moe", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -85496,7 +85023,6 @@ { "name": "realestate-lidl.sk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "recoveryunplugged.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "redhawkwa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "reinventfit.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "researchchempro.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "resilienzatropical.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "resolve-portal.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -85519,7 +85045,6 @@ { "name": "sbconstrucciones.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "scatters.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "scheervergelijker.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "scheidsrechtersinfo.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "schnitzel-und-co.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sebastian-walla.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "selectra.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -85576,7 +85101,6 @@ { "name": "theojellis.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thesmokypoet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thethreadsmiths.com.tw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "thetravelhack.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "theveils.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thewehmeiers.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "throwmails.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -85818,7 +85342,6 @@ { "name": "bethanyhome.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "betolerant.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "betterbladders.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "beveiligingsupdate.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "biblia.name", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "biglu.eu.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bikyaku.fun", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -86017,7 +85540,6 @@ { "name": "itmax.ua", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "itmedicinai.lt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "janome.com.ua", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "jarods.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jayceeprints.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jbholdings.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jch.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -86107,7 +85629,6 @@ { "name": "maisallianz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "makura.fun", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "maleevcues.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "maltegegner.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mapado.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "marco-reitmeier.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "marcoreitmeier.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -86191,7 +85712,6 @@ { "name": "olafvantol.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "oldpc.com.ua", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "onde.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "onezero24.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "opale-concept.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "orienttime.com.tw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "originalabsinthe.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -86650,7 +86170,6 @@ { "name": "directvacations.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "diriya.lk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "disinfestazioni.cagliari.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "djdavid98.art", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dnns.no", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dobreoknaszczecin.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dokee.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -86686,7 +86205,6 @@ { "name": "fed-shashek.spb.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ferestre-bucuresti.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ferfer.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ff2k.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "finn-thorben.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "fishingplaces.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "fiyatgrafik.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -86821,7 +86339,6 @@ { "name": "kiwitastic.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kleinveefokkerij.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "klil.co.il", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "kreativoweb.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kst-dlvr.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kwadraadtevredenheid.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "l51365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -86832,7 +86349,6 @@ { "name": "lasercareestetica.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "latvijashipoteka.lv", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "laylo.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "lc-suites.gr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "leakplay.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "leatherwill.com.ua", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lebeachvillage.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -86872,7 +86388,6 @@ { "name": "mau.life", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "maxiglobal.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "meekhak.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "meinephbern.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "meldpuntemma.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "melento.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "metadedi.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -86974,7 +86489,6 @@ { "name": "s82365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sait.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "saito-koken.co.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "saltyfish.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sandton-plumbing.co.za", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "savejobsshoplocal.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "scheidingspuntlansingerland.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -87478,7 +86992,6 @@ { "name": "missaocadastrobv.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mitya.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mohritz.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "morgangallant.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "morse-ti.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "msnhdd.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "multilogik.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -87550,7 +87063,6 @@ { "name": "programadorwp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "proibidoler.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "promosjungle.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "protech.ge", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "proxybay.ltd", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ps5ssd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "punjabprime.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -87878,7 +87390,6 @@ { "name": "bellabrowbydesign.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bennet.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bestguessonline.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "bestmodels.ua", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bet86ah.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bet86am.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bet86bj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -87915,7 +87426,6 @@ { "name": "birthday-to-you.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bitcoin.ninja", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bitcoinemprendedor.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "bloobet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bluestoneconstruction.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bolgarus.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bossbabe.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -88074,7 +87584,6 @@ { "name": "e-bookshelf.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "e2a.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "e4.chat", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "eastmidlandsstargazers.org.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ebill.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "echo-n.nz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ecoformeurope.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -88136,7 +87645,6 @@ { "name": "garwoh.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gemelen.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "getdownon.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ghcpl.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "giacchettaauto.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "glassochchoklad.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "glit.sh", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -88288,7 +87796,6 @@ { "name": "lamunyonfoundationrepair.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lan4.life", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "langapi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "langkawihomestay.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "larawoodarts.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lasersandbacon.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "leaving.africa", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -88303,7 +87810,6 @@ { "name": "lesacredescouleurs.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "leventmebel.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "levidromelist.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "levshamaster.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "libertytereconoce.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "libertywines.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "libertywines.ie", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -88580,10 +88086,7 @@ { "name": "seodefinitivo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "serenascreations.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "servertutorial.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "sfbao.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sfvonline.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "shanesofos.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "shanesofos.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sharedgoals.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sherpnortheast.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "shugua.com.tw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -88675,7 +88178,6 @@ { "name": "thedigitaleconomist.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "theflightsdesk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thejunkfiles.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "thesandboxchicago.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thestudioslucan.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thesunshinecoasttourcompany.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thetechieflutist.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -88698,9 +88200,7 @@ { "name": "tradreams.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "traigo.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "transparentpng.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "traumprojekt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "travelepoch.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "trefle.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tripsided.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "trisolaris.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "trixiebooru.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -88852,7 +88352,6 @@ { "name": "yugami-lab.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "yukozimo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "yulsn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "z6wang.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zijinbor.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zipextractor.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zlonov.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -88900,7 +88399,6 @@ { "name": "airlinesreservation.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "akaal.pw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "alteralife.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "amorgosrentandgo.gr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ankitha.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "arbavere.ee", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "archeryaid.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -88969,7 +88467,6 @@ { "name": "denhotels.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "denverbph.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "disa.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "divelement.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "djfantum.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dmmedya.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dtmf.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -89083,7 +88580,6 @@ { "name": "niklasstinkt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ninkt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nouveauhosting.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "nuclea.id", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "obzoroff.asia", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "odyssey44.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ogfarms.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -89293,7 +88789,6 @@ { "name": "barkstop.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "basedos.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bayer.earth", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "bel-snegirek.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "benedictoaguilar.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "birsinghdhami.com.np", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bitclusive.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -89366,7 +88861,6 @@ { "name": "glosiko.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "glosiko.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "goldenyacca.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "gomu.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "goodcreds.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "goplango.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gossiplolly.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -89466,7 +88960,6 @@ { "name": "nicolascornet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "niekbrekelmans.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nixnet.services", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "nkio.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "noosxe.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "normansolutions.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nutritionalsupplement.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -89582,7 +89075,6 @@ { "name": "tredevlet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "turismonochile.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "twentyfournow.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "uniekglas.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vaccineskill.biz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vault.investments", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "velocityfiber.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -89795,11 +89287,9 @@ { "name": "brinkbem.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bthub.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bukalapak.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "bumilangkawi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "buongiornolatina.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "burchfabrics.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "burkow.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "byfhn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "byhenryvera.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cachchoi138bet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cake-n-go.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -89924,7 +89414,6 @@ { "name": "hekat.sk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hoffmann-fliesen-design.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "homedentist.cl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "horo.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hostpoint.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hotdates18.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ichinghero.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -90062,7 +89551,6 @@ { "name": "puzzlegames.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "quiche-quic.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "rabis.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "raivis.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ramirezpeluqueria.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "redactedmedia.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "rennes-bachata.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -90086,7 +89574,6 @@ { "name": "rovota.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "rubenmamo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "rubia.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "sad-berezka.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "samuidiving.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sapphi.st", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "satellite-prof.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -90114,7 +89601,6 @@ { "name": "slashcam.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "softchin.ir", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sold.rip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "spacecaps.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sporki.fun", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sr88.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sr88.me.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -90175,7 +89661,6 @@ { "name": "vato.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ventnose.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vereinswahl.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "vickyflipfloptravels.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vifranco.cl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vns5020.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vns6610.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -90501,7 +89986,6 @@ { "name": "datenschutz-ravensburg.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "datenschutz-wangen.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "datenschutz-weingarten.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "dautuvang.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "daysgolfclub.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dealsale.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "defamiliehagen.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -90616,7 +90100,6 @@ { "name": "jnssnfotografie.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jordandirections.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "joseluishenriquez.cl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "k811111.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kaiva.cl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kalhufvudet.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kangutingo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -90627,7 +90110,6 @@ { "name": "kreuzwortraetsellosungen.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "krisenintervention-deutschland.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kriseninterventiondeutschland.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ks7.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lagrange.cloud", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lakorntoday.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "largeandhighquality.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -90761,7 +90243,6 @@ { "name": "tobiase.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tonalaw.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "topicalnet.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "topophile.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "torremarsalou.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "trungvien.vn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tudienchinhta.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -90828,57 +90309,18 @@ { "name": "zumtaedanceschool.co.za", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zupit.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zz772.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "027ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "111zlong.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "113kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "118vip.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "120percent-inc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "1244546066.rsc.cdn77.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "130kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "132ks.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "134ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "137kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "138ks.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "150ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "150ks.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "151ks.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "152ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "153ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "153ks.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "155ks.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "157ks.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "170kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "175ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "184kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "186ks.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "188ks.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "189ks.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "198ks.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "255k8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "2x.nu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "3d-glow.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "3deni.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "403page.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "47d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "4mama.ua", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "518zlong.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "55k66.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "5sba.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "666ks.app", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "66k66.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "66lc8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6lc8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6thmarch.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "70mpg.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "7139365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "74d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "7ki.photography", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "8170d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "8809ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "8851ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "88k66.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "88kb.app", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "999ks.app", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9articles.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "a-bicycleshop.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "a-h-p.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -90914,12 +90356,8 @@ { "name": "affcoupon.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "aflattr.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "afpayday.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ag818818.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "agambarta.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "agencybeam.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "agks0.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "agks134.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "agks4.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "agripartner.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "airalamo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "akewe.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -90962,7 +90400,6 @@ { "name": "arsicad.id", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "artificethefilm.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "arvyncerezo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "as396.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "asiabike.ir", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "atinmarket.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "atizanvip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -91009,7 +90446,6 @@ { "name": "bietinidesign.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bigfuckin.rocks", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bigmoney.nu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "bikesquadron.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "binairy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "binairy.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bingle.nu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -91081,7 +90517,6 @@ { "name": "cenfo.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cerebrosano.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "challenges.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "chanakyanewz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "chanderson.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "chaoscommunication.camp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "chaturbate.global", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -91152,27 +90587,7 @@ { "name": "d881.app", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "d882.app", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "d885.app", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "d886119.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "d8862.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "d8867.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "d8872.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "d8875.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "d88801.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "d88808.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "d88869.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "d88871.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "d88881.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "d88883.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "d889.app", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "d88dc05.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "d88dc18.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "d88dc24.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "d88dc29.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "d88dc30.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "d88md05.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "d88md11.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "d88md15.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "d88zl.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "d898.app", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dailyblocks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dailyngn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -91192,11 +90607,6 @@ { "name": "daytonahealthsolutions.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "db.fyi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dcarou.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "dd213d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "dd215d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "dd66d.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "dd77d.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "dd99d.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "de-groot.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dealproject.org.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "decorky.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -91272,7 +90682,6 @@ { "name": "eleken.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "elettrolinkimpianti.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "elmahost.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "elsentech.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ely.moe", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "emalm.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "employerlawresource.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -91357,7 +90766,6 @@ { "name": "gcsgr.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "geekdama.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "geekmagazine.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "geniedesjouets.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "genwarp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "getbootstrap.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ghostwritershigh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -91374,7 +90782,6 @@ { "name": "gobiernousa.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gocdn.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "godofredo.ninja", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "golden-squad.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gomelagromashplus.by", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gometa.link", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gomods.link", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -91449,7 +90856,6 @@ { "name": "iemsamex.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ifashionable.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "iganesh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ikemedia.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ikhwanto.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ilawgix.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ilovehoney.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -91472,7 +90878,6 @@ { "name": "inseo.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "inzichtmeditatie.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ipmscoutek.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ireta.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "islamqa.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "istogether.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "itmix.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -91500,7 +90905,6 @@ { "name": "jewelleryrack.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jewelryweluv.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jg078.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "jkuu.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jmussman.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "johnbeil.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "johnopdenakker.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -91511,36 +90915,8 @@ { "name": "jumpnplay.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jusfitness.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "just4new.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "k6687.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "k6689.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "k86966.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "k86967.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "k88231.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "k8v02.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "k8v03.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "k8v04.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "k8v05.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "k8v06.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "k8v07.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "k8v08.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "k8v09.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "k8v12.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "k8v13.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "k8v14.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "k8v15.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "k8v16.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "k8v17.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "k8v19.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "k8v20.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "k8v21.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "k8v23.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "k8v24.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "k8v25.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "k8v26.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "k8v27.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "kaishi03.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "kaishi07.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "kaishi999.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kallisto.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kalyanmatka.guru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kanzlei-hhh.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -91548,16 +90924,9 @@ { "name": "karoke.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kasasaprotect.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "katazuketai.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "kb01.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "kb03.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "kb4040.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "kb6.app", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "keisepulveda.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "keru.su", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kevinwstanton.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "kf0606g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "kf0909g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "kf5656g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kfz.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kfzjeugd.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "khaotipthai.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -91580,36 +90949,6 @@ { "name": "kokoro-singsong.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kranbearys.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "krazy.net.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ks01.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ks07.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ks09.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ks1.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ks10.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ks2.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ks20.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ks201.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ks206.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ks30.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ks308.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ks5.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ks50.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ks6.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ks60.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ks608.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ks70.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ks80.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ks814.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ks8821.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ks8836.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ks8852.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ks8865.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ks888.app", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ks9.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ks90.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ks906.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ks999.app", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ksvip01.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ksvip03.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kuba-orlik.name", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kulp.is", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kultur1.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -91630,7 +90969,6 @@ { "name": "lareginetta.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "laways.cl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lawportal.com.ua", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "lc8898.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lednavi.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "legalsteroid.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "legendwiki.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -91654,7 +90992,6 @@ { "name": "liuqiaolovecaonali.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "loaded.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lock-expert.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "long18.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "looneytunesdashgame.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lordusa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lostproperty.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -91823,7 +91160,6 @@ { "name": "opensource.fund", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "opensourcesoftware.rocks", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ops.ai", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "opztechwall.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "orangeacademy.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "oratto.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "organdonor.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -91979,7 +91315,6 @@ { "name": "schorel.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "schrok.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "schweininchen.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "scoutsberg.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "scrapcarremovalmississauga.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "seadrive.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "secluded.site", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -92031,7 +91366,6 @@ { "name": "solautoescuela.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "soliten.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sonologic.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "soon.lk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sorblack.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "soundmoney.club", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "soundmoney.page", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -92244,28 +91578,6 @@ { "name": "yigujin.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "yourwatchdesign.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "yrcc878.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "z6359.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zd0505.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zd1010.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zd1616.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zd1717.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zd2424.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zd3434.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zd4646.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zd5050.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zd5252.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zd5353.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zd7373.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zd803.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zd8585.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zd8787.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zd8832.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zd8836.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zd8852.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zd8858.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zd8863.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zd8865.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zd8878.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ze-com.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zeilenvoorondernemers.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zenmod.in.rs", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -92273,46 +91585,6 @@ { "name": "zihari.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zindaa.mn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zklcdc.top", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl0783.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl1515.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl16h.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl178.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl2085.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl2424.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl2525.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl2828.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl3535.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl3597.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl3782.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl3939.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl4040.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl4454.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl4538.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl500.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl5757.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl600.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl6262.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl6868.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl700.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl7077.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl7373.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl7575.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl7615.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl7979.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl800.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl8282.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl8383.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl861.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl8686.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl883.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl9191.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl9393.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl9696.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl9797.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl9889.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zlhuodong.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zlong888.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zlong888.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zoomteb.ir", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zrkhosting.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zuiverjegeest.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -92361,9 +91633,7 @@ { "name": "37987d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "37987e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "37987f.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "46d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "505343.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "555zlong.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "64i.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "67877777.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "7670076.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -92375,9 +91645,6 @@ { "name": "77018vip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "777234567.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "7fon.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "8173d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "8226d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "8815d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "96002.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9968101.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9968110.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -92465,7 +91732,6 @@ { "name": "arganwinkel.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "artchic.vn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "aryankhera.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "as395.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "asgardiamc.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "assessortrainingonline.co.za", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "associazionerimborsi.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -92481,7 +91747,6 @@ { "name": "authorize.network", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "automajor.by", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "automaticgrowth.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "autorijschool-mydrive.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "avamax.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "avamax.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "avionschool.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -92630,15 +91895,12 @@ { "name": "customerfocus.co.za", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "d00228.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "d88.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "d8857.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "d8870.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dada.is", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "daimonikos.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dalvik.sh", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "danielesalatti.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "danielwellington.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "danq.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "darrenby.design", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "darwinkel.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dashice.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "daxperience.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -92646,7 +91908,6 @@ { "name": "dctrl.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dd-groupinc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dd00228.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "dd33d.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "de-graaf.systems", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "de.gt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "de.ls", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -92942,7 +92203,6 @@ { "name": "kintamani.id", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kirschgrafik.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kirsten-wolf.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "kkutu.co.kr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "klempin.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "klempin.network", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "klen.ua", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -93121,7 +92381,6 @@ { "name": "nyan.to", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "o00228.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ocalculator.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ofo.moe", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ok-ex.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "okremarketing.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "oldnorthbanter.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -93173,7 +92432,6 @@ { "name": "petscams.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pfefferminzoel.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "photocode.co.rs", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "phpkoru.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "piboston.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pickherznyeremeny.hu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "piersmana.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -93228,7 +92486,6 @@ { "name": "quest3.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "qvq.one", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "qwas.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "qxq.moe", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "r0uzic.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "raadvanstate.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "raccoon.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -93295,7 +92552,6 @@ { "name": "sextop.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sguerrero.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "shade.cash", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "shanesofos.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sheldon.sk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sherahsl.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "shichiri.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -93374,7 +92630,6 @@ { "name": "tcspartner.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tcuprs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tdolar.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "techbymemo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "techgo.re", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "techlearningcollective.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "technicaltrainer.co.za", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -93571,20 +92826,10 @@ { "name": "yuy.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "yykb.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "z00228.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "z8079.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zakcutner.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zango.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zd3535.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zd4747.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zd8828.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zd8835.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zehnegira.ir", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zitronenmelisse-tee.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl0505.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl071.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl1212.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl4290.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl9898.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zmaloveane.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "znwvw.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zumba.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -94526,7 +93771,6 @@ { "name": "529sss.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "566zzz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "5e.tools", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "5long88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "600aaaa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "600bbbb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "600cao.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -94840,7 +94084,6 @@ { "name": "81sese.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "81sese.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "81sese.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "8230d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "84ab.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "84ag.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "84aj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -95063,13 +94306,11 @@ { "name": "b131000.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "b2222.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "b789.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "b979333.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "b979555.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "b979666.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "b979999.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "badnjar.rs", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "banajanitorialservices.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "barberiaicon.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bassment.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bbk365m.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bbk365t.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -95097,7 +94338,6 @@ { "name": "buphachat.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bva.dyndns.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cabbage.software", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "cadcc.cl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cafethevibes.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "callofdutybr.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "camrojud.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -95295,7 +94535,6 @@ { "name": "komodo.com.tr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kylehaka.la", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kylehakala.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "labsitserviss.lv", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lanierlaw.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lechucero.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "leonvermunt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -95303,7 +94542,6 @@ { "name": "localbiketrader.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "localemergencyplumber24.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "localrvs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "long100.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "loots.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lpl-ig.club", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lumieredesoy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -95445,7 +94683,6 @@ { "name": "shansing.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "share-io.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "shortcutable.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "shortwave.fun", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sigint.pw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "silo.nyc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "simyakoleji.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -95501,7 +94738,6 @@ { "name": "testsitefortask.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "texastoadranch.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "texel.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "tfq.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tft-cheat-sheet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thatlooksreallygood.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thehimachal.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -95551,7 +94787,6 @@ { "name": "v839.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "valuesetters.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "venture-ridge.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "vev.com.vn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vichama.pe", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "victorique.moe", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "visse-if.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -95569,7 +94804,6 @@ { "name": "wwwhackeronecom.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "x-way.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "x77ee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "xn--6n2ao17b.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "xn--80aabn5d9h.xn--90a3ac", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "xn--oj-uu2c9c422w3mh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "xybnb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -95586,7 +94820,6 @@ { "name": "zhoujianghan.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zieler.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zivver.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zlvd7.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "0x12.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "0x22.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "0x53.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -95709,7 +94942,6 @@ { "name": "fratiicazanoi.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "freeskateparks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "fundacionfade.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "gabrielyin.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gamecentercity.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gamelus.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gaumenverfuehrer.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -95721,7 +94953,6 @@ { "name": "glutenfreeonashoestring.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gntfy.us", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "goempyrean.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "gogracego.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "goodhealthgateway.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "growinghumankindness.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "guzey.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -95774,14 +95005,12 @@ { "name": "kraeuterland.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "krasnodar.one", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ksm.co.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "kuhlecloud.co.za", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "laharilais.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lallybroch.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "landflair-magazin.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lasandwicheriamedellin.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lasittellecosmetiques.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lidernaturascarlettbados.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "lightstep.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ligne-roset.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "liquidationyt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "loantillpaydaydelaware.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -95797,7 +95026,6 @@ { "name": "manguyen.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "marekkorlak.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "marketing91.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "markus.design", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "marypatriotnews.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "matthewthode.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "matthewthode.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -95806,7 +95034,6 @@ { "name": "maxundlara.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "maycarivero.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mellareese.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "membrive.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "menfis.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "menfis.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "menfis.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -95964,7 +95191,6 @@ { "name": "wiscon.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "witrey.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "wow-dsg.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "wpcanban.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "xdesigns.biz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "xemxx.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "xn--nordlicht-hrnum-jtb.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -95981,19 +95207,16 @@ { "name": "3niu4.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "3niu7.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "3niu9.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "65d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "888am8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "96658.la", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "98e.site", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "aboutpakistan.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "addr.space", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ag818818.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "airlinefarescompare.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "albagamefishing.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "alexander-cameron.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "anytimesewerrepair.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "arnaqueoufiable.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "artefeitaessencias.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "aszurkolassport.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "baumfreund.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "beginwp.top", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -96012,7 +95235,6 @@ { "name": "chowchowugo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "chrc-ccdp.gc.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "christinecloma.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "chromefuchs.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "codigojose.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "coolpi.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "coursehunter.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -96055,14 +95277,12 @@ { "name": "fotonza.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "fractieplanner.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "fraserengineco.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "freegovernmentcellphoneguide.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "furancheiro.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "garryserver.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "getsus.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "green-adn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hackdown.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "harianaceh.co.id", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "hehaohan.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "heyrockerproductions.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hformachine.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hookahfoil.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -96206,7 +95426,6 @@ { "name": "skidzun.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sorocabacopos.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "streamlineaudio.co.za", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "strily.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "strogov.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "szczurek-zelazko.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "taylorfry.co.nz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -96287,7 +95506,6 @@ { "name": "whaletail.ai", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "whywelive.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "williamk.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "wpinto.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "xiao-sheng.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "xn--6kru6im1lczj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "xz0.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -96411,11 +95629,9 @@ { "name": "advantageroofer.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "advasa.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "afbrtn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "affiliatemarketingplan4beginners.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "after40.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "agellonia.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ai.ls", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "aircraftnoisemodel.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "akademie-multimedii.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "aktuelleprospekte.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "alabn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -96504,7 +95720,6 @@ { "name": "campanhamamypoko.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cannon.org.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cap-adrenaline.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "carforme.gr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "caryl2twenty.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "castlabs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "catsoft.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -96890,7 +96105,6 @@ { "name": "edgezzz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ee-koolitus.ee", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "een-eenvoudige-test-voor-de-maximum-lengte-van-een-nederlandse.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "eldiariodemof.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "elegance-lingerie.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "elektrolang.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "elevatedconstructionltd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -97040,7 +96254,6 @@ { "name": "krajzlinsky.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kuechler.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kuklavrost.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "kunc.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kyosyo-jungle.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "laarroceriacolombiana.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lammertbies.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -97348,7 +96561,6 @@ { "name": "treering.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tribeda.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tricityhelpline.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "tryramp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tuttopappagalli.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "typica.com.tw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "une-bonne-nouvelle.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -97396,7 +96608,6 @@ { "name": "wikimirror.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "wilco-s.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "wildmine.su", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "wohao.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "wowbabykids.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "wp-bootstrap.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "wsrn.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -97733,7 +96944,6 @@ { "name": "alibabau.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "alicante-spain.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "alicebaldenegro.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "alinmaacademy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "alireza2love.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "alishanova.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "alisstyle.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -97771,7 +96981,6 @@ { "name": "alphadronten.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "alphagames.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "alpine-tuning.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "alpine.link", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "altabash.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "altabooks.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "altai-info.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -98055,7 +97264,6 @@ { "name": "artsalon.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "arturweb.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "artvertising.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "arxcs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "aryani-fitriana.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "asaacai.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "asaduddinowaisi.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -98294,7 +97502,6 @@ { "name": "bcrnews.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bdeshi.space", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "be-free.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "beacoworks.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bearfarm.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bearings.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bearskin-rugs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -98411,7 +97618,6 @@ { "name": "bighome.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bigpurse.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bigtimeiq.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "bijoulux.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bike-liptov.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bike-style.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bikestream.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -98488,7 +97694,6 @@ { "name": "blagosvet.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "blako-squad.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "blaming.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "blastoffbuisness.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "blavaty.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "blazingsaddles.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "blbet365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -98650,7 +97855,6 @@ { "name": "buildmate.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "buildnews.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "buketnevesti.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "buketon.uz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bukinist.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bukularis.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bulbonidos.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -100594,7 +99798,6 @@ { "name": "ggworld.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ghanaculture.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ghazals.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ghiafeh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ghostbusters.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ghostdog.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ghostdragon.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -100662,7 +99865,6 @@ { "name": "gold-bird.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gold-diamondltd.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gold-fm.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "goldankauf1875.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "goldband.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "goldbug.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "goldcreek.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -101077,7 +100279,6 @@ { "name": "howmuch.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "howtopronounce.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "howtostopsnoring.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "hr-automation.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hrjob.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hrkfamilylaw.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hrmafia.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -101444,7 +100645,6 @@ { "name": "jedi-online.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jeep-diagnost.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jenelle.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "jenhayes.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jennysource.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jessieabraham.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jesuscapitan.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -101668,7 +100868,6 @@ { "name": "kids.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kietblog.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kiev-live.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "kifid.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kilkimzaibu.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "killmebaby.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "killmenow.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -101762,7 +100961,6 @@ { "name": "koreanpearls.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "korespondent.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "korn-klan.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "kornmesser-goldankauf.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "korolevstvo-movie.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "koroli.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kortarsmagyarfesto.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -101923,7 +101121,6 @@ { "name": "lawzakon.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "layflamso.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lazibeach.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "laziz24.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lazonacartagena.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lazywaves.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lcsoftware.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -102464,7 +101661,6 @@ { "name": "melissageorge.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "melkiran.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "melvinsfrance.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "membershipnetworksite.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "memorylines.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "memurvadisi.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "men-costumes.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -102609,7 +101805,6 @@ { "name": "mittendorff.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mividasecreta.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mix-books.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "mizanexpert.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mkmedien.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mlnews.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mloska.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -103165,7 +102360,6 @@ { "name": "nyiarlumar.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nzpost.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "o-dvor.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "obala.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "obatjantungrematik.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "obbr.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "obclub.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -104394,7 +103588,6 @@ { "name": "sagomedia.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sahalin.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sahalinskiy.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "saibacademy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "saintaugustineschool.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "saintereso.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "saintpetersburg.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -105895,7 +105088,6 @@ { "name": "unai-yus.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "unataz.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "unblockit.pro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "unboxrobotics.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "uncinema.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "uncorporate.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "undemocracy.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -106293,7 +105485,6 @@ { "name": "watersource.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "wavered.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "wavesite.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "wbookcompany.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "wctsite.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "wear-largesizes.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "wearesouthafricans.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -106487,7 +105678,6 @@ { "name": "wringer.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "writerecommendations.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "writingapps.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "wrsblog.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "wuestenbergs.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "wwwclan.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "wycena.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -106601,7 +105791,6 @@ { "name": "yasraiting.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "yasrating.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "yassinesmael.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "yay-btcl.work", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "yazichestvo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "yeartracker.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "yekaterinburg-city.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -106974,7 +106163,6 @@ { "name": "dreamotis.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dumax.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "duraes.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "earlyprime.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ebooksa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "eccologic.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ecn.ir", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -106993,7 +106181,6 @@ { "name": "eudireto.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "evga.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ewrk.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "examsexpert.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "f88vip10.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "f88vip107.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "f88vip108.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -107307,7 +106494,6 @@ { "name": "sabrinajoiasvarejo.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "safeandsecureserver.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "saltydogpaddle.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "sangobion.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sapphirevpn.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sawiday.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sawiday.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -107342,7 +106528,6 @@ { "name": "sknasirali.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sldev.ovh", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "solo.com.sa", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "southogdencity.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sportingclubdacruz.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sreenadh.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "stacky.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -107421,6 +106606,3562 @@ { "name": "zeromoment.marketing", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zh.fyi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zz204.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0x5d.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "166zzz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1fax.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2fdelivery.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2me.cl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3commas.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3niu888.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4voip.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "50.gy", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "528sss.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "557bbb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "722sss.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "795sss.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "840.gg", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "991ccc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aaflalo.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "abeshultz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "abzarweb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "acolicy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "advancedroofingmuskoka.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ae86m.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agasaya.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ahata.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "airbnbcupom.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "akapumkin.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "akirazu.live", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aknastore.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alfredetnestor.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "altcoinandme.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ameri-drain.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "americanenergysystemswa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "andreae.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "annebacarat.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "anteroleppanen.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "anunciosbolivia.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "apiida.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "apimoveisorocaba.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "archeologiegorinchem.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "archmacro.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "asgardsuper.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "asttuchaud.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "atpeacerealty.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "austinbestdjs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "automotiveunlimited.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "av-th.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "avcilarescort.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "avoinna24.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "badaa.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bailleux.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "baobaoquming.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "barzallof.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "basanakia.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "basllp.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "beaquarium.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "berchtesgaden-hilft.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bigskywaterheaters.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bigtexasbeerfest.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bitcoin-youtube.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "blackbbwvideos.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "blueberrywinery.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bluheron.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "borza.us", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bosiquanao.vn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bostonprocleaning.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "boticadiservicio.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "botikadiservisio.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bougerpourmasante.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "boundless-designs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "brazilhealth.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "breteuilcommerceartisanat.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "brexitmart.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bride.vn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "butlerdisposal.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "camshowhive.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "camshowplace.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "canibeoutside.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "capctury.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "careersngr.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cariocabelos.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cass.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "casvpn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cazadordebuenaonda.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "centraldelbebe.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "centreparkhistoricdistrict.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "centurion-meet.site", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cesarloaiciga.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cetis.com.ua", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cges.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cgl.li", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "charlesbordet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "charolopezatelier.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chataumateje.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cheng.pet", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chocolatebelga.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "christianvanos.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "civil-works-sri.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cl-brands.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "clevyrcares.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "clevyrlabs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "click4click.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "clinicasesteticas.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cloudmyhome.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cloudmyhome.top", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cloudmyhome.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "codetrack.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "coinnewsspan.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "coletrain.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "colorbitor.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "commaschool.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "computersforlearning.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "confirmit.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "confirmit.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "connectedbynexus.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "covid19resilience.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cp061.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cpanels.us", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cpshr.us", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "crafterbase.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "crossfw.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "crystalmusic-chat.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "csharp.love", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cuisine-ultime.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dd152.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ddw.pw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "demarit.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "den.taxi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dhammacitta.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "digino.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dimigo.codes", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ditudo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dj-phil.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dlrg-cux-ohz.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "doctorebonie.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dogespeed.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dogespeed.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dogespeed.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dogespeed.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "domofon.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dontkeylog.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "drawguess.fun", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "drone33.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ds-hostingsolutions.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dsiteam.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dutchwaredesign.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dwell.property", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ecaa.ee", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "edufrog.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "egt.ee", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "elephantstone.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eletricista.biz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eliasfox.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "elliottbernstein.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "emergenzaduepuntozero.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "emilstahl.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "english-biography.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "enoxhzwh.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ensaladasvinagreta.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ephraim-medical.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "equipamentosparapostos.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "erichoins.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "erkkiaronen.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "erulezz.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ethernia.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "etindustries.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eve.pub", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "exaduosport.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "exclusivityglobal.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "expectation.management", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "extienso.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eyeshield-informatique.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "f1iran.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fabian-zoske.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fabricadeobsequiosimpresores.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "facan-godollo.hu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "faulkner2020.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "faysalabdi.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fcpn.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fileho.st", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "filipposalvioni.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fishystuff.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "flagipanstw.info.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "flexussolucoes.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "flubio.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fluidbb.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fox-zulu.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "friherrsindemarit.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fulltextarchive.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fusionauth.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fyllehack.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gbsapri.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "geekgirltech.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gethyas.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gilloteaux.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gitgud.eu.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "givemeaverse.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "glitter-graphics.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "glxnet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gmmarine.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "godles.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gofobo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "golosinascbd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "golternet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "govsales.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "grast.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "greatlms.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "greekpistols.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "greencontrol.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gripcoat.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gruasiturra.cl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gruasllanos.cl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "guardedbox.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gyengus.hu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hablemosclaro.blog", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hakon.lol", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hamada-syoji.co.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hanbin.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hannehovi.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hardware.info.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hasilkeluaransgp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "heikkileivonen.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "heleus.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "heleus.photo", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hesbenergie.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hgyo.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hibrid-turf.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "highqappliance.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hillcrestplumber.co.za", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "homeostase.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "honey-tr.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "honggian.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hoodcouture-shop.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "horstmanshof.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hostatic.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "howinsider.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hst.tc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "htmtools.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hubtrinova.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hyperaonline.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ibuildings.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "idioumarou.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "idstudio.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "iesucreipi.edu.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ilovecheesedip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "impartesco.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "imprensaglobal.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "inquisition.is", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "internetprofitspro.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "interpretacjawynikowbadan.info.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "inua.store", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "investarter.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "iranpay.biz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ircnow.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "irelandremembers.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "irelandremembers.ie", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "irelandremembers.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "isdmgroup.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ivoucher-kuwait.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jantari.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jgtrainer.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jhatpatjobs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "johannavarmala.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jouons-aux-echecs.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "juggo.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "juhanihakala.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jukkakivi.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jukkakivimaki.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jvianes.ddns.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kabodo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kaplan.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kapsalondigo.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "karaokerentalcalgary.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "karaokerentaledmonton.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "karaokerentalvancouver.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kasettilamerit.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "keyschip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kigurumi-party.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kingforex.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "klute.spdns.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "koing.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kommunikation-czw.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks1athome.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kustom-kitchens.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lancea.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lasmoarquitectos.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "laurabailo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lbpc.pro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lbph.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lechompenchaine.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "leenaluhtanen.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lefilradio.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "legoktm.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "leporem.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "levellock.com.ua", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lfnaturopathie.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lifebymargot.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "light.blue", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lightbluelearning.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lihuenjardin.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lillyfox.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lionelsfarm.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "livinglifesecurely.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lp177.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lucesledsbaratas.shop", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lucreds.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lunaretna.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "luoli.one", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "luxedentalfl.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "luxuryislandtrips.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lvna.capital", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lvnacapital.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lynxlab.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "malariabehaviorsurvey.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "manoek.dynu.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "manyproservices.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mappingspaceperu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mariouniversalis.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "marketwau.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "markhamfair.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "markkusilvennoinen.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "markuslintula.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "martinvolenec.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "marybeauty.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "matrix.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mattshi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mdinstituteplasticsurgery.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mdsconcept.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "medicano.site", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "medicoway.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "meer-der-ideen.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mendrala.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mendrala.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mendrala.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mercury.foundation", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "midi-coquillages.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "miisy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mikeyroxtravels.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "miratechgroup.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mirumhongkong.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "misson.ovh", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mlfitnesscenter.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mmoveisplanejados.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "modamoom.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "moncarnetdesante.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "monorthopedagogue.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "motoforce.lt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mphold.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mrssclaus.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mudey.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "munialajuela.go.cr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "music-store-download.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "musicnotesroom.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mycbils.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mycloudhome.top", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mycloudhome.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "myriadlex.com.tw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "myswimmingclub.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nataschaskraamzorg.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nbsgames.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nectere.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nejrecept.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "networkprosecurity.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "newikis.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "newshour.media", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ngservers.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nhadatpho.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ninaafenehjelm.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nivalandemarit.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "njhq.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "no9vip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "noatec.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nogfw.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nogfw.pro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nogfwsite.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nomo.my", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nozier.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oetzies-quiz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ola-xyma.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "omniballot.us", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "omnicourt.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "onlinepayment.biz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "onlyssd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "opencovidpledge.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "optimism.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "orthosportiv.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ouvindo.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p10.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "paaspasst.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "panamacascoviejo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "paradiscapacitados.site", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pareaki.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "parenttv.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "paseelite.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "patentmanufaktur.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "paveltoman.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pedrolamas.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pegfer.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "peopleorders.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "perali.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "philippehannes.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "philpatch.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "piezus.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pjdigitalmarketing.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "platform-med.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "playorigin.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "playstationplus.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "poi-radary.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ponyar.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "popkultura.info.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pornhib.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pornhun.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "precisionlender.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pro-dog.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "proficiodigital.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "proficiodigital.sk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "proitsecurity.cl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "protection-plexi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "protection-plexi.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "psicologomogidascruzes.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "psychologue-grenoble.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ptcmonitoring.ir", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "punjabdirectory.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "punjabitube.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pvpheroes.gg", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "q3jlzwq.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "qbacano.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "qjg.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rabec.com.sa", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "refansta.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "renedekoeijer.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "reseau-protestant.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ricor.cl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "riley.love", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rinton.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "robin-kusch.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rogeriosantos.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rogo.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rpi-pihole-mon.ddns.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rua.ink", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rueckgr.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rundh-audio.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ruttenadvocaat.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "salutenaturale.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "samaresane.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sangowen.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sarahjaneethan.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sascha-brockel.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "schnaube.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "scwildflours.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sebastian-bravo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "seeme.ai", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "serptoolsuite.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "serwis-telewizorow.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "serwistomy.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sexychatakides.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sfiane.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shanoviyam.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shawclan.id.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "slothy.cloud", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "smartseller.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "soilegustafsson.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "soloroboto.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "songlifty.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sophi.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "soukka-seura.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sozialabstand.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sparqmedia.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "speac.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "spinpay.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sshcrack.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sslmonkey.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "st-jitsi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "staroch.name", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stocktonengineering.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "straydio.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "styloplumeblog.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "supersprowtz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sustcarchive.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "svarta.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "swanbitcoin.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "swayampaaka.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "taaltaal.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tapbutdao.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "techiecomputers.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "technews360.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "teknisetdemarit.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tepui.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "texnogu.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thddns.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thegatewaytoanewworld.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "themedicalmedia.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "theonlinecentre.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thetrafficgeek.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thevern.co.za", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thijmen.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thoughtworthy.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tiempoalegria.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "top4c.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tripartie.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tulevaisuusdemarit.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tupahost.net.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tupperwaresalamanca.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tusconsultorex.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uatx.mx", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "unataly.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "unionvilleheating.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uploads.su", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "urbancoffee.com.mx", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uslugi-online.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v2xxoo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vadasztanyabuk.hu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "validius.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "valkoi-konyvtar.hu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "valkoi-ksk.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "valuskills.co.za", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vapemate.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "veikkosimpanen.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "villavasco.ovh", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "visualiti.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vitalos.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "voidge.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vxl.sh", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wawloja.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wearedevs.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wearetravellers.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "webmyhealth.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "webteammate.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "welcome-to-the.wedding", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wgrfoods.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wht.one", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wiadomosci-lodz.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wiberg.nu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "winterstyle.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wpdo.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wrkflowmedia.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--fl-mka.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xtensio.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xyuya.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yolifestylenow.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "youngsigncompany.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zilsoft.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zook.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "016910804.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "123start.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2002000.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2makeu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4driver.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4hypo.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "88cakescorner.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "abbyvangrinsven.co.nz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "absentia.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "acgc.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "adamliu.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "adauge.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "adhdyogi.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "adriankeenan.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ahmed-alasadi.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "akalpremkaur.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aldersgate.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aldersgate.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aldersgate.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aldersgate.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aldersgate.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aldersgateumc.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aldersgateumc.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aldersgateumc.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aldersgateumc.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aldersgateumc.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alimak.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "allaccessglobal.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "allinform.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "allremotecodes.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "almukhtar.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alperozmen.kim", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alphazure.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alquilerps5.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "amatista.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ant.lgbt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "antivirusgratuitos.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "apuraytravel.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "arabwomen.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "archaeology.lk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aromaimportado.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "artlinestix.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "artofclouds.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "asdf.one", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "asean-wen.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "astyork.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "at-machining.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "atlaso.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "attoch.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "audionpack.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aulasprofdanilo.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aussieparrotlets.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "avitus.hu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "awalong.work", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "backflow.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "baecker-know-how.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "baghtelecom.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bayanbennett.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bbcustomremodeling.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bbunits.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bcyw56.top", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bdikaros-network.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "be.gy", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bestappliancedoctor.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bestreviewcenter.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "betassl.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bimechanics.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "birthdaycakekuching.my", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "blocked.icu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bluebikesvalencia.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bottom9clothing.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "boutiquedelhogar.cl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bowmanwilliams.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "brain-dev.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "brajenovic.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bran.cool", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "braxtonehle.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "brooklynreclaimed.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "businessguide.co.ke", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bytetime.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "c-netsys.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "c057cl7.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "campus-competences.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "candalgic.com.tr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "canopy.garden", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "captainkids.vn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cardoneshop.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "careify.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cateromarket.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "catsgalore.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cbdbflo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cdrjapan.co.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "changenow.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "charuni.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chatterbox-aws.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chinafree.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chinafree.site", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "christo.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cibleclick.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cint.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "clariti-health.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cleanvision.space", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "clementpinon.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cloudfree.top", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cloudmyhome.club", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cnfree.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cnnc.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "colbird.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "colombiawebs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "comedicgrouperu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "community-services.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "comprocellularishop.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "comunate.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "confetayrona.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "connorfindlay.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "constelacion3d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "convert2sql.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cookandgame.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cortesparapelo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "coryluba.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cosmicyes.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "covid-graphs.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "covid-model.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "covid19statstracker.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "covidmodel.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cpad.org.pk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "crea.codes", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "creatapeak.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "credee.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cricoff.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "crohnszone.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cryptomize.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cryptonewsz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cthu.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cuestiondegustos.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "czechglaskralen.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dagjetreinen.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "danangcitytours.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "danchestertonphoto.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "danielmorales917.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "deepclub-chat.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "deepwoodshop.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "depedapplication.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "depedresearch.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "devoc.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dezinfekcianaruky.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "differmint.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "digino.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "digino.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "digino.us", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "digitalmarketerconsultant.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dioxido.com.ar", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dnddobbelstenen.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dossierweb.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "download-audacity.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dream-factory.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dsv-salesmanager.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dualscreenblog.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "duoqichina.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "duoqichina.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "durkinconstruction.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dvprogram.us", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "e-procurement.co.mz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ebix.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ebjork.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ebooksinfocus.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ecosdanoticia.net.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eksk.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "elpueblo.com.do", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eltd.com.vn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "embello.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "emulationking.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "envisionsproperty.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "erenvakfi.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ericlight.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "esajokinen.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "etcivil.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "everythingcebu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "expanddigital.media", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "factis.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fakebusters.club", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fammamtl.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "famousit.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "farumbedandbreakfast.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "feelmingo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "felixvelarde.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fillu.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "flagipanstw.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fletesymudanzasbaratas.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "flycheaps.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "forcewaterproofing.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "foreverreem.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "foto-mario.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fotomodels.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fourcornerscb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "frasermurray.scot", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "freak-show.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "frednet.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "freecn.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "freegamesmac.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gassero.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gatekala.ir", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "getgroots.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gfmp.com.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "given2.blog", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "given2.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "given2.us", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "given4.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "goofy.gr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gpony.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "guiaturisticanuevayork.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gustavovelasco.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hack.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hackade.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hafer.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "haigekassa.ee", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "happybaby-ec.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "happywheels1.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hdmovies.blog", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "healthynutritionguide.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "heeftmijnwebsitehttpsnodig.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hermiyanto.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "herychreality.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "horos.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hotelsinroatan.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "houseofaceonline.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "htikeagkyaw.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ifnet.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ihongchao.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "iliturkey.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "imap.support", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "imqyw.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "industriascruzcentro.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "infomikulcice.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ingebroer.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "instaon.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "intcarshow.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ipv6.cool", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "isabelcaviedes.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ispn.edu.ar", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "itcoolie.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "itgalaxy.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jacobdorais.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jafarmehdipor.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jamesplumbingcompanypasadenatx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jfjtransport.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jhonmurillo.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jmap.support", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jojo.sg", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jon8rfc.homeip.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jsdesign.mx", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jub0bs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "karaokerentalmontreal.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "karaokerentalottawa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "karaokerentaltoronto.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "karpat.space", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "katapult-impuls.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "keycdn.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "keysmedspa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kls-platform.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "koishi.pro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "komponenty.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "korkortonline.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "krome.sg", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "krpaforum.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks178.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks187.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks500.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks700.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks800.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "l2l.vn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lablic-beta.work", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "langages-programmation.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "latronicenergy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc80803.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc80804.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc80805.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc80806.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc80807.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc80808.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc80809.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc80810.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc80811.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc80812.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc80813.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc80815.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc80817.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc80818.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc80819.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc80820.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lejade.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "letterzaken.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "leyendaluzrenacer.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "licensediscovery.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lishup.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "littleireland.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "locationkaraokemontreal.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "locationkaraokeottawa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "locationkaraokequebec.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "locksmithunit.cat", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "locksmithunit.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "locksmithunit.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "logodzyn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lojahbk.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lojavirtualdopsicopedagogo.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "losangelesescorts.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "luisabreu.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "luna-zen.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lustylabs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lyhathu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "macrofox.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "magisterjuris.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "magnamus.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "maintenancemtp.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "majalmirasol.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "makeitshort.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "manilacrawl.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "marielouise-oliwkiewicz.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "marropax.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "marvelweed.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "masterin.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mateu.us", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "matronal.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "maytinhxachtay.vn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "me.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "meaningfulaction.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mec000.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mec111.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mec222.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mec333.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mec555.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mec666.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mec777.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mec888.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mec999.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mechasdepelo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mediaforkids.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "medinorte.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "meditez.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "medklee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "meier-stracke.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mereni.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "meskimonos.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "metdijital.com.tr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "metro-detroit.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "michaelkosiba.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "midiarioalcoholico.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "miguelcolmenares.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "miisy.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "miisy.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "milchweg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "millbrookbedandbreakfast.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "milliarden-liste.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mindfulnessjourney.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "minecraftrealgold.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mirasurclub.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mixmastermiguel.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mizuasobi.work", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mkm.ee", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mobilerhandwerker.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mobilise.solutions", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mockups.com.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mokujinken.tokyo", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mondsee-psychotherapie.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "monicahq.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "moondsee.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "moovhl.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "moromsmile.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mostardela.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mrak.blog", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mtp-services.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "muir.fun", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "muslimah.boutique", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mvmm.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mycloudhome.site", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mywestondental.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "n2ray.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "n3oxid.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "namisens.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "naturallyvegan.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "negociosurbanos.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "netsys.com.tr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nhahatde.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nhasicuibap.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nianubo.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nicaieri.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "niciunde.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "northstate.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "numit.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nyamulab.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "odo-pro.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "odontologiawilliampizarro.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "odzywianie.info.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "omveda.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "on-air.today", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "osteopathie-guggenberger.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "otokirala.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ourwits.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "outdoorhaber.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pansino.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pebkac.gr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "perezplumbinginc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "photo-booth.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "piedroshop.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pilotpov.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "piraten-kleinbasel.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "plus36.hu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pop3.support", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "posukovskaschola.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "prisonerresource.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "programer21.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "proj6.site", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "psucompare.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "psv-herford-badminton.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pta-security.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pubsasiedzi.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "qanatnews.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "quasetio.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "quel-dj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "quizinn.live", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "raamattuopisto.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "radnas.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ragnarokhpg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rallyekrumlov.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rapidxray.biz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ravihotel.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ravijuhend.ee", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rcsscontractors.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rebelsewerservices.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "recitoners.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "recoveringfromfaith.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "reikimontreal.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "reliabledegree.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "restock.ninja", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rmp-gebaeudedienste.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "robeschinoises.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "robi-aesch.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rolibo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "romeing.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rsrnd.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rugbugecoflooring.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ruifu.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rundh.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "runningshoeshq.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "s-geiser.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "s6academy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sa-hc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sacodecuentos.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "salud-paratodos.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sanatstore.ir", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sarouel.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sawiday.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sbl250.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "scambusters.club", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "scaracloud.ddns.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "schoolbuddy.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "secretsauceangel.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "seondigo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "seoprnews.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "seounlock.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "serverstatus.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sevenartzpublicidad.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "share.gy", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sharkeyscuba.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shawfamily.id.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shirlygilad.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sigmalux.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sigmalux.co.nz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sigmalux.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sigmalux.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sigmalux.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sigmalux.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sigmalux.lu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sigmalux.nz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sigmalux.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "simsalafresh.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sivizius.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "skyhighescaperoom.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "smurffi.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sohail.life", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "solovyovalawfirm.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sourmatt.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "spartac.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "spendleex.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sro.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sros.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ssk.ovh", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sssnet.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stackstartup.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stackstartup.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "standdownofnorthjersey.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "startstack.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "startup-stack.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "startup-stack.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "startupstack.llc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "startupstack.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "startupstack.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "startupstack.pro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "startupstack.services", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "startupstack.site", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "startupstack.software", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "startupstack.technology", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "startupstacktech.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "startuptechstack.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "steggemachine.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stevesbriefmovierecommendations.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "storybuilder.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "strandkorb-jentzsch.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "studujdigital.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sumareaguas.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "summer.today", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sumutoday.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "suntzuparadirectivos.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "supercours.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "support96.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sweetologist.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "swish-ict.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "systemd.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sysv-consult.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "szerver1.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "taildb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "talyllyn.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tardics.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "techno-iptv.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "technoteers.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "telesonicengineering.com.my", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "terraco.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "texcolors.com.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "th-nuernberg.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "the-spellcaster.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thebismarckmarathon.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thebrookeb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thehasanyildirim.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thekidszone.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thelimitededition.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thenational.academy", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "theoldsewingfactory.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thepinfluencers.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thestreet.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "to.gt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "toby.website", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tonyzhao.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "totalleedee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tozein.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trans-pel.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trashexpert.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "triangela.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "triangela.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "turtledigital.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tuxforums.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "txtdb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ulrichracing.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "unblockit.one", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "unepierrepourlui.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "unitehelivy.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "unplugstore.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "unpoditalia.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "unvoyageenvelo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "upsilonsigmaphi.us", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "van-assen.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vatitsolutions.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "veganoos.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vietnamtravelmart.com.vn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vigneshkumar.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vilantice.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vinisol.com.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "viralme.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "virtualdawgs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "visadoparausa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vk1fj.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "voom.live", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vozlegal.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vutumusic.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w3ctag.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wardpieters.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "watchco.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "web-worker.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "web.hr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "webhr.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wego.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "whatthefoxhat.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wideworks.agency", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "winfuture.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "winfuture.mobi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "witch-anastasia.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "workaround.run", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xabifk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--43-6kc4be0fbz.xn--p1ai", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--nicieri-b4a.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--okra.xn--6qq986b3xl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xyconsultoresasociados.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yannickkordel.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yanwo.com.tw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yg-crew.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yobda.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yojanahub.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "youbehero.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ywyz.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zagainov.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zaimponuj.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zesgoes.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zir-online.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zonaairsoft.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zuluconnect.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1234666365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "186526.club", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2007gp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2345666365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "259885.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3456666365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "378bbb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4567666365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4k3dyptt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "50.tf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "51ish.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5678666365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6789666365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "71tuiguang.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "992zzz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9i0.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9jajuice.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "a1scubagear.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aakashbhati.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aappe.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "abnobapetstore.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "acceleratedpayments.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "acdk2.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ademy.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "adsmobilefor.win", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "advaithbot.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agritayo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ahornblatt.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ahu.zone", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ainamoroms.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "akssma.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alevel.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alexanderjshapiro.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "allergento.shop", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "allpornvids.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "altaekwondo.club", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "amaderbangla.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "amango.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "amerimex.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "anakeles.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "anastasis.studio", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "anilasansor.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "antiseptik.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "apaymall.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "apinat.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "archi.net.tw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "archlinuxcn.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "arn0.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "arselvarol.com.tr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "asasesoria.cl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "astiamministrazioni.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "atenasconservadora.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "audit.ovh", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aymericlagier.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b3collections.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "backbenchersart.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bambuitalia.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "baofuzhuan.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bbs8080.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "benjaminrancourt.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "benohrbrill.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "benzthonburi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "berndartmueller.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bigambitions.co.za", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bijzonderekoorprojecten.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bitar.is", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bitloco.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bitnoise.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bjc.hu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "blacksignature-coffee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "boingo00.wtf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "boostrpro.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bran.pw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "brandingforthepeople.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "brianum.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "brianum.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btobchod.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btsous.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "budapestjazzclub.hu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buggy777.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bundesvvehr.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buydegree.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cafminiapp.ac.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "callumgroeger.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "camslagz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "capradip.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "car-clean-nord.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "carcleannord.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "carinaklijn.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "carolinepleuvret.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cb83.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cc.hn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cekabajio.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "celebavirus.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cerocosto.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chabakainfo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chantuong.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "charly-arth.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chelpipegroup.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chronotech.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "circum.top", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cityuproject.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "clara.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "clearstep.health", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "clickhouse.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "clinicaeliana.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "clouddatanotes.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cloudfree.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cloudfree.site", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cloudmyhome.buzz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cloudmyhome.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cloudmyhome.monster", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cloudmyhome.site", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cloudpublic.pro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cloudturing.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "clubinhodobaby.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cmediaplayer.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "codebreaker.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "codename-infinity.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "codename-infinity.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "codewitchbella.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "codydostal.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "coldecan.edu.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "condizionatore-portatile.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "congregacionmitacol.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "consul-coton.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "corvettesalvage.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "crowdpress.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cshe.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cuddlybeardaycare.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "customcodeit.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cve.sh", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d1pyhxxwnnp9rt.cloudfront.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d25sxbgdpzj1st.cloudfront.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "daken.hu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "daktariwildlife.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dallydushigrill.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dalmun.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dang-designs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "danielgaughan.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dantana.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "datagate.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dbdc.co.za", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "deepl.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "depedals.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "derkach.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "devinstever.eu.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "diabetus.site", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dienmay88.vn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dietetykonline.com.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dinero4all.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "discord.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "distributedsystems.science", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dnf.buzz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "docusign.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "docusign.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "docusign.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "docusign.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "docusign.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "docusign.com.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "docusign.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "docusign.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "docusign.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "docusign.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "docusign.mx", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "docusign.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "domains.lt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "donislawdev.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dostal.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "drivingtest.autos", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ds-statistik.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "e-topia-kagawa.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eatinghouz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ekdoseis.gr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "electronictucuman.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "elementalengine.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "elementalengine.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "elementalengines.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "elementalengines.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "emil-reimann-lieferservice-stuttgart.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "emil-reimann.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "empirehive.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "enfinmince.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "entspannter-arbeiten.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "era-tec.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "erichmann.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "erosbeautyandwellness.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "essenah.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "estudiemosvirtualmente.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eve-skilltracker.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "exper.gr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "f5web.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fabien-bousquet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "factorway.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fastercaretx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fazal.tv", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "felixc.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ferrodata.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fhappcp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "filipstaffa.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fletcherdoescrime.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fliptracker.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "flixcheck.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "forexnew.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fortawesome.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fotopianka.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "foxconnexion.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "freepornovideos.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "freepornvideos.life", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "freepornxxxvids.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "freexxxmovies.biz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fromm-projects.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "furtodo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "futone.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fxeuropa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gelarehghamari.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "georg-ledermann.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "georgewilsonvsgatsbyjs.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gestalte-deinen-balkon.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "getsmartlife.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gilar2.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "goenea.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "goldenworldec.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "goover.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "grapheneengine.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "graphicapps.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "graphicwallet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "groundhogg.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gsaxcess.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hagabilvardscenter.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hanikira.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "harmonyonline.ir", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "harrachovskyapartman.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hay.email", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hdsexxx.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "heavenylace.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "heliconservices.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "helloexit.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hertz.fail", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "heyitsfree.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hirmozaik.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hiszpanskiesmaki.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hlsblog.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "holidayair.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hostibis.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hotsexvids.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hsmithsmithfield.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "humanuh.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "huntu.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hyh.ink", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "iamconnected.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "iampersonalized.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ifadian.club", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "igechile.cl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "imdhd.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ineed.coffee", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "inextmovies.link", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "inextmovies.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ingbusiness.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ingresospasivosyafiliados.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "investlatam.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "iptoasn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "iq-option.bid", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "istheinterneton.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "itraveller.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ittlloretdemar.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jackwilli.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "javierguandalini.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jayharkess.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jewaedv.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jewelcaddesigns.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "johnjayro.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "joshfoley.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jpdb.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "judo2point0.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k55655.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kabbac.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kagelmacher.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kaofw.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kaustubhalandkar.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "keshankang.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "key.lol", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kibazen.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kinklist.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kinkyheretics.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kitajagakawasan.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kmzs123.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kocovi.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kokily.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kristineskitchenblog.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kryptix.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "laboratoriojaves.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lacatta.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lafamilia-chat.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "layers.media", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lazoscollection.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc3755.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc80801.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc80802.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc80814.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc80816.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "learnpine.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lebozec.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lidl.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lime.rocks", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "linuz.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "litepost.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "litfuelmarket.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "livelovelaughlg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "liveskype.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "loadtime.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "logwise.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "loli.life", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lorenz-cloud.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lunacat.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "madamecolette.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "made-in-auto.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "makangratis.id", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "makeranimacoes.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "makeupillusion.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mandarin.solutions", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mantri-chat.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "max-cafe.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "maxdargent.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mccuskey.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mcmk.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "media-valko.hu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "medientechnik.wien", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "megamilftube.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "meijo.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mema.recipes", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "merakidigitalmedia.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "miamimosque.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "micheleandkeith.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "michielbijland.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "michielvanfastenhout.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mickybottenberg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "micloud.uno", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mig81.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "minetrack.no", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mlcreaciones.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mochasoft.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "modineaviation.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "moescat.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mostazaketchup.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mqbx.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "multipassword.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "myitworks.co.za", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mymclothing.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mysexvids.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "myviewboard.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "n2game.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "n8s.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nasalucx.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nat.ac", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nawarasa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "needsupport.us", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nemesisenterprises.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nemsurvey.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nerba.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "neskins.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nightmareabyss.top", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nikscloud.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nilosoft.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "noknow.ovh", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nopaste.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "notary24.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nubium.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nukleoti.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "observass.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "odoru.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "odorucinema.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oestemc.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oga.fit", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ok-test.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "olacatlitter.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "omegletalk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "omggo.ph", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "opti-net.solutions", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oriveda.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oriveda.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oursurplus.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p02.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pannovate.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pentekdograma.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "perustorelowcost.site", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "petercawthron.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "phcloud.spdns.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "phxserver.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pichainlabs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "piercingnagykereskedes.hu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "piercingpiac.hu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pinoyreal.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pinpaituiguang.com.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pinpaiyunying.com.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pirateproxy.blue", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pirnhub.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pixelsketch.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pixend.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pmoscr.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "poenhub.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pokermix.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pool-selber-bauen.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "porm.club", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "porowneo.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "prelogica.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "presensio.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "previous.one", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pubg.yt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pwaiwm.site", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "qhzwz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "qiuw.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "qrsecuriteanimal.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "qvady.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "r0ck1t.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ractf.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "raspberid.org.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "raulmalea.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "reciplast.cl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "recruiterbox.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "redcupit.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "reformasiluro.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "remhomut.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "remifajardo.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "remy.codes", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "reto.tv", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "revcord.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "richardbowey.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rosewater.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rovertheory.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "roxanaherguz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rpg-maker.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rpg-maker.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ruanwen168.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rubydatum.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ryan.cafe", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sabahlist.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "saipeople.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sanantoniourologygroup.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "schwartz.pro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "scrambled.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "searchenginepartner.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "selfhosted.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "seniorinhomecare.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sexualdiversity.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shamimmedia.ir", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sharonsplace.biz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shouohkai-dental.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sipln.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "skrealtyplus.co.th", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "smaden.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "smikom.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "snitch.rocks", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sntial.co.za", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "socktopus.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sophiegraceshields.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "spainpol.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sparkweb.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "speciauxquebec.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "starprime.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stayingurgaon.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stealthvape.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stevejcraig.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stillwell.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "studiolupotti.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "studuj.digital", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "successbox.vn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "survivalfitnessplan.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "svatba.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sylencegsm.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "synology.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "systemplust.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "taguiginfo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "takeshi.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "talkx.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tandartspraktijkreddingius.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tbun.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tdxexpedited.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "techguides.com.ng", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "techlearninhindi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "techsolcorp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "teestiger.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tela-tatis.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "telco.si", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "telenco-datacenter.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "telenco-networks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tfk-installatieservice.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thaininjan.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thehouseofcode.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thevapeasylum.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thienminhmts.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thomkrom.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thumbsnap.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tiendadeperros.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "titleboxing.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tjzzz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "todb.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "toolsharing.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "topinjust.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "topporn.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tosshi-life.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "townofsweetwater.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "traininglife.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "transformasion.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trendsuites.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trineco.cloud", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trmgo.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "truepointsurveying.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trustn.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tryreason.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tsr.best", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tsu.re", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ttvhoensbroek.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tubepornmovies.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tubosabc.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uapp.win", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ukpr.group", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "umaywan.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "unix.lu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vaidikapriya.pub", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vampiresdawn.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vandoornmiddenzeeland.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ventahogar.cl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "videosporno.life", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vidyamonk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vigoinvestments.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vivofertas.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vlissingse-oratoriumvereniging.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "walhal.la", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wallacealvesdigital.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wallnot.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wangluoyunying.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wangzhan777.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "washingtonwatchdog.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "we.tc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wednesday.one", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wildzap.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wintark.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wisdomgeek.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wishlog.fun", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wonderkind.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wpen.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xgeni.us", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xinmeiti168.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xinmeiti365.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xminds.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xsupernova.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xxxfreepornclip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xxxpornohub.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yananikitina.site", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yanhongming.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yaodownload.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ybangban.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ycmunc.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yogies.shop", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yomiren.co.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "youngguns.club", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "your.best", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yumplay.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zdravypanelak.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zeta.co.za", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ziarnisty.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zighinetto.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zmy666.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zottika.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1masquepourtous.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4cut.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "69shu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "995ccc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "99furnitureideasandtips.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "a-colorful-life.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "abaca.bar", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "acina.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "acrowebs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "adiscorduser.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "adopt.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "adrianasantos.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agentfirewall.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agscapeslandscaping.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aipi.tel", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alieninvasion.fun", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "americanstrategic.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "andibo.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "animalcrossing.pro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "antifaschistische-linke.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "antoninocardillo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "antonioordonez.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "antwire.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aoicollege.edu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aprendafotografia.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "apur.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aqlami.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "arcosdequejana.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "asperatechnology.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "asperatechnology.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "asperatechnology.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "atlantabethelaci.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "atlanticradio.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "atplastics.vn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "autizmo.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "autoclassics.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "babyatacado.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "barnflix.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bauservice-aluminium.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bee-kart.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bekabazar.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "berksestateplanning.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bernhard-eicher.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bestdeal.co.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bicommarketing.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bigcorestintas.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bigmountainmail.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bikemod.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bingedb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "biometrics.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bipedecurieux.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "blog-cannabis.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bobstikkers.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "boyo.cloud", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bran.to", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "brandweerzonecentrum.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bsolution.edu.vn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bt-kc.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "businessusa.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buyitmalta.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cakalnedobe.si", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "camilalima.adv.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "camilia.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "canukseeds.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "capitaliz.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "caplangage.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "carolcollv.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "casalor.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cccp-o.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ccnexus.global", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cdxmaster.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cecilgreens.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ceifx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "certified-cpr.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "certifiedblk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chaddidit.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chenui.design", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cheto.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chinamextrading.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "choiceuniontown.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chrissx.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "clevyr.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "clinux.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cmweb.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "coachjehond.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "coffeeinvestigator.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cogsys.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "coinfete.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "coldjetconnect.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "colorfularchive.eu.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "consultoriadigital.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "containerbeveiliging.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "coreylmartin.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cosmos-ink.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "couetteduvet.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "criptomonedaz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "crypto-forum.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "csbya.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cumbredelamaternidad.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "currency-one.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cwaurora.top", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d1v7neu4o1h4vp.cloudfront.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "danceproducciones.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "daniel-san.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "danielives.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "darkovepredmety.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "datashenas.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "davusito.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dayman.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dccomputerrepair.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "debtorsafrica.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "decrypt.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dedyk.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "deepsoulutions.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "delikodu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "denariu.ddns.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dentalgap.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "designburners.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "destiney-arkaden.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dg1298.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "digitail.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "diis.plus", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "diversegold.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "djfunkyju.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dm-ppp.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dmehub.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "donaciondeorganos.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "doodle.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dorfbrunnen.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "droneservices.com.fj", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "drpa.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dumfriespropertyservices.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eamproperties.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eazyfreight.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ebikemod.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ecomoov.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eggzr.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eklavyacs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "elbassira.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eleonoramazzola.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "emeraldshield.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "empty.host", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "emulefans.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "enarxi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "entegrations.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "entremass.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "epicridesbahamas.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "erincarmody.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "escogitasrls.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "escrocratie.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "escuelaparapapas.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "estudarfora.org.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "etopa.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eurodesk.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "evertradeelectronics.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "expody.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "extantsoft.biz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "extranetplus.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fadenmeer.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "falcon-forex.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fallvegermdfharder.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fapplesauce.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fastbizcards.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fawter.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "federasco.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ferreterialuigi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fieldsgynroboticsurgery.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fiercerunning.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "filmsearch.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "firstresponder.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fixatelierstore.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "flourish.earth", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fluff.im", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "focusmagonline.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "followlearning.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "footmercato.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "forumoff.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fossic.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fotohiking.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fotrino.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fowos.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fr-phonix.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "freddyvasquez.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "free-ppp.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "freelancerim.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "freepron.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "frenetic.lv", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fungalforager.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "funtimesailing.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gagarin.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "galenguyer.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gavilanz.ddnsfree.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gdretrofunk.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "georgesand.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "girlshealth.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "givemeyour.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "golestanehali.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "golestanehali.ir", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "golifemobile.co.za", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gomer.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gomu.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gorki.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "grafologia.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "grafoterapia.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "graphicsfields.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gregorsarnow.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "groots.ngo", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "growthagent.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "grunwasser.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gulfvestors.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gymnastic.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "haliava.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "halogenos.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hanjl.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "happyanimalsshop.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hardtime.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "harmony.ec", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hdml.kr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "healthy-shoko.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hearthealing.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "herbymiast.waw.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hertz.zone", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hirschkronkessell.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hoctienganhgiaotiep.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hoffmeyer.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "homebrew.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "homeopathie.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "homepcomaha.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "homewarrantyreviews.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hornburg.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "householdheroes.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hqmovies.link", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hse-online.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hydrocontrolsystems-janssenwaterproofing.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hypothermia.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ibharatnews.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "icloud.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "idheastudio.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "idp.onl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "igenuinebeauty.co.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ignasiak.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "imls.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "inspiration.gr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "instalamosyreformamos.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "interbec.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "internetowykantor.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "internetwealthresource.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ipcuyuni.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "irantrue.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jacquant.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jagar.com.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jaguarkuda.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jeda.im", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jencor.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jonathanrobichaud.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kardastel.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "karmalighting.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "katoikos.world", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kicirdekorasyon.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kickshack.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kinkily.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kiwideo.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kk-gruppe.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "knxstore.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "koltsov.email", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kontracovid.ph", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kozackibazar.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kraken-ttt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kunze-medien.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kurashinohinto.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "la-buns.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lacasadelmaniqui.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lansing.games", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "learnk12.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "les-pipelettes-de-narbonne.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "leteckedarky.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "libressobooks.sk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "linux4tw.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "liveanimations.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "livejasmin-online.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lojagaboardi.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lol.my.id", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lonelyion.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "loyd.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lpdp.photo", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "luggagechoices.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "luhn.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lusitec.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mandospersonalizados.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "marketingseo.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "marklehane.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "marshallpeak.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "marta.uz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mask4all.shop", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mastercareplus-demo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mastercareplus-staging.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "medicairsolutions.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "medicalassistantadvice.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "medifit.si", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "medradar.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "megainformatyk.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "meridianbanker.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mesasysillas.site", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "michael-simon.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "minbrew.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mind-farma.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "minecraft-reviews.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ministranten-sankt-ge.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "misco.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "motortecbrasil.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mtcs-webhosting.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mtmedia.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "muot.tv", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mutex.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mutext.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "myboxing.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mycritify.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "myfinverse.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mynetdesigner.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nadomna-rabota.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "najmacademy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nakhtalla.ir", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nanxin.video", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "naturalhealthcures.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "negroes.forsale", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nelty.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nesta.ie", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "netim.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nightdreamer.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "niunaimilk.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nobs.no", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "non0.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nowcomplete.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ntechp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nucameratoezicht.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "numoola.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oasisgenetics.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oficinaproductiva.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oligenesi.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "olson25.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "omandatapark.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "online-bookmakers.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "onlinebusiness.law", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "onseteste.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ookinhetpaars.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "opinionmodel.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oposicionescorreos.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "optimom.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "orazen.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "organizacaosaojoao.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "orionleasing.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "orzechot.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "outatime.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pabel.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "paocaibang.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "passpartout.com.mx", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "patentmanufaktur.video", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "patineteelectrico.shop", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "paulus.cloud", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pavel.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "perisani.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "perros.review", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pesonadewata.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pianojockl.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pierrebruynooghe.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pivnicenamarjance.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pizzashop.lt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "planetenklang-fuer-jedermann.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "plokigames.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "plus-imobiliare.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "poe-sensor.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "polaroidmag.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "popka.sk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "poptattoo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pornoclips.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pornomovies.mobi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pornomovieshd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "potentialunlockedtuition.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "potterish.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "poweranalitica.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "powertop.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "poyonok.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "printerinks.ie", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "prismalite.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "prizesnapper.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "proagile.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "profile.ooo", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "progenixlab.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "prosperfit.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "provinzblogger.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pschunt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "psychotiq.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "publish.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "purestkratomusa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "putanaru.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pvalaw.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "q-xtra.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "qufa.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "qweertryrblog.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rabotanet.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rainer-knappe.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rates.monster", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "registriakashicimanuela.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "reidostorrents.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "resch.pro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "retail-spark.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "richardsandsterling.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rigasudens.lv", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "riunioni.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "riverviewmotel.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rodrigoarriaran.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "roll.hockey", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "root.place", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rootly.ai", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rowingsa.asn.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rpms.ph", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rsc-cronenberg.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rtfm.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rumn.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sabmobile.pk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "safewaywaterproofing.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sairadio.net.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sallyman.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sanskrit.pub", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "santander.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "santimb.photos", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "saxobroko.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "saxopholis.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sbpropman.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "scratch-ppp.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sebastien-meric.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sendigperu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "senfcall.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "seoblogs.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "seolisting.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "seopost.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sequitur.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "seyv.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shantiniketanacademy.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shemogo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shittyurl.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shui.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "singaporefreelegaladvice.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "singharora.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "skateaustria.events", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "skiingproperty.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "skyblueradio.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "slimwindows.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "slmail.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sman1pp.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "smartcents.gold", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "softios.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sosinfotech.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "spinning-portugal.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "splash-show.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "spotblue.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "staff-japan.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "startupstacksandbox.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "steveellwood.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stillsnfilms.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stopvirus.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "storebusy.nz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "storeinstallieren.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "strafe-muss-sein.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "supercima.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "suritylabs.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sylvain.codes", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "synapseretailing.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "synthetictrading.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "szadeczky.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tabelekaloryczne.waw.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tangovolcaniqueduvelay.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tardis.cloud", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tattoo-ideas-4u.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "teamhybrid.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "teamhybridforums.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "techmepro.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tecscipro.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tegamisha.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "terrafinanz.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "theangelgivingtree.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thecloudadmin.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thecolorrun.hu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "theruncibleraven.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thijmendevalk.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thijmenverveeltzich.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thoughtfullife.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tienic.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tinycat99.ws", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "titaniumangel.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tnt.construction", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "topmejores.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "totpolyglot.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tralios.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tramadol.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trantuanminh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "travelplugcolombia.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "traveltourist.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "travelwell.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trinitydigitalgroupsas.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "truenorthseedbank.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tumbaga.world", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tusfinanzas.ec", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "urbanwave.co.za", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "useon.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "usrspace.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uss-atlas.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v4f.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "valorantpornhentai.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vegandelivery.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vendorpedia.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vercel.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vercel.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vercel.email", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vercel.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vercel.sh", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "veseleruska.sk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vintagecommerce.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vovac.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wallett.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "walutomat.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "warking.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "warp.host", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "webaro.cloud", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "weblead.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "weltverschwoerung.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "weryfikacjapodatnika.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "windroide.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "woelfer.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "womenshealth.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wpcrs.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "writebyus.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xaynhachothue.vn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xu.wtf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xxxvids.mobi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xxxvids.tv", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yanlongli.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "your-fitness-coach.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yourhealthcommunity.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zdrowezywienie.edu.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zenithars-ledger.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zombiemix.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "01up.co.za", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0x1.ink", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "21stcenturycarpentry.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "360-ot.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "40daysnutrition.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "44bet86.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5starcruises.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "7in0.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "992ccc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "abyssiniankitty.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "activiteschiens.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "adbpub.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "adhd-explained.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ae86v.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ae86zx.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "africangreyparrotscare.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agambition.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agedgamer.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agpnepal.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aisling.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "akses.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alcasan.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "algodoncotton.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alltimemovies.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alma365.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alpha-protein.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "amirsabetketabchi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "amlexaexport.pe", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "anabelpagra.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "anacom.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "andahuaylas.pe", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "andreapavone.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "angorarabbitsaspets.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "animalarkvets.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "anip.icu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "anitahomecare.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "annarborplasticsurgery.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "antidott.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "anxietydisorderexplained.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "apicep.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "applemon.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "applemon.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "appy.la", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aprenderjuntos.cl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aptekaref.pro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "arcanehardware.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "area51-project.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "argon2.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "armilex.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "arobaz-informatique.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "arshispana.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "art7shinjin.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "artelista.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "artesaniaselmagodeoz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "artisansofsleep.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "artizlibranza.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "artworksthatlookgood.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "asabharwal.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "asalearn.ir", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "assignmentshelp.co.ke", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "asthma-explained.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "astrology-for-beginners.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "athritisexplained.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "audite.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aussieseo.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "autism-explained.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aviruptribedi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ayatosuzuki.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "azurefabric.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ballpythonsaspets.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "barkingspidersaspets.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "basicguitarlessons.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "batoi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bcubeanalytics.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "beaglesaspets.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "beautybox.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bella-arte.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bengalcatscare.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "benkelmed.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "berlindecouverte.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "besilent.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "betterteam.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bezmlska.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "biblia.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "biekos.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bioformula.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bipolardisorderexplained.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bistoyek.ir", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bitcoinset.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bitewinggames.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bitoll1.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bitolls.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bj-deal.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "blancamartinez.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bodybuildingsupplementsexplained.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bofoxdesign.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "boomerangworkouts.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "boophotobooth.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "borderless.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bouvier-des-flanders.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "boxerdogsaspets.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "boxturtlesaspets.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "brainit.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "brunogarcez.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "brunogarcez.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "budgerigarbirds.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buildyourdailyroutine.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "burmesecatscare.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "burmesepythonpet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "burz.one", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buttoned.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buyingstatus.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "c-3po.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "callmebetty.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "calu.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "camerahire.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "canaresidences.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "canellayachts.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cantor.cloud", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "caostura.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "carclinichn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "carolineovercash.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cartaisapre.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cassies.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cddwwj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ceba-cuec.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ceremonial-magic.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cgwebsites.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chalanbiltv.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "charlesassaf.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chirolokalenfonteintjekoersel.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "christmasinelmhurst.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "christopher-wright.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "city-gym.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "clacksixpromo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "clickthebucket.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cloverpc.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "clowd.ovh", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "clubedoberloque.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "collegemate.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "comomorreu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "comomurio.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "compostella.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "coneser2gl.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "contrastchecker.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "corarcraft.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "corgiaspets.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "corporatehitech.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "covid19world.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "covidinfo.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "crc32.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "crc64.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "crixto.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "crowdstack.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cryptozoologyguide.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cshive-cdn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cshive-img.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cshive-static.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cshive.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cute.science", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cyberarmy.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cyberon.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cynthiacherry.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dachshundsaspets.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dariarostirolla.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dateien.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "datesendates.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "daum-group.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "decisiontime.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "defenseattorneysseattle.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "degenerativediscdiseaseexplained.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dementiafactsexplained.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "demonologyfieldguide.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "denisgrandverger.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "desapego.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "desimpelaere.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "desteniiprocess.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "detali-if.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "devz.life", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dewereldwerktthuis.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dewereldwerktthuis.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dewereldwerktthuis.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dewereldwerktthuis.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dewereldwerktthuis.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "die.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "digitalrealitybbs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "diseyst.com.ar", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "docesmartini.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "doctorat.site", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "doctour.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "doctour.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dominik-steiner.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dorminyeremenyjatek.hu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "downtowndubai.ae", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dreamseo.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "driventoday.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dropfeedback.to", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "duenas.cat", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "duxbow.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dwwt.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dwwt.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dwwt.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dwwt.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eaglerockseattle.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "econmarketingdigital.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "edam.org.tr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eder-steiner.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "educationsupport.org.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eelsaspets.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "efhamcomputer.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "elopsys.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "embarkboathire.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "emmawild.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "encrypted.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "energiasperu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "engelwerbung.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ensy.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "epiphaniusmacar.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "es-sharing.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "esadoggy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eshoeft.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "esignprod.herokuapp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "esse.tools", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eternia.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ewelinagrochowina.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "exashop.tn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "explodingearths.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "expobeds.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eyestrainexplained.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "familytravelmagazine.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fantasyempires.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fantasyempires.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "feedingmynewbaby.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fekepp.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fenn.moe", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fhv-waldhausen.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fiddlesaw.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "filosofranca.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "financedepth.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "financedraft.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "financeguest.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "financeknown.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "financelong.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "financemain.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "financenews.global", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "financenews.tv", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "financeorange.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "financepen.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "financeplush.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "financepre.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "financestead.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "financethrive.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "financetwenty.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "financewhile.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "finax.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "finverse.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fitcrewhn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fiusi.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "flconcretelifting.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "floresparamamae.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "flp-pushkar.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fontnegar.ir", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "forfortcollins.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "freddyxvasquez.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "frederickearlstein.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "freshmans-pizza.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fxrates.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "garrowdigitalmedia.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gasparesganga.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gemasulawesi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "geo-portale.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "geoforex.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "getapps.review", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "getdinghy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "getnetset.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "getsamegoal.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "getts.shop", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "glasgeats.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "goldenretrieverspets.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gole.ms", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "graphpaper.studio", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "grottalchemica.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gtamoney.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "habitiss.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hails.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "handmadeweb.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "harigovind.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "havranek-its.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hayda-haki.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hcfoodpantry.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hcsbk.kz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "health-booster.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "helendoron.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hersport.ie", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "herza.id", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hex2rgb.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hghwebs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hof-imbiss-lieske.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hottestguyoftech.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "howtocurekennelcough.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "htsm.top", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hunhee.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hushbabysleep.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hutuishangmeng.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hypertensionexplained.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hypno-thera.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hysupchile.cl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ihalesorucevap.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "iksi.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "image2base64.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "imanet.cl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "immomydesk.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "imprenta-es.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "incapecoral.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "indirimkuponumarketim.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ineztheminiatureelephant.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "infectingthe.world", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "infocrypto.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "infraref.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "inscomers.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "inspas.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "institut-coiffureetnature.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "international-books.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "iosbankermyanmar.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "itbog.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "j5y.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jacobey.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jaisa.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "javara-atlantik.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "javmobile.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jayanthreddy.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jayveel.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jeddahlyn.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jents.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jitprod.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jmg3.dynu.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "josephpinder.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "junbread.win", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kaagsebc.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kabataan.ph", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kapusta.if.ua", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "katzei.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kemoiptv.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "keniasfamilychildcare.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kevintolaw.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kindredcode.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kinschots.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kisaragihayato.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kjcdaily.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "klappgeschichten.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kleankonshiens.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "knight-broadband.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "koch-wro.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kod.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "konyvbazar.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "korea.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kosmetykifm.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kozak.cloud", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "krezimizik.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "krispeinture.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kristoffer.is", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kryptix.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "laliebreyelcoyote.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "le-marais.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lehvyn.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lenguajecoloquial.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lenguajecoloquial.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lescommunes.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lewt.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lidl-kochen.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "liftyourgame.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lightanddarkgame.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lilith-magic-ua.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lillbrothers.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "liuq.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "livery.com.ve", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "localmarket.org.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lojaodo9.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lollybrown.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "londresdecouverte.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "loreofthenorth.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lotnonline.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "luje.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "madebyvasilis.site", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mairiedemoncelsurseille.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "makecharcoal.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "makmasks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mamohe.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "manoha-proservices.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "marshaiargentina.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "martafloresmakeup.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "masaloku.com.tr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mastercareplus-uat.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "medecinsdumonde.lu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "meewan.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mejorwork.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mfin.services", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mi-kasa.ddns.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "micasayestilo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "milwaukee-webdesigner.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "minipigscare.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mirador.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mitzycoach.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mode-tabita.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "moe.social", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mojama3dz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "monetohq.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "monytharaa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "morespacestorage.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "morgen.news", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "motoextremela22.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mrcelulares.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mrtudo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "musicbox.party", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mxdecoracoes.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mylfca.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mynerva.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mysafetygear.co.za", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mysciencecloset.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "na-n.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "naehtalente.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nakarkhana.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nako.kr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "narda-sts.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nationsecurity.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ndmibiza.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "neon-lover.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "neotracker.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nerta.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "netroworx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ngo4ngo.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nishvikacommunications.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nisselrooij.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nonsense.fyi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "norman-legal.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "normandcyr.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "northeasternsportfishing.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nrbpublishing.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nuitec.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "obsessivecompulsiveexplained.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oddba.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "olatiferreira.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "onehost.kz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oneone.moe", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "onlycouponoffers.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "optimummenhealth.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "orbitfoods.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "orseep.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "osamakhalid.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "osrs.news", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ovedy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "overcached.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "palant.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pan-therra.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "parisbesttravel.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "paulevers.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "paymentjs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pedagoplume.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "perkilo.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "petaxolotl.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "petinsurance.ie", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "petsnowshoecats.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "petsulcatatortoise.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pfp.works", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pgitl.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "philipquao.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "physiotherapist-physicaltherapist.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pigeonracinginformation.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pirateproxy.name", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "planafy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "plex-server.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "poder.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "porntop100.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pornvidsfree.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pornxxnxx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "profilmonline.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "profilmonline.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "programmare.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "propertyconnect.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "prospectroleplay.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "prosperstack.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "protestantsegemeentekaag.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pstrykmyk.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pueblanmilksnake.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "purepowercycle.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pygmyleafchameleon.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "qnixon.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "quietapple.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "quoteee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ratsmicedormice.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rawscientific.ws", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "raxion.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "red-eyed-tree-frogs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "redearsliderturtles.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "regamega.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "reisenbauer.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rejpaci.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "renam.md", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "reypi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rf-meters.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rgb2hex.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rgfundraising.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rohitpatil.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rosskopfs.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rostirolla.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rtl.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rtonin.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rumbies.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rx-diet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ry88url.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sandtime.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sanemind.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sanskrit.site", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sb-graph.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "schwimmschule-kleine-fische.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "server-check.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "seti.co.il", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "setin.srl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sha512.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shakespeareans.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shipmyroom.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shipnak.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shophikas.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sicol.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "simaogv.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "simpletrace.nz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sixe.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "slugify.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "smartpos.net.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "smoe.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "somoslaarmenia.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sotypicallydutch.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "spackmanimages.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stackick.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "startinop.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stefaniepetermann.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "steiner-dominik.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "steiner.do", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "steiner.is", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "steiner.is.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sticky.to", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "strangeelectricdreams.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stratussc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "streamgato.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "streamodz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "strmgt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "studiomenfis.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sufleu.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sufleuri.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "superherofactory.hu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "suwanneehealthrehab.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "svauto.ks.ua", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "swap.ly", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sysadvisors.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "team-khcompany.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tech2gen.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "telosglobal.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "telosotec.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "teners.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tenkiz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tf2pickup.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tfus.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thailandguru.properties", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "theanimalshadow.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "theartofe.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thebookiejoint.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thefireflygrill.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thepainapple.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thrivebymitchelle.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "timecaptis.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tirion.network", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tirion.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tirion.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "todocruces.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "topnotchsociety.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "topvision.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tra-tra.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tradesrenovations.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trib.nz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trtbangla.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "truegraceministryglobal.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trustkennedy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tucumpleanos.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tufelicitacion.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tuinenvermeiren.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tupesame.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tupoema.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tv.kg", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "twingolfer.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tyr0wl.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ultrageilo.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "unitedmethodistchurch.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "unsiteweb.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "useon.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "userstation.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uzidesign.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vaartjesboten.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vanbalen.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "violettecleaning.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "virtual-webcam.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "virus.cafe", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vlaser.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "volreinsistemas.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vondenstein.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "voxengo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "waf.hk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wallamigos.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wallapollas.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "warszawa-pranie-dywanow.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "webslate.co.nz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wheyteck.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "why7.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "willobyhomes.realestate", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wineforhelp.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wmbey.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "woodfarm2020.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xetaioto.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--ugt.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xprometheus.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xtremotivation.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xywap.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yansurachman.web.id", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ybrcelikyapi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yfooz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yoo.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yspertal.party", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zivimexico.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zorghuys-steenbergen.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1qaq.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "30019cc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "30019gg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "30019kk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "30019oo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "30019ss.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "30019tt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "30019uu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "30019vv.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "30019ww.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "30019yy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4dmarinelearning.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "870.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "99furnitureideasexamples.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9gag.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "a30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aa30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aanyasri.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "accpressurewashing.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "acemadeira.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "acusticocoffeehouse.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "adamadr.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "admicos.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "adrianhardy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "advokat73.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aeravo.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aeravo.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "africansafaris.co.nz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agar.kr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agenciade.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agenciaflum.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agency360.cloud", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ai-practitioners.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aim-port.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aiprecipecollection.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "airtrolinc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alfransiacademy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "allitschool.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alnavedic.co.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "altecgmbh.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "altrasoluzione.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ambulanceplus.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "amjaadabdullah.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "amroofingelpaso.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "andrewsandford.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "androtiyas.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "anitahebe.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "anthonywesbrook.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "antivirus.directory", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "anzahcraft.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "apeelectrics.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "applebee1558.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "arcleanarcondicionado.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ardania.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ariellefrioza.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "arno.digital", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "asg-egy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "asianet.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "astral.com.ar", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "atilo.sh", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "atmydesk.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "atthehelmins.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "auk.hopto.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aurora403.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "automiata.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bankifsccodes.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bb30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "believeinyourmind.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bellevueduilawyers.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bigbeats.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bingchunmoli.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bismi.solutions", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bito3d.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "blankpage.link", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "blue-olive.co.za", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "boattour.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bobsfhairstyles.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bofashion.site", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bogazreflusu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bomull.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bragpacker.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "brandon14.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bravoasociados.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "burz.media", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "burz.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "burzgroup.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bwmcnc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "c1cdn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "c30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cairogyms.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cajadecoloreshome.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "camera-podvod.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "canpervet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cattery.work", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cavistenancy.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cbaamaga.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cbrtrainer.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cc30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ccpinvestments.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ceafinney.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "centaurfinancial.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cfdcre5.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "channelizer.tv", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chaos-darmstadt.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chaveirochavetechlondrina.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chchealth.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "choochooworld.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "christopherzoukis.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cicery.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cigdelivery.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "clearviewsecurity.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "clevyrprojects.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "climatecrafters.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cloudwebservices.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "code-in-plate.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "codesquad.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "codoozer.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "collalloc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "collerosso.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "comite-des-fetes-neuville.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "comprafasil.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "computerz.solutions", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "computingaustralia.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "computingaustralia.group", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "coniectoinvestments.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "continuumm-tech.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "coopemep.live", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cooperativaminka.cl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cravecraftonline.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cuscocontable.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cyber-ksa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cyberlin.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cybersa.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cytophil.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "danieladentista.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "danwillenberg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "david-osipov.vision", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "davidodehnal.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dd30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ddays2008.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dhs-rizlona.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "diabolique.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dilldos.cl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "divaseventstx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "diversificarte.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dlf.exchange", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dnsvrfy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dnsvrfy.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dnsvrfy.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dnsvrfy.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dochoitreem.website", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dogwithblog.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dokanline.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "domihouse.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "domreg.lt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dr-detailing.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "drogariasnovafarma.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "drsejf.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dura.si", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dwarikajewellers.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dy.express", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dynamicsdays.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "e30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "easynotes4u.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ecozona.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eda.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "edok.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "educalis.altervista.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "edukarl.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ee30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "egitimetkinlikleri.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "elalmibar.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "elitexco.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "emelies-inspiration.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "enderdrachelp.ddns.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eneryetika.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "equisoft.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eskola.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "esoa.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eucustody.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eventticketscenter.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "everettduiattorneys.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ewheelnigeria.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "f-bbs.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "f30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "f3r.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "femcompany.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fena.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fetchmag.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ff30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fifaultimatemod.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fiftyseven.media", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "finkrer.wtf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "flarewalker.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "flarewalker.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "flarewalker.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "flarewalker.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "flatsomestudio.ir", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "flugplatzmanager.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "formacionodontologica.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "forpreneur.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "frahub.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "framatube.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "freewoman.club", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "froh.co.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "frutidump.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "frutiferospornatureza.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fuge-specialisten.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "funhunt.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "furretre.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "g30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gabe.cooking", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gameller.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gecocentermdp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "geekyboi.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "geneticvisions.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "geopixeles.cl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "georgie.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gg30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gibberfish.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gibsondunn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gigiena-ruk.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gipsplitka.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "girtlak-kanseri.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "glitterblast.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "godstoghosts.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "goldbar.com.hk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gotgeeks.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gotoals.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gracioussecondhand.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gravitlauncher.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "guitarristaluisquintero.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "h30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hanabi.fan", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "happyfeet-dordrecht.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hardy.bz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hermandadblanca.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hfzlaw.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hh30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "himbak.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hirisejanitorial.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hno-norderstedt.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "holdiers.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "housemart.company", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hystats.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "i30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "iacitywebdesigner.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ifur.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "igm-mali.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ii30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "iiidstudio.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "imediato.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "inex.one", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "int.icu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "integritree.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "intsys.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ionstudio.pe", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "iqunit.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "iranvisa24.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "is-news.today", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "isaaccs.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "it-com.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "j30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jackafur.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jackinmybox.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jamstallt.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "japanasonic.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jatransportadora.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jeecarnot.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jingmakeji.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jj30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jorgemarquez.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "juancatalangomez.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "just-bees.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "karbox.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kennethsentillas.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kinsei.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kitscan.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kk30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kk3773.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "knightpowerelectrical.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "knowit-now.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "koreabestood.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "koten-bu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kouwenhoven.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kralchat.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kronos-crm.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kronos-web.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ktd-design.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "l30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "languageatplay.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "laptopnewbie.eu.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "laudlab.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "laudworks.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc9915.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "leales.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lecoquelicot.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "legterm.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lelux.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "leolepirate.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "linux.study", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "livevisual.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "living2000.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ll30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "localcryptos.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lojasmary.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "longoconsulting.us", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "los-hoppers.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lost-illusions.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lostserial.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lourencolar.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lowcarbdietmealsmsk.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lph.saarland", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "luigialtieri.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "luje.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lynk.hopto.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "maasstaddinerexpres.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "madeconsultingsrl.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "maeprototipi.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "markenet.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "marketcavalli.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "marmor-resmini.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "matdesign-prod.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "maxratmeyer.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mc5zvezd.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mejorator.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mejorator.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mejorator.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mejorator.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mentetotal.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mentoringauchan.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mgfashion.ae", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "midori-m726.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "milwaukeecreative.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "misol.kr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "missouri-sky.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "missycraindance.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mitsov.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mitsubishielectric-rce.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mitsuvictory.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mixedmenus.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mixify.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mm30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mmcafe.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "modicollege.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mooncharmshop.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mrupert.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mshgame.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mtr-croatia.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mub-tomsk.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "muhabarishaji.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mynas.ovh", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mypiloteis.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "myrasp.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "n30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "naganoziotech.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "naturopatiasiddharta.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "neimadtelliam.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "neither-side-news.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nerdsin.space", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "netkolik.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "njbr.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "njbr.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nmgroup.com.mt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nn30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "noblesmart.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nokumbaya.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nolische.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "novokurovka.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nuriaamat.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nussschale.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nutrygente.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "o30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "objectifs-fitness.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "objexunlimited.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oblitsov.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ofasoft.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ofcac.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ohitsviral.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "olegchursin.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "olimpikfit.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "olimpikfit.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "olympiaduilawyers.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "omayn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "onlinefurniture.us", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "onporn.red", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oo30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "openalgeria.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "optitaxes.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "orcz.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "orsal.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "osorio.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "our-store.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ouroboros.world", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p3.marketing", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pabloarcuri.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "paidonclick.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pamashield.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pang.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "paparazzo.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "papelariaestacaodopapel.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "parkercs.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "parkercs.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "parkercs.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "parkercs.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "parkercs.technology", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "parkercs.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "parkers.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "parkers.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "parkers.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "parkers.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "parkers.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "partisaani.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "payclock.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pbf.earth", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pctravel.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pcwdevtwebsite.azurewebsites.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pedicure-stadspolders.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "perscore.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "persiennexperten.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "persistshields.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pestibus.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pesunmsm.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pewresearch.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pianoplast.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "picordi.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pidelo-peru.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pinnacleroofingsolutions.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "piranja-cola.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "piranjasoul.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pixeluser.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "poderesdanatureza.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pohoron.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "point.pink", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ponteachambear.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pontupagina.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pooteng.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pornline.sex", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pornogam.porn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pornogo.sex", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "portfreezone.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "portusidades.com.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "postfree.gr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pp30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ppapogey.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ppapogey.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "prefabricadosdelcaribe.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pricelistforbxmodules.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pristinepotty.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "privacyculture.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "privacyend.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "privatemillionaire.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "proficio.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "projectview.ai", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ps2online.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "psychosafety.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pulley.co.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pvv-vermietung.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pwoss.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "qw-dev.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "r30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "randomdomain.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rapu.nz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rate.is", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ravmda.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rdmshit.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "recordsmanagement.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "redwaymu.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "refrigeratorrepair-austin.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "reidrice.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "renfis.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "resolutesystems.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "retohaeberli.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rexcutty.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "riderchris.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rileystar.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ringneckparakeets.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "roellcapital.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rollbackdiabetes.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rollenspiel.monster", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rometoptentravel.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ronaldguevara.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "roosterpets.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rootly.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rosound.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rottweilerdogcare.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rr30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rtholf.nu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rubenslikkarchive.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "runesforbeginners.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "russenes.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "russianbluecatsguide.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "s30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "s3lph.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sagenet.net.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "saintbernardpetcare.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "salarycalculatoruk.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "saltwaterfishaspets.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sammichscripts.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "samoyeddogsguide.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "santeriabeliefs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sapiensmedicus.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "savannahhappycats.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "scabieslice.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "scaffoldingsolutions.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "schnauzer-dogs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "school32.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "scottish-fold-cats.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "scraft.su", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "search-engine-optimization.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "searx.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "seattleduiattorneys.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sgj0.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shanus.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shape.pink", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shih-tzu-dogs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shokofarehab.ir", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shophub.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shoppingjin.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shrturl.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "siamesecatsguide.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "siberiancatsinformation.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "siberianhuskypets.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "silentneko.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "silvernstuff.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "singaporetoptentravel.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sinusitisexplained.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sistemasarquitectonicos.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "snowatka.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "softwaterinc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "somom.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sorcemegavendas.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sovraindebitamento.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sphera.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sphynx-cats.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "squinkem.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ss30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ssld.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ssradio.live", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stammtisch-bauwagen.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "standford.pe", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "starrace.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stccordoba.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sterva.mobi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stgen.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stoomstichting.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stoomstichting.biz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stoomstichting.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stoomstichting.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stoomstichting.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stoomstichting.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stoomstichting.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stoomstichting.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stoomtreinhuren.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stoomtreinreizen.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stoomtreinreizen.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stoomtreinreizen.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stoomtreinreizen.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stoomtreinreizen.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stratik.com.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "streamtelly.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stressexplained.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "suiteassured.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sunwahpanama.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "superfoodsexplained.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "suplementosmarket.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "supportal.one", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "surfocal.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sweetlycakes.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tacoma-dui-attorneys.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tagtog.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tahakomlearning.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tarantula-spider.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tarotreadingexplained.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "taskseller.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "teacuppersiancats.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "teacupyorkiespets.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tecnikan.ar", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tendoryu-aikido.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tfok.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thaserv.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "the-archive.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "the-deep.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "theconversation.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thecoorgfoundation.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thecracks.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tietotori.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tillmanassociates.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tlroadmap.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tmbcloud.duckdns.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tokyotoptentravel.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tomatofrogs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tomkinsonplumbingandgas.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "toot.koeln", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "topcarcasas.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "torticollisexplained.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "totalrattan.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "toypoodlepet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trail.pink", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trypheromones.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tt30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "txferretrescue.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "typetwodiabetesexplained.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "u30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "udrop.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ufone.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uinst.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ukimmigration.law", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ulike123.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "unblockit.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "unpocodetic.com.ar", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "usacarry.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "useget.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "usherwoodexecutivetravel.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uspeli.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uu30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uvlamp.ee", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uwsalonboot.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uwwsb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uyz.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vaat.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "valorantpicker.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vampireapocalypsesurvival.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vbabe.tube", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "velorail01.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "very-stylish.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vestakassa-online.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "veterinariaelcrack.com.ar", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vihotar.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vinaygarg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "visionmedicale.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "visitbangkoktravel.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vladimirovka.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vmccnc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "voodoobeginner.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vv30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vvg-vermietung.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wagn3r.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wainbholle.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ward.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wargov.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wildbergh.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wilmingtonzen.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "windowwellsupply.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wohlgemuth-stetten.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "woodbridgegrp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "woodcock.cloud", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "woolyss.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wp-speed.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wp2static.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wuki.li", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wunderganznah.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ww30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xin365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xmediz.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--rechtsanwltin-paderborn-37b.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xx30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yannickkordel.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ycb.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yewtu.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yuina.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yukinarita.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yvcr.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yvonne-stingel.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yy30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zaigar.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "znfinnews.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zorox.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zporno.porn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zz30019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, // END OF 1-YEAR BULK HSTS ENTRIES // Only eTLD+1 domains can be submitted automatically to hstspreload.org, @@ -107943,6 +110684,61 @@ { "name": "votehamiltoncountyohio.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, { "name": "athenstn.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, { "name": "reemployks.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "wmataoig.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "wildwoodpolice-fl.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "widatcp.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "westplains.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "westonma.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "watertownmn.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "warrencountyga.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "voteokaloosa.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "utleg.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "troupcountyga.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "thetfordvt.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "texascountymo911.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "sweetwatertx.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "suwcountyfl.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "suwanneecountyfl.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "southogdencity.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "shermancountyks.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "sanduskycountyoh.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "risheriffs.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "richlandcountyoh.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "queencreekaz.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "portagecounty-oh.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "ottervillemo.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "nwfdaz.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "northhampton-nh-pd.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "martinsferryoh.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "mahealthsurveys.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "linden-nj.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "lincolncountymoclerk.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "leonvotes.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "iowacolonytx.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "inverness.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "hopkintonri.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "govotetn.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "georgetownohio.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "geneseecountymi.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "gary.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "g7usa.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "g7campdavid.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "g72020.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "fremontcountyia.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "forestparkga.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "floridados.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "fayettevillewv.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "elkvalley-nsn.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "elkgroveil.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "crawfordcountyohioboe.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "coronavirustesting.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "coronavirus.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "cleelum.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "cityofmerced.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "chathamil.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "briellenj.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "blainecosheriff-ok.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "almaarkansas.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, // END OF ETLD-OWNER REQUESTED ENTRIES // To avoid trailing comma changes from showing up in diffs, we place a diff --git a/chromium/net/http/url_security_manager_win.cc b/chromium/net/http/url_security_manager_win.cc index a2cc1946b15..33ab56efe09 100644 --- a/chromium/net/http/url_security_manager_win.cc +++ b/chromium/net/http/url_security_manager_win.cc @@ -7,6 +7,7 @@ #include <urlmon.h> #include <wrl/client.h> +#include "base/logging.h" #include "base/macros.h" #include "base/strings/string_util.h" #include "base/strings/utf_string_conversions.h" diff --git a/chromium/net/log/file_net_log_observer.h b/chromium/net/log/file_net_log_observer.h index 66c80ca9024..05943c12686 100644 --- a/chromium/net/log/file_net_log_observer.h +++ b/chromium/net/log/file_net_log_observer.h @@ -8,6 +8,7 @@ #include <limits> #include <memory> +#include "base/callback.h" #include "base/files/file.h" #include "base/macros.h" #include "base/memory/ref_counted.h" diff --git a/chromium/net/log/net_log.cc b/chromium/net/log/net_log.cc index 24dfbf2191d..6d10b0791c8 100644 --- a/chromium/net/log/net_log.cc +++ b/chromium/net/log/net_log.cc @@ -4,7 +4,9 @@ #include "net/log/net_log.h" +#include "base/check_op.h" #include "base/no_destructor.h" +#include "base/notreached.h" #include "base/strings/string_number_conversions.h" #include "base/values.h" #include "net/log/net_log_values.h" diff --git a/chromium/net/log/net_log_event_type_list.h b/chromium/net/log/net_log_event_type_list.h index 625f1f1c1f2..12553338d45 100644 --- a/chromium/net/log/net_log_event_type_list.h +++ b/chromium/net/log/net_log_event_type_list.h @@ -111,12 +111,12 @@ EVENT_TYPE(HOST_RESOLVER_IMPL_CREATE_JOB) EVENT_TYPE(HOST_RESOLVER_IMPL_JOB) // This event is created when a HostResolverImpl::Job is evicted from -// PriorityDispatch before it can start, because the limit on number of queued -// Jobs was reached. +// PrioritizedDispatcher before it can start, because the limit on number of +// queued Jobs was reached. EVENT_TYPE(HOST_RESOLVER_IMPL_JOB_EVICTED) // This event is created when a HostResolverImpl::Job is started by -// PriorityDispatch. +// PrioritizedDispatcher. EVENT_TYPE(HOST_RESOLVER_IMPL_JOB_STARTED) // This event is created when HostResolverImpl::ProcJob is about to start a new @@ -2193,6 +2193,24 @@ EVENT_TYPE(QUIC_SESSION_HANDSHAKE_DONE_FRAME_RECEIVED) // } EVENT_TYPE(QUIC_SESSION_COALESCED_PACKET_SENT) +// Session buffered an undecryptable packet. +// { +// "encryption_level": <the encryption level of the packet> +// } +EVENT_TYPE(QUIC_SESSION_BUFFERED_UNDECRYPTABLE_PACKET) + +// Session dropped an undecryptable packet. +// { +// "encryption_level": <the encryption level of the packet> +// } +EVENT_TYPE(QUIC_SESSION_DROPPED_UNDECRYPTABLE_PACKET) + +// Session is attempting to process an undecryptable packet. +// { +// "encryption_level": <the encryption level of the packet> +// } +EVENT_TYPE(QUIC_SESSION_ATTEMPTING_TO_PROCESS_UNDECRYPTABLE_PACKET) + // ------------------------------------------------------------------------ // QuicHttpStream // ------------------------------------------------------------------------ @@ -3738,3 +3756,52 @@ EVENT_TYPE(HTTP3_HEADERS_SENT) // "headers": <A dictionary of the headers sent> // } EVENT_TYPE(HTTP3_PUSH_PROMISE_SENT) + +// ----------------------------------------------------------------------------- +// Trust Tokens-related events +// ----------------------------------------------------------------------------- + +// Event emitted when a request with an associated Trust Tokens operation +// reaches the net stack (TrustTokenRequestHelperFactory). +// +// The BEGIN event contains the operation type: +// { +// "Operation type (mojom.TrustTokenOperationType)": <The operation type> +// } +// +// The END event contains a human-readable explanation of whether creating a +// Trust Tokens helper (i.e., moving on to the bulk of the operation-specific +// logic) succeeded or failed: +// { +// "outcome": <human-readable explanation of the outcome> +// } +EVENT_TYPE(TRUST_TOKEN_OPERATION_REQUESTED) + +// For each of the BEGIN/FINALIZE event type pairs below: +// +// The BEGIN event type's BEGIN event is emitted when a request with an +// associated Trust Tokens operation starts the "Begin" (outbound) phase of the +// operation. Its END event contains a description of why the outbound phase of +// the operation succeeded or failed: +// { +// "outcome": <human-readable explanation of the outcome> +// } +// +// The FINALIZE event type is the analogue for the "Finalize" (inbound) phase of +// the operation. +// +// BEGIN_ISSUANCE's BEGIN event is the only event containing a dynamic parameter +// populated with data from an operation (rather than just a success-or-error +// description). On success, it contains the number of signed tokens that the +// issuance operation yielded. +// { +// "outcome": <human-readable explanation of the outcome>, +// "# tokens obtained": <number of tokens> +// } +EVENT_TYPE(TRUST_TOKEN_OPERATION_BEGIN_ISSUANCE) +EVENT_TYPE(TRUST_TOKEN_OPERATION_FINALIZE_ISSUANCE) + +EVENT_TYPE(TRUST_TOKEN_OPERATION_BEGIN_REDEMPTION) +EVENT_TYPE(TRUST_TOKEN_OPERATION_FINALIZE_REDEMPTION) + +EVENT_TYPE(TRUST_TOKEN_OPERATION_BEGIN_SIGNING) diff --git a/chromium/net/log/net_log_source.cc b/chromium/net/log/net_log_source.cc index ff1e84d4a5c..8386d63f338 100644 --- a/chromium/net/log/net_log_source.cc +++ b/chromium/net/log/net_log_source.cc @@ -9,7 +9,7 @@ #include "base/bind.h" #include "base/callback.h" -#include "base/logging.h" +#include "base/check_op.h" #include "base/values.h" #include "net/log/net_log_capture_mode.h" diff --git a/chromium/net/log/net_log_util.cc b/chromium/net/log/net_log_util.cc index 925abba259b..b00221ea87d 100644 --- a/chromium/net/log/net_log_util.cc +++ b/chromium/net/log/net_log_util.cc @@ -9,7 +9,7 @@ #include <utility> #include <vector> -#include "base/logging.h" +#include "base/check_op.h" #include "base/metrics/field_trial.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_split.h" @@ -381,7 +381,8 @@ NET_EXPORT std::unique_ptr<base::DictionaryValue> GetNetInfo( cache_info_dict->SetInteger("network_changes", cache->network_changes()); cache->GetAsListValue(cache_contents_list.get(), - /*include_staleness=*/true); + true /* include_staleness */, + HostCache::SerializationType::kDebug); cache_info_dict->Set("entries", std::move(cache_contents_list)); dict->Set("cache", std::move(cache_info_dict)); diff --git a/chromium/net/log/net_log_with_source.cc b/chromium/net/log/net_log_with_source.cc index 9e9575c856b..5a6cbe10ea1 100644 --- a/chromium/net/log/net_log_with_source.cc +++ b/chromium/net/log/net_log_with_source.cc @@ -7,7 +7,7 @@ #include <memory> #include <utility> -#include "base/logging.h" +#include "base/check_op.h" #include "base/no_destructor.h" #include "base/values.h" #include "net/base/net_errors.h" diff --git a/chromium/net/log/test_net_log_util.h b/chromium/net/log/test_net_log_util.h index e3d1e32882a..03857f2ef28 100644 --- a/chromium/net/log/test_net_log_util.h +++ b/chromium/net/log/test_net_log_util.h @@ -8,6 +8,7 @@ #include <stddef.h> #include "base/optional.h" +#include "base/strings/string_piece.h" #include "net/log/net_log_event_type.h" #include "testing/gtest/include/gtest/gtest.h" diff --git a/chromium/net/log/trace_net_log_observer.cc b/chromium/net/log/trace_net_log_observer.cc index 70b6502599d..543d861939b 100644 --- a/chromium/net/log/trace_net_log_observer.cc +++ b/chromium/net/log/trace_net_log_observer.cc @@ -10,8 +10,8 @@ #include <string> #include <utility> +#include "base/check.h" #include "base/json/json_writer.h" -#include "base/logging.h" #include "base/trace_event/trace_event.h" #include "base/values.h" #include "net/log/net_log_entry.h" diff --git a/chromium/net/log/trace_net_log_observer_unittest.cc b/chromium/net/log/trace_net_log_observer_unittest.cc index d7053014c87..f2d135c9e2b 100644 --- a/chromium/net/log/trace_net_log_observer_unittest.cc +++ b/chromium/net/log/trace_net_log_observer_unittest.cc @@ -9,8 +9,8 @@ #include <vector> #include "base/bind.h" +#include "base/check.h" #include "base/json/json_reader.h" -#include "base/logging.h" #include "base/memory/ptr_util.h" #include "base/memory/ref_counted.h" #include "base/memory/ref_counted_memory.h" diff --git a/chromium/net/nqe/effective_connection_type.cc b/chromium/net/nqe/effective_connection_type.cc index bcc084e5d24..e9d9aa710e2 100644 --- a/chromium/net/nqe/effective_connection_type.cc +++ b/chromium/net/nqe/effective_connection_type.cc @@ -4,7 +4,7 @@ #include "net/nqe/effective_connection_type.h" -#include "base/logging.h" +#include "base/notreached.h" namespace { diff --git a/chromium/net/nqe/network_congestion_analyzer.cc b/chromium/net/nqe/network_congestion_analyzer.cc index 4a19aff340b..2e16ece8b57 100644 --- a/chromium/net/nqe/network_congestion_analyzer.cc +++ b/chromium/net/nqe/network_congestion_analyzer.cc @@ -348,22 +348,6 @@ void NetworkCongestionAnalyzer::FinalizeCurrentMeasurementPeriod() { count_inflight_requests_for_peak_queueing_delay_; } - size_t peak_queueing_delay_level = - ComputePeakQueueingDelayLevel(peak_queueing_delay_); - DCHECK_GE(kQueueingDelayLevelMaxVal, peak_queueing_delay_level); - - if (peak_queueing_delay_level >= kQueueingDelayLevelMinVal && - peak_queueing_delay_level <= kQueueingDelayLevelMaxVal) { - // Records the count of in-flight requests causing the peak queueing delay - // within the current measurement period. These samples are bucketized - // into 10 peak queueing delay levels. - base::UmaHistogramCounts100( - "NQE.CongestionAnalyzer.CountInflightRequestsForPeakQueueingDelay." - "Level" + - base::NumberToString(peak_queueing_delay_level), - count_inflight_requests_for_peak_queueing_delay_); - } - UpdateRequestsCountAndPeakQueueingDelayMapping(); } @@ -381,18 +365,6 @@ void NetworkCongestionAnalyzer:: base::Optional<size_t> mapping_score = ComputePeakDelayMappingSampleScore(truncated_count, peak_queueing_delay_); - // Records the score that evaluates the mapping between the count of requests - // to the peak observed queueing delay. Only records when there are at least - // 10 samples in the cache. The goal is to eliminate low-score samples because - // only few requests are in cache. For example, when there are only 5 samples - // in the cache, a mapping score can be 40 if the new mapping sample violates - // 3 of them. - if (count_peak_queueing_delay_mapping_sample_ >= 10 && - mapping_score.has_value()) { - UMA_HISTOGRAM_COUNTS_100( - "NQE.CongestionAnalyzer.PeakQueueingDelayMappingScore", - mapping_score.value()); - } // Discards the mapping sample if there are at least 10 samples in the cache // and its score is less than the threshold. The purpose is to make the diff --git a/chromium/net/nqe/network_quality_estimator.cc b/chromium/net/nqe/network_quality_estimator.cc index 33ebff94c4c..05c94e33cef 100644 --- a/chromium/net/nqe/network_quality_estimator.cc +++ b/chromium/net/nqe/network_quality_estimator.cc @@ -11,12 +11,14 @@ #include "base/bind.h" #include "base/bind_helpers.h" +#include "base/check_op.h" #include "base/location.h" -#include "base/logging.h" #include "base/metrics/histogram.h" #include "base/metrics/histogram_base.h" #include "base/metrics/histogram_functions.h" #include "base/metrics/histogram_macros.h" +#include "base/metrics/histogram_macros_local.h" +#include "base/notreached.h" #include "base/single_thread_task_runner.h" #include "base/stl_util.h" #include "base/strings/string_number_conversions.h" @@ -40,7 +42,6 @@ #include "net/nqe/weighted_observation.h" #include "net/url_request/url_request.h" #include "net/url_request/url_request_context.h" -#include "net/url_request/url_request_status.h" #include "url/gurl.h" #if defined(OS_ANDROID) @@ -703,28 +704,29 @@ void NetworkQualityEstimator::RecordMetricsOnMainFrameRequest() const { if (estimated_quality_at_last_main_frame_.http_rtt() != nqe::internal::InvalidRTT()) { // Add the 50th percentile value. - UMA_HISTOGRAM_TIMES("NQE.MainFrame.RTT.Percentile50", - estimated_quality_at_last_main_frame_.http_rtt()); + LOCAL_HISTOGRAM_TIMES("NQE.MainFrame.RTT.Percentile50", + estimated_quality_at_last_main_frame_.http_rtt()); } if (estimated_quality_at_last_main_frame_.transport_rtt() != nqe::internal::InvalidRTT()) { // Add the 50th percentile value. - UMA_HISTOGRAM_TIMES("NQE.MainFrame.TransportRTT.Percentile50", - estimated_quality_at_last_main_frame_.transport_rtt()); + LOCAL_HISTOGRAM_TIMES( + "NQE.MainFrame.TransportRTT.Percentile50", + estimated_quality_at_last_main_frame_.transport_rtt()); } if (estimated_quality_at_last_main_frame_.downstream_throughput_kbps() != nqe::internal::INVALID_RTT_THROUGHPUT) { // Add the 50th percentile value. - UMA_HISTOGRAM_COUNTS_1M( + LOCAL_HISTOGRAM_COUNTS_1000000( "NQE.MainFrame.Kbps.Percentile50", estimated_quality_at_last_main_frame_.downstream_throughput_kbps()); } - UMA_HISTOGRAM_ENUMERATION("NQE.MainFrame.EffectiveConnectionType", - effective_connection_type_at_last_main_frame_, - EFFECTIVE_CONNECTION_TYPE_LAST); + LOCAL_HISTOGRAM_ENUMERATION("NQE.MainFrame.EffectiveConnectionType", + effective_connection_type_at_last_main_frame_, + EFFECTIVE_CONNECTION_TYPE_LAST); } bool NetworkQualityEstimator::ShouldComputeNetworkQueueingDelay() const { @@ -932,21 +934,6 @@ NetworkQualityEstimator::GetCappedECTBasedOnSignalStrength() const { return effective_connection_type_; } - if (current_network_id_.type == NetworkChangeNotifier::CONNECTION_WIFI) { - // The maximum signal strength level is 4. - UMA_HISTOGRAM_EXACT_LINEAR("NQE.WifiSignalStrength.AtECTComputation", - current_network_id_.signal_strength, 4); - } else if (current_network_id_.type == NetworkChangeNotifier::CONNECTION_2G || - current_network_id_.type == NetworkChangeNotifier::CONNECTION_3G || - current_network_id_.type == NetworkChangeNotifier::CONNECTION_4G) { - // The maximum signal strength level is 4. - UMA_HISTOGRAM_EXACT_LINEAR("NQE.CellularSignalStrength.AtECTComputation", - current_network_id_.signal_strength, 4); - } else { - NOTREACHED(); - return effective_connection_type_; - } - // Do not cap ECT if the signal strength is high. if (current_network_id_.signal_strength > 2) return effective_connection_type_; @@ -1459,8 +1446,9 @@ void NetworkQualityEstimator::AddAndNotifyObserversOfThroughput( ++new_throughput_observations_since_last_ect_computation_; http_downstream_throughput_kbps_observations_.AddObservation(observation); - UMA_HISTOGRAM_ENUMERATION("NQE.Kbps.ObservationSource", observation.source(), - NETWORK_QUALITY_OBSERVATION_SOURCE_MAX); + LOCAL_HISTOGRAM_ENUMERATION("NQE.Kbps.ObservationSource", + observation.source(), + NETWORK_QUALITY_OBSERVATION_SOURCE_MAX); // Maybe recompute the effective connection type since a new throughput // observation is available. @@ -1774,7 +1762,9 @@ void NetworkQualityEstimator::OnPeerToPeerConnectionsCountChange( DCHECK(p2p_connections_count_active_timestamp_); base::TimeDelta duration = tick_clock_->NowTicks() - p2p_connections_count_active_timestamp_.value(); - UMA_HISTOGRAM_LONG_TIMES("NQE.PeerToPeerConnectionsDuration", duration); + LOCAL_HISTOGRAM_CUSTOM_TIMES("NQE.PeerToPeerConnectionsDuration", duration, + base::TimeDelta::FromMilliseconds(1), + base::TimeDelta::FromHours(1), 50); p2p_connections_count_active_timestamp_ = base::nullopt; } diff --git a/chromium/net/nqe/network_quality_estimator_unittest.cc b/chromium/net/nqe/network_quality_estimator_unittest.cc index be3eeedfa5e..5510c045f74 100644 --- a/chromium/net/nqe/network_quality_estimator_unittest.cc +++ b/chromium/net/nqe/network_quality_estimator_unittest.cc @@ -14,7 +14,7 @@ #include <utility> #include <vector> -#include "base/logging.h" +#include "base/check_op.h" #include "base/macros.h" #include "base/metrics/histogram_samples.h" #include "base/optional.h" diff --git a/chromium/net/nqe/network_quality_estimator_util.cc b/chromium/net/nqe/network_quality_estimator_util.cc index 5ffdda2ac14..245e01d19c9 100644 --- a/chromium/net/nqe/network_quality_estimator_util.cc +++ b/chromium/net/nqe/network_quality_estimator_util.cc @@ -7,7 +7,8 @@ #include <memory> #include "base/bind.h" -#include "base/logging.h" +#include "base/check_op.h" +#include "base/notreached.h" #include "net/base/host_port_pair.h" #include "net/base/ip_address.h" #include "net/base/ip_endpoint.h" diff --git a/chromium/net/nqe/network_quality_observation.cc b/chromium/net/nqe/network_quality_observation.cc index 380b5453b50..8f5bf3377b4 100644 --- a/chromium/net/nqe/network_quality_observation.cc +++ b/chromium/net/nqe/network_quality_observation.cc @@ -3,7 +3,10 @@ // found in the LICENSE file. #include "net/nqe/network_quality_observation.h" + +#include "base/check.h" #include "base/macros.h" +#include "base/notreached.h" namespace net { diff --git a/chromium/net/nqe/observation_buffer_unittest.cc b/chromium/net/nqe/observation_buffer_unittest.cc index 4ccd9b50883..4d67f95cece 100644 --- a/chromium/net/nqe/observation_buffer_unittest.cc +++ b/chromium/net/nqe/observation_buffer_unittest.cc @@ -11,7 +11,6 @@ #include <utility> #include <vector> -#include "base/logging.h" #include "base/macros.h" #include "base/test/simple_test_tick_clock.h" #include "base/time/time.h" diff --git a/chromium/net/nqe/throughput_analyzer_unittest.cc b/chromium/net/nqe/throughput_analyzer_unittest.cc index 6443680cf83..44fdd24ee84 100644 --- a/chromium/net/nqe/throughput_analyzer_unittest.cc +++ b/chromium/net/nqe/throughput_analyzer_unittest.cc @@ -16,7 +16,6 @@ #include "base/bind_helpers.h" #include "base/containers/circular_deque.h" #include "base/location.h" -#include "base/logging.h" #include "base/macros.h" #include "base/run_loop.h" #include "base/single_thread_task_runner.h" diff --git a/chromium/net/ntlm/ntlm.cc b/chromium/net/ntlm/ntlm.cc index 728a9b7f926..0196515cbbd 100644 --- a/chromium/net/ntlm/ntlm.cc +++ b/chromium/net/ntlm/ntlm.cc @@ -6,8 +6,9 @@ #include <string.h> +#include "base/check_op.h" #include "base/containers/span.h" -#include "base/logging.h" +#include "base/notreached.h" #include "base/strings/utf_string_conversions.h" #include "net/base/net_string_util.h" #include "net/ntlm/ntlm_buffer_writer.h" diff --git a/chromium/net/ntlm/ntlm_buffer_reader.cc b/chromium/net/ntlm/ntlm_buffer_reader.cc index a5d1a27c5dc..e2896cb8bce 100644 --- a/chromium/net/ntlm/ntlm_buffer_reader.cc +++ b/chromium/net/ntlm/ntlm_buffer_reader.cc @@ -6,7 +6,7 @@ #include <string.h> -#include "base/logging.h" +#include "base/check_op.h" namespace net { namespace ntlm { diff --git a/chromium/net/ntlm/ntlm_buffer_writer.cc b/chromium/net/ntlm/ntlm_buffer_writer.cc index 0a1a8035332..8fec1ee82dd 100644 --- a/chromium/net/ntlm/ntlm_buffer_writer.cc +++ b/chromium/net/ntlm/ntlm_buffer_writer.cc @@ -8,7 +8,7 @@ #include <limits> -#include "base/logging.h" +#include "base/check_op.h" #include "base/strings/utf_string_conversions.h" #include "build/build_config.h" diff --git a/chromium/net/ntlm/ntlm_client.cc b/chromium/net/ntlm/ntlm_client.cc index f27236905be..0e9cbf407cc 100644 --- a/chromium/net/ntlm/ntlm_client.cc +++ b/chromium/net/ntlm/ntlm_client.cc @@ -6,8 +6,8 @@ #include <string.h> +#include "base/check_op.h" #include "base/containers/span.h" -#include "base/logging.h" #include "base/strings/utf_string_conversions.h" #include "net/ntlm/ntlm.h" #include "net/ntlm/ntlm_buffer_reader.h" diff --git a/chromium/net/proxy_resolution/configured_proxy_resolution_request.cc b/chromium/net/proxy_resolution/configured_proxy_resolution_request.cc index 189c7a338f7..0c2dfc65569 100644 --- a/chromium/net/proxy_resolution/configured_proxy_resolution_request.cc +++ b/chromium/net/proxy_resolution/configured_proxy_resolution_request.cc @@ -97,7 +97,6 @@ int ConfiguredProxyResolutionRequest::QueryDidComplete(int result_code) { // Make a note in the results which configuration was in use at the // time of the resolve. - results_->set_did_use_pac_script(true); results_->set_proxy_resolve_start_time(creation_time_); results_->set_proxy_resolve_end_time(base::TimeTicks::Now()); diff --git a/chromium/net/proxy_resolution/configured_proxy_resolution_service.cc b/chromium/net/proxy_resolution/configured_proxy_resolution_service.cc index 40da0994616..c699df2bb33 100644 --- a/chromium/net/proxy_resolution/configured_proxy_resolution_service.cc +++ b/chromium/net/proxy_resolution/configured_proxy_resolution_service.cc @@ -39,8 +39,8 @@ #include "net/url_request/url_request_context.h" #if defined(OS_WIN) -#include "net/proxy_resolution/proxy_config_service_win.h" -#include "net/proxy_resolution/proxy_resolver_winhttp.h" +#include "net/proxy_resolution/win/proxy_config_service_win.h" +#include "net/proxy_resolution/win/proxy_resolver_winhttp.h" #elif defined(OS_IOS) #include "net/proxy_resolution/proxy_config_service_ios.h" #include "net/proxy_resolution/proxy_resolver_mac.h" @@ -847,7 +847,8 @@ const ConfiguredProxyResolutionService::PacPollPolicy* ConfiguredProxyResolutionService::ConfiguredProxyResolutionService( std::unique_ptr<ProxyConfigService> config_service, std::unique_ptr<ProxyResolverFactory> resolver_factory, - NetLog* net_log) + NetLog* net_log, + bool quick_check_enabled) : config_service_(std::move(config_service)), resolver_factory_(std::move(resolver_factory)), current_state_(STATE_NONE), @@ -855,7 +856,7 @@ ConfiguredProxyResolutionService::ConfiguredProxyResolutionService( net_log_(net_log), stall_proxy_auto_config_delay_( TimeDelta::FromMilliseconds(kDelayAfterNetworkChangesMs)), - quick_check_enabled_(true) { + quick_check_enabled_(quick_check_enabled) { NetworkChangeNotifier::AddIPAddressObserver(this); NetworkChangeNotifier::AddDNSObserver(this); config_service_->AddObserver(this); @@ -865,8 +866,8 @@ ConfiguredProxyResolutionService::ConfiguredProxyResolutionService( std::unique_ptr<ConfiguredProxyResolutionService> ConfiguredProxyResolutionService::CreateUsingSystemProxyResolver( std::unique_ptr<ProxyConfigService> proxy_config_service, - bool quick_check_enabled, - NetLog* net_log) { + NetLog* net_log, + bool quick_check_enabled) { DCHECK(proxy_config_service); if (!ProxyResolverFactoryForSystem::IsSupported()) { @@ -879,8 +880,7 @@ ConfiguredProxyResolutionService::CreateUsingSystemProxyResolver( std::move(proxy_config_service), std::make_unique<ProxyResolverFactoryForSystem>( kDefaultNumPacThreads), - net_log); - proxy_resolution_service->set_quick_check_enabled(quick_check_enabled); + net_log, quick_check_enabled); return proxy_resolution_service; } @@ -891,7 +891,8 @@ ConfiguredProxyResolutionService::CreateWithoutProxyResolver( NetLog* net_log) { return std::make_unique<ConfiguredProxyResolutionService>( std::move(proxy_config_service), - std::make_unique<ProxyResolverFactoryForNullResolver>(), net_log); + std::make_unique<ProxyResolverFactoryForNullResolver>(), net_log, + /*quick_check_enabled=*/false); } // static @@ -901,8 +902,8 @@ ConfiguredProxyResolutionService::CreateFixed( // TODO(eroman): This isn't quite right, won't work if |pc| specifies // a PAC script. return CreateUsingSystemProxyResolver( - std::make_unique<ProxyConfigServiceFixed>(pc), - /*quick_check_enabled=*/true, nullptr); + std::make_unique<ProxyConfigServiceFixed>(pc), nullptr, + /*quick_check_enabled=*/true); } // static @@ -922,7 +923,8 @@ ConfiguredProxyResolutionService::CreateDirect() { // Use direct connections. return std::make_unique<ConfiguredProxyResolutionService>( std::make_unique<ProxyConfigServiceDirect>(), - std::make_unique<ProxyResolverFactoryForNullResolver>(), nullptr); + std::make_unique<ProxyResolverFactoryForNullResolver>(), nullptr, + /*quick_check_enabled=*/true); } // static @@ -940,7 +942,8 @@ ConfiguredProxyResolutionService::CreateFixedFromPacResult( return std::make_unique<ConfiguredProxyResolutionService>( std::move(proxy_config_service), - std::make_unique<ProxyResolverFactoryForPacResult>(pac_string), nullptr); + std::make_unique<ProxyResolverFactoryForPacResult>(pac_string), nullptr, + /*quick_check_enabled=*/true); } // static @@ -954,7 +957,8 @@ ConfiguredProxyResolutionService::CreateFixedFromAutoDetectedPacResult( return std::make_unique<ConfiguredProxyResolutionService>( std::move(proxy_config_service), - std::make_unique<ProxyResolverFactoryForPacResult>(pac_string), nullptr); + std::make_unique<ProxyResolverFactoryForPacResult>(pac_string), nullptr, + /*quick_check_enabled=*/true); } int ConfiguredProxyResolutionService::ResolveProxy( @@ -994,10 +998,9 @@ int ConfiguredProxyResolutionService::ResolveProxy( return rv; } - std::unique_ptr<ConfiguredProxyResolutionRequest> req = - std::make_unique<ConfiguredProxyResolutionRequest>( - this, url, method, network_isolation_key, result, std::move(callback), - net_log); + auto req = std::make_unique<ConfiguredProxyResolutionRequest>( + this, url, method, network_isolation_key, result, std::move(callback), + net_log); if (current_state_ == STATE_READY) { // Start the resolve request. diff --git a/chromium/net/proxy_resolution/configured_proxy_resolution_service.h b/chromium/net/proxy_resolution/configured_proxy_resolution_service.h index 04c973becf7..768ca0f7530 100644 --- a/chromium/net/proxy_resolution/configured_proxy_resolution_service.h +++ b/chromium/net/proxy_resolution/configured_proxy_resolution_service.h @@ -105,7 +105,8 @@ class NET_EXPORT ConfiguredProxyResolutionService ConfiguredProxyResolutionService( std::unique_ptr<ProxyConfigService> config_service, std::unique_ptr<ProxyResolverFactory> resolver_factory, - NetLog* net_log); + NetLog* net_log, + bool quick_check_enabled); ~ConfiguredProxyResolutionService() override; @@ -184,8 +185,8 @@ class NET_EXPORT ConfiguredProxyResolutionService static std::unique_ptr<ConfiguredProxyResolutionService> CreateUsingSystemProxyResolver( std::unique_ptr<ProxyConfigService> proxy_config_service, - bool quick_check_enabled, - NetLog* net_log); + NetLog* net_log, + bool quick_check_enabled); // Creates a ConfiguredProxyResolutionService without support for proxy // autoconfig. @@ -247,7 +248,6 @@ class NET_EXPORT ConfiguredProxyResolutionService // ConfiguredProxyResolutionService. static std::unique_ptr<PacPollPolicy> CreateDefaultPacPollPolicy(); - void set_quick_check_enabled(bool value) { quick_check_enabled_ = value; } bool quick_check_enabled_for_testing() const { return quick_check_enabled_; } private: diff --git a/chromium/net/proxy_resolution/configured_proxy_resolution_service_unittest.cc b/chromium/net/proxy_resolution/configured_proxy_resolution_service_unittest.cc index 9e091368a94..9b129ee2e81 100644 --- a/chromium/net/proxy_resolution/configured_proxy_resolution_service_unittest.cc +++ b/chromium/net/proxy_resolution/configured_proxy_resolution_service_unittest.cc @@ -9,8 +9,8 @@ #include <vector> #include "base/bind.h" +#include "base/check.h" #include "base/format_macros.h" -#include "base/logging.h" #include "base/macros.h" #include "base/memory/ptr_util.h" #include "base/run_loop.h" @@ -389,7 +389,7 @@ TEST_F(ConfiguredProxyResolutionServiceTest, Direct) { new MockAsyncProxyResolverFactory(false); ConfiguredProxyResolutionService service( std::make_unique<MockProxyConfigService>(ProxyConfig::CreateDirect()), - base::WrapUnique(factory), nullptr); + base::WrapUnique(factory), nullptr, /*quick_check_enabled=*/true); GURL url("http://www.google.com/"); @@ -427,7 +427,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, OnResolveProxyCallbackAddProxy) { config.proxy_rules().bypass_rules.ParseFromString("*.org"); ConfiguredProxyResolutionService service( - std::make_unique<MockProxyConfigService>(config), nullptr, nullptr); + std::make_unique<MockProxyConfigService>(config), nullptr, nullptr, + /*quick_check_enabled=*/true); GURL url("http://www.google.com/"); GURL bypass_url("http://internet.org"); @@ -494,7 +495,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, config.proxy_rules().bypass_rules.ParseFromString("*.org"); ConfiguredProxyResolutionService service( - std::make_unique<MockProxyConfigService>(config), nullptr, nullptr); + std::make_unique<MockProxyConfigService>(config), nullptr, nullptr, + /*quick_check_enabled=*/true); GURL url("http://www.google.com/"); GURL bypass_url("http://internet.org"); @@ -576,7 +578,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, CallbackDeletesRequest) { std::unique_ptr<ConfiguredProxyResolutionService> service = std::make_unique<ConfiguredProxyResolutionService>( - base::WrapUnique(config_service), base::WrapUnique(factory), nullptr); + base::WrapUnique(config_service), base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); GURL url("http://www.google.com/"); GURL url2("http://www.example.com/"); @@ -642,7 +645,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, std::unique_ptr<ConfiguredProxyResolutionService> service = std::make_unique<ConfiguredProxyResolutionService>( - base::WrapUnique(config_service), base::WrapUnique(factory), nullptr); + base::WrapUnique(config_service), base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); GURL url("http://www.google.com/"); @@ -692,7 +696,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, CallbackDeletesSelf) { std::unique_ptr<ConfiguredProxyResolutionService> service = std::make_unique<ConfiguredProxyResolutionService>( - base::WrapUnique(config_service), base::WrapUnique(factory), nullptr); + base::WrapUnique(config_service), base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); GURL url("http://www.google.com/"); ProxyInfo info; @@ -760,7 +765,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, std::unique_ptr<ConfiguredProxyResolutionService> service = std::make_unique<ConfiguredProxyResolutionService>( - base::WrapUnique(config_service), base::WrapUnique(factory), nullptr); + base::WrapUnique(config_service), base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); GURL url("http://www.google.com/"); ProxyInfo info; @@ -813,8 +819,9 @@ TEST_F(ConfiguredProxyResolutionServiceTest, ProxyServiceDeletedBeforeRequest) { int rv; { - ConfiguredProxyResolutionService service( - base::WrapUnique(config_service), base::WrapUnique(factory), nullptr); + ConfiguredProxyResolutionService service(base::WrapUnique(config_service), + base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); rv = service.ResolveProxy(url, std::string(), NetworkIsolationKey(), &info, callback.callback(), &request, log.bound()); EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); @@ -845,7 +852,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, CallbackDeletesService) { std::unique_ptr<ConfiguredProxyResolutionService> service = std::make_unique<ConfiguredProxyResolutionService>( - base::WrapUnique(config_service), base::WrapUnique(factory), nullptr); + base::WrapUnique(config_service), base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); GURL url("http://www.google.com/"); @@ -892,7 +900,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, PAC) { new MockAsyncProxyResolverFactory(false); ConfiguredProxyResolutionService service(base::WrapUnique(config_service), - base::WrapUnique(factory), nullptr); + base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); GURL url("http://www.google.com/"); @@ -923,7 +932,6 @@ TEST_F(ConfiguredProxyResolutionServiceTest, PAC) { EXPECT_THAT(callback.WaitForResult(), IsOk()); EXPECT_FALSE(info.is_direct()); EXPECT_EQ("foopy:80", info.proxy_server().ToURI()); - EXPECT_TRUE(info.did_use_pac_script()); EXPECT_FALSE(info.proxy_resolve_start_time().is_null()); EXPECT_FALSE(info.proxy_resolve_end_time().is_null()); @@ -956,7 +964,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, PAC_NoIdentityOrHash) { new MockAsyncProxyResolverFactory(false); ConfiguredProxyResolutionService service(base::WrapUnique(config_service), - base::WrapUnique(factory), nullptr); + base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); GURL url("http://username:password@www.google.com/?ref#hash#hash"); @@ -989,7 +998,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, PAC_FailoverWithoutDirect) { new MockAsyncProxyResolverFactory(false); ConfiguredProxyResolutionService service(base::WrapUnique(config_service), - base::WrapUnique(factory), nullptr); + base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); GURL url("http://www.google.com/"); @@ -1015,7 +1025,6 @@ TEST_F(ConfiguredProxyResolutionServiceTest, PAC_FailoverWithoutDirect) { EXPECT_THAT(callback1.WaitForResult(), IsOk()); EXPECT_FALSE(info.is_direct()); EXPECT_EQ("foopy:8080", info.proxy_server().ToURI()); - EXPECT_TRUE(info.did_use_pac_script()); EXPECT_FALSE(info.proxy_resolve_start_time().is_null()); EXPECT_FALSE(info.proxy_resolve_end_time().is_null()); @@ -1038,7 +1047,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, PAC_RuntimeError) { new MockAsyncProxyResolverFactory(false); ConfiguredProxyResolutionService service(base::WrapUnique(config_service), - base::WrapUnique(factory), nullptr); + base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); GURL url("http://this-causes-js-error/"); @@ -1065,7 +1075,6 @@ TEST_F(ConfiguredProxyResolutionServiceTest, PAC_RuntimeError) { // Since the PAC script was non-mandatory, we should have fallen-back to // DIRECT. EXPECT_TRUE(info.is_direct()); - EXPECT_TRUE(info.did_use_pac_script()); EXPECT_FALSE(info.proxy_resolve_start_time().is_null()); EXPECT_FALSE(info.proxy_resolve_end_time().is_null()); @@ -1097,7 +1106,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, PAC_FailoverAfterDirect) { new MockAsyncProxyResolverFactory(false); ConfiguredProxyResolutionService service(base::WrapUnique(config_service), - base::WrapUnique(factory), nullptr); + base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); GURL url("http://www.google.com/"); @@ -1154,7 +1164,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, PAC_ConfigSourcePropagates) { MockAsyncProxyResolverFactory* factory = new MockAsyncProxyResolverFactory(false); ConfiguredProxyResolutionService service(base::WrapUnique(config_service), - base::WrapUnique(factory), nullptr); + base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); // Resolve something. GURL url("http://www.google.com/"); @@ -1175,7 +1186,6 @@ TEST_F(ConfiguredProxyResolutionServiceTest, PAC_ConfigSourcePropagates) { EXPECT_THAT(callback.WaitForResult(), IsOk()); EXPECT_EQ(MutableNetworkTrafficAnnotationTag(TRAFFIC_ANNOTATION_FOR_TESTS), info.traffic_annotation()); - EXPECT_TRUE(info.did_use_pac_script()); EXPECT_FALSE(info.proxy_resolve_start_time().is_null()); EXPECT_FALSE(info.proxy_resolve_end_time().is_null()); @@ -1195,7 +1205,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, ProxyResolverFails) { new MockAsyncProxyResolverFactory(false); ConfiguredProxyResolutionService service(base::WrapUnique(config_service), - base::WrapUnique(factory), nullptr); + base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); // Start first resolve request. GURL url("http://www.google.com/"); @@ -1260,7 +1271,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, new MockAsyncProxyResolverFactory(false); ConfiguredProxyResolutionService service(base::WrapUnique(config_service), - base::WrapUnique(factory), nullptr); + base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); // Start first resolve request. GURL url("http://www.google.com/"); @@ -1332,7 +1344,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, new MockAsyncProxyResolverFactory(false); ConfiguredProxyResolutionService service(base::WrapUnique(config_service), - base::WrapUnique(factory), nullptr); + base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); // Start two resolve requests. GURL url1("http://www.google.com/"); @@ -1406,7 +1419,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, new MockAsyncProxyResolverFactory(false); ConfiguredProxyResolutionService service(base::WrapUnique(config_service), - base::WrapUnique(factory), nullptr); + base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); // Start first resolve request. GURL url("http://www.google.com/"); @@ -1456,7 +1470,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, new MockAsyncProxyResolverFactory(true); ConfiguredProxyResolutionService service(base::WrapUnique(config_service), - base::WrapUnique(factory), nullptr); + base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); MockPacFileFetcher* fetcher = new MockPacFileFetcher; service.SetPacFileFetchers(base::WrapUnique(fetcher), @@ -1508,7 +1523,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, new MockAsyncProxyResolverFactory(false); ConfiguredProxyResolutionService service(base::WrapUnique(config_service), - base::WrapUnique(factory), nullptr); + base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); // Start first resolve request. GURL url("http://www.google.com/"); @@ -1569,7 +1585,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, ProxyFallback) { new MockAsyncProxyResolverFactory(false); ConfiguredProxyResolutionService service(base::WrapUnique(config_service), - base::WrapUnique(factory), nullptr); + base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); GURL url("http://www.google.com/"); @@ -1707,7 +1724,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, ProxyFallbackToDirect) { new MockAsyncProxyResolverFactory(false); ConfiguredProxyResolutionService service(base::WrapUnique(config_service), - base::WrapUnique(factory), nullptr); + base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); GURL url("http://www.google.com/"); @@ -1770,7 +1788,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, ProxyFallback_BadConfig) { new MockAsyncProxyResolverFactory(false); ConfiguredProxyResolutionService service(base::WrapUnique(config_service), - base::WrapUnique(factory), nullptr); + base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); GURL url("http://www.google.com/"); @@ -1876,7 +1895,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, ProxyFallback_BadConfigMandatory) { new MockAsyncProxyResolverFactory(false); ConfiguredProxyResolutionService service(base::WrapUnique(config_service), - base::WrapUnique(factory), nullptr); + base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); GURL url("http://www.google.com/"); @@ -1974,7 +1994,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, ProxyBypassList) { config.proxy_rules().bypass_rules.ParseFromString("*.org"); ConfiguredProxyResolutionService service( - std::make_unique<MockProxyConfigService>(config), nullptr, nullptr); + std::make_unique<MockProxyConfigService>(config), nullptr, nullptr, + /*quick_check_enabled=*/true); int rv; GURL url1("http://www.webkit.org"); @@ -2017,7 +2038,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, MarkProxiesAsBadTests) { EXPECT_EQ(3u, additional_bad_proxies.size()); ConfiguredProxyResolutionService service( - std::make_unique<MockProxyConfigService>(config), nullptr, nullptr); + std::make_unique<MockProxyConfigService>(config), nullptr, nullptr, + /*quick_check_enabled=*/true); ProxyInfo proxy_info; proxy_info.UseProxyList(proxy_list); const ProxyRetryInfoMap& retry_info = service.proxy_retry_info(); @@ -2038,7 +2060,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, PerProtocolProxyTests) { std::unique_ptr<ProxyResolutionRequest> request; { ConfiguredProxyResolutionService service( - std::make_unique<MockProxyConfigService>(config), nullptr, nullptr); + std::make_unique<MockProxyConfigService>(config), nullptr, nullptr, + /*quick_check_enabled=*/true); GURL test_url("http://www.msn.com"); ProxyInfo info; TestCompletionCallback callback; @@ -2051,7 +2074,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, PerProtocolProxyTests) { } { ConfiguredProxyResolutionService service( - std::make_unique<MockProxyConfigService>(config), nullptr, nullptr); + std::make_unique<MockProxyConfigService>(config), nullptr, nullptr, + /*quick_check_enabled=*/true); GURL test_url("ftp://ftp.google.com"); ProxyInfo info; TestCompletionCallback callback; @@ -2064,7 +2088,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, PerProtocolProxyTests) { } { ConfiguredProxyResolutionService service( - std::make_unique<MockProxyConfigService>(config), nullptr, nullptr); + std::make_unique<MockProxyConfigService>(config), nullptr, nullptr, + /*quick_check_enabled=*/true); GURL test_url("https://webbranch.techcu.com"); ProxyInfo info; TestCompletionCallback callback; @@ -2078,7 +2103,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, PerProtocolProxyTests) { { config.proxy_rules().ParseFromString("foopy1:8080"); ConfiguredProxyResolutionService service( - std::make_unique<MockProxyConfigService>(config), nullptr, nullptr); + std::make_unique<MockProxyConfigService>(config), nullptr, nullptr, + /*quick_check_enabled=*/true); GURL test_url("http://www.microsoft.com"); ProxyInfo info; TestCompletionCallback callback; @@ -2101,7 +2127,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, ProxyConfig config; config.proxy_rules().ParseFromString("https=foopy2:8080"); ConfiguredProxyResolutionService service( - std::make_unique<MockProxyConfigService>(config), nullptr, nullptr); + std::make_unique<MockProxyConfigService>(config), nullptr, nullptr, + /*quick_check_enabled=*/true); GURL test_url("http://www.google.com"); ProxyInfo info; TestCompletionCallback callback; @@ -2117,7 +2144,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, ProxyConfig config; config.proxy_rules().ParseFromString("https=foopy2:8080"); ConfiguredProxyResolutionService service( - std::make_unique<MockProxyConfigService>(config), nullptr, nullptr); + std::make_unique<MockProxyConfigService>(config), nullptr, nullptr, + /*quick_check_enabled=*/true); GURL test_url("https://www.google.com"); ProxyInfo info; TestCompletionCallback callback; @@ -2132,7 +2160,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, { ProxyConfig config; ConfiguredProxyResolutionService service( - std::make_unique<MockProxyConfigService>(config), nullptr, nullptr); + std::make_unique<MockProxyConfigService>(config), nullptr, nullptr, + /*quick_check_enabled=*/true); GURL test_url("http://www.google.com"); ProxyInfo info; TestCompletionCallback callback; @@ -2158,7 +2187,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, DefaultProxyFallbackToSOCKS) { std::unique_ptr<ProxyResolutionRequest> request; { ConfiguredProxyResolutionService service( - std::make_unique<MockProxyConfigService>(config), nullptr, nullptr); + std::make_unique<MockProxyConfigService>(config), nullptr, nullptr, + /*quick_check_enabled=*/true); GURL test_url("http://www.msn.com"); ProxyInfo info; TestCompletionCallback callback; @@ -2171,7 +2201,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, DefaultProxyFallbackToSOCKS) { } { ConfiguredProxyResolutionService service( - std::make_unique<MockProxyConfigService>(config), nullptr, nullptr); + std::make_unique<MockProxyConfigService>(config), nullptr, nullptr, + /*quick_check_enabled=*/true); GURL test_url("ftp://ftp.google.com"); ProxyInfo info; TestCompletionCallback callback; @@ -2184,7 +2215,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, DefaultProxyFallbackToSOCKS) { } { ConfiguredProxyResolutionService service( - std::make_unique<MockProxyConfigService>(config), nullptr, nullptr); + std::make_unique<MockProxyConfigService>(config), nullptr, nullptr, + /*quick_check_enabled=*/true); GURL test_url("https://webbranch.techcu.com"); ProxyInfo info; TestCompletionCallback callback; @@ -2197,7 +2229,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, DefaultProxyFallbackToSOCKS) { } { ConfiguredProxyResolutionService service( - std::make_unique<MockProxyConfigService>(config), nullptr, nullptr); + std::make_unique<MockProxyConfigService>(config), nullptr, nullptr, + /*quick_check_enabled=*/true); GURL test_url("unknown://www.microsoft.com"); ProxyInfo info; TestCompletionCallback callback; @@ -2223,7 +2256,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, CancelInProgressRequest) { new MockAsyncProxyResolverFactory(false); ConfiguredProxyResolutionService service(base::WrapUnique(config_service), - base::WrapUnique(factory), nullptr); + base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); // Start 3 requests. @@ -2297,7 +2331,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, InitialPACScriptDownload) { new MockAsyncProxyResolverFactory(true); ConfiguredProxyResolutionService service(base::WrapUnique(config_service), - base::WrapUnique(factory), nullptr); + base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); MockPacFileFetcher* fetcher = new MockPacFileFetcher; service.SetPacFileFetchers(base::WrapUnique(fetcher), @@ -2404,7 +2439,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, new MockAsyncProxyResolverFactory(true); ConfiguredProxyResolutionService service(base::WrapUnique(config_service), - base::WrapUnique(factory), nullptr); + base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); MockPacFileFetcher* fetcher = new MockPacFileFetcher; service.SetPacFileFetchers(base::WrapUnique(fetcher), @@ -2467,7 +2503,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, CancelWhilePACFetching) { new MockAsyncProxyResolverFactory(true); ConfiguredProxyResolutionService service(base::WrapUnique(config_service), - base::WrapUnique(factory), nullptr); + base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); MockPacFileFetcher* fetcher = new MockPacFileFetcher; service.SetPacFileFetchers(base::WrapUnique(fetcher), @@ -2568,7 +2605,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, MockAsyncProxyResolverFactory* factory = new MockAsyncProxyResolverFactory(true); ConfiguredProxyResolutionService service(base::WrapUnique(config_service), - base::WrapUnique(factory), nullptr); + base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); MockPacFileFetcher* fetcher = new MockPacFileFetcher; service.SetPacFileFetchers(base::WrapUnique(fetcher), @@ -2654,7 +2692,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, MockAsyncProxyResolverFactory* factory = new MockAsyncProxyResolverFactory(true); ConfiguredProxyResolutionService service(base::WrapUnique(config_service), - base::WrapUnique(factory), nullptr); + base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); MockPacFileFetcher* fetcher = new MockPacFileFetcher; service.SetPacFileFetchers(base::WrapUnique(fetcher), @@ -2733,7 +2772,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, MockAsyncProxyResolverFactory* factory = new MockAsyncProxyResolverFactory(true); ConfiguredProxyResolutionService service(base::WrapUnique(config_service), - base::WrapUnique(factory), nullptr); + base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); MockPacFileFetcher* fetcher = new MockPacFileFetcher; service.SetPacFileFetchers(base::WrapUnique(fetcher), @@ -2796,7 +2836,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, BypassDoesntApplyToPac) { MockAsyncProxyResolverFactory* factory = new MockAsyncProxyResolverFactory(true); ConfiguredProxyResolutionService service(base::WrapUnique(config_service), - base::WrapUnique(factory), nullptr); + base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); MockPacFileFetcher* fetcher = new MockPacFileFetcher; service.SetPacFileFetchers(base::WrapUnique(fetcher), @@ -2868,7 +2909,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, MockAsyncProxyResolverFactory* factory = new MockAsyncProxyResolverFactory(true); ConfiguredProxyResolutionService service(base::WrapUnique(config_service), - base::WrapUnique(factory), nullptr); + base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); MockPacFileFetcher* fetcher = new MockPacFileFetcher; service.SetPacFileFetchers(base::WrapUnique(fetcher), @@ -2906,7 +2948,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, new MockAsyncProxyResolverFactory(false); ConfiguredProxyResolutionService service(base::WrapUnique(config_service), - base::WrapUnique(factory), nullptr); + base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); GURL url("http://www.google.com/"); @@ -2932,7 +2975,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, UpdateConfigFromPACToDirect) { MockAsyncProxyResolverFactory* factory = new MockAsyncProxyResolverFactory(false); ConfiguredProxyResolutionService service(base::WrapUnique(config_service), - base::WrapUnique(factory), nullptr); + base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); // Start 1 request. @@ -2988,7 +3032,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, NetworkChangeTriggersPacRefetch) { RecordingTestNetLog log; ConfiguredProxyResolutionService service(base::WrapUnique(config_service), - base::WrapUnique(factory), &log); + base::WrapUnique(factory), &log, + /*quick_check_enabled=*/true); MockPacFileFetcher* fetcher = new MockPacFileFetcher; service.SetPacFileFetchers(base::WrapUnique(fetcher), @@ -3111,7 +3156,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, PACScriptRefetchAfterFailure) { new MockAsyncProxyResolverFactory(true); ConfiguredProxyResolutionService service(base::WrapUnique(config_service), - base::WrapUnique(factory), nullptr); + base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); MockPacFileFetcher* fetcher = new MockPacFileFetcher; service.SetPacFileFetchers(base::WrapUnique(fetcher), @@ -3221,7 +3267,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, new MockAsyncProxyResolverFactory(true); ConfiguredProxyResolutionService service(base::WrapUnique(config_service), - base::WrapUnique(factory), nullptr); + base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); MockPacFileFetcher* fetcher = new MockPacFileFetcher; service.SetPacFileFetchers(base::WrapUnique(fetcher), @@ -3337,7 +3384,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, new MockAsyncProxyResolverFactory(true); ConfiguredProxyResolutionService service(base::WrapUnique(config_service), - base::WrapUnique(factory), nullptr); + base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); MockPacFileFetcher* fetcher = new MockPacFileFetcher; service.SetPacFileFetchers(base::WrapUnique(fetcher), @@ -3449,7 +3497,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, PACScriptRefetchAfterSuccess) { new MockAsyncProxyResolverFactory(true); ConfiguredProxyResolutionService service(base::WrapUnique(config_service), - base::WrapUnique(factory), nullptr); + base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); MockPacFileFetcher* fetcher = new MockPacFileFetcher; service.SetPacFileFetchers(base::WrapUnique(fetcher), @@ -3623,7 +3672,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, PACScriptRefetchAfterActivity) { new MockAsyncProxyResolverFactory(true); ConfiguredProxyResolutionService service(base::WrapUnique(config_service), - base::WrapUnique(factory), nullptr); + base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); MockPacFileFetcher* fetcher = new MockPacFileFetcher; service.SetPacFileFetchers(base::WrapUnique(fetcher), @@ -3731,7 +3781,8 @@ class SanitizeUrlHelper { factory = new MockAsyncProxyResolverFactory(false); service_.reset(new ConfiguredProxyResolutionService( - std::move(config_service), base::WrapUnique(factory), nullptr)); + std::move(config_service), base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true)); // Do an initial request to initialize the service (configure the PAC // script). @@ -3894,7 +3945,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, OnShutdownWithLiveRequest) { new MockAsyncProxyResolverFactory(true); ConfiguredProxyResolutionService service(base::WrapUnique(config_service), - base::WrapUnique(factory), nullptr); + base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); MockPacFileFetcher* fetcher = new MockPacFileFetcher; service.SetPacFileFetchers(base::WrapUnique(fetcher), @@ -3927,7 +3979,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, OnShutdownFollowedByRequest) { new MockAsyncProxyResolverFactory(true); ConfiguredProxyResolutionService service(base::WrapUnique(config_service), - base::WrapUnique(factory), nullptr); + base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); MockPacFileFetcher* fetcher = new MockPacFileFetcher; service.SetPacFileFetchers(base::WrapUnique(fetcher), @@ -3955,7 +4008,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, PacUrlSchemeHistogram) { ConfiguredProxyResolutionService service( base::WrapUnique(config_service), - std::make_unique<MockAsyncProxyResolverFactory>(false), nullptr); + std::make_unique<MockAsyncProxyResolverFactory>(false), nullptr, + /*quick_check_enabled=*/true); pac_histogram.VerifyHistogram(); @@ -4066,7 +4120,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, ImplicitlyBypassWithPac) { MockAsyncProxyResolverFactory* factory = new MockAsyncProxyResolverFactory(true); ConfiguredProxyResolutionService service(base::WrapUnique(config_service), - base::WrapUnique(factory), nullptr); + base::WrapUnique(factory), nullptr, + /*quick_check_enabled=*/true); MockPacFileFetcher* fetcher = new MockPacFileFetcher; service.SetPacFileFetchers(base::WrapUnique(fetcher), @@ -4128,7 +4183,8 @@ TEST_F(ConfiguredProxyResolutionServiceTest, ConfiguredProxyResolutionService service( base::WrapUnique(config_service), - std::make_unique<MockAsyncProxyResolverFactory>(false), nullptr); + std::make_unique<MockAsyncProxyResolverFactory>(false), nullptr, + /*quick_check_enabled=*/true); ConfiguredProxyResolutionService* casted_service = nullptr; EXPECT_TRUE(service.CastToConfiguredProxyResolutionService(&casted_service)); diff --git a/chromium/net/proxy_resolution/mock_pac_file_fetcher.cc b/chromium/net/proxy_resolution/mock_pac_file_fetcher.cc index ee677615c70..e74d938afdc 100644 --- a/chromium/net/proxy_resolution/mock_pac_file_fetcher.cc +++ b/chromium/net/proxy_resolution/mock_pac_file_fetcher.cc @@ -6,7 +6,7 @@ #include <utility> -#include "base/logging.h" +#include "base/check.h" #include "base/run_loop.h" #include "base/strings/string16.h" #include "base/strings/utf_string_conversions.h" diff --git a/chromium/net/proxy_resolution/mock_proxy_resolver.cc b/chromium/net/proxy_resolution/mock_proxy_resolver.cc index fa9a1eef5d5..46a8b8f55e2 100644 --- a/chromium/net/proxy_resolution/mock_proxy_resolver.cc +++ b/chromium/net/proxy_resolution/mock_proxy_resolver.cc @@ -6,7 +6,7 @@ #include <utility> -#include "base/logging.h" +#include "base/check.h" namespace net { diff --git a/chromium/net/proxy_resolution/pac_file_data.cc b/chromium/net/proxy_resolution/pac_file_data.cc index e96d27394d6..fdbccba84fb 100644 --- a/chromium/net/proxy_resolution/pac_file_data.cc +++ b/chromium/net/proxy_resolution/pac_file_data.cc @@ -4,7 +4,7 @@ #include "net/proxy_resolution/pac_file_data.h" -#include "base/logging.h" +#include "base/check_op.h" #include "base/strings/utf_string_conversions.h" namespace net { diff --git a/chromium/net/proxy_resolution/pac_file_decider.cc b/chromium/net/proxy_resolution/pac_file_decider.cc index 1b32b42170b..b5ddde9fd39 100644 --- a/chromium/net/proxy_resolution/pac_file_decider.cc +++ b/chromium/net/proxy_resolution/pac_file_decider.cc @@ -8,10 +8,11 @@ #include "base/bind.h" #include "base/bind_helpers.h" +#include "base/check_op.h" #include "base/compiler_specific.h" #include "base/format_macros.h" -#include "base/logging.h" #include "base/metrics/histogram_macros.h" +#include "base/notreached.h" #include "base/strings/string_util.h" #include "base/strings/utf_string_conversions.h" #include "base/values.h" diff --git a/chromium/net/proxy_resolution/proxy_config.cc b/chromium/net/proxy_resolution/proxy_config.cc index da46306a3b4..2619562950a 100644 --- a/chromium/net/proxy_resolution/proxy_config.cc +++ b/chromium/net/proxy_resolution/proxy_config.cc @@ -7,7 +7,8 @@ #include <memory> #include <utility> -#include "base/logging.h" +#include "base/check_op.h" +#include "base/notreached.h" #include "base/strings/string_tokenizer.h" #include "base/strings/string_util.h" #include "base/values.h" diff --git a/chromium/net/proxy_resolution/proxy_config_service_android.cc b/chromium/net/proxy_resolution/proxy_config_service_android.cc index 94008ee3216..93e09380189 100644 --- a/chromium/net/proxy_resolution/proxy_config_service_android.cc +++ b/chromium/net/proxy_resolution/proxy_config_service_android.cc @@ -10,9 +10,9 @@ #include "base/android/jni_string.h" #include "base/bind.h" #include "base/callback.h" +#include "base/check_op.h" #include "base/compiler_specific.h" #include "base/location.h" -#include "base/logging.h" #include "base/macros.h" #include "base/memory/ref_counted.h" #include "base/observer_list.h" diff --git a/chromium/net/proxy_resolution/proxy_config_service_linux_unittest.cc b/chromium/net/proxy_resolution/proxy_config_service_linux_unittest.cc index cea50888385..2d422c7ca58 100644 --- a/chromium/net/proxy_resolution/proxy_config_service_linux_unittest.cc +++ b/chromium/net/proxy_resolution/proxy_config_service_linux_unittest.cc @@ -9,12 +9,12 @@ #include <vector> #include "base/bind.h" +#include "base/check.h" #include "base/compiler_specific.h" #include "base/files/file_path.h" #include "base/files/file_util.h" #include "base/format_macros.h" #include "base/location.h" -#include "base/logging.h" #include "base/message_loop/message_pump_type.h" #include "base/run_loop.h" #include "base/single_thread_task_runner.h" @@ -326,7 +326,7 @@ class SyncConfigGetter : public ProxyConfigService::Observer { // changes to |pac_url|. The way to use this function is: // // SetExpectedPacUrl(..); - // WriteFile(...) + // EXPECT_TRUE(base::WriteFile(...)) // WaitUntilPacUrlMatchesExpectation(); // // The expectation must be set *before* any file-level mutation is done, @@ -1849,17 +1849,14 @@ TEST_F(ProxyConfigServiceLinuxTest, KDEHomePicker) { } } -void WriteFile(const base::FilePath& path, base::StringPiece data) { - EXPECT_TRUE(base::WriteFile(path, data.data(), data.size())); -} - // Tests that the KDE proxy config service watches for file and directory // changes. TEST_F(ProxyConfigServiceLinuxTest, KDEFileChanged) { // Set up the initial .kde kioslaverc file. - WriteFile(kioslaverc_, - "[Proxy Settings]\nProxyType=2\n" - "Proxy Config Script=http://version1/wpad.dat\n"); + EXPECT_TRUE( + base::WriteFile(kioslaverc_, + "[Proxy Settings]\nProxyType=2\n" + "Proxy Config Script=http://version1/wpad.dat\n")); // Initialize the config service using kioslaverc. std::unique_ptr<MockEnvironment> env(new MockEnvironment); @@ -1885,9 +1882,10 @@ TEST_F(ProxyConfigServiceLinuxTest, KDEFileChanged) { // observed. base::ThreadPoolInstance::Get()->FlushForTesting(); - WriteFile(kioslaverc_, - "[Proxy Settings]\nProxyType=2\n" - "Proxy Config Script=http://version2/wpad.dat\n"); + EXPECT_TRUE( + base::WriteFile(kioslaverc_, + "[Proxy Settings]\nProxyType=2\n" + "Proxy Config Script=http://version2/wpad.dat\n")); // Wait for change to be noticed. sync_config_getter.WaitUntilPacUrlMatchesExpectation(); @@ -1901,9 +1899,10 @@ TEST_F(ProxyConfigServiceLinuxTest, KDEFileChanged) { sync_config_getter.SetExpectedPacUrl("http://version3/wpad.dat"); // Create a new file, and rename it into place. - WriteFile(kioslaverc_.AddExtension("new"), - "[Proxy Settings]\nProxyType=2\n" - "Proxy Config Script=http://version3/wpad.dat\n"); + EXPECT_TRUE( + base::WriteFile(kioslaverc_.AddExtension("new"), + "[Proxy Settings]\nProxyType=2\n" + "Proxy Config Script=http://version3/wpad.dat\n")); base::Move(kioslaverc_, kioslaverc_.AddExtension("old")); base::Move(kioslaverc_.AddExtension("new"), kioslaverc_); @@ -1917,9 +1916,10 @@ TEST_F(ProxyConfigServiceLinuxTest, KDEFileChanged) { // change was observed (this final test probably isn't very useful). sync_config_getter.SetExpectedPacUrl("http://version4/wpad.dat"); - WriteFile(kioslaverc_, - "[Proxy Settings]\nProxyType=2\n" - "Proxy Config Script=http://version4/wpad.dat\n"); + EXPECT_TRUE( + base::WriteFile(kioslaverc_, + "[Proxy Settings]\nProxyType=2\n" + "Proxy Config Script=http://version4/wpad.dat\n")); // Wait for change to be noticed. sync_config_getter.WaitUntilPacUrlMatchesExpectation(); diff --git a/chromium/net/proxy_resolution/proxy_info.cc b/chromium/net/proxy_resolution/proxy_info.cc index cb0bf4eb0f6..0172e0edf98 100644 --- a/chromium/net/proxy_resolution/proxy_info.cc +++ b/chromium/net/proxy_resolution/proxy_info.cc @@ -8,7 +8,7 @@ namespace net { -ProxyInfo::ProxyInfo() : did_bypass_proxy_(false), did_use_pac_script_(false) {} +ProxyInfo::ProxyInfo() : did_bypass_proxy_(false) {} ProxyInfo::ProxyInfo(const ProxyInfo& other) = default; @@ -21,7 +21,6 @@ void ProxyInfo::Use(const ProxyInfo& other) { proxy_retry_info_ = other.proxy_retry_info_; traffic_annotation_ = other.traffic_annotation_; did_bypass_proxy_ = other.did_bypass_proxy_; - did_use_pac_script_ = other.did_use_pac_script_; } void ProxyInfo::UseDirect() { @@ -87,7 +86,6 @@ void ProxyInfo::Reset() { proxy_retry_info_.clear(); traffic_annotation_.reset(); did_bypass_proxy_ = false; - did_use_pac_script_ = false; } } // namespace net diff --git a/chromium/net/proxy_resolution/proxy_info.h b/chromium/net/proxy_resolution/proxy_info.h index b20411cac79..76558417d35 100644 --- a/chromium/net/proxy_resolution/proxy_info.h +++ b/chromium/net/proxy_resolution/proxy_info.h @@ -122,15 +122,6 @@ class NET_EXPORT ProxyInfo { return did_bypass_proxy_; } - void set_did_use_pac_script(bool did_use_pac_script) { - did_use_pac_script_ = did_use_pac_script; - } - - // Returns true if the proxy resolution was done using a PAC script. - bool did_use_pac_script() const { - return did_use_pac_script_; - } - // Returns the first valid proxy server. is_empty() must be false to be able // to call this function. const ProxyServer& proxy_server() const { return proxy_list_.Get(); } @@ -210,9 +201,6 @@ class NET_EXPORT ProxyInfo { // Whether the proxy result represent a proxy bypass. bool did_bypass_proxy_; - // Whether we used a PAC script for resolving the proxy. - bool did_use_pac_script_; - // How long it took to resolve the proxy. Times are both null if proxy was // determined synchronously without running a PAC. base::TimeTicks proxy_resolve_start_time_; diff --git a/chromium/net/proxy_resolution/proxy_list.cc b/chromium/net/proxy_resolution/proxy_list.cc index 91a5279706c..c0b2c6199da 100644 --- a/chromium/net/proxy_resolution/proxy_list.cc +++ b/chromium/net/proxy_resolution/proxy_list.cc @@ -5,7 +5,8 @@ #include "net/proxy_resolution/proxy_list.h" #include "base/callback.h" -#include "base/logging.h" +#include "base/check.h" +#include "base/notreached.h" #include "base/strings/string_tokenizer.h" #include "base/time/time.h" #include "base/values.h" diff --git a/chromium/net/proxy_resolution/proxy_resolver_mac.cc b/chromium/net/proxy_resolution/proxy_resolver_mac.cc index 768f070085d..4df7d7d4bf9 100644 --- a/chromium/net/proxy_resolution/proxy_resolver_mac.cc +++ b/chromium/net/proxy_resolution/proxy_resolver_mac.cc @@ -6,8 +6,8 @@ #include <CoreFoundation/CoreFoundation.h> +#include "base/check.h" #include "base/lazy_instance.h" -#include "base/logging.h" #include "base/mac/foundation_util.h" #include "base/mac/scoped_cftyperef.h" #include "base/strings/string_util.h" diff --git a/chromium/net/proxy_resolution/dhcp_pac_file_adapter_fetcher_win.cc b/chromium/net/proxy_resolution/win/dhcp_pac_file_adapter_fetcher_win.cc index 406b4304141..8ca57498990 100644 --- a/chromium/net/proxy_resolution/dhcp_pac_file_adapter_fetcher_win.cc +++ b/chromium/net/proxy_resolution/win/dhcp_pac_file_adapter_fetcher_win.cc @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "net/proxy_resolution/dhcp_pac_file_adapter_fetcher_win.h" +#include "net/proxy_resolution/win/dhcp_pac_file_adapter_fetcher_win.h" #include "base/bind.h" #include "base/bind_helpers.h" @@ -15,8 +15,8 @@ #include "base/threading/scoped_blocking_call.h" #include "base/time/time.h" #include "net/base/net_errors.h" -#include "net/proxy_resolution/dhcpcsvc_init_win.h" #include "net/proxy_resolution/pac_file_fetcher_impl.h" +#include "net/proxy_resolution/win/dhcpcsvc_init_win.h" #include "net/url_request/url_request_context.h" #include <windows.h> diff --git a/chromium/net/proxy_resolution/dhcp_pac_file_adapter_fetcher_win.h b/chromium/net/proxy_resolution/win/dhcp_pac_file_adapter_fetcher_win.h index 38492debfee..08ab7dcb6f6 100644 --- a/chromium/net/proxy_resolution/dhcp_pac_file_adapter_fetcher_win.h +++ b/chromium/net/proxy_resolution/win/dhcp_pac_file_adapter_fetcher_win.h @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef NET_PROXY_RESOLUTION_DHCP_PAC_FILE_ADAPTER_FETCHER_WIN_H_ -#define NET_PROXY_RESOLUTION_DHCP_PAC_FILE_ADAPTER_FETCHER_WIN_H_ +#ifndef NET_PROXY_RESOLUTION_WIN_DHCP_PAC_FILE_ADAPTER_FETCHER_WIN_H_ +#define NET_PROXY_RESOLUTION_WIN_DHCP_PAC_FILE_ADAPTER_FETCHER_WIN_H_ #include <stddef.h> @@ -194,4 +194,4 @@ class NET_EXPORT_PRIVATE DhcpPacFileAdapterFetcher } // namespace net -#endif // NET_PROXY_RESOLUTION_DHCP_PAC_FILE_ADAPTER_FETCHER_WIN_H_ +#endif // NET_PROXY_RESOLUTION_WIN_DHCP_PAC_FILE_ADAPTER_FETCHER_WIN_H_ diff --git a/chromium/net/proxy_resolution/dhcp_pac_file_adapter_fetcher_win_unittest.cc b/chromium/net/proxy_resolution/win/dhcp_pac_file_adapter_fetcher_win_unittest.cc index 4753d025df9..d3fb3f1688c 100644 --- a/chromium/net/proxy_resolution/dhcp_pac_file_adapter_fetcher_win_unittest.cc +++ b/chromium/net/proxy_resolution/win/dhcp_pac_file_adapter_fetcher_win_unittest.cc @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "net/proxy_resolution/dhcp_pac_file_adapter_fetcher_win.h" +#include "net/proxy_resolution/win/dhcp_pac_file_adapter_fetcher_win.h" #include "base/memory/ptr_util.h" #include "base/run_loop.h" @@ -34,7 +34,7 @@ namespace { const char kPacUrl[] = "http://pacserver/script.pac"; -// In net/proxy_resolution/dhcp_pac_file_fetcher_win_unittest.cc there are +// In dhcp_pac_file_fetcher_win_unittest.cc there are // a few tests that exercise DhcpPacFileAdapterFetcher end-to-end along with // DhcpPacFileFetcherWin, i.e. it tests the end-to-end usage of Win32 APIs // and the network. In this file we test only by stubbing out functionality. diff --git a/chromium/net/proxy_resolution/dhcp_pac_file_fetcher_win.cc b/chromium/net/proxy_resolution/win/dhcp_pac_file_fetcher_win.cc index 7990f189322..db45e22d825 100644 --- a/chromium/net/proxy_resolution/dhcp_pac_file_fetcher_win.cc +++ b/chromium/net/proxy_resolution/win/dhcp_pac_file_fetcher_win.cc @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "net/proxy_resolution/dhcp_pac_file_fetcher_win.h" +#include "net/proxy_resolution/win/dhcp_pac_file_fetcher_win.h" #include <memory> #include <vector> @@ -19,7 +19,7 @@ #include "base/values.h" #include "net/base/net_errors.h" #include "net/log/net_log.h" -#include "net/proxy_resolution/dhcp_pac_file_adapter_fetcher_win.h" +#include "net/proxy_resolution/win/dhcp_pac_file_adapter_fetcher_win.h" #include <winsock2.h> #include <iphlpapi.h> diff --git a/chromium/net/proxy_resolution/dhcp_pac_file_fetcher_win.h b/chromium/net/proxy_resolution/win/dhcp_pac_file_fetcher_win.h index 1ad01e0cf7b..32f83f16d21 100644 --- a/chromium/net/proxy_resolution/dhcp_pac_file_fetcher_win.h +++ b/chromium/net/proxy_resolution/win/dhcp_pac_file_fetcher_win.h @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef NET_PROXY_RESOLUTION_DHCP_PAC_FILE_FETCHER_WIN_H_ -#define NET_PROXY_RESOLUTION_DHCP_PAC_FILE_FETCHER_WIN_H_ +#ifndef NET_PROXY_RESOLUTION_WIN_DHCP_PAC_FILE_FETCHER_WIN_H_ +#define NET_PROXY_RESOLUTION_WIN_DHCP_PAC_FILE_FETCHER_WIN_H_ #include <memory> #include <set> @@ -198,4 +198,4 @@ class NET_EXPORT_PRIVATE DhcpPacFileFetcherWin } // namespace net -#endif // NET_PROXY_RESOLUTION_DHCP_PAC_FILE_FETCHER_WIN_H_ +#endif // NET_PROXY_RESOLUTION_WIN_DHCP_PAC_FILE_FETCHER_WIN_H_ diff --git a/chromium/net/proxy_resolution/dhcp_pac_file_fetcher_win_unittest.cc b/chromium/net/proxy_resolution/win/dhcp_pac_file_fetcher_win_unittest.cc index 1bd7736f50e..dbc98c83a5f 100644 --- a/chromium/net/proxy_resolution/dhcp_pac_file_fetcher_win_unittest.cc +++ b/chromium/net/proxy_resolution/win/dhcp_pac_file_fetcher_win_unittest.cc @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "net/proxy_resolution/dhcp_pac_file_fetcher_win.h" +#include "net/proxy_resolution/win/dhcp_pac_file_fetcher_win.h" #include <vector> @@ -15,7 +15,7 @@ #include "base/threading/platform_thread.h" #include "base/timer/elapsed_timer.h" #include "base/timer/timer.h" -#include "net/proxy_resolution/dhcp_pac_file_adapter_fetcher_win.h" +#include "net/proxy_resolution/win/dhcp_pac_file_adapter_fetcher_win.h" #include "net/test/gtest_util.h" #include "net/traffic_annotation/network_traffic_annotation_test_helper.h" #include "net/url_request/url_request_test_util.h" diff --git a/chromium/net/proxy_resolution/dhcpcsvc_init_win.cc b/chromium/net/proxy_resolution/win/dhcpcsvc_init_win.cc index 4a6040f60be..d9a7c6697ca 100644 --- a/chromium/net/proxy_resolution/dhcpcsvc_init_win.cc +++ b/chromium/net/proxy_resolution/win/dhcpcsvc_init_win.cc @@ -2,10 +2,10 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "net/proxy_resolution/dhcpcsvc_init_win.h" +#include "net/proxy_resolution/win/dhcpcsvc_init_win.h" +#include "base/check_op.h" #include "base/lazy_instance.h" -#include "base/logging.h" #include <windows.h> // Must be in front of other Windows header files. diff --git a/chromium/net/proxy_resolution/dhcpcsvc_init_win.h b/chromium/net/proxy_resolution/win/dhcpcsvc_init_win.h index 333cbd21f4e..e6809e67c25 100644 --- a/chromium/net/proxy_resolution/dhcpcsvc_init_win.h +++ b/chromium/net/proxy_resolution/win/dhcpcsvc_init_win.h @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef NET_PROXY_RESOLUTION_DHCPCSVC_INIT_WIN_H_ -#define NET_PROXY_RESOLUTION_DHCPCSVC_INIT_WIN_H_ +#ifndef NET_PROXY_RESOLUTION_WIN_DHCPCSVC_INIT_WIN_H_ +#define NET_PROXY_RESOLUTION_WIN_DHCPCSVC_INIT_WIN_H_ namespace net { @@ -17,4 +17,4 @@ void EnsureDhcpcsvcInit(); } // namespace net -#endif // NET_PROXY_RESOLUTION_DHCPCSVC_INIT_WIN_H_ +#endif // NET_PROXY_RESOLUTION_WIN_DHCPCSVC_INIT_WIN_H_ diff --git a/chromium/net/proxy_resolution/proxy_config_service_win.cc b/chromium/net/proxy_resolution/win/proxy_config_service_win.cc index 4b124f482a1..04dd08d5f57 100644 --- a/chromium/net/proxy_resolution/proxy_config_service_win.cc +++ b/chromium/net/proxy_resolution/win/proxy_config_service_win.cc @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "net/proxy_resolution/proxy_config_service_win.h" +#include "net/proxy_resolution/win/proxy_config_service_win.h" #include <windows.h> #include <winhttp.h> @@ -39,9 +39,12 @@ ProxyConfigServiceWin::ProxyConfigServiceWin( const NetworkTrafficAnnotationTag& traffic_annotation) : PollingProxyConfigService(base::TimeDelta::FromSeconds(kPollIntervalSec), &ProxyConfigServiceWin::GetCurrentProxyConfig, - traffic_annotation) {} + traffic_annotation) { + NetworkChangeNotifier::AddNetworkChangeObserver(this); +} ProxyConfigServiceWin::~ProxyConfigServiceWin() { + NetworkChangeNotifier::RemoveNetworkChangeObserver(this); // The registry functions below will end up going to disk. TODO: Do this on // another thread to avoid slowing the current thread. http://crbug.com/61453 base::ThreadRestrictions::ScopedAllowIO allow_io; @@ -56,6 +59,20 @@ void ProxyConfigServiceWin::AddObserver(Observer* observer) { PollingProxyConfigService::AddObserver(observer); } +void ProxyConfigServiceWin::OnNetworkChanged( + NetworkChangeNotifier::ConnectionType type) { + // Proxy settings on Windows may change when the active connection changes. + // For instance, after connecting to a VPN, the proxy settings for the active + // connection will be that for the VPN. (And ProxyConfigService only reports + // proxy settings for the default connection). + + // This is conditioned on CONNECTION_NONE to avoid duplicating work, as + // NetworkChangeNotifier additionally sends it preceding completion. + // See https://crbug.com/1071901. + if (type == NetworkChangeNotifier::CONNECTION_NONE) + CheckForChangesNow(); +} + void ProxyConfigServiceWin::StartWatchingRegistryForChanges() { if (!keys_to_watch_.empty()) return; // Already initialized. diff --git a/chromium/net/proxy_resolution/proxy_config_service_win.h b/chromium/net/proxy_resolution/win/proxy_config_service_win.h index aa3df2f760c..937c2028c93 100644 --- a/chromium/net/proxy_resolution/proxy_config_service_win.h +++ b/chromium/net/proxy_resolution/win/proxy_config_service_win.h @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef NET_PROXY_RESOLUTION_PROXY_CONFIG_SERVICE_WIN_H_ -#define NET_PROXY_RESOLUTION_PROXY_CONFIG_SERVICE_WIN_H_ +#ifndef NET_PROXY_RESOLUTION_WIN_PROXY_CONFIG_SERVICE_WIN_H_ +#define NET_PROXY_RESOLUTION_WIN_PROXY_CONFIG_SERVICE_WIN_H_ #include <windows.h> #include <winhttp.h> @@ -15,6 +15,7 @@ #include "base/gtest_prod_util.h" #include "base/strings/string16.h" #include "net/base/net_export.h" +#include "net/base/network_change_notifier.h" #include "net/proxy_resolution/polling_proxy_config_service.h" #include "net/proxy_resolution/proxy_config_with_annotation.h" @@ -49,7 +50,8 @@ namespace net { // change, or in case we got it wrong (and are not checking all possible // registry dependencies). class NET_EXPORT_PRIVATE ProxyConfigServiceWin - : public PollingProxyConfigService { + : public PollingProxyConfigService, + public NetworkChangeNotifier::NetworkChangeObserver { public: ProxyConfigServiceWin(const NetworkTrafficAnnotationTag& traffic_annotation); ~ProxyConfigServiceWin() override; @@ -57,6 +59,9 @@ class NET_EXPORT_PRIVATE ProxyConfigServiceWin // Overrides a function from PollingProxyConfigService. void AddObserver(Observer* observer) override; + // NetworkChangeObserver implementation. + void OnNetworkChanged(NetworkChangeNotifier::ConnectionType type) override; + private: FRIEND_TEST_ALL_PREFIXES(ProxyConfigServiceWinTest, SetFromIEConfig); @@ -84,4 +89,4 @@ class NET_EXPORT_PRIVATE ProxyConfigServiceWin } // namespace net -#endif // NET_PROXY_RESOLUTION_PROXY_CONFIG_SERVICE_WIN_H_ +#endif // NET_PROXY_RESOLUTION_WIN_PROXY_CONFIG_SERVICE_WIN_H_ diff --git a/chromium/net/proxy_resolution/proxy_config_service_win_unittest.cc b/chromium/net/proxy_resolution/win/proxy_config_service_win_unittest.cc index 5665e3b91fa..2f41f457105 100644 --- a/chromium/net/proxy_resolution/proxy_config_service_win_unittest.cc +++ b/chromium/net/proxy_resolution/win/proxy_config_service_win_unittest.cc @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "net/proxy_resolution/proxy_config_service_win.h" +#include "net/proxy_resolution/win/proxy_config_service_win.h" #include "base/stl_util.h" #include "net/base/net_errors.h" diff --git a/chromium/net/proxy_resolution/proxy_resolver_winhttp.cc b/chromium/net/proxy_resolution/win/proxy_resolver_winhttp.cc index e7ceb891e8c..87da260bf21 100644 --- a/chromium/net/proxy_resolution/proxy_resolver_winhttp.cc +++ b/chromium/net/proxy_resolution/win/proxy_resolver_winhttp.cc @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "net/proxy_resolution/proxy_resolver_winhttp.h" +#include "net/proxy_resolution/win/proxy_resolver_winhttp.h" #include <windows.h> #include <winhttp.h> diff --git a/chromium/net/proxy_resolution/proxy_resolver_winhttp.h b/chromium/net/proxy_resolution/win/proxy_resolver_winhttp.h index b28f61cfb1d..ad762d53a2a 100644 --- a/chromium/net/proxy_resolution/proxy_resolver_winhttp.h +++ b/chromium/net/proxy_resolution/win/proxy_resolver_winhttp.h @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef NET_PROXY_RESOLUTION_PROXY_RESOLVER_WINHTTP_H_ -#define NET_PROXY_RESOLUTION_PROXY_RESOLVER_WINHTTP_H_ +#ifndef NET_PROXY_RESOLUTION_WIN_PROXY_RESOLVER_WINHTTP_H_ +#define NET_PROXY_RESOLUTION_WIN_PROXY_RESOLVER_WINHTTP_H_ #include "base/compiler_specific.h" #include "base/macros.h" @@ -32,4 +32,4 @@ class NET_EXPORT_PRIVATE ProxyResolverFactoryWinHttp } // namespace net -#endif // NET_PROXY_RESOLUTION_PROXY_RESOLVER_WINHTTP_H_ +#endif // NET_PROXY_RESOLUTION_WIN_PROXY_RESOLVER_WINHTTP_H_ diff --git a/chromium/net/quic/address_utils.h b/chromium/net/quic/address_utils.h index 286146ccd73..3c8d096257d 100644 --- a/chromium/net/quic/address_utils.h +++ b/chromium/net/quic/address_utils.h @@ -5,6 +5,8 @@ #ifndef NET_QUIC_ADDRESS_UTILS_H_ #define NET_QUIC_ADDRESS_UTILS_H_ +#include <string.h> + #include "net/base/ip_address.h" #include "net/base/ip_endpoint.h" #include "net/third_party/quiche/src/quic/platform/api/quic_ip_address.h" diff --git a/chromium/net/quic/bidirectional_stream_quic_impl.cc b/chromium/net/quic/bidirectional_stream_quic_impl.cc index 84260c10264..a8d332f2f21 100644 --- a/chromium/net/quic/bidirectional_stream_quic_impl.cc +++ b/chromium/net/quic/bidirectional_stream_quic_impl.cc @@ -84,12 +84,12 @@ void BidirectionalStreamQuicImpl::Start( delegate_ = delegate; request_info_ = request_info; - // Only allow SAFE methods to use early data, unless overriden by the caller. - bool use_early_data = !HttpUtil::IsMethodSafe(request_info_->method); + // Only allow SAFE methods to use early data, unless overridden by the caller. + bool use_early_data = HttpUtil::IsMethodSafe(request_info_->method); use_early_data |= request_info_->allow_early_data_override; int rv = session_->RequestStream( - use_early_data, + !use_early_data, base::BindOnce(&BidirectionalStreamQuicImpl::OnStreamReady, weak_factory_.GetWeakPtr()), traffic_annotation); diff --git a/chromium/net/quic/bidirectional_stream_quic_impl_unittest.cc b/chromium/net/quic/bidirectional_stream_quic_impl_unittest.cc index 3fbb7b393e0..6cfc33e5862 100644 --- a/chromium/net/quic/bidirectional_stream_quic_impl_unittest.cc +++ b/chromium/net/quic/bidirectional_stream_quic_impl_unittest.cc @@ -425,7 +425,6 @@ class BidirectionalStreamQuicImplTest protected: static const bool kFin = true; static const bool kIncludeVersion = true; - static const bool kIncludeCongestionFeedback = true; // Holds a packet to be written to the wire, and the IO mode that should // be used by the mock socket when performing the write. @@ -742,7 +741,7 @@ class BidirectionalStreamQuicImplTest return client_maker_.MakeAckAndRstPacket( ++packet_number_, !kIncludeVersion, stream_id_, quic::QUIC_STREAM_CANCELLED, largest_received, smallest_received, - least_unacked, !kIncludeCongestionFeedback); + least_unacked); } std::unique_ptr<quic::QuicReceivedPacket> ConstructAckAndDataPacket( @@ -768,8 +767,7 @@ class BidirectionalStreamQuicImplTest uint64_t smallest_received, uint64_t least_unacked) { return client_maker_.MakeAckPacket(++packet_number_, largest_received, - smallest_received, least_unacked, - !kIncludeCongestionFeedback); + smallest_received, least_unacked); } std::unique_ptr<quic::QuicReceivedPacket> ConstructServerAckPacket( @@ -778,8 +776,7 @@ class BidirectionalStreamQuicImplTest uint64_t smallest_received, uint64_t least_unacked) { return server_maker_.MakeAckPacket(packet_number, largest_received, - smallest_received, least_unacked, - !kIncludeCongestionFeedback); + smallest_received, least_unacked); } std::unique_ptr<quic::QuicReceivedPacket> ConstructInitialSettingsPacket() { @@ -1650,18 +1647,10 @@ TEST_P(BidirectionalStreamQuicImplTest, EarlyDataOverrideRequest) { client_maker_.SetEncryptionLevel(quic::ENCRYPTION_ZERO_RTT); if (VersionUsesHttp3(version_.transport_version)) AddWrite(ConstructInitialSettingsPacket()); - client_maker_.SetEncryptionLevel(quic::ENCRYPTION_FORWARD_SECURE); AddWrite(ConstructRequestHeadersPacketInner( - GetNthClientInitiatedBidirectionalStreamId(0), !kFin, DEFAULT_PRIORITY, + GetNthClientInitiatedBidirectionalStreamId(0), kFin, DEFAULT_PRIORITY, &spdy_request_headers_frame_length)); - std::string header = ConstructDataHeader(strlen(kUploadData)); - if (version_.UsesHttp3()) { - AddWrite(ConstructClientDataPacket(kIncludeVersion, kFin, - header + std::string(kUploadData))); - } else { - AddWrite(ConstructClientDataPacket(kIncludeVersion, kFin, kUploadData)); - } - + client_maker_.SetEncryptionLevel(quic::ENCRYPTION_FORWARD_SECURE); AddWrite(ConstructClientAckPacket(3, 1, 2)); Initialize(); @@ -1670,50 +1659,51 @@ TEST_P(BidirectionalStreamQuicImplTest, EarlyDataOverrideRequest) { request.method = "PUT"; request.allow_early_data_override = true; request.url = GURL("http://www.google.com/"); - request.end_stream_on_headers = false; + request.end_stream_on_headers = true; request.priority = DEFAULT_PRIORITY; scoped_refptr<IOBuffer> read_buffer = base::MakeRefCounted<IOBuffer>(kReadBufferSize); std::unique_ptr<TestDelegateBase> delegate( new TestDelegateBase(read_buffer.get(), kReadBufferSize)); + delegate->set_trailers_expected(true); delegate->Start(&request, net_log().bound(), session()->CreateHandle(destination_)); - ConfirmHandshake(); delegate->WaitUntilNextCallback(kOnStreamReady); - - // Send a DATA frame. - scoped_refptr<StringIOBuffer> buf = - base::MakeRefCounted<StringIOBuffer>(kUploadData); - - delegate->SendData(buf, buf->size(), true); - delegate->WaitUntilNextCallback(kOnDataSent); + ConfirmHandshake(); // Server acks the request. ProcessPacket(ConstructServerAckPacket(1, 1, 1, 1)); // Server sends the response headers. spdy::SpdyHeaderBlock response_headers = ConstructResponseHeaders("200"); + size_t spdy_response_headers_frame_length; ProcessPacket( ConstructResponseHeadersPacket(2, !kFin, std::move(response_headers), &spdy_response_headers_frame_length)); delegate->WaitUntilNextCallback(kOnHeadersReceived); + LoadTimingInfo load_timing_info; + EXPECT_TRUE(delegate->GetLoadTimingInfo(&load_timing_info)); + ExpectLoadTimingValid(load_timing_info, /*session_reused=*/false); TestCompletionCallback cb; int rv = delegate->ReadData(cb.callback()); EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); EXPECT_EQ("200", delegate->response_headers().find(":status")->second); const char kResponseBody[] = "Hello world!"; // Server sends data. - std::string header2 = ConstructDataHeader(strlen(kResponseBody)); + std::string header = ConstructDataHeader(strlen(kResponseBody)); ProcessPacket(ConstructServerDataPacket(3, !kIncludeVersion, !kFin, - header2 + kResponseBody)); + header + kResponseBody)); + EXPECT_EQ(12, cb.WaitForResult()); - EXPECT_EQ(static_cast<int>(strlen(kResponseBody)), cb.WaitForResult()); + EXPECT_EQ(std::string(kResponseBody), delegate->data_received()); + TestCompletionCallback cb2; + EXPECT_THAT(delegate->ReadData(cb2.callback()), IsError(ERR_IO_PENDING)); - size_t spdy_trailers_frame_length; spdy::SpdyHeaderBlock trailers; + size_t spdy_trailers_frame_length; trailers["foo"] = "bar"; if (!quic::VersionUsesHttp3(version_.transport_version)) { trailers[quic::kFinalOffsetHeaderKey] = @@ -1724,20 +1714,36 @@ TEST_P(BidirectionalStreamQuicImplTest, EarlyDataOverrideRequest) { &spdy_trailers_frame_length)); delegate->WaitUntilNextCallback(kOnTrailersReceived); + EXPECT_THAT(cb2.WaitForResult(), IsOk()); trailers.erase(quic::kFinalOffsetHeaderKey); EXPECT_EQ(trailers, delegate->trailers()); - EXPECT_THAT(delegate->ReadData(cb.callback()), IsOk()); - EXPECT_EQ(1, delegate->on_data_read_count()); - EXPECT_EQ(1, delegate->on_data_sent_count()); + EXPECT_THAT(delegate->ReadData(cb2.callback()), IsOk()); + base::RunLoop().RunUntilIdle(); + + EXPECT_EQ(2, delegate->on_data_read_count()); + EXPECT_EQ(0, delegate->on_data_sent_count()); EXPECT_EQ(kProtoQUIC, delegate->GetProtocol()); - EXPECT_EQ(static_cast<int64_t>(spdy_request_headers_frame_length + - strlen(kUploadData) + header.length()), + EXPECT_EQ(static_cast<int64_t>(spdy_request_headers_frame_length), delegate->GetTotalSentBytes()); EXPECT_EQ(static_cast<int64_t>(spdy_response_headers_frame_length + - strlen(kResponseBody) + header2.length() + + strlen(kResponseBody) + header.length() + spdy_trailers_frame_length), delegate->GetTotalReceivedBytes()); + // Check that NetLog was filled as expected. + auto entries = net_log().GetEntries(); + size_t pos = ExpectLogContainsSomewhere( + entries, /*min_offset=*/0, + NetLogEventType::QUIC_CHROMIUM_CLIENT_STREAM_SEND_REQUEST_HEADERS, + NetLogEventPhase::NONE); + pos = ExpectLogContainsSomewhere( + entries, /*min_offset=*/pos, + NetLogEventType::QUIC_CHROMIUM_CLIENT_STREAM_SEND_REQUEST_HEADERS, + NetLogEventPhase::NONE); + ExpectLogContainsSomewhere( + entries, /*min_offset=*/pos, + NetLogEventType::QUIC_CHROMIUM_CLIENT_STREAM_SEND_REQUEST_HEADERS, + NetLogEventPhase::NONE); } TEST_P(BidirectionalStreamQuicImplTest, InterleaveReadDataAndSendData) { diff --git a/chromium/net/quic/crypto/proof_source_chromium.cc b/chromium/net/quic/crypto/proof_source_chromium.cc index e62642c7d5a..39e76c5df32 100644 --- a/chromium/net/quic/crypto/proof_source_chromium.cc +++ b/chromium/net/quic/crypto/proof_source_chromium.cc @@ -130,6 +130,7 @@ bool ProofSourceChromium::GetProofInner( } void ProofSourceChromium::GetProof(const quic::QuicSocketAddress& server_addr, + const quic::QuicSocketAddress& client_addr, const std::string& hostname, const std::string& server_config, quic::QuicTransportVersion quic_version, @@ -149,12 +150,14 @@ void ProofSourceChromium::GetProof(const quic::QuicSocketAddress& server_addr, quic::QuicReferenceCountedPointer<quic::ProofSource::Chain> ProofSourceChromium::GetCertChain(const quic::QuicSocketAddress& server_address, + const quic::QuicSocketAddress& client_address, const std::string& hostname) { return chain_; } void ProofSourceChromium::ComputeTlsSignature( const quic::QuicSocketAddress& server_address, + const quic::QuicSocketAddress& client_address, const std::string& hostname, uint16_t signature_algorithm, quiche::QuicheStringPiece in, @@ -188,4 +191,13 @@ void ProofSourceChromium::ComputeTlsSignature( callback->Run(true, sig, nullptr); } +quic::ProofSource::TicketCrypter* ProofSourceChromium::GetTicketCrypter() { + return ticket_crypter_.get(); +} + +void ProofSourceChromium::SetTicketCrypter( + std::unique_ptr<quic::ProofSource::TicketCrypter> ticket_crypter) { + ticket_crypter_ = std::move(ticket_crypter); +} + } // namespace net diff --git a/chromium/net/quic/crypto/proof_source_chromium.h b/chromium/net/quic/crypto/proof_source_chromium.h index 46f92c50021..c16a2073b41 100644 --- a/chromium/net/quic/crypto/proof_source_chromium.h +++ b/chromium/net/quic/crypto/proof_source_chromium.h @@ -33,7 +33,8 @@ class NET_EXPORT_PRIVATE ProofSourceChromium : public quic::ProofSource { const base::FilePath& sct_path); // quic::ProofSource interface - void GetProof(const quic::QuicSocketAddress& server_ip, + void GetProof(const quic::QuicSocketAddress& server_address, + const quic::QuicSocketAddress& client_address, const std::string& hostname, const std::string& server_config, quic::QuicTransportVersion quic_version, @@ -42,15 +43,20 @@ class NET_EXPORT_PRIVATE ProofSourceChromium : public quic::ProofSource { quic::QuicReferenceCountedPointer<Chain> GetCertChain( const quic::QuicSocketAddress& server_address, + const quic::QuicSocketAddress& client_address, const std::string& hostname) override; void ComputeTlsSignature( const quic::QuicSocketAddress& server_address, + const quic::QuicSocketAddress& client_address, const std::string& hostname, uint16_t signature_algorithm, quiche::QuicheStringPiece in, std::unique_ptr<SignatureCallback> callback) override; + TicketCrypter* GetTicketCrypter() override; + void SetTicketCrypter(std::unique_ptr<TicketCrypter> ticket_crypter); + private: bool GetProofInner( const quic::QuicSocketAddress& server_ip, @@ -64,6 +70,7 @@ class NET_EXPORT_PRIVATE ProofSourceChromium : public quic::ProofSource { std::unique_ptr<crypto::RSAPrivateKey> private_key_; quic::QuicReferenceCountedPointer<quic::ProofSource::Chain> chain_; std::string signed_certificate_timestamp_; + std::unique_ptr<TicketCrypter> ticket_crypter_; DISALLOW_COPY_AND_ASSIGN(ProofSourceChromium); }; diff --git a/chromium/net/quic/crypto/proof_test_chromium.cc b/chromium/net/quic/crypto/proof_test_chromium.cc index c361241b6e2..5720991912f 100644 --- a/chromium/net/quic/crypto/proof_test_chromium.cc +++ b/chromium/net/quic/crypto/proof_test_chromium.cc @@ -147,6 +147,7 @@ TEST_P(ProofTest, Verify) { string error_details; quic::QuicCryptoProof proof, first_proof; quic::QuicSocketAddress server_addr; + quic::QuicSocketAddress client_addr; std::unique_ptr<quic::ProofSource::Callback> cb( new TestCallback(&called, &ok, &chain, &proof)); @@ -155,10 +156,10 @@ TEST_P(ProofTest, Verify) { // GetProof here expects the async method to invoke the callback // synchronously. - source->GetProof(server_addr, hostname, server_config, quic_version, - first_chlo_hash, std::move(first_cb)); - source->GetProof(server_addr, hostname, server_config, quic_version, - second_chlo_hash, std::move(cb)); + source->GetProof(server_addr, client_addr, hostname, server_config, + quic_version, first_chlo_hash, std::move(first_cb)); + source->GetProof(server_addr, client_addr, hostname, server_config, + quic_version, second_chlo_hash, std::move(cb)); ASSERT_TRUE(called); ASSERT_TRUE(first_called); ASSERT_TRUE(ok); @@ -220,8 +221,10 @@ TEST_P(ProofTest, TlsSignature) { quic::QuicSocketAddress server_address; const string hostname = "test.example.com"; + quic::QuicSocketAddress client_address; + quic::QuicReferenceCountedPointer<quic::ProofSource::Chain> chain = - source->GetCertChain(server_address, hostname); + source->GetCertChain(server_address, client_address, hostname); ASSERT_GT(chain->certs.size(), 0ul); // Generate a value to be signed similar to the example in TLS 1.3 section @@ -238,8 +241,9 @@ TEST_P(ProofTest, TlsSignature) { bool success; std::unique_ptr<TestingSignatureCallback> callback = std::make_unique<TestingSignatureCallback>(&success, &sig); - source->ComputeTlsSignature(server_address, hostname, SSL_SIGN_RSA_PSS_SHA256, - to_be_signed, std::move(callback)); + source->ComputeTlsSignature(server_address, client_address, hostname, + SSL_SIGN_RSA_PSS_SHA256, to_be_signed, + std::move(callback)); EXPECT_TRUE(success); // Verify that the signature from ComputeTlsSignature can be verified with the @@ -280,12 +284,13 @@ TEST_P(ProofTest, UseAfterFree) { string error_details; quic::QuicCryptoProof proof; quic::QuicSocketAddress server_addr; + quic::QuicSocketAddress client_addr; std::unique_ptr<quic::ProofSource::Callback> cb( new TestCallback(&called, &ok, &chain, &proof)); // GetProof here expects the async method to invoke the callback // synchronously. - source->GetProof(server_addr, hostname, server_config, + source->GetProof(server_addr, client_addr, hostname, server_config, GetParam().transport_version, chlo_hash, std::move(cb)); ASSERT_TRUE(called); ASSERT_TRUE(ok); diff --git a/chromium/net/quic/crypto/proof_verifier_chromium.cc b/chromium/net/quic/crypto/proof_verifier_chromium.cc index b14acf942b7..ee05dce91ca 100644 --- a/chromium/net/quic/crypto/proof_verifier_chromium.cc +++ b/chromium/net/quic/crypto/proof_verifier_chromium.cc @@ -79,6 +79,7 @@ class ProofVerifierChromium::Job { // asynchronously when the verification completes. quic::QuicAsyncStatus VerifyCertChain( const std::string& hostname, + const uint16_t port, const std::vector<std::string>& certs, const std::string& ocsp_response, const std::string& cert_sct, @@ -155,9 +156,6 @@ class ProofVerifierChromium::Job { // passed to CertVerifier::Verify. int cert_verify_flags_; - // If set to true, enforces policy checking in DoVerifyCertComplete(). - bool enforce_policy_checking_; - State next_state_; base::TimeTicks start_time_; @@ -181,7 +179,6 @@ ProofVerifierChromium::Job::Job( transport_security_state_(transport_security_state), cert_transparency_verifier_(cert_transparency_verifier), cert_verify_flags_(cert_verify_flags), - enforce_policy_checking_(true), next_state_(STATE_NONE), start_time_(base::TimeTicks::Now()), net_log_(net_log) { @@ -242,8 +239,8 @@ quic::QuicAsyncStatus ProofVerifierChromium::Job::VerifyProof( // We call VerifySignature first to avoid copying of server_config and // signature. - if (!signature.empty() && !VerifySignature(server_config, quic_version, - chlo_hash, signature, certs[0])) { + if (!VerifySignature(server_config, quic_version, chlo_hash, signature, + certs[0])) { *error_details = "Failed to verify signature of server config"; DLOG(WARNING) << *error_details; verify_details_->cert_verify_result.cert_status = CERT_STATUS_INVALID; @@ -251,13 +248,13 @@ quic::QuicAsyncStatus ProofVerifierChromium::Job::VerifyProof( return quic::QUIC_FAILURE; } - DCHECK(enforce_policy_checking_); return VerifyCert(hostname, port, /*ocsp_response=*/std::string(), cert_sct, error_details, verify_details, std::move(callback)); } quic::QuicAsyncStatus ProofVerifierChromium::Job::VerifyCertChain( const string& hostname, + const uint16_t port, const std::vector<string>& certs, const std::string& ocsp_response, const std::string& cert_sct, @@ -282,10 +279,15 @@ quic::QuicAsyncStatus ProofVerifierChromium::Job::VerifyCertChain( if (!GetX509Certificate(certs, error_details, verify_details)) return quic::QUIC_FAILURE; - enforce_policy_checking_ = false; - // |port| is not needed because |enforce_policy_checking_| is false. - return VerifyCert(hostname, /*port=*/0, ocsp_response, cert_sct, - error_details, verify_details, std::move(callback)); + // Note that this is a completely synchronous operation: The CT Log Verifier + // gets all the data it needs for SCT verification and does not do any + // external communication. + cert_transparency_verifier_->Verify( + hostname, cert_.get(), std::string(), cert_sct, + &verify_details_->ct_verify_result.scts, net_log_); + + return VerifyCert(hostname, port, ocsp_response, cert_sct, error_details, + verify_details, std::move(callback)); } bool ProofVerifierChromium::Job::GetX509Certificate( @@ -411,7 +413,7 @@ int ProofVerifierChromium::Job::DoVerifyCertComplete(int result) { // If the connection was good, check HPKP and CT status simultaneously, // but prefer to treat the HPKP error as more serious, if there was one. - if (enforce_policy_checking_ && result == OK) { + if (result == OK) { ct::SCTList verified_scts = ct::SCTsMatchingStatus( verify_details_->ct_verify_result.scts, ct::SCT_STATUS_OK); @@ -558,6 +560,11 @@ bool ProofVerifierChromium::Job::VerifySignature( return false; } + if (signature.empty()) { + DLOG(WARNING) << "Signature is empty, thus cannot possibly be valid"; + return false; + } + crypto::SignatureVerifier verifier; if (!x509_util::SignatureVerifierInitWithCertificate( &verifier, algorithm, base::as_bytes(base::make_span(signature)), @@ -637,6 +644,7 @@ quic::QuicAsyncStatus ProofVerifierChromium::VerifyProof( quic::QuicAsyncStatus ProofVerifierChromium::VerifyCertChain( const std::string& hostname, + const uint16_t port, const std::vector<std::string>& certs, const std::string& ocsp_response, const std::string& cert_sct, @@ -655,7 +663,7 @@ quic::QuicAsyncStatus ProofVerifierChromium::VerifyCertChain( cert_transparency_verifier_, chromium_context->cert_verify_flags, chromium_context->net_log); quic::QuicAsyncStatus status = - job->VerifyCertChain(hostname, certs, ocsp_response, cert_sct, + job->VerifyCertChain(hostname, port, certs, ocsp_response, cert_sct, error_details, verify_details, std::move(callback)); if (status == quic::QUIC_PENDING) { Job* job_ptr = job.get(); diff --git a/chromium/net/quic/crypto/proof_verifier_chromium.h b/chromium/net/quic/crypto/proof_verifier_chromium.h index 83269f3595b..beacd3d0d63 100644 --- a/chromium/net/quic/crypto/proof_verifier_chromium.h +++ b/chromium/net/quic/crypto/proof_verifier_chromium.h @@ -93,6 +93,7 @@ class NET_EXPORT_PRIVATE ProofVerifierChromium : public quic::ProofVerifier { std::unique_ptr<quic::ProofVerifierCallback> callback) override; quic::QuicAsyncStatus VerifyCertChain( const std::string& hostname, + const uint16_t port, const std::vector<std::string>& certs, const std::string& ocsp_response, const std::string& cert_sct, diff --git a/chromium/net/quic/crypto/proof_verifier_chromium_test.cc b/chromium/net/quic/crypto/proof_verifier_chromium_test.cc index ad8b8167647..62504d05827 100644 --- a/chromium/net/quic/crypto/proof_verifier_chromium_test.cc +++ b/chromium/net/quic/crypto/proof_verifier_chromium_test.cc @@ -104,10 +104,13 @@ class DummyProofVerifierCallback : public quic::ProofVerifierCallback { }; const char kTestHostname[] = "test.example.com"; -const char kTestChloHash[] = "CHLO hash"; -const char kTestEmptySCT[] = ""; const uint16_t kTestPort = 8443; const char kTestConfig[] = "server config bytes"; +const char kTestChloHash[] = "CHLO hash"; +const char kTestEmptyOCSPResponse[] = ""; +const char kTestEmptySCT[] = ""; +const char kTestEmptySignature[] = ""; + const char kLogDescription[] = "somelog"; } // namespace @@ -148,8 +151,9 @@ class ProofVerifierChromiumTest : public ::testing::Test { GetTestCertsDirectory().AppendASCII("quic-leaf-cert.key"), base::FilePath()); std::string signature; - source.GetProof(quic::QuicSocketAddress(), kTestHostname, kTestConfig, - quic::QUIC_VERSION_43, kTestChloHash, + source.GetProof(quic::QuicSocketAddress(), quic::QuicSocketAddress(), + kTestHostname, kTestConfig, quic::QUIC_VERSION_43, + kTestChloHash, std::make_unique<SignatureSaver>(&signature)); return signature; } @@ -217,6 +221,17 @@ TEST_F(ProofVerifierChromiumTest, VerifyProof) { static_cast<ProofVerifyDetailsChromium*>(details_.get()); EXPECT_EQ(dummy_result_.cert_status, verify_details->cert_verify_result.cert_status); + + callback = std::make_unique<DummyProofVerifierCallback>(); + status = proof_verifier.VerifyCertChain( + kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT, + verify_context_.get(), &error_details_, &details_, std::move(callback)); + ASSERT_EQ(quic::QUIC_SUCCESS, status); + + ASSERT_TRUE(details_.get()); + verify_details = static_cast<ProofVerifyDetailsChromium*>(details_.get()); + EXPECT_EQ(dummy_result_.cert_status, + verify_details->cert_verify_result.cert_status); } // Tests that the quic::ProofVerifier fails verification if certificate @@ -234,6 +249,12 @@ TEST_F(ProofVerifierChromiumTest, FailsIfCertFails) { kTestChloHash, certs_, kTestEmptySCT, GetTestSignature(), verify_context_.get(), &error_details_, &details_, std::move(callback)); ASSERT_EQ(quic::QUIC_FAILURE, status); + + callback = std::make_unique<DummyProofVerifierCallback>(); + status = proof_verifier.VerifyCertChain( + kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT, + verify_context_.get(), &error_details_, &details_, std::move(callback)); + ASSERT_EQ(quic::QUIC_FAILURE, status); } // Valid SCT, but invalid signature. @@ -251,10 +272,18 @@ TEST_F(ProofVerifierChromiumTest, ValidSCTList) { new DummyProofVerifierCallback); quic::QuicAsyncStatus status = proof_verifier.VerifyProof( kTestHostname, kTestPort, kTestConfig, quic::QUIC_VERSION_43, - kTestChloHash, certs_, ct::GetSCTListForTesting(), kTestEmptySCT, + kTestChloHash, certs_, ct::GetSCTListForTesting(), kTestEmptySignature, verify_context_.get(), &error_details_, &details_, std::move(callback)); ASSERT_EQ(quic::QUIC_FAILURE, status); CheckSCT(/*sct_expected_ok=*/true); + + callback = std::make_unique<DummyProofVerifierCallback>(); + status = proof_verifier.VerifyCertChain( + kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, + ct::GetSCTListForTesting(), verify_context_.get(), &error_details_, + &details_, std::move(callback)); + ASSERT_EQ(quic::QUIC_FAILURE, status); + CheckSCT(/*sct_expected_ok=*/true); } // Invalid SCT and signature. @@ -271,8 +300,17 @@ TEST_F(ProofVerifierChromiumTest, InvalidSCTList) { new DummyProofVerifierCallback); quic::QuicAsyncStatus status = proof_verifier.VerifyProof( kTestHostname, kTestPort, kTestConfig, quic::QUIC_VERSION_43, - kTestChloHash, certs_, ct::GetSCTListWithInvalidSCT(), kTestEmptySCT, - verify_context_.get(), &error_details_, &details_, std::move(callback)); + kTestChloHash, certs_, ct::GetSCTListWithInvalidSCT(), + kTestEmptySignature, verify_context_.get(), &error_details_, &details_, + std::move(callback)); + ASSERT_EQ(quic::QUIC_FAILURE, status); + CheckSCT(/*sct_expected_ok=*/false); + + callback = std::make_unique<DummyProofVerifierCallback>(); + status = proof_verifier.VerifyCertChain( + kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, + ct::GetSCTListWithInvalidSCT(), verify_context_.get(), &error_details_, + &details_, std::move(callback)); ASSERT_EQ(quic::QUIC_FAILURE, status); CheckSCT(/*sct_expected_ok=*/false); } @@ -289,8 +327,8 @@ TEST_F(ProofVerifierChromiumTest, FailsIfSignatureFails) { new DummyProofVerifierCallback); quic::QuicAsyncStatus status = proof_verifier.VerifyProof( kTestHostname, kTestPort, kTestConfig, quic::QUIC_VERSION_43, - kTestChloHash, certs_, kTestEmptySCT, kTestConfig, verify_context_.get(), - &error_details_, &details_, std::move(callback)); + kTestChloHash, certs_, kTestEmptySCT, kTestEmptySignature, + verify_context_.get(), &error_details_, &details_, std::move(callback)); ASSERT_EQ(quic::QUIC_FAILURE, status); } @@ -323,6 +361,18 @@ TEST_F(ProofVerifierChromiumTest, PreservesEVIfAllowed) { static_cast<ProofVerifyDetailsChromium*>(details_.get()); EXPECT_EQ(dummy_result_.cert_status, verify_details->cert_verify_result.cert_status); + + // Repeat the test with VerifyCertChain. + callback = std::make_unique<DummyProofVerifierCallback>(); + status = proof_verifier.VerifyCertChain( + kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT, + verify_context_.get(), &error_details_, &details_, std::move(callback)); + ASSERT_EQ(quic::QUIC_SUCCESS, status); + + ASSERT_TRUE(details_.get()); + verify_details = static_cast<ProofVerifyDetailsChromium*>(details_.get()); + EXPECT_EQ(dummy_result_.cert_status, + verify_details->cert_verify_result.cert_status); } // Tests that the certificate policy enforcer is consulted for EV @@ -355,6 +405,18 @@ TEST_F(ProofVerifierChromiumTest, StripsEVIfNotAllowed) { EXPECT_EQ(CERT_STATUS_CT_COMPLIANCE_FAILED, verify_details->cert_verify_result.cert_status & (CERT_STATUS_CT_COMPLIANCE_FAILED | CERT_STATUS_IS_EV)); + + callback = std::make_unique<DummyProofVerifierCallback>(); + status = proof_verifier.VerifyCertChain( + kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT, + verify_context_.get(), &error_details_, &details_, std::move(callback)); + ASSERT_EQ(quic::QUIC_SUCCESS, status); + + ASSERT_TRUE(details_.get()); + verify_details = static_cast<ProofVerifyDetailsChromium*>(details_.get()); + EXPECT_EQ(CERT_STATUS_CT_COMPLIANCE_FAILED, + verify_details->cert_verify_result.cert_status & + (CERT_STATUS_CT_COMPLIANCE_FAILED | CERT_STATUS_IS_EV)); } // Tests that the when a certificate's EV status is stripped to EV @@ -396,6 +458,21 @@ TEST_F(ProofVerifierChromiumTest, CTEVHistogramNonCompliant) { histograms.ExpectUniqueSample( kHistogramName, static_cast<int>(ct::CTPolicyCompliance::CT_POLICY_NOT_ENOUGH_SCTS), 1); + + callback = std::make_unique<DummyProofVerifierCallback>(); + status = proof_verifier.VerifyCertChain( + kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT, + verify_context_.get(), &error_details_, &details_, std::move(callback)); + + ASSERT_TRUE(details_.get()); + verify_details = static_cast<ProofVerifyDetailsChromium*>(details_.get()); + EXPECT_EQ(CERT_STATUS_CT_COMPLIANCE_FAILED, + verify_details->cert_verify_result.cert_status & + (CERT_STATUS_CT_COMPLIANCE_FAILED | CERT_STATUS_IS_EV)); + + histograms.ExpectUniqueSample( + kHistogramName, + static_cast<int>(ct::CTPolicyCompliance::CT_POLICY_NOT_ENOUGH_SCTS), 2); } // Tests that when a connection is CT-compliant and its EV status is preserved, @@ -436,6 +513,20 @@ TEST_F(ProofVerifierChromiumTest, CTEVHistogramCompliant) { histograms.ExpectUniqueSample( kHistogramName, static_cast<int>(ct::CTPolicyCompliance::CT_POLICY_COMPLIES_VIA_SCTS), 1); + + callback = std::make_unique<DummyProofVerifierCallback>(); + status = proof_verifier.VerifyCertChain( + kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT, + verify_context_.get(), &error_details_, &details_, std::move(callback)); + + ASSERT_TRUE(details_.get()); + verify_details = static_cast<ProofVerifyDetailsChromium*>(details_.get()); + EXPECT_TRUE(verify_details->cert_verify_result.cert_status & + CERT_STATUS_IS_EV); + + histograms.ExpectUniqueSample( + kHistogramName, + static_cast<int>(ct::CTPolicyCompliance::CT_POLICY_COMPLIES_VIA_SCTS), 2); } HashValueVector MakeHashValueVector(uint8_t tag) { @@ -468,6 +559,15 @@ TEST_F(ProofVerifierChromiumTest, IsFatalErrorNotSetForNonFatalError) { ProofVerifyDetailsChromium* verify_details = static_cast<ProofVerifyDetailsChromium*>(details_.get()); EXPECT_FALSE(verify_details->is_fatal_cert_error); + + callback = std::make_unique<DummyProofVerifierCallback>(); + status = proof_verifier.VerifyCertChain( + kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT, + verify_context_.get(), &error_details_, &details_, std::move(callback)); + ASSERT_EQ(quic::QUIC_FAILURE, status); + + verify_details = static_cast<ProofVerifyDetailsChromium*>(details_.get()); + EXPECT_FALSE(verify_details->is_fatal_cert_error); } TEST_F(ProofVerifierChromiumTest, IsFatalErrorSetForFatalError) { @@ -495,6 +595,14 @@ TEST_F(ProofVerifierChromiumTest, IsFatalErrorSetForFatalError) { ProofVerifyDetailsChromium* verify_details = static_cast<ProofVerifyDetailsChromium*>(details_.get()); EXPECT_TRUE(verify_details->is_fatal_cert_error); + + callback = std::make_unique<DummyProofVerifierCallback>(); + status = proof_verifier.VerifyCertChain( + kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT, + verify_context_.get(), &error_details_, &details_, std::move(callback)); + ASSERT_EQ(quic::QUIC_FAILURE, status); + verify_details = static_cast<ProofVerifyDetailsChromium*>(details_.get()); + EXPECT_TRUE(verify_details->is_fatal_cert_error); } // Test that PKP is enforced for certificates that chain up to known roots. @@ -527,6 +635,19 @@ TEST_F(ProofVerifierChromiumTest, PKPEnforced) { CERT_STATUS_PINNED_KEY_MISSING); EXPECT_FALSE(verify_details->pkp_bypassed); EXPECT_NE("", verify_details->pinning_failure_log); + + callback = std::make_unique<DummyProofVerifierCallback>(); + status = proof_verifier.VerifyCertChain( + kCTAndPKPHost, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT, + verify_context_.get(), &error_details_, &details_, std::move(callback)); + ASSERT_EQ(quic::QUIC_FAILURE, status); + + ASSERT_TRUE(details_.get()); + verify_details = static_cast<ProofVerifyDetailsChromium*>(details_.get()); + EXPECT_TRUE(verify_details->cert_verify_result.cert_status & + CERT_STATUS_PINNED_KEY_MISSING); + EXPECT_FALSE(verify_details->pkp_bypassed); + EXPECT_NE("", verify_details->pinning_failure_log); } // Test |pkp_bypassed| is set when PKP is bypassed due to a local @@ -557,6 +678,16 @@ TEST_F(ProofVerifierChromiumTest, PKPBypassFlagSet) { ProofVerifyDetailsChromium* verify_details = static_cast<ProofVerifyDetailsChromium*>(details_.get()); EXPECT_TRUE(verify_details->pkp_bypassed); + + callback = std::make_unique<DummyProofVerifierCallback>(); + status = proof_verifier.VerifyCertChain( + kCTAndPKPHost, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT, + verify_context_.get(), &error_details_, &details_, std::move(callback)); + ASSERT_EQ(quic::QUIC_SUCCESS, status); + + ASSERT_TRUE(details_.get()); + verify_details = static_cast<ProofVerifyDetailsChromium*>(details_.get()); + EXPECT_TRUE(verify_details->pkp_bypassed); } // Test that when CT is required (in this case, by the delegate), the @@ -598,6 +729,17 @@ TEST_F(ProofVerifierChromiumTest, CTIsRequired) { static_cast<ProofVerifyDetailsChromium*>(details_.get()); EXPECT_TRUE(verify_details->cert_verify_result.cert_status & CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED); + + callback = std::make_unique<DummyProofVerifierCallback>(); + status = proof_verifier.VerifyCertChain( + kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT, + verify_context_.get(), &error_details_, &details_, std::move(callback)); + ASSERT_EQ(quic::QUIC_FAILURE, status); + + ASSERT_TRUE(details_.get()); + verify_details = static_cast<ProofVerifyDetailsChromium*>(details_.get()); + EXPECT_TRUE(verify_details->cert_verify_result.cert_status & + CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED); } // Test that when CT is required (in this case, by the delegate) and CT @@ -642,6 +784,16 @@ TEST_F(ProofVerifierChromiumTest, CTIsRequiredHistogramNonCompliant) { histograms.ExpectUniqueSample( kHistogramName, static_cast<int>(ct::CTPolicyCompliance::CT_POLICY_NOT_ENOUGH_SCTS), 1); + + callback = std::make_unique<DummyProofVerifierCallback>(); + status = proof_verifier.VerifyCertChain( + kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT, + verify_context_.get(), &error_details_, &details_, std::move(callback)); + ASSERT_EQ(quic::QUIC_FAILURE, status); + + histograms.ExpectUniqueSample( + kHistogramName, + static_cast<int>(ct::CTPolicyCompliance::CT_POLICY_NOT_ENOUGH_SCTS), 2); } // Test that when CT is required (in this case, by the delegate) and CT @@ -684,6 +836,12 @@ TEST_F(ProofVerifierChromiumTest, CTIsRequiredHistogramCompliant) { verify_context_.get(), &error_details_, &details_, std::move(callback)); ASSERT_EQ(quic::QUIC_SUCCESS, status); + callback = std::make_unique<DummyProofVerifierCallback>(); + status = proof_verifier.VerifyCertChain( + kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT, + verify_context_.get(), &error_details_, &details_, std::move(callback)); + ASSERT_EQ(quic::QUIC_SUCCESS, status); + histograms.ExpectTotalCount(kHistogramName, 0); } // Now test that the histogram is recorded for public roots. @@ -707,6 +865,17 @@ TEST_F(ProofVerifierChromiumTest, CTIsRequiredHistogramCompliant) { kHistogramName, static_cast<int>(ct::CTPolicyCompliance::CT_POLICY_COMPLIES_VIA_SCTS), 1); + + callback = std::make_unique<DummyProofVerifierCallback>(); + status = proof_verifier.VerifyCertChain( + kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT, + verify_context_.get(), &error_details_, &details_, std::move(callback)); + ASSERT_EQ(quic::QUIC_SUCCESS, status); + + histograms.ExpectUniqueSample( + kHistogramName, + static_cast<int>(ct::CTPolicyCompliance::CT_POLICY_COMPLIES_VIA_SCTS), + 2); } } @@ -735,6 +904,12 @@ TEST_F(ProofVerifierChromiumTest, CTIsNotRequiredHistogram) { verify_context_.get(), &error_details_, &details_, std::move(callback)); ASSERT_EQ(quic::QUIC_SUCCESS, status); + callback = std::make_unique<DummyProofVerifierCallback>(); + status = proof_verifier.VerifyCertChain( + kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT, + verify_context_.get(), &error_details_, &details_, std::move(callback)); + ASSERT_EQ(quic::QUIC_SUCCESS, status); + histograms.ExpectTotalCount(kHistogramName, 0); } @@ -782,6 +957,19 @@ TEST_F(ProofVerifierChromiumTest, PKPAndCTBothTested) { CERT_STATUS_PINNED_KEY_MISSING); EXPECT_TRUE(verify_details->cert_verify_result.cert_status & CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED); + + callback = std::make_unique<DummyProofVerifierCallback>(); + status = proof_verifier.VerifyCertChain( + kCTAndPKPHost, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT, + verify_context_.get(), &error_details_, &details_, std::move(callback)); + ASSERT_EQ(quic::QUIC_FAILURE, status); + + ASSERT_TRUE(details_.get()); + verify_details = static_cast<ProofVerifyDetailsChromium*>(details_.get()); + EXPECT_TRUE(verify_details->cert_verify_result.cert_status & + CERT_STATUS_PINNED_KEY_MISSING); + EXPECT_TRUE(verify_details->cert_verify_result.cert_status & + CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED); } // Test that CT compliance status is recorded in a histogram. @@ -813,6 +1001,12 @@ TEST_F(ProofVerifierChromiumTest, CTComplianceStatusHistogram) { verify_context_.get(), &error_details_, &details_, std::move(callback)); ASSERT_EQ(quic::QUIC_SUCCESS, status); + callback = std::make_unique<DummyProofVerifierCallback>(); + status = proof_verifier.VerifyCertChain( + kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT, + verify_context_.get(), &error_details_, &details_, std::move(callback)); + ASSERT_EQ(quic::QUIC_SUCCESS, status); + // The histogram should not have been recorded. histograms.ExpectTotalCount(kHistogramName, 0); } @@ -839,6 +1033,18 @@ TEST_F(ProofVerifierChromiumTest, CTComplianceStatusHistogram) { kHistogramName, static_cast<int>(ct::CTPolicyCompliance::CT_POLICY_NOT_DIVERSE_SCTS), 1); + + callback = std::make_unique<DummyProofVerifierCallback>(); + status = proof_verifier.VerifyCertChain( + kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT, + verify_context_.get(), &error_details_, &details_, std::move(callback)); + ASSERT_EQ(quic::QUIC_SUCCESS, status); + + // The histogram should have been recorded with the CT compliance status. + histograms.ExpectUniqueSample( + kHistogramName, + static_cast<int>(ct::CTPolicyCompliance::CT_POLICY_NOT_DIVERSE_SCTS), + 2); } } @@ -863,18 +1069,36 @@ TEST_F(ProofVerifierChromiumTest, CTRequirementsFlagNotMet) { &transport_security_state_, ct_verifier_.get(), {}); - std::unique_ptr<DummyProofVerifierCallback> callback( - new DummyProofVerifierCallback); - proof_verifier.VerifyProof( - kTestHostname, kTestPort, kTestConfig, quic::QUIC_VERSION_43, - kTestChloHash, certs_, kTestEmptySCT, GetTestSignature(), - verify_context_.get(), &error_details_, &details_, std::move(callback)); + { + std::unique_ptr<DummyProofVerifierCallback> callback( + new DummyProofVerifierCallback); + proof_verifier.VerifyProof( + kTestHostname, kTestPort, kTestConfig, quic::QUIC_VERSION_43, + kTestChloHash, certs_, kTestEmptySCT, GetTestSignature(), + verify_context_.get(), &error_details_, &details_, std::move(callback)); + + // The flag should be set in the CTVerifyResult. + ProofVerifyDetailsChromium* proof_details = + reinterpret_cast<ProofVerifyDetailsChromium*>(details_.get()); + const ct::CTVerifyResult& ct_verify_result = + proof_details->ct_verify_result; + EXPECT_TRUE(ct_verify_result.policy_compliance_required); + } - // The flag should be set in the CTVerifyResult. - ProofVerifyDetailsChromium* proof_details = - reinterpret_cast<ProofVerifyDetailsChromium*>(details_.get()); - const ct::CTVerifyResult& ct_verify_result = proof_details->ct_verify_result; - EXPECT_TRUE(ct_verify_result.policy_compliance_required); + { + std::unique_ptr<DummyProofVerifierCallback> callback( + new DummyProofVerifierCallback); + proof_verifier.VerifyCertChain( + kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT, + verify_context_.get(), &error_details_, &details_, std::move(callback)); + + // The flag should be set in the CTVerifyResult. + ProofVerifyDetailsChromium* proof_details = + reinterpret_cast<ProofVerifyDetailsChromium*>(details_.get()); + const ct::CTVerifyResult& ct_verify_result = + proof_details->ct_verify_result; + EXPECT_TRUE(ct_verify_result.policy_compliance_required); + } } // Tests that when CT is required and the connection is compliant, the relevant @@ -898,18 +1122,36 @@ TEST_F(ProofVerifierChromiumTest, CTRequirementsFlagMet) { &transport_security_state_, ct_verifier_.get(), {}); - std::unique_ptr<DummyProofVerifierCallback> callback( - new DummyProofVerifierCallback); - proof_verifier.VerifyProof( - kTestHostname, kTestPort, kTestConfig, quic::QUIC_VERSION_43, - kTestChloHash, certs_, kTestEmptySCT, GetTestSignature(), - verify_context_.get(), &error_details_, &details_, std::move(callback)); + { + std::unique_ptr<DummyProofVerifierCallback> callback( + new DummyProofVerifierCallback); + proof_verifier.VerifyProof( + kTestHostname, kTestPort, kTestConfig, quic::QUIC_VERSION_43, + kTestChloHash, certs_, kTestEmptySCT, GetTestSignature(), + verify_context_.get(), &error_details_, &details_, std::move(callback)); + + // The flag should be set in the CTVerifyResult. + ProofVerifyDetailsChromium* proof_details = + reinterpret_cast<ProofVerifyDetailsChromium*>(details_.get()); + const ct::CTVerifyResult& ct_verify_result = + proof_details->ct_verify_result; + EXPECT_TRUE(ct_verify_result.policy_compliance_required); + } - // The flag should be set in the CTVerifyResult. - ProofVerifyDetailsChromium* proof_details = - reinterpret_cast<ProofVerifyDetailsChromium*>(details_.get()); - const ct::CTVerifyResult& ct_verify_result = proof_details->ct_verify_result; - EXPECT_TRUE(ct_verify_result.policy_compliance_required); + { + std::unique_ptr<DummyProofVerifierCallback> callback( + new DummyProofVerifierCallback); + proof_verifier.VerifyCertChain( + kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT, + verify_context_.get(), &error_details_, &details_, std::move(callback)); + + // The flag should be set in the CTVerifyResult. + ProofVerifyDetailsChromium* proof_details = + reinterpret_cast<ProofVerifyDetailsChromium*>(details_.get()); + const ct::CTVerifyResult& ct_verify_result = + proof_details->ct_verify_result; + EXPECT_TRUE(ct_verify_result.policy_compliance_required); + } } TEST_F(ProofVerifierChromiumTest, UnknownRootRejected) { @@ -932,6 +1174,15 @@ TEST_F(ProofVerifierChromiumTest, UnknownRootRejected) { EXPECT_EQ( "Failed to verify certificate chain: net::ERR_QUIC_CERT_ROOT_NOT_KNOWN", error_details_); + + callback = std::make_unique<DummyProofVerifierCallback>(); + status = proof_verifier.VerifyCertChain( + kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT, + verify_context_.get(), &error_details_, &details_, std::move(callback)); + ASSERT_EQ(quic::QUIC_FAILURE, status); + EXPECT_EQ( + "Failed to verify certificate chain: net::ERR_QUIC_CERT_ROOT_NOT_KNOWN", + error_details_); } TEST_F(ProofVerifierChromiumTest, UnknownRootAcceptedWithOverride) { @@ -957,6 +1208,17 @@ TEST_F(ProofVerifierChromiumTest, UnknownRootAcceptedWithOverride) { static_cast<ProofVerifyDetailsChromium*>(details_.get()); EXPECT_EQ(dummy_result_.cert_status, verify_details->cert_verify_result.cert_status); + + callback = std::make_unique<DummyProofVerifierCallback>(); + status = proof_verifier.VerifyCertChain( + kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT, + verify_context_.get(), &error_details_, &details_, std::move(callback)); + ASSERT_EQ(quic::QUIC_SUCCESS, status); + + ASSERT_TRUE(details_.get()); + verify_details = static_cast<ProofVerifyDetailsChromium*>(details_.get()); + EXPECT_EQ(dummy_result_.cert_status, + verify_details->cert_verify_result.cert_status); } TEST_F(ProofVerifierChromiumTest, UnknownRootAcceptedWithWildcardOverride) { @@ -982,29 +1244,17 @@ TEST_F(ProofVerifierChromiumTest, UnknownRootAcceptedWithWildcardOverride) { static_cast<ProofVerifyDetailsChromium*>(details_.get()); EXPECT_EQ(dummy_result_.cert_status, verify_details->cert_verify_result.cert_status); -} - -// Tests that the VerifyCertChain verifies certificates. -TEST_F(ProofVerifierChromiumTest, VerifyCertChain) { - MockCertVerifier dummy_verifier; - dummy_verifier.AddResultForCert(test_cert_.get(), dummy_result_, OK); - ProofVerifierChromium proof_verifier(&dummy_verifier, &ct_policy_enforcer_, - &transport_security_state_, - ct_verifier_.get(), {}); - - std::unique_ptr<DummyProofVerifierCallback> callback( - new DummyProofVerifierCallback); - quic::QuicAsyncStatus status = proof_verifier.VerifyCertChain( - kTestHostname, certs_, /*ocsp_response=*/std::string(), - /*cert_sct=*/std::string(), verify_context_.get(), &error_details_, - &details_, std::move(callback)); + callback = std::make_unique<DummyProofVerifierCallback>(); + status = proof_verifier.VerifyCertChain( + kTestHostname, kTestPort, certs_, kTestEmptyOCSPResponse, kTestEmptySCT, + verify_context_.get(), &error_details_, &details_, std::move(callback)); ASSERT_EQ(quic::QUIC_SUCCESS, status); ASSERT_TRUE(details_.get()); - ProofVerifyDetailsChromium* verify_details = - static_cast<ProofVerifyDetailsChromium*>(details_.get()); - EXPECT_EQ(0u, verify_details->cert_verify_result.cert_status); + verify_details = static_cast<ProofVerifyDetailsChromium*>(details_.get()); + EXPECT_EQ(dummy_result_.cert_status, + verify_details->cert_verify_result.cert_status); } } // namespace test diff --git a/chromium/net/quic/crypto_test_utils_chromium.cc b/chromium/net/quic/crypto_test_utils_chromium.cc index dd86b0fa86b..f284f7c4cdb 100644 --- a/chromium/net/quic/crypto_test_utils_chromium.cc +++ b/chromium/net/quic/crypto_test_utils_chromium.cc @@ -5,7 +5,7 @@ #include <utility> #include "base/callback_helpers.h" -#include "base/logging.h" +#include "base/check.h" #include "base/macros.h" #include "base/memory/ref_counted.h" #include "base/stl_util.h" @@ -31,6 +31,7 @@ #include "net/test/test_data_directory.h" #include "net/third_party/quiche/src/quic/core/crypto/crypto_utils.h" #include "net/third_party/quiche/src/quic/test_tools/crypto_test_utils.h" +#include "net/third_party/quiche/src/quic/test_tools/test_ticket_crypter.h" using std::string; @@ -90,6 +91,7 @@ std::unique_ptr<quic::ProofSource> ProofSourceForTesting() { CHECK(source->Initialize(certs_dir.AppendASCII("quic-chain.pem"), certs_dir.AppendASCII("quic-leaf-cert.key"), certs_dir.AppendASCII("quic-leaf-cert.key.sct"))); + source->SetTicketCrypter(std::make_unique<quic::test::TestTicketCrypter>()); return std::move(source); } diff --git a/chromium/net/quic/mock_crypto_client_stream.cc b/chromium/net/quic/mock_crypto_client_stream.cc index 2eba6804eb7..9a8d2b55e39 100644 --- a/chromium/net/quic/mock_crypto_client_stream.cc +++ b/chromium/net/quic/mock_crypto_client_stream.cc @@ -26,7 +26,6 @@ using quic::ENCRYPTION_ZERO_RTT; using quic::kAESG; using quic::kC255; using quic::kDefaultMaxStreamsPerConnection; -using quic::kMaximumIdleTimeoutSecs; using quic::kQBIC; using quic::NullDecrypter; using quic::NullEncrypter; @@ -65,7 +64,8 @@ MockCryptoClientStream::MockCryptoClientStream( session, std::move(verify_context), crypto_config, - session), + session, + /*has_application_state = */ true), QuicCryptoHandshaker(this, session), handshake_mode_(handshake_mode), encryption_established_(false), @@ -182,7 +182,7 @@ bool MockCryptoClientStream::CryptoConnect() { std::make_unique<NullDecrypter>(Perspective::IS_CLIENT)); } session()->connection()->SetEncrypter(ENCRYPTION_INITIAL, nullptr); - session()->connection()->SetEncrypter( + session()->OnNewEncryptionKeyAvailable( ENCRYPTION_FORWARD_SECURE, std::make_unique<NullEncrypter>(Perspective::IS_CLIENT)); } @@ -264,7 +264,7 @@ void MockCryptoClientStream::NotifySessionOneRttKeyAvailable() { std::make_unique<NullDecrypter>(Perspective::IS_CLIENT)); } session()->connection()->SetEncrypter(ENCRYPTION_INITIAL, nullptr); - session()->connection()->SetEncrypter( + session()->OnNewEncryptionKeyAvailable( ENCRYPTION_FORWARD_SECURE, std::make_unique<NullEncrypter>(Perspective::IS_CLIENT)); } @@ -294,9 +294,6 @@ void MockCryptoClientStream::SetConfigNegotiated() { #endif cgst.push_back(kQBIC); QuicConfig config(config_); - config.SetIdleNetworkTimeout( - QuicTime::Delta::FromSeconds(2 * kMaximumIdleTimeoutSecs), - QuicTime::Delta::FromSeconds(kMaximumIdleTimeoutSecs)); config.SetBytesForConnectionIdToSend(PACKET_8BYTE_CONNECTION_ID); config.SetMaxBidirectionalStreamsToSend(kDefaultMaxStreamsPerConnection / 2); config.SetMaxUnidirectionalStreamsToSend(kDefaultMaxStreamsPerConnection / 2); @@ -313,8 +310,8 @@ void MockCryptoClientStream::SetConfigNegotiated() { PROTOCOL_TLS1_3) { TransportParameters params; ASSERT_TRUE(config.FillTransportParameters(¶ms)); - error = session()->config()->ProcessTransportParameters(params, CLIENT, - &error_details); + error = session()->config()->ProcessTransportParameters( + params, CLIENT, /*is_resumption=*/false, &error_details); } else { CryptoHandshakeMessage msg; config.ToHandshakeMessage( diff --git a/chromium/net/quic/platform/impl/quic_chromium_clock.h b/chromium/net/quic/platform/impl/quic_chromium_clock.h index 7fb3e2ce960..78ef0b5e170 100644 --- a/chromium/net/quic/platform/impl/quic_chromium_clock.h +++ b/chromium/net/quic/platform/impl/quic_chromium_clock.h @@ -5,6 +5,7 @@ #ifndef NET_QUIC_PLATFORM_IMPL_QUIC_CHROMIUM_CLOCK_H_ #define NET_QUIC_PLATFORM_IMPL_QUIC_CHROMIUM_CLOCK_H_ +#include "base/macros.h" #include "base/time/time.h" #include "net/third_party/quiche/src/quic/core/quic_clock.h" #include "net/third_party/quiche/src/quic/platform/api/quic_export.h" diff --git a/chromium/net/quic/platform/impl/quic_containers_impl.h b/chromium/net/quic/platform/impl/quic_containers_impl.h index 8f2db453906..b634aa59313 100644 --- a/chromium/net/quic/platform/impl/quic_containers_impl.h +++ b/chromium/net/quic/platform/impl/quic_containers_impl.h @@ -11,7 +11,6 @@ #include "base/containers/queue.h" #include "base/containers/small_map.h" -#include "net/base/interval_set.h" #include "net/third_party/quiche/src/common/simple_linked_hash_map.h" #include "net/third_party/quiche/src/quic/platform/api/quic_flags.h" @@ -32,6 +31,9 @@ template <typename Key, typename std::unordered_map<Key, Value, Hash>::allocator_type> using QuicUnorderedMapImpl = std::unordered_map<Key, Value, Hash, Eq, Alloc>; +template <typename Key, typename Value, typename Hash> +using QuicHashMapImpl = std::unordered_map<Key, Value, Hash>; + // TODO(mpw): s/std::unordered_set/gtl::node_hash_set/ once node_hash_set is // PG3-compatible. template <typename Key, @@ -41,6 +43,9 @@ template <typename Key, typename std::unordered_set<Key, Hash>::allocator_type> using QuicUnorderedSetImpl = std::unordered_set<Key, Hash, Eq, Alloc>; +template <typename Key, typename Hash> +using QuicHashSetImpl = std::unordered_set<Key, Hash>; + // A map which offers insertion-ordered iteration. template <typename Key, typename Value, typename Hash> using QuicLinkedHashMapImpl = quiche::SimpleLinkedHashMap<Key, Value, Hash>; @@ -51,11 +56,6 @@ using QuicLinkedHashMapImpl = quiche::SimpleLinkedHashMap<Key, Value, Hash>; template <typename Key, typename Value, int Size> using QuicSmallMapImpl = base::small_map<std::unordered_map<Key, Value>, Size>; -// A data structure used to represent a sorted set of non-empty, non-adjacent, -// and mutually disjoint intervals. -template <typename T> -using QuicIntervalSetImpl = net::IntervalSet<T>; - // Represents a simple queue which may be backed by a list or // a flat circular buffer. // diff --git a/chromium/net/quic/platform/impl/quic_default_proof_providers_impl.cc b/chromium/net/quic/platform/impl/quic_default_proof_providers_impl.cc index c84146d84bb..28ec2766c6a 100644 --- a/chromium/net/quic/platform/impl/quic_default_proof_providers_impl.cc +++ b/chromium/net/quic/platform/impl/quic_default_proof_providers_impl.cc @@ -16,8 +16,10 @@ #include "net/http/transport_security_state.h" #include "net/quic/crypto/proof_source_chromium.h" #include "net/quic/crypto/proof_verifier_chromium.h" +#include "net/quic/platform/impl/quic_chromium_clock.h" #include "net/third_party/quiche/src/quic/platform/api/quic_flags.h" #include "net/third_party/quiche/src/quic/platform/api/quic_ptr_util.h" +#include "net/third_party/quiche/src/quic/tools/simple_ticket_crypter.h" DEFINE_QUIC_COMMAND_LINE_FLAG( bool, @@ -82,6 +84,8 @@ std::unique_ptr<ProofVerifier> CreateDefaultProofVerifierImpl( std::unique_ptr<ProofSource> CreateDefaultProofSourceImpl() { auto proof_source = std::make_unique<net::ProofSourceChromium>(); + proof_source->SetTicketCrypter( + std::make_unique<SimpleTicketCrypter>(QuicChromiumClock::GetInstance())); CHECK(proof_source->Initialize( #if defined(OS_WIN) base::FilePath(base::UTF8ToUTF16(GetQuicFlag(FLAGS_certificate_file))), diff --git a/chromium/net/quic/platform/impl/quic_macros_impl.h b/chromium/net/quic/platform/impl/quic_macros_impl.h index f503011907c..43f243d18f7 100644 --- a/chromium/net/quic/platform/impl/quic_macros_impl.h +++ b/chromium/net/quic/platform/impl/quic_macros_impl.h @@ -10,4 +10,7 @@ #define QUIC_MUST_USE_RESULT_IMPL WARN_UNUSED_RESULT #define QUIC_UNUSED_IMPL ALLOW_UNUSED_TYPE +// TODO(wub): Use ABSL_CONST_INIT when absl is allowed. +#define QUIC_CONST_INIT_IMPL + #endif // NET_QUIC_PLATFORM_IMPL_QUIC_MACROS_IMPL_H_ diff --git a/chromium/net/quic/quic_address_mismatch.cc b/chromium/net/quic/quic_address_mismatch.cc index 9a26c26521b..16df1ebe2a7 100644 --- a/chromium/net/quic/quic_address_mismatch.cc +++ b/chromium/net/quic/quic_address_mismatch.cc @@ -4,7 +4,7 @@ #include "net/quic/quic_address_mismatch.h" -#include "base/logging.h" +#include "base/check_op.h" #include "net/base/ip_address.h" namespace net { diff --git a/chromium/net/quic/quic_chromium_alarm_factory.cc b/chromium/net/quic/quic_chromium_alarm_factory.cc index 2eaf0bf7d71..d3102e958a1 100644 --- a/chromium/net/quic/quic_chromium_alarm_factory.cc +++ b/chromium/net/quic/quic_chromium_alarm_factory.cc @@ -5,8 +5,8 @@ #include "net/quic/quic_chromium_alarm_factory.h" #include "base/bind.h" +#include "base/check.h" #include "base/location.h" -#include "base/logging.h" #include "base/metrics/sparse_histogram.h" #include "base/task_runner.h" #include "base/time/time.h" diff --git a/chromium/net/quic/quic_chromium_client_session.cc b/chromium/net/quic/quic_chromium_client_session.cc index 1e4034ad2a7..780b8507c71 100644 --- a/chromium/net/quic/quic_chromium_client_session.cc +++ b/chromium/net/quic/quic_chromium_client_session.cc @@ -70,6 +70,12 @@ const size_t kWaitTimeForNewNetworkSecs = 10; const size_t kMinRetryTimeForDefaultNetworkSecs = 1; +// Default value for maximum number of consecutive pings that can be sent +// with aggressive initial retransmittable on wire timeout if there is no new +// data received. After which, the timeout will be exponentially back off until +// exceeds the default ping timeout. +const int kDefaultMaxAggressiveRetransmittableOnWirePingCount = 200; + // Maximum RTT time for this session when set initial timeout for probing // network. const int kDefaultRTTMilliSecs = 300; @@ -102,36 +108,10 @@ void RecordUnexpectedNotGoingAway(Location location) { NUM_LOCATIONS); } -void RecordConnectionCloseErrorCode(const quic::QuicConnectionCloseFrame& frame, - quic::ConnectionCloseSource source, - const std::string& hostname, - bool handshake_confirmed) { - bool is_google_host = HasGoogleHost(GURL("https://" + hostname)); - std::string histogram = "Net.QuicSession.ConnectionCloseErrorCode"; - - uint64_t error = 0; - if (source == quic::ConnectionCloseSource::FROM_PEER) { - histogram += "Server"; - // When receiving a CONNECTION_CLOSE frame, record error code received on - // the wire. - switch (frame.close_type) { - case quic::GOOGLE_QUIC_CONNECTION_CLOSE: - error = frame.quic_error_code; - break; - case quic::IETF_QUIC_TRANSPORT_CONNECTION_CLOSE: - error = frame.transport_error_code; - histogram += "IetfTransport"; - break; - case quic::IETF_QUIC_APPLICATION_CONNECTION_CLOSE: - error = frame.application_error_code; - histogram += "IetfApplication"; - } - } else { - // When sending a CONNECTION_CLOSE frame, record QuicErrorCode. - histogram += "Client"; - error = frame.extracted_error_code; - } - +void RecordConnectionCloseErrorCodeImpl(const std::string& histogram, + uint64_t error, + bool is_google_host, + bool handshake_confirmed) { base::UmaHistogramSparse(histogram, error); if (handshake_confirmed) { @@ -141,17 +121,53 @@ void RecordConnectionCloseErrorCode(const quic::QuicConnectionCloseFrame& frame, } if (is_google_host) { - histogram += "Google"; - base::UmaHistogramSparse(histogram, error); + base::UmaHistogramSparse(histogram + "Google", error); if (handshake_confirmed) { - base::UmaHistogramSparse(histogram + ".HandshakeConfirmed", error); + base::UmaHistogramSparse(histogram + "Google.HandshakeConfirmed", error); } else { - base::UmaHistogramSparse(histogram + ".HandshakeNotConfirmed", error); + base::UmaHistogramSparse(histogram + "Google.HandshakeNotConfirmed", + error); } } } +void RecordConnectionCloseErrorCode(const quic::QuicConnectionCloseFrame& frame, + quic::ConnectionCloseSource source, + const std::string& hostname, + bool handshake_confirmed) { + bool is_google_host = HasGoogleHost(GURL("https://" + hostname)); + std::string histogram = "Net.QuicSession.ConnectionCloseErrorCode"; + + if (source == quic::ConnectionCloseSource::FROM_SELF) { + // When sending a CONNECTION_CLOSE frame, it is sufficient to record + // |quic_error_code|. + histogram += "Client"; + RecordConnectionCloseErrorCodeImpl(histogram, frame.quic_error_code, + is_google_host, handshake_confirmed); + return; + } + + histogram += "Server"; + + // Record |quic_error_code|. Note that when using IETF QUIC, this is + // extracted from the CONNECTION_CLOSE frame reason phrase, and might be + // QUIC_IETF_GQUIC_ERROR_MISSING. + RecordConnectionCloseErrorCodeImpl(histogram, frame.quic_error_code, + is_google_host, handshake_confirmed); + + // For IETF QUIC frames, also record the error code received on the wire. + if (frame.close_type == quic::IETF_QUIC_TRANSPORT_CONNECTION_CLOSE) { + histogram += "IetfTransport"; + RecordConnectionCloseErrorCodeImpl(histogram, frame.wire_error_code, + is_google_host, handshake_confirmed); + } else if (frame.close_type == quic::IETF_QUIC_APPLICATION_CONNECTION_CLOSE) { + histogram += "IetfApplication"; + RecordConnectionCloseErrorCodeImpl(histogram, frame.wire_error_code, + is_google_host, handshake_confirmed); + } +} + base::Value NetLogQuicMigrationFailureParams( quic::QuicConnectionId connection_id, base::StringPiece reason) { @@ -851,6 +867,13 @@ QuicChromiumClientSession::QuicChromiumClientSession( if (!retransmittable_on_wire_timeout.IsZero()) { connection->set_initial_retransmittable_on_wire_timeout( retransmittable_on_wire_timeout); + if (GetQuicFlag( + FLAGS_quic_max_aggressive_retransmittable_on_wire_ping_count) == + 0) { + // Set a default value for this flag if no custom value is provided. + SetQuicFlag(FLAGS_quic_max_aggressive_retransmittable_on_wire_ping_count, + kDefaultMaxAggressiveRetransmittableOnWirePingCount); + } } } @@ -1128,7 +1151,7 @@ bool QuicChromiumClientSession::ShouldCreateOutgoingBidirectionalStream() { } if (!CanOpenNextOutgoingBidirectionalStream()) { DVLOG(1) << "Failed to create a new outgoing stream. " - << "Already " << GetNumOpenOutgoingStreams() << " open."; + << "Already " << GetNumActiveStreams() << " open."; return false; } if (goaway_received()) { @@ -1175,11 +1198,11 @@ QuicChromiumClientSession::CreateOutgoingReliableStreamImpl( ActivateStream(base::WrapUnique(stream)); ++num_total_streams_; UMA_HISTOGRAM_COUNTS_1M("Net.QuicSession.NumOpenStreams", - GetNumOpenOutgoingStreams()); + GetNumActiveStreams()); // The previous histogram puts 100 in a bucket betweeen 86-113 which does // not shed light on if chrome ever things it has more than 100 streams open. UMA_HISTOGRAM_BOOLEAN("Net.QuicSession.TooManyOpenStreams", - GetNumOpenOutgoingStreams() > 100); + GetNumActiveStreams() > 100); return stream; } @@ -1504,33 +1527,41 @@ void QuicChromiumClientSession::OnCanCreateNewOutgoingStream( void QuicChromiumClientSession::OnConfigNegotiated() { quic::QuicSpdyClientSessionBase::OnConfigNegotiated(); - if (!stream_factory_ || !config()->HasReceivedAlternateServerAddress()) + if (!stream_factory_ || !stream_factory_->allow_server_migration() || + (!config()->HasReceivedIPv6AlternateServerAddress() && + !config()->HasReceivedIPv4AlternateServerAddress())) { return; + } // Server has sent an alternate address to connect to. - IPEndPoint new_address = - ToIPEndPoint(config()->ReceivedAlternateServerAddress()); IPEndPoint old_address; GetDefaultSocket()->GetPeerAddress(&old_address); // Migrate only if address families match, or if new address family is v6, // since a v4 address should be reachable over a v6 network (using a // v4-mapped v6 address). - if (old_address.GetFamily() != new_address.GetFamily() && - old_address.GetFamily() == ADDRESS_FAMILY_IPV4) { - return; - } - - if (old_address.GetFamily() != new_address.GetFamily()) { - DCHECK_EQ(old_address.GetFamily(), ADDRESS_FAMILY_IPV6); - DCHECK_EQ(new_address.GetFamily(), ADDRESS_FAMILY_IPV4); - // Use a v4-mapped v6 address. - new_address = IPEndPoint(ConvertIPv4ToIPv4MappedIPv6(new_address.address()), - new_address.port()); + IPEndPoint new_address; + if (old_address.GetFamily() == ADDRESS_FAMILY_IPV6) { + if (config()->HasReceivedIPv6AlternateServerAddress()) { + new_address = + ToIPEndPoint(config()->ReceivedIPv6AlternateServerAddress()); + } else { + new_address = + ToIPEndPoint(config()->ReceivedIPv4AlternateServerAddress()); + // Use a v4-mapped v6 address. + new_address = + IPEndPoint(ConvertIPv4ToIPv4MappedIPv6(new_address.address()), + new_address.port()); + } + } else if (old_address.GetFamily() == ADDRESS_FAMILY_IPV4) { + if (config()->HasReceivedIPv4AlternateServerAddress()) { + new_address = + ToIPEndPoint(config()->ReceivedIPv4AlternateServerAddress()); + } else { + return; + } } - - if (!stream_factory_->allow_server_migration()) - return; + DCHECK_EQ(new_address.GetFamily(), old_address.GetFamily()); // Specifying kInvalidNetworkHandle for the |network| parameter // causes the session to use the default network for the new socket. @@ -1607,7 +1638,7 @@ void QuicChromiumClientSession::OnConnectionClosed( RecordConnectionCloseErrorCode(frame, source, session_key_.host(), OneRttKeysAvailable()); - const quic::QuicErrorCode error = frame.extracted_error_code; + const quic::QuicErrorCode error = frame.quic_error_code; const std::string& error_details = frame.error_details; if (source == quic::ConnectionCloseSource::FROM_PEER) { @@ -1669,9 +1700,9 @@ void QuicChromiumClientSession::OnConnectionClosed( if (error == quic::QUIC_NETWORK_IDLE_TIMEOUT) { UMA_HISTOGRAM_COUNTS_1M( "Net.QuicSession.ConnectionClose.NumOpenStreams.TimedOut", - GetNumOpenOutgoingStreams()); + GetNumActiveStreams()); if (OneRttKeysAvailable()) { - if (GetNumOpenOutgoingStreams() > 0) { + if (GetNumActiveStreams() > 0) { UMA_HISTOGRAM_BOOLEAN( "Net.QuicSession.TimedOutWithOpenStreams.HasUnackedPackets", connection()->sent_packet_manager().HasInFlightPackets()); @@ -1688,7 +1719,7 @@ void QuicChromiumClientSession::OnConnectionClosed( } else { UMA_HISTOGRAM_COUNTS_1M( "Net.QuicSession.ConnectionClose.NumOpenStreams.HandshakeTimedOut", - GetNumOpenOutgoingStreams()); + GetNumActiveStreams()); UMA_HISTOGRAM_COUNTS_1M( "Net.QuicSession.ConnectionClose.NumTotalStreams.HandshakeTimedOut", num_total_streams_); @@ -1703,9 +1734,12 @@ void QuicChromiumClientSession::OnConnectionClosed( // then QUIC traffic has become blackholed. if (stream_factory_ && (error == quic::QUIC_TOO_MANY_RTOS || (error == quic::QUIC_NETWORK_IDLE_TIMEOUT && - GetNumOpenOutgoingStreams() > 0))) { + GetNumActiveStreams() > 0))) { stream_factory_->OnBlackholeAfterHandshakeConfirmed(this); } + UMA_HISTOGRAM_COUNTS_100( + "Net.QuicSession.CryptoRetransmitCount.HandshakeConfirmed", + connection()->GetStats().crypto_retransmit_count); } else { if (error == quic::QUIC_PUBLIC_RESET) { RecordHandshakeFailureReason(HANDSHAKE_FAILURE_PUBLIC_RESET); @@ -1720,6 +1754,9 @@ void QuicChromiumClientSession::OnConnectionClosed( "Net.QuicSession.ConnectionClose.HandshakeFailureUnknown.QuicError", error); } + UMA_HISTOGRAM_COUNTS_100( + "Net.QuicSession.CryptoRetransmitCount.HandshakeNotConfirmed", + connection()->GetStats().crypto_retransmit_count); } base::UmaHistogramSparse("Net.QuicSession.QuicVersion", @@ -2841,7 +2878,7 @@ base::Value QuicChromiumClientSession::GetInfoAsValue( base::DictionaryValue dict; dict.SetString("version", QuicVersionToString(connection()->transport_version())); - dict.SetInteger("open_streams", GetNumOpenOutgoingStreams()); + dict.SetInteger("open_streams", GetNumActiveStreams()); std::unique_ptr<base::ListValue> stream_list(new base::ListValue()); for (StreamMap::const_iterator it = stream_map().begin(); it != stream_map().end(); ++it) { diff --git a/chromium/net/quic/quic_chromium_client_session_test.cc b/chromium/net/quic/quic_chromium_client_session_test.cc index 71e76fced2b..404d815f3af 100644 --- a/chromium/net/quic/quic_chromium_client_session_test.cc +++ b/chromium/net/quic/quic_chromium_client_session_test.cc @@ -107,7 +107,7 @@ class TestingQuicChromiumClientSession : public QuicChromiumClientSession { public: using QuicChromiumClientSession::QuicChromiumClientSession; - MOCK_METHOD0(OnPathDegrading, void()); + MOCK_METHOD(void, OnPathDegrading, (), (override)); void ReallyOnPathDegrading() { QuicChromiumClientSession::OnPathDegrading(); } }; @@ -592,7 +592,7 @@ TEST_P(QuicChromiumClientSessionTest, AsyncStreamRequest) { for (size_t i = 0; i < kMaxOpenStreams; i++) { QuicChromiumClientSessionPeer::CreateOutgoingStream(session_.get()); } - EXPECT_EQ(kMaxOpenStreams, session_->GetNumOpenOutgoingStreams()); + EXPECT_EQ(kMaxOpenStreams, session_->GetNumActiveStreams()); // Request a stream and verify that it's pending. std::unique_ptr<QuicChromiumClientSession::Handle> handle = @@ -664,7 +664,7 @@ TEST_P(QuicChromiumClientSessionTest, ReadAfterConnectionClose) { for (size_t i = 0; i < kMaxOpenStreams; i++) { QuicChromiumClientSessionPeer::CreateOutgoingStream(session_.get()); } - EXPECT_EQ(kMaxOpenStreams, session_->GetNumOpenOutgoingStreams()); + EXPECT_EQ(kMaxOpenStreams, session_->GetNumActiveStreams()); // Request two streams which will both be pending. // In V99 each will generate a max stream id for each attempt. @@ -727,7 +727,7 @@ TEST_P(QuicChromiumClientSessionTest, ClosedWithAsyncStreamRequest) { for (size_t i = 0; i < kMaxOpenStreams; i++) { QuicChromiumClientSessionPeer::CreateOutgoingStream(session_.get()); } - EXPECT_EQ(kMaxOpenStreams, session_->GetNumOpenOutgoingStreams()); + EXPECT_EQ(kMaxOpenStreams, session_->GetNumActiveStreams()); // Request two streams which will both be pending. // In V99 each will generate a max stream id for each attempt. @@ -798,7 +798,7 @@ TEST_P(QuicChromiumClientSessionTest, CancelPendingStreamRequest) { for (size_t i = 0; i < kMaxOpenStreams; i++) { QuicChromiumClientSessionPeer::CreateOutgoingStream(session_.get()); } - EXPECT_EQ(kMaxOpenStreams, session_->GetNumOpenOutgoingStreams()); + EXPECT_EQ(kMaxOpenStreams, session_->GetNumActiveStreams()); // Request a stream and verify that it's pending. std::unique_ptr<QuicChromiumClientSession::Handle> handle = @@ -826,7 +826,7 @@ TEST_P(QuicChromiumClientSessionTest, CancelPendingStreamRequest) { quic::QUIC_STREAM_CANCELLED); session_->OnStopSendingFrame(stop_sending); } - EXPECT_EQ(kMaxOpenStreams - 1, session_->GetNumOpenOutgoingStreams()); + EXPECT_EQ(kMaxOpenStreams - 1, session_->GetNumActiveStreams()); quic_data.Resume(); EXPECT_TRUE(quic_data.AllReadDataConsumed()); @@ -944,7 +944,7 @@ TEST_P(QuicChromiumClientSessionTest, ConnectionCloseWithPendingStreamRequest) { for (size_t i = 0; i < kMaxOpenStreams; i++) { QuicChromiumClientSessionPeer::CreateOutgoingStream(session_.get()); } - EXPECT_EQ(kMaxOpenStreams, session_->GetNumOpenOutgoingStreams()); + EXPECT_EQ(kMaxOpenStreams, session_->GetNumActiveStreams()); // Request a stream and verify that it's pending. std::unique_ptr<QuicChromiumClientSession::Handle> handle = @@ -1013,7 +1013,7 @@ TEST_P(QuicChromiumClientSessionTest, MaxNumStreams) { EXPECT_FALSE( QuicChromiumClientSessionPeer::CreateOutgoingStream(session_.get())); - EXPECT_EQ(kMaxOpenStreams, session_->GetNumOpenOutgoingStreams()); + EXPECT_EQ(kMaxOpenStreams, session_->GetNumActiveStreams()); // Close a stream and ensure I can now open a new one. quic::QuicStreamId stream_id = streams[0]->id(); @@ -1027,7 +1027,7 @@ TEST_P(QuicChromiumClientSessionTest, MaxNumStreams) { quic::QuicRstStreamFrame rst1(quic::kInvalidControlFrameId, stream_id, quic::QUIC_STREAM_NO_ERROR, 0); session_->OnRstStream(rst1); - EXPECT_EQ(kMaxOpenStreams - 1, session_->GetNumOpenOutgoingStreams()); + EXPECT_EQ(kMaxOpenStreams - 1, session_->GetNumActiveStreams()); base::RunLoop().RunUntilIdle(); EXPECT_TRUE( QuicChromiumClientSessionPeer::CreateOutgoingStream(session_.get())); @@ -1175,7 +1175,7 @@ TEST_P(QuicChromiumClientSessionTest, PendingStreamOnRst) { quic::QuicStreamFrame data(GetNthServerInitiatedUnidirectionalStreamId(0), false, 1, quiche::QuicheStringPiece("SP")); session_->OnStreamFrame(data); - EXPECT_EQ(0u, session_->GetNumOpenIncomingStreams()); + EXPECT_EQ(0u, session_->GetNumActiveStreams()); quic::QuicRstStreamFrame rst(quic::kInvalidControlFrameId, GetNthServerInitiatedUnidirectionalStreamId(0), quic::QUIC_STREAM_CANCELLED, 0); @@ -1207,7 +1207,7 @@ TEST_P(QuicChromiumClientSessionTest, ClosePendingStream) { quic::QuicStreamId id = GetNthServerInitiatedUnidirectionalStreamId(0); quic::QuicStreamFrame data(id, false, 1, quiche::QuicheStringPiece("SP")); session_->OnStreamFrame(data); - EXPECT_EQ(0u, session_->GetNumOpenIncomingStreams()); + EXPECT_EQ(0u, session_->GetNumActiveStreams()); session_->CloseStream(id); } @@ -1899,70 +1899,6 @@ TEST_P(QuicChromiumClientSessionTest, MigrateToSocketReadError) { EXPECT_TRUE(new_socket_data.AllWriteDataConsumed()); } -TEST_P(QuicChromiumClientSessionTest, DetectPathDegradingDuringHandshake) { - if (version_.handshake_protocol == quic::PROTOCOL_TLS1_3) { - // TODO(nharper, b/112643533): Figure out why this test fails when TLS is - // enabled and fix it. - return; - } - migrate_session_early_v2_ = true; - - MockQuicData quic_data(version_); - quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Hanging read - quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakeDummyCHLOPacket(1)); - quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakeDummyCHLOPacket(2)); - quic_data.AddSocketDataToFactory(&socket_factory_); - - // Set the crypto handshake mode to cold start and send CHLO packets. - crypto_client_stream_factory_.set_handshake_mode( - MockCryptoClientStream::COLD_START_WITH_CHLO_SENT); - Initialize(); - - session_->CryptoConnect(callback_.callback()); - - // Check retransmission alarm is set after sending the initial CHLO packet. - quic::QuicAlarm* retransmission_alarm = - quic::test::QuicConnectionPeer::GetRetransmissionAlarm( - session_->connection()); - EXPECT_TRUE(retransmission_alarm->IsSet()); - quic::QuicTime retransmission_time = retransmission_alarm->deadline(); - - // Check path degrading alarm is set after sending the initial CHLO packet. - quic::QuicAlarm* path_degrading_alarm = - quic::test::QuicConnectionPeer::GetPathDegradingAlarm( - session_->connection()); - EXPECT_TRUE(path_degrading_alarm->IsSet()); - quic::QuicTime path_degrading_time = path_degrading_alarm->deadline(); - EXPECT_LE(retransmission_time, path_degrading_time); - - // Do not create outgoing stream since encryption is not established. - std::unique_ptr<QuicChromiumClientSession::Handle> handle = - session_->CreateHandle(destination_); - TestCompletionCallback callback; - EXPECT_TRUE(handle->IsConnected()); - EXPECT_FALSE(handle->OneRttKeysAvailable()); - EXPECT_EQ( - ERR_IO_PENDING, - handle->RequestStream(/*require_handshake_confirmation=*/true, - callback.callback(), TRAFFIC_ANNOTATION_FOR_TESTS)); - - // Fire the retransmission alarm to retransmit the crypto packet. - quic::QuicTime::Delta delay = retransmission_time - clock_.ApproximateNow(); - clock_.AdvanceTime(delay); - alarm_factory_.FireAlarm(retransmission_alarm); - - // Fire the path degrading alarm to notify session that path is degrading - // during crypto handshake. - delay = path_degrading_time - clock_.ApproximateNow(); - clock_.AdvanceTime(delay); - EXPECT_CALL(*session_.get(), OnPathDegrading()); - alarm_factory_.FireAlarm(path_degrading_alarm); - - EXPECT_TRUE(session_->connection()->IsPathDegrading()); - EXPECT_TRUE(quic_data.AllReadDataConsumed()); - EXPECT_TRUE(quic_data.AllWriteDataConsumed()); -} - TEST_P(QuicChromiumClientSessionTest, GoAwayOnPathDegradingOnlyWhenHandshakeConfirmed) { go_away_on_path_degrading_ = true; @@ -1994,8 +1930,8 @@ TEST_P(QuicChromiumClientSessionTest, RetransmittableOnWireTimeout) { quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakePingPacket(packet_num++, true)); - quic_data.AddRead( - ASYNC, server_maker_.MakeAckPacket(1, packet_num - 1, 1, 1, false)); + quic_data.AddRead(ASYNC, + server_maker_.MakeAckPacket(1, packet_num - 1, 1, 1)); quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakePingPacket(packet_num++, false)); diff --git a/chromium/net/quic/quic_chromium_client_stream_test.cc b/chromium/net/quic/quic_chromium_client_stream_test.cc index 612f0420da5..a4923d1e689 100644 --- a/chromium/net/quic/quic_chromium_client_stream_test.cc +++ b/chromium/net/quic/quic_chromium_client_stream_test.cc @@ -955,10 +955,22 @@ TEST_P(QuicChromiumClientStreamTest, HeadersAndDataBeforeHandle) { // Regression test for https://crbug.com/1043531. TEST_P(QuicChromiumClientStreamTest, ResetOnEmptyResponseHeaders) { + if (!VersionUsesHttp3(version_.transport_version)) { + // QuicSpdyStream resets itself on empty headers, + // because it is used to signal that headers were too large. + EXPECT_CALL(session_, + SendRstStream(stream_->id(), quic::QUIC_HEADERS_TOO_LARGE, 0)); + } + const spdy::SpdyHeaderBlock empty_response_headers; ProcessHeaders(empty_response_headers); - int rv = handle_->ReadInitialHeaders(&headers_, CompletionOnceCallback()); - EXPECT_THAT(rv, IsError(ERR_INVALID_RESPONSE)); + + if (VersionUsesHttp3(version_.transport_version)) { + // Empty headers are allowed by QuicSpdyStream, + // but an error is generated by QuicChromiumClientStream. + int rv = handle_->ReadInitialHeaders(&headers_, CompletionOnceCallback()); + EXPECT_THAT(rv, IsError(ERR_INVALID_RESPONSE)); + } } } // namespace diff --git a/chromium/net/quic/quic_chromium_packet_writer.cc b/chromium/net/quic/quic_chromium_packet_writer.cc index 143c2986363..2c5d194df73 100644 --- a/chromium/net/quic/quic_chromium_packet_writer.cc +++ b/chromium/net/quic/quic_chromium_packet_writer.cc @@ -8,8 +8,8 @@ #include <utility> #include "base/bind.h" +#include "base/check_op.h" #include "base/location.h" -#include "base/logging.h" #include "base/metrics/histogram_macros.h" #include "base/metrics/sparse_histogram.h" #include "net/base/io_buffer.h" diff --git a/chromium/net/quic/quic_client_session_cache.cc b/chromium/net/quic/quic_client_session_cache.cc index fc475951c9d..7bc5945225a 100644 --- a/chromium/net/quic/quic_client_session_cache.cc +++ b/chromium/net/quic/quic_client_session_cache.cc @@ -12,20 +12,31 @@ namespace net { namespace { const size_t kDefaultMaxEntries = 1024; -// Check whether the SSL session inside |state| is expired at |now|. -bool IsExpired(quic::QuicResumptionState* state, time_t now) { +// Returns false if the SSL |session| doesn't exist or it is expired at |now|. +bool IsValid(SSL_SESSION* session, time_t now) { + if (!session) + return false; + if (now < 0) - return true; + return false; - SSL_SESSION* session = state->tls_session.get(); uint64_t now_u64 = static_cast<uint64_t>(now); // now_u64 may be slightly behind because of differences in how // time is calculated at this layer versus BoringSSL. // Add a second of wiggle room to account for this. - return now_u64 < SSL_SESSION_get_time(session) - 1 || - now_u64 >= - SSL_SESSION_get_time(session) + SSL_SESSION_get_timeout(session); + return !(now_u64 < SSL_SESSION_get_time(session) - 1 || + now_u64 >= SSL_SESSION_get_time(session) + + SSL_SESSION_get_timeout(session)); +} + +bool DoApplicationStatesMatch(const quic::ApplicationState* state, + quic::ApplicationState* other) { + if ((state && !other) || (!state && other)) + return false; + if ((!state && !other) || *state == *other) + return true; + return false; } } // namespace @@ -46,8 +57,30 @@ QuicClientSessionCache::~QuicClientSessionCache() { void QuicClientSessionCache::Insert( const quic::QuicServerId& server_id, - std::unique_ptr<quic::QuicResumptionState> state) { - cache_.Put(server_id, std::move(state)); + bssl::UniquePtr<SSL_SESSION> session, + const quic::TransportParameters& params, + const quic::ApplicationState* application_state) { + DCHECK(session) << "TLS session is not inserted into client cache."; + auto iter = cache_.Get(server_id); + if (iter == cache_.end()) { + CreateAndInsertEntry(server_id, std::move(session), params, + application_state); + return; + } + + DCHECK(iter->second.params); + // The states are both the same, so only need to insert sessions. + if (params == *iter->second.params && + DoApplicationStatesMatch(application_state, + iter->second.application_state.get())) { + iter->second.PushSession(std::move(session)); + return; + } + // Erase the existing entry because this Insert call must come from a + // different QUIC session. + cache_.Erase(iter); + CreateAndInsertEntry(server_id, std::move(session), params, + application_state); } std::unique_ptr<quic::QuicResumptionState> QuicClientSessionCache::Lookup( @@ -58,18 +91,23 @@ std::unique_ptr<quic::QuicResumptionState> QuicClientSessionCache::Lookup( return nullptr; time_t now = clock_->Now().ToTimeT(); - std::unique_ptr<quic::QuicResumptionState> state = std::move(iter->second); - cache_.Erase(iter); - if (IsExpired(state.get(), now)) - state = nullptr; + if (!IsValid(iter->second.PeekSession(), now)) { + cache_.Erase(iter); + return nullptr; + } + auto state = std::make_unique<quic::QuicResumptionState>(); + state->tls_session = iter->second.PopSession(); + state->transport_params = iter->second.params.get(); + state->application_state = iter->second.application_state.get(); + return state; } -void QuicClientSessionCache::FlushExpiredStates() { +void QuicClientSessionCache::FlushInvalidEntries() { time_t now = clock_->Now().ToTimeT(); auto iter = cache_.begin(); while (iter != cache_.end()) { - if (IsExpired(iter->second.get(), now)) { + if (!IsValid(iter->second.PeekSession(), now)) { iter = cache_.Erase(iter); } else { ++iter; @@ -83,7 +121,7 @@ void QuicClientSessionCache::OnMemoryPressure( case base::MemoryPressureListener::MEMORY_PRESSURE_LEVEL_NONE: break; case base::MemoryPressureListener::MEMORY_PRESSURE_LEVEL_MODERATE: - FlushExpiredStates(); + FlushInvalidEntries(); break; case base::MemoryPressureListener::MEMORY_PRESSURE_LEVEL_CRITICAL: Flush(); @@ -91,4 +129,48 @@ void QuicClientSessionCache::OnMemoryPressure( } } +void QuicClientSessionCache::Flush() { + cache_.Clear(); +} + +void QuicClientSessionCache::CreateAndInsertEntry( + const quic::QuicServerId& server_id, + bssl::UniquePtr<SSL_SESSION> session, + const quic::TransportParameters& params, + const quic::ApplicationState* application_state) { + Entry entry; + entry.PushSession(std::move(session)); + entry.params = std::make_unique<quic::TransportParameters>(params); + if (application_state) { + entry.application_state = + std::make_unique<quic::ApplicationState>(*application_state); + } + cache_.Put(server_id, std::move(entry)); +} + +QuicClientSessionCache::Entry::Entry() = default; +QuicClientSessionCache::Entry::Entry(Entry&&) = default; +QuicClientSessionCache::Entry::~Entry() = default; + +void QuicClientSessionCache::Entry::PushSession( + bssl::UniquePtr<SSL_SESSION> session) { + if (sessions[0] != nullptr) { + sessions[1] = std::move(sessions[0]); + } + sessions[0] = std::move(session); +} + +bssl::UniquePtr<SSL_SESSION> QuicClientSessionCache::Entry::PopSession() { + if (sessions[0] == nullptr) + return nullptr; + bssl::UniquePtr<SSL_SESSION> session = std::move(sessions[0]); + sessions[0] = std::move(sessions[1]); + sessions[1] = nullptr; + return session; +} + +SSL_SESSION* QuicClientSessionCache::Entry::PeekSession() { + return sessions[0].get(); +} + } // namespace net diff --git a/chromium/net/quic/quic_client_session_cache.h b/chromium/net/quic/quic_client_session_cache.h index c102eff48e5..8d7506ee4ec 100644 --- a/chromium/net/quic/quic_client_session_cache.h +++ b/chromium/net/quic/quic_client_session_cache.h @@ -31,7 +31,9 @@ class NET_EXPORT_PRIVATE QuicClientSessionCache : public quic::SessionCache { ~QuicClientSessionCache() override; void Insert(const quic::QuicServerId& server_id, - std::unique_ptr<quic::QuicResumptionState> state) override; + bssl::UniquePtr<SSL_SESSION> session, + const quic::TransportParameters& params, + const quic::ApplicationState* application_state) override; std::unique_ptr<quic::QuicResumptionState> Lookup( const quic::QuicServerId& server_id, @@ -41,17 +43,40 @@ class NET_EXPORT_PRIVATE QuicClientSessionCache : public quic::SessionCache { size_t size() const { return cache_.size(); } - void Flush() { cache_.Clear(); } + void Flush(); void OnMemoryPressure( base::MemoryPressureListener::MemoryPressureLevel memory_pressure_level); private: - void FlushExpiredStates(); + struct Entry { + Entry(); + Entry(Entry&&); + ~Entry(); + + // Adds a new |session| onto sessions, dropping the oldest one if two are + // already stored. + void PushSession(bssl::UniquePtr<SSL_SESSION> session); + + // Retrieves the latest session from the entry, meanwhile removing it. + bssl::UniquePtr<SSL_SESSION> PopSession(); + + SSL_SESSION* PeekSession(); + + bssl::UniquePtr<SSL_SESSION> sessions[2]; + std::unique_ptr<quic::TransportParameters> params; + std::unique_ptr<quic::ApplicationState> application_state; + }; + void FlushInvalidEntries(); + + // Creates a new entry and insert into |cache_|. + void CreateAndInsertEntry(const quic::QuicServerId& server_id, + bssl::UniquePtr<SSL_SESSION> session, + const quic::TransportParameters& params, + const quic::ApplicationState* application_state); base::Clock* clock_; - base::MRUCache<quic::QuicServerId, std::unique_ptr<quic::QuicResumptionState>> - cache_; + base::MRUCache<quic::QuicServerId, Entry> cache_; std::unique_ptr<base::MemoryPressureListener> memory_pressure_listener_; }; diff --git a/chromium/net/quic/quic_client_session_cache_unittests.cc b/chromium/net/quic/quic_client_session_cache_unittests.cc index d9b731281ce..0fac11c6840 100644 --- a/chromium/net/quic/quic_client_session_cache_unittests.cc +++ b/chromium/net/quic/quic_client_session_cache_unittests.cc @@ -15,6 +15,28 @@ namespace net { namespace { +const quic::QuicVersionLabel kFakeVersionLabel = 0x01234567; +const quic::QuicVersionLabel kFakeVersionLabel2 = 0x89ABCDEF; +const uint64_t kFakeIdleTimeoutMilliseconds = 12012; +const uint8_t kFakeStatelessResetTokenData[16] = { + 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, + 0x98, 0x99, 0x9A, 0x9B, 0x9C, 0x9D, 0x9E, 0x9F}; +const uint64_t kFakeMaxPacketSize = 9001; +const uint64_t kFakeInitialMaxData = 101; +const bool kFakeDisableMigration = true; +const auto kCustomParameter1 = + static_cast<quic::TransportParameters::TransportParameterId>(0xffcd); +const char* kCustomParameter1Value = "foo"; +const auto kCustomParameter2 = + static_cast<quic::TransportParameters::TransportParameterId>(0xff34); +const char* kCustomParameter2Value = "bar"; + +std::vector<uint8_t> CreateFakeStatelessResetToken() { + return std::vector<uint8_t>( + kFakeStatelessResetTokenData, + kFakeStatelessResetTokenData + base::size(kFakeStatelessResetTokenData)); +} + std::unique_ptr<base::SimpleTestClock> MakeTestClock() { std::unique_ptr<base::SimpleTestClock> clock = std::make_unique<base::SimpleTestClock>(); @@ -24,6 +46,23 @@ std::unique_ptr<base::SimpleTestClock> MakeTestClock() { return clock; } +// Make a TransportParameters that has a few fields set to help test comparison. +std::unique_ptr<quic::TransportParameters> MakeFakeTransportParams() { + auto params = std::make_unique<quic::TransportParameters>(); + params->perspective = quic::Perspective::IS_CLIENT; + params->version = kFakeVersionLabel; + params->supported_versions.push_back(kFakeVersionLabel); + params->supported_versions.push_back(kFakeVersionLabel2); + params->idle_timeout_milliseconds.set_value(kFakeIdleTimeoutMilliseconds); + params->stateless_reset_token = CreateFakeStatelessResetToken(); + params->max_packet_size.set_value(kFakeMaxPacketSize); + params->initial_max_data.set_value(kFakeInitialMaxData); + params->disable_migration = kFakeDisableMigration; + params->custom_parameters[kCustomParameter1] = kCustomParameter1Value; + params->custom_parameters[kCustomParameter2] = kCustomParameter2Value; + return params; +} + class QuicClientSessionCacheTest : public testing::Test { public: QuicClientSessionCacheTest() : ssl_ctx_(SSL_CTX_new(TLS_method())) {} @@ -50,39 +89,40 @@ class QuicClientSessionCacheTest : public testing::Test { } // namespace // Tests that simple insertion and lookup work correctly. -TEST_F(QuicClientSessionCacheTest, Basic) { +TEST_F(QuicClientSessionCacheTest, SingleSession) { QuicClientSessionCache cache; - std::unique_ptr<quic::QuicResumptionState> state1 = - std::make_unique<quic::QuicResumptionState>(); - state1->application_state.push_back('a'); - state1->tls_session = NewSSLSession(); + auto params = MakeFakeTransportParams(); + auto session = NewSSLSession(); quic::QuicServerId id1("a.com", 443); - std::unique_ptr<quic::QuicResumptionState> state2 = - std::make_unique<quic::QuicResumptionState>(); - state2->application_state.push_back('b'); - state2->tls_session = NewSSLSession(); + + auto params2 = MakeFakeTransportParams(); + auto session2 = NewSSLSession(); + SSL_SESSION* unowned2 = session2.get(); quic::QuicServerId id2("b.com", 443); EXPECT_EQ(nullptr, cache.Lookup(id1, ssl_ctx_.get())); EXPECT_EQ(nullptr, cache.Lookup(id2, ssl_ctx_.get())); EXPECT_EQ(0u, cache.size()); - cache.Insert(id1, std::move(state1)); + cache.Insert(id1, std::move(session), *params, nullptr); EXPECT_EQ(1u, cache.size()); - EXPECT_EQ('a', cache.Lookup(id1, ssl_ctx_.get())->application_state.front()); + EXPECT_EQ(*params, *(cache.Lookup(id1, ssl_ctx_.get())->transport_params)); EXPECT_EQ(nullptr, cache.Lookup(id2, ssl_ctx_.get())); + // No session is available for id1, even though the entry exists. + EXPECT_EQ(1u, cache.size()); + EXPECT_EQ(nullptr, cache.Lookup(id1, ssl_ctx_.get())); + // Lookup() will trigger a deletion of invalid entry. + EXPECT_EQ(0u, cache.size()); - std::unique_ptr<quic::QuicResumptionState> state3 = - std::make_unique<quic::QuicResumptionState>(); - state3->application_state.push_back('c'); - state3->tls_session = NewSSLSession(); + auto session3 = NewSSLSession(); + SSL_SESSION* unowned3 = session3.get(); quic::QuicServerId id3("c.com", 443); - cache.Insert(id3, std::move(state3)); - cache.Insert(id2, std::move(state2)); + cache.Insert(id3, std::move(session3), *params, nullptr); + cache.Insert(id2, std::move(session2), *params2, nullptr); EXPECT_EQ(2u, cache.size()); - EXPECT_EQ('b', cache.Lookup(id2, ssl_ctx_.get())->application_state.front()); - EXPECT_EQ('c', cache.Lookup(id3, ssl_ctx_.get())->application_state.front()); + EXPECT_EQ(unowned2, cache.Lookup(id2, ssl_ctx_.get())->tls_session.get()); + EXPECT_EQ(unowned3, cache.Lookup(id3, ssl_ctx_.get())->tls_session.get()); // Verify that the cache is cleared after Lookups. EXPECT_EQ(nullptr, cache.Lookup(id1, ssl_ctx_.get())); @@ -91,35 +131,117 @@ TEST_F(QuicClientSessionCacheTest, Basic) { EXPECT_EQ(0u, cache.size()); } +TEST_F(QuicClientSessionCacheTest, MultipleSessions) { + QuicClientSessionCache cache; + + auto params = MakeFakeTransportParams(); + auto session = NewSSLSession(); + quic::QuicServerId id1("a.com", 443); + auto session2 = NewSSLSession(); + SSL_SESSION* unowned2 = session2.get(); + auto session3 = NewSSLSession(); + SSL_SESSION* unowned3 = session3.get(); + + cache.Insert(id1, std::move(session), *params, nullptr); + cache.Insert(id1, std::move(session2), *params, nullptr); + cache.Insert(id1, std::move(session3), *params, nullptr); + // The latest session is popped first. + EXPECT_EQ(unowned3, cache.Lookup(id1, ssl_ctx_.get())->tls_session.get()); + EXPECT_EQ(unowned2, cache.Lookup(id1, ssl_ctx_.get())->tls_session.get()); + // Only two sessions are cached. + EXPECT_EQ(nullptr, cache.Lookup(id1, ssl_ctx_.get())); +} + +// Test that when a different TransportParameter is inserted for +// the same server id, the existing entry is removed. +TEST_F(QuicClientSessionCacheTest, DifferentTransportParams) { + QuicClientSessionCache cache; + + auto params = MakeFakeTransportParams(); + auto session = NewSSLSession(); + quic::QuicServerId id1("a.com", 443); + auto session2 = NewSSLSession(); + auto session3 = NewSSLSession(); + SSL_SESSION* unowned3 = session3.get(); + + cache.Insert(id1, std::move(session), *params, nullptr); + cache.Insert(id1, std::move(session2), *params, nullptr); + // tweak the transport parameters a little bit. + params->perspective = quic::Perspective::IS_SERVER; + cache.Insert(id1, std::move(session3), *params, nullptr); + auto resumption_state = cache.Lookup(id1, ssl_ctx_.get()); + EXPECT_EQ(unowned3, resumption_state->tls_session.get()); + EXPECT_EQ(*params.get(), *resumption_state->transport_params); + EXPECT_EQ(nullptr, cache.Lookup(id1, ssl_ctx_.get())); +} + +TEST_F(QuicClientSessionCacheTest, DifferentApplicationState) { + QuicClientSessionCache cache; + + auto params = MakeFakeTransportParams(); + auto session = NewSSLSession(); + quic::QuicServerId id1("a.com", 443); + auto session2 = NewSSLSession(); + auto session3 = NewSSLSession(); + SSL_SESSION* unowned3 = session3.get(); + quic::ApplicationState state; + state.push_back('a'); + + cache.Insert(id1, std::move(session), *params, &state); + cache.Insert(id1, std::move(session2), *params, &state); + cache.Insert(id1, std::move(session3), *params, nullptr); + auto resumption_state = cache.Lookup(id1, ssl_ctx_.get()); + EXPECT_EQ(unowned3, resumption_state->tls_session.get()); + EXPECT_EQ(nullptr, resumption_state->application_state); + EXPECT_EQ(nullptr, cache.Lookup(id1, ssl_ctx_.get())); +} + +TEST_F(QuicClientSessionCacheTest, BothStatesDifferent) { + QuicClientSessionCache cache; + + auto params = MakeFakeTransportParams(); + auto session = NewSSLSession(); + quic::QuicServerId id1("a.com", 443); + auto session2 = NewSSLSession(); + auto session3 = NewSSLSession(); + SSL_SESSION* unowned3 = session3.get(); + quic::ApplicationState state; + state.push_back('a'); + + cache.Insert(id1, std::move(session), *params, &state); + cache.Insert(id1, std::move(session2), *params, &state); + params->perspective = quic::Perspective::IS_SERVER; + cache.Insert(id1, std::move(session3), *params, nullptr); + auto resumption_state = cache.Lookup(id1, ssl_ctx_.get()); + EXPECT_EQ(unowned3, resumption_state->tls_session.get()); + EXPECT_EQ(*params.get(), *resumption_state->transport_params); + EXPECT_EQ(nullptr, resumption_state->application_state); + EXPECT_EQ(nullptr, cache.Lookup(id1, ssl_ctx_.get())); +} + // When the size limit is exceeded, the oldest entry should be erased. TEST_F(QuicClientSessionCacheTest, SizeLimit) { QuicClientSessionCache cache(2); - std::unique_ptr<quic::QuicResumptionState> state1 = - std::make_unique<quic::QuicResumptionState>(); - state1->application_state.push_back('a'); - state1->tls_session = NewSSLSession(); + auto params = MakeFakeTransportParams(); + auto session = NewSSLSession(); quic::QuicServerId id1("a.com", 443); - std::unique_ptr<quic::QuicResumptionState> state2 = - std::make_unique<quic::QuicResumptionState>(); - state2->application_state.push_back('b'); - state2->tls_session = NewSSLSession(); + auto session2 = NewSSLSession(); + SSL_SESSION* unowned2 = session2.get(); quic::QuicServerId id2("b.com", 443); - std::unique_ptr<quic::QuicResumptionState> state3 = - std::make_unique<quic::QuicResumptionState>(); - state3->application_state.push_back('c'); - state3->tls_session = NewSSLSession(); + auto session3 = NewSSLSession(); + SSL_SESSION* unowned3 = session3.get(); quic::QuicServerId id3("c.com", 443); - cache.Insert(id1, std::move(state1)); - cache.Insert(id2, std::move(state2)); - cache.Insert(id3, std::move(state3)); + cache.Insert(id1, std::move(session), *params, nullptr); + cache.Insert(id2, std::move(session2), *params, nullptr); + cache.Insert(id3, std::move(session3), *params, nullptr); EXPECT_EQ(2u, cache.size()); - EXPECT_EQ('b', cache.Lookup(id2, ssl_ctx_.get())->application_state.front()); - EXPECT_EQ('c', cache.Lookup(id3, ssl_ctx_.get())->application_state.front()); + EXPECT_EQ(unowned2, cache.Lookup(id2, ssl_ctx_.get())->tls_session.get()); + EXPECT_EQ(unowned3, cache.Lookup(id3, ssl_ctx_.get())->tls_session.get()); EXPECT_EQ(nullptr, cache.Lookup(id1, ssl_ctx_.get())); } @@ -131,20 +253,16 @@ TEST_F(QuicClientSessionCacheTest, Expiration) { std::unique_ptr<base::SimpleTestClock> clock = MakeTestClock(); cache.SetClockForTesting(clock.get()); - std::unique_ptr<quic::QuicResumptionState> state1 = - std::make_unique<quic::QuicResumptionState>(); - state1->tls_session = MakeTestSession(clock->Now(), kTimeout); + auto params = MakeFakeTransportParams(); + auto session = MakeTestSession(clock->Now(), kTimeout); quic::QuicServerId id1("a.com", 443); - std::unique_ptr<quic::QuicResumptionState> state2 = - std::make_unique<quic::QuicResumptionState>(); - state2->tls_session = MakeTestSession(clock->Now(), 3 * kTimeout); - ; - state2->application_state.push_back('b'); + auto session2 = MakeTestSession(clock->Now(), 3 * kTimeout); + SSL_SESSION* unowned2 = session2.get(); quic::QuicServerId id2("b.com", 443); - cache.Insert(id1, std::move(state1)); - cache.Insert(id2, std::move(state2)); + cache.Insert(id1, std::move(session), *params, nullptr); + cache.Insert(id2, std::move(session2), *params, nullptr); EXPECT_EQ(2u, cache.size()); // Expire the session. @@ -154,8 +272,8 @@ TEST_F(QuicClientSessionCacheTest, Expiration) { EXPECT_EQ(nullptr, cache.Lookup(id1, ssl_ctx_.get())); EXPECT_EQ(1u, cache.size()); - EXPECT_EQ('b', cache.Lookup(id2, ssl_ctx_.get())->application_state.front()); - EXPECT_EQ(0u, cache.size()); + EXPECT_EQ(unowned2, cache.Lookup(id2, ssl_ctx_.get())->tls_session.get()); + EXPECT_EQ(1u, cache.size()); } TEST_F(QuicClientSessionCacheTest, FlushOnMemoryNotifications) { @@ -165,20 +283,15 @@ TEST_F(QuicClientSessionCacheTest, FlushOnMemoryNotifications) { std::unique_ptr<base::SimpleTestClock> clock = MakeTestClock(); cache.SetClockForTesting(clock.get()); - std::unique_ptr<quic::QuicResumptionState> state1 = - std::make_unique<quic::QuicResumptionState>(); - state1->tls_session = MakeTestSession(clock->Now(), kTimeout); + auto params = MakeFakeTransportParams(); + auto session = MakeTestSession(clock->Now(), kTimeout); quic::QuicServerId id1("a.com", 443); - std::unique_ptr<quic::QuicResumptionState> state2 = - std::make_unique<quic::QuicResumptionState>(); - state2->tls_session = MakeTestSession(clock->Now(), 3 * kTimeout); - ; - state2->application_state.push_back('b'); + auto session2 = MakeTestSession(clock->Now(), 3 * kTimeout); quic::QuicServerId id2("b.com", 443); - cache.Insert(id1, std::move(state1)); - cache.Insert(id2, std::move(state2)); + cache.Insert(id1, std::move(session), *params, nullptr); + cache.Insert(id2, std::move(session2), *params, nullptr); EXPECT_EQ(2u, cache.size()); // Expire the session. @@ -191,7 +304,7 @@ TEST_F(QuicClientSessionCacheTest, FlushOnMemoryNotifications) { base::MemoryPressureListener::MEMORY_PRESSURE_LEVEL_MODERATE); base::RunLoop().RunUntilIdle(); - // session1 is expired and should be flushed. + // session is expired and should be flushed. EXPECT_EQ(nullptr, cache.Lookup(id1, ssl_ctx_.get())); EXPECT_EQ(1u, cache.size()); @@ -202,4 +315,4 @@ TEST_F(QuicClientSessionCacheTest, FlushOnMemoryNotifications) { EXPECT_EQ(0u, cache.size()); } -} // namespace net
\ No newline at end of file +} // namespace net diff --git a/chromium/net/quic/quic_connection_logger.cc b/chromium/net/quic/quic_connection_logger.cc index a8c5285f833..1293fac42ac 100644 --- a/chromium/net/quic/quic_connection_logger.cc +++ b/chromium/net/quic/quic_connection_logger.cc @@ -707,8 +707,30 @@ void QuicConnectionLogger::OnIncorrectConnectionId( ++num_incorrect_connection_ids_; } -void QuicConnectionLogger::OnUndecryptablePacket() { +void QuicConnectionLogger::OnUndecryptablePacket( + quic::EncryptionLevel decryption_level, + bool dropped) { ++num_undecryptable_packets_; + if (!net_log_.IsCapturing()) + return; + if (dropped) { + net_log_.AddEventWithStringParams( + NetLogEventType::QUIC_SESSION_DROPPED_UNDECRYPTABLE_PACKET, + "encryption_level", quic::EncryptionLevelToString(decryption_level)); + return; + } + net_log_.AddEventWithStringParams( + NetLogEventType::QUIC_SESSION_BUFFERED_UNDECRYPTABLE_PACKET, + "encryption_level", quic::EncryptionLevelToString(decryption_level)); +} + +void QuicConnectionLogger::OnAttemptingToProcessUndecryptablePacket( + quic::EncryptionLevel decryption_level) { + if (!net_log_.IsCapturing()) + return; + net_log_.AddEventWithStringParams( + NetLogEventType::QUIC_SESSION_ATTEMPTING_TO_PROCESS_UNDECRYPTABLE_PACKET, + "encryption_level", quic::EncryptionLevelToString(decryption_level)); } void QuicConnectionLogger::OnDuplicatePacket( diff --git a/chromium/net/quic/quic_connection_logger.h b/chromium/net/quic/quic_connection_logger.h index 58bbcf60d99..9c45bf983d9 100644 --- a/chromium/net/quic/quic_connection_logger.h +++ b/chromium/net/quic/quic_connection_logger.h @@ -46,7 +46,7 @@ class NET_EXPORT_PRIVATE QuicConnectionLogger void OnFrameAddedToPacket(const quic::QuicFrame& frame) override; void OnStreamFrameCoalesced(const quic::QuicStreamFrame& frame) override; - // QuicConnectionDebugVisitorInterface + // QuicConnectionDebugVisitor Interface void OnPacketSent(const quic::SerializedPacket& serialized_packet, quic::TransmissionType transmission_type, quic::QuicTime sent_time) override; @@ -67,7 +67,10 @@ class NET_EXPORT_PRIVATE QuicConnectionLogger const quic::QuicEncryptedPacket& packet) override; void OnUnauthenticatedHeader(const quic::QuicPacketHeader& header) override; void OnIncorrectConnectionId(quic::QuicConnectionId connection_id) override; - void OnUndecryptablePacket() override; + void OnUndecryptablePacket(quic::EncryptionLevel decryption_level, + bool dropped) override; + void OnAttemptingToProcessUndecryptablePacket( + quic::EncryptionLevel decryption_level) override; void OnDuplicatePacket(quic::QuicPacketNumber packet_number) override; void OnProtocolVersionMismatch(quic::ParsedQuicVersion version) override; void OnPacketHeader(const quic::QuicPacketHeader& header) override; diff --git a/chromium/net/quic/quic_connectivity_probing_manager_test.cc b/chromium/net/quic/quic_connectivity_probing_manager_test.cc index c29be701ebc..15bd236a20a 100644 --- a/chromium/net/quic/quic_connectivity_probing_manager_test.cc +++ b/chromium/net/quic/quic_connectivity_probing_manager_test.cc @@ -45,21 +45,29 @@ class MockQuicChromiumClientSession ~MockQuicChromiumClientSession() override {} // QuicChromiumPacketReader::Visitor interface. - MOCK_METHOD2(OnReadError, - void(int result, const DatagramClientSocket* socket)); - - MOCK_METHOD3(OnPacket, - bool(const quic::QuicReceivedPacket& packet, - const quic::QuicSocketAddress& local_address, - const quic::QuicSocketAddress& peer_address)); - - MOCK_METHOD2(OnProbeFailed, - void(NetworkChangeNotifier::NetworkHandle network, - const quic::QuicSocketAddress& peer_address)); - - MOCK_METHOD2(OnSendConnectivityProbingPacket, - bool(QuicChromiumPacketWriter* writer, - const quic::QuicSocketAddress& peer_address)); + MOCK_METHOD(void, + OnReadError, + (int result, const DatagramClientSocket* socket), + (override)); + + MOCK_METHOD(bool, + OnPacket, + (const quic::QuicReceivedPacket& packet, + const quic::QuicSocketAddress& local_address, + const quic::QuicSocketAddress& peer_address), + (override)); + + MOCK_METHOD(void, + OnProbeFailed, + (NetworkChangeNotifier::NetworkHandle network, + const quic::QuicSocketAddress& peer_address), + (override)); + + MOCK_METHOD(bool, + OnSendConnectivityProbingPacket, + (QuicChromiumPacketWriter * writer, + const quic::QuicSocketAddress& peer_address), + (override)); void OnProbeSucceeded( NetworkChangeNotifier::NetworkHandle network, diff --git a/chromium/net/quic/quic_context.cc b/chromium/net/quic/quic_context.cc index b240cbf44e7..2a70761dd82 100644 --- a/chromium/net/quic/quic_context.cc +++ b/chromium/net/quic/quic_context.cc @@ -44,8 +44,6 @@ quic::QuicConfig InitializeQuicConfig(const QuicParams& params) { quic::QuicConfig config; config.SetIdleNetworkTimeout( quic::QuicTime::Delta::FromMicroseconds( - params.idle_connection_timeout.InMicroseconds()), - quic::QuicTime::Delta::FromMicroseconds( params.idle_connection_timeout.InMicroseconds())); config.set_max_time_before_crypto_handshake( quic::QuicTime::Delta::FromMicroseconds( diff --git a/chromium/net/quic/quic_context.h b/chromium/net/quic/quic_context.h index fbdc2699c52..1f3ece3c0c7 100644 --- a/chromium/net/quic/quic_context.h +++ b/chromium/net/quic/quic_context.h @@ -157,8 +157,6 @@ struct NET_EXPORT QuicParams { bool go_away_on_path_degrading = false; // If true, bidirectional streams over QUIC will be disabled. bool disable_bidirectional_streams = false; - // If true, race cert verification with host resolution. - bool race_cert_verification = false; // If true, estimate the initial RTT for QUIC connections based on network. bool estimate_initial_rtt = false; // If true, client headers will include HTTP/2 stream dependency info diff --git a/chromium/net/quic/quic_crypto_client_stream_factory.cc b/chromium/net/quic/quic_crypto_client_stream_factory.cc index ad819a22c45..8b866bb405f 100644 --- a/chromium/net/quic/quic_crypto_client_stream_factory.cc +++ b/chromium/net/quic/quic_crypto_client_stream_factory.cc @@ -22,7 +22,8 @@ class DefaultCryptoStreamFactory : public QuicCryptoClientStreamFactory { quic::QuicCryptoClientConfig* crypto_config) override { return new quic::QuicCryptoClientStream(server_id, session, std::move(proof_verify_context), - crypto_config, session); + crypto_config, session, + /*has_application_state = */ true); } }; diff --git a/chromium/net/quic/quic_flags_list.h b/chromium/net/quic/quic_flags_list.h index 40c559284d4..e90d9ee34b2 100644 --- a/chromium/net/quic/quic_flags_list.h +++ b/chromium/net/quic/quic_flags_list.h @@ -105,13 +105,6 @@ QUIC_FLAG( FLAGS_quic_reloadable_flag_quic_donot_reset_ideal_next_packet_send_time, false) -// If true, enable experiment for testing PCC congestion-control. -QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_enable_pcc3, false) - -// When true, ensure BBR allows at least one MSS to be sent in response to an -// ACK in packet conservation. -QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_bbr_one_mss_conservation, false) - // When true and the BBR9 connection option is present, BBR only considers // bandwidth samples app-limited if they're not filling the pipe. QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_bbr_flexible_app_limited, false) @@ -127,12 +120,6 @@ QUIC_FLAG( FLAGS_quic_reloadable_flag_quic_bbr_no_bytes_acked_in_startup_recovery, false) -// If true, enables the BBS4 and BBS5 connection options, which reduce BBR's -// pacing rate in STARTUP as more losses occur as a fraction of CWND. -QUIC_FLAG(bool, - FLAGS_quic_reloadable_flag_quic_bbr_startup_rate_reduction, - false) - // If true and using Leto for QUIC shared-key calculations, GFE will react to a // failure to contact Leto by sending a REJ containing a fallback ServerConfig, // allowing the client to continue the handshake. @@ -180,7 +167,7 @@ QUIC_FLAG(bool, false) // If true, will negotiate the ACK delay time. -QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_negotiate_ack_delay_time, false) +QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_negotiate_ack_delay_time, true) // If true, QuicFramer::WriteClientVersionNegotiationProbePacket uses // length-prefixed connection IDs. @@ -250,7 +237,7 @@ QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_disable_version_q049, false) QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_disable_version_q050, false) // If true, enable QUIC version T050. -QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_enable_version_t050, true) +QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_enable_version_t050_v2, true) // A testonly reloadable flag that will always default to false. QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_testonly_default_false, false) @@ -276,17 +263,6 @@ QUIC_FLAG(bool, // If true, use predictable grease settings identifiers and values. QUIC_FLAG(bool, FLAGS_quic_enable_http3_grease_randomness, true) -// When the EACK connection option is sent by the client, an ack-eliciting frame -// is bundled with ACKs sent after the PTO fires. -QUIC_FLAG(bool, - FLAGS_quic_reloadable_flag_quic_bundle_retransmittable_with_pto_ack, - true) -// If true, use QuicClock::Now() as the source of packet receive time instead of -// WallNow(). -QUIC_FLAG(bool, - FLAGS_quic_reloadable_flag_quic_use_quic_time_for_received_timestamp2, - true) - // If true, enable QUIC version h3-25. QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_enable_version_draft_25_v3, @@ -302,114 +278,140 @@ QUIC_FLAG( FLAGS_quic_reloadable_flag_quic_avoid_overestimate_bandwidth_with_aggregation, true) -// If true, emit more granular errors instead of -// SpdyFramerError::SPDY_DECOMPRESS_FAILURE in Http2DecoderAdapter. -// This flag is duplicated in spdy_flags_impl.h due to mixed usage of flags. -// Please update the flag value in spdy when this flag is flipped. +// If true, QUIC BBRv2 to take ack height into account when calculating +// queuing_threshold in PROBE_UP. +QUIC_FLAG( + bool, + FLAGS_quic_reloadable_flag_quic_bbr2_add_ack_height_to_queueing_threshold, + true) + +// If true, quic::BandwidthSampler will start in application limited phase. QUIC_FLAG(bool, - FLAGS_quic_reloadable_flag_spdy_enable_granular_decompress_errors, + FLAGS_quic_reloadable_flag_quic_bw_sampler_app_limited_starting_value, true) -// If true, only do minimum validation of coalesced packets (only validate -// connection ID). +// If true, use idle network detector to detect handshake timeout and idle +// network timeout. +QUIC_FLAG(bool, + FLAGS_quic_reloadable_flag_quic_use_idle_network_detector, + false) + +// If true, QUIC will enable connection options LRTT+BBQ2 by default. +QUIC_FLAG(bool, + FLAGS_quic_reloadable_flag_quic_bbr_default_exit_startup_on_loss, + false) + +// If true, server push will be allowed in QUIC versions using HTTP/3. +QUIC_FLAG(bool, FLAGS_quic_enable_http3_server_push, false) + +// If true, disable QuicDispatcher workaround that replies to invalid QUIC +// packets from the Android Conformance Test. QUIC_FLAG( bool, - FLAGS_quic_reloadable_flag_quic_minimum_validation_of_coalesced_packets, + FLAGS_quic_reloadable_flag_quic_remove_android_conformance_test_workaround, true) -// If true, arm the 1st PTO with earliest in flight sent time. +// If true, lower the CWND gain in BBRv2 STARTUP to 2 when BBQ2 is in connection +// options. QUIC_FLAG(bool, - FLAGS_quic_reloadable_flag_quic_arm_pto_with_earliest_sent_time, + FLAGS_quic_reloadable_flag_quic_bbr2_lower_startup_cwnd_gain, true) -// If true, QuicSession::WritevData() will support writing data at a specified -// encryption level. -QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_writevdata_at_level, true) +// The divisor that controls how often MAX_STREAMS frames are sent. +QUIC_FLAG(int32_t, FLAGS_quic_max_streams_window_divisor, 2) -// If true, use standard deviation when calculating PTO timeout. +// If true, QUIC BBRv2\'s PROBE_BW mode will not reduce cwnd below +// BDP+ack_height. QUIC_FLAG(bool, - FLAGS_quic_reloadable_flag_quic_use_standard_deviation_for_pto, - true) + FLAGS_quic_reloadable_flag_quic_bbr2_avoid_too_low_probe_bw_cwnd, + false) -// If true, QUIC BBRv2 to avoid unnecessary PROBE_RTTs after quiescence. +// When true, the 1RTT and 2RTT connection options decrease the number of round +// trips in BBRv2 STARTUP without a 25% bandwidth increase to 1 or 2 round trips +// respectively. QUIC_FLAG(bool, - FLAGS_quic_reloadable_flag_quic_bbr2_avoid_unnecessary_probe_rtt, + FLAGS_quic_reloadable_flag_quic_bbr2_fewer_startup_round_trips, + false) + +// If true, remove draining_streams_ from QuicSession. +QUIC_FLAG(bool, + FLAGS_quic_reloadable_flag_quic_deprecate_draining_streams, true) -// If true, use passed in ack_frame to calculate minimum size of the serialized -// ACK frame. +// If true, break session/stream close loop. QUIC_FLAG(bool, - FLAGS_quic_reloadable_flag_quic_use_ack_frame_to_get_min_size, + FLAGS_quic_reloadable_flag_quic_break_session_stream_close_loop, true) -// If true, skip packet threshold loss detection if largest acked is a runt. -QUIC_FLAG( - bool, - FLAGS_quic_reloadable_flag_quic_skip_packet_threshold_loss_detection_with_runt, - true) +// Replace the usage of ConnectionData::encryption_level in +// quic_time_wait_list_manager with a new TimeWaitAction. +QUIC_FLAG(bool, + FLAGS_quic_restart_flag_quic_replace_time_wait_list_encryption_level, + false) -// If true, QUIC BBRv2 to take ack height into account when calculating -// queuing_threshold in PROBE_UP. -QUIC_FLAG( - bool, - FLAGS_quic_reloadable_flag_quic_bbr2_add_ack_height_to_queueing_threshold, - false) +// If true, move Goolge QUIC stream accounting to LegacyQuicStreamIdManager. +QUIC_FLAG(bool, + FLAGS_quic_reloadable_flag_quic_stream_id_manager_handles_accounting, + true) -// If true, send PING when PTO skips packet number and there is no data to send. -QUIC_FLAG( - bool, - FLAGS_quic_reloadable_flag_quic_send_ping_when_pto_skips_packet_number, - true) +// If true, enables support for TLS resumption in QUIC. +QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_enable_tls_resumption, false) + +// When true, QUIC's BBRv2 ignores inflight_lo in PROBE_BW. +QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_bbr2_ignore_inflight_lo, false) -// If true, QuicSession\'s various write methods will set transmission type. -QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_write_with_transmission, true) +// If true, returns min_rtt in rtt_stats_ if it is available. +QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_bbr_use_available_min_rtt, true) -// If true, fix a bug in QUIC BBR where bandwidth estimate becomes 0 after a -// loss only event. +// If true, notify handshakers when connection closes. QUIC_FLAG(bool, - FLAGS_quic_reloadable_flag_quic_bbr_fix_zero_bw_on_loss_only_event, + FLAGS_quic_reloadable_flag_quic_notify_handshaker_on_connection_close, true) -// If true, trigger QUIC_BUG in two ShouldCreateIncomingStream() overrides when -// called with locally initiated stream ID. +// If true, for QUIC + TLS, change default encryption level when new encryption +// key is available. QUIC_FLAG(bool, - FLAGS_quic_reloadable_flag_quic_create_incoming_stream_bug, - false) + FLAGS_quic_reloadable_flag_quic_change_default_encryption_level, + true) -// If true, quic::BandwidthSampler will start in application limited phase. +// If true, do not change ACK in PostProcessAckFrame if an ACK has been queued. +QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_donot_change_queued_ack, false) + +// If true, reject IETF QUIC connections with invalid SNI. +QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_tls_enforce_valid_sni, false) + +// If true, update ack timeout upon receiving an retransmittable frame. QUIC_FLAG(bool, - FLAGS_quic_reloadable_flag_quic_bw_sampler_app_limited_starting_value, + FLAGS_quic_reloadable_flag_quic_advance_ack_timeout_update, false) -// If true, QUIC connection will ignore one packet write error after MTU probe. +// If true, only extend idle time on decryptable packets. QUIC_FLAG( bool, - FLAGS_quic_reloadable_flag_quic_ignore_one_write_error_after_mtu_probe, + FLAGS_quic_reloadable_flag_quic_extend_idle_time_on_decryptable_packets, false) -// If true, send H3 SETTINGs when 1-RTT write key is available (rather then both -// keys are available). -QUIC_FLAG(bool, - FLAGS_quic_restart_flag_quic_send_settings_on_write_key_available, - false) +// If true, support for IETF QUIC 0-rtt is enabled. +QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_enable_zero_rtt_for_tls, false) -// If true, use blackhole detector in QuicConnection to detect path degrading -// and network blackhole. -QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_use_blackhole_detector, false) +// If true, default on PTO which unifies TLP + RTO loss recovery. +QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_default_on_pto, false) -// If true, use idle network detector to detect handshake timeout and idle -// network timeout. +// When true, QUIC+TLS will not send nor parse the old-format Google-specific +// transport parameters. QUIC_FLAG(bool, - FLAGS_quic_reloadable_flag_quic_use_idle_network_detector, + FLAGS_quic_restart_flag_quic_google_transport_param_omit_old, false) -// If true, when QUIC switches from BbrSender to Bbr2Sender, Bbr2Sender will -// copy the bandwidth sampler states from BbrSender. +// When true, QUIC+TLS will send and parse the new-format Google-specific +// transport parameters. QUIC_FLAG(bool, - FLAGS_quic_reloadable_flag_quic_bbr_copy_sampler_state_from_v1_to_v2, - false) + FLAGS_quic_restart_flag_quic_google_transport_param_send_new, + true) -// If true, QUIC will enable connection options LRTT+BBQ2 by default. -QUIC_FLAG(bool, - FLAGS_quic_reloadable_flag_quic_bbr_default_exit_startup_on_loss, - false) +// If true, if a buffered MTU packet causes a write to return MSG_TOO_BIG, this +// error will be ignored. +QUIC_FLAG( + bool, + FLAGS_quic_reloadable_flag_quic_ignore_msg_too_big_from_buffered_packets, + true) diff --git a/chromium/net/quic/quic_http3_logger.cc b/chromium/net/quic/quic_http3_logger.cc index 8240046a419..c190156ff45 100644 --- a/chromium/net/quic/quic_http3_logger.cc +++ b/chromium/net/quic/quic_http3_logger.cc @@ -158,18 +158,31 @@ void QuicHttp3Logger::OnSettingsFrameReceived( UMA_HISTOGRAM_CUSTOM_COUNTS("Net.QuicSession.ReceivedSettings.CountPlusOne", frame.values.size() + 1, /* min = */ 1, /* max = */ 10, /* buckets = */ 10); + int reserved_identifier_count = 0; for (const auto& value : frame.values) { if (value.first == quic::SETTINGS_QPACK_MAX_TABLE_CAPACITY) { - UMA_HISTOGRAM_COUNTS_10000( - "Net.QuicSession.ReceivedSettings.MaxTableCapacity", value.second); + UMA_HISTOGRAM_COUNTS_1M( + "Net.QuicSession.ReceivedSettings.MaxTableCapacity2", value.second); } else if (value.first == quic::SETTINGS_MAX_HEADER_LIST_SIZE) { - UMA_HISTOGRAM_COUNTS_10000( - "Net.QuicSession.ReceivedSettings.MaxHeaderListSize", value.second); + UMA_HISTOGRAM_COUNTS_1M( + "Net.QuicSession.ReceivedSettings.MaxHeaderListSize2", value.second); } else if (value.first == quic::SETTINGS_QPACK_BLOCKED_STREAMS) { UMA_HISTOGRAM_COUNTS_1000( "Net.QuicSession.ReceivedSettings.BlockedStreams", value.second); + } else if (value.first >= 0x21 && value.first % 0x1f == 2) { + // Reserved setting identifiers are defined at + // https://quicwg.org/base-drafts/draft-ietf-quic-http.html#name-defined-settings-parameters. + // These should not be treated specially on the receive side, because they + // are sent to exercise the requirement that unknown identifiers are + // ignored. Here an exception is made for logging only, to understand + // what kind of identifiers are received. + reserved_identifier_count++; } } + UMA_HISTOGRAM_CUSTOM_COUNTS( + "Net.QuicSession.ReceivedSettings.ReservedCountPlusOne", + reserved_identifier_count + 1, /* min = */ 1, + /* max = */ 5, /* buckets = */ 5); if (!net_log_.IsCapturing()) return; diff --git a/chromium/net/quic/quic_http_stream_test.cc b/chromium/net/quic/quic_http_stream_test.cc index d2c530db894..c5638861d8c 100644 --- a/chromium/net/quic/quic_http_stream_test.cc +++ b/chromium/net/quic/quic_http_stream_test.cc @@ -209,7 +209,6 @@ class QuicHttpStreamTest : public ::testing::TestWithParam<TestParams>, protected: static const bool kFin = true; static const bool kIncludeVersion = true; - static const bool kIncludeCongestionFeedback = true; // Holds a packet to be written to the wire, and the IO mode that should // be used by the mock socket when performing the write. @@ -540,7 +539,7 @@ class QuicHttpStreamTest : public ::testing::TestWithParam<TestParams>, uint64_t packet_number) { return client_maker_.MakeAckAndRstPacket( packet_number, !kIncludeVersion, stream_id_, - quic::QUIC_STREAM_CANCELLED, 2, 1, 2, !kIncludeCongestionFeedback); + quic::QUIC_STREAM_CANCELLED, 2, 1, 2); } std::unique_ptr<quic::QuicReceivedPacket> ConstructClientAckPacket( @@ -549,8 +548,7 @@ class QuicHttpStreamTest : public ::testing::TestWithParam<TestParams>, uint64_t smallest_received, uint64_t least_unacked) { return client_maker_.MakeAckPacket(packet_number, largest_received, - smallest_received, least_unacked, - !kIncludeCongestionFeedback); + smallest_received, least_unacked); } std::unique_ptr<quic::QuicReceivedPacket> ConstructServerAckPacket( @@ -559,8 +557,7 @@ class QuicHttpStreamTest : public ::testing::TestWithParam<TestParams>, uint64_t smallest_received, uint64_t least_unacked) { return server_maker_.MakeAckPacket(packet_number, largest_received, - smallest_received, least_unacked, - !kIncludeCongestionFeedback); + smallest_received, least_unacked); } std::unique_ptr<quic::QuicReceivedPacket> ConstructInitialSettingsPacket() { @@ -1103,7 +1100,6 @@ TEST_P(QuicHttpStreamTest, LogGranularQuicConnectionError) { quic::QuicConnectionCloseFrame frame; frame.quic_error_code = quic::QUIC_PEER_GOING_AWAY; - frame.extracted_error_code = quic::QUIC_PEER_GOING_AWAY; session_->connection()->OnConnectionCloseFrame(frame); NetErrorDetails details; @@ -1155,7 +1151,6 @@ TEST_P(QuicHttpStreamTest, LogGranularQuicErrorIfHandshakeNotConfirmed) { quic::QuicConnectionCloseFrame frame; frame.quic_error_code = quic::QUIC_PEER_GOING_AWAY; - frame.extracted_error_code = quic::QUIC_PEER_GOING_AWAY; session_->connection()->OnConnectionCloseFrame(frame); NetErrorDetails details; @@ -1603,6 +1598,104 @@ TEST_P(QuicHttpStreamTest, SendChunkedPostRequestWithOneEmptyDataPacket) { stream_->GetTotalReceivedBytes()); } +TEST_P(QuicHttpStreamTest, SendChunkedPostRequestAbortedByResetStream) { + SetRequest("POST", "/", DEFAULT_PRIORITY); + size_t chunk_size = strlen(kUploadData); + size_t spdy_request_headers_frame_length; + int packet_number = 1; + + if (version_.UsesHttp3()) { + AddWrite(ConstructInitialSettingsPacket(packet_number++)); + } + + std::string header = ConstructDataHeader(chunk_size); + if (version_.HasIetfQuicFrames()) { + AddWrite(ConstructRequestHeadersAndDataFramesPacket( + packet_number++, GetNthClientInitiatedBidirectionalStreamId(0), + kIncludeVersion, !kFin, DEFAULT_PRIORITY, 0, + &spdy_request_headers_frame_length, {header, kUploadData})); + AddWrite(ConstructClientAckPacket(packet_number++, 3, 1, 2)); + AddWrite(client_maker_.MakeRstPacket( + packet_number++, + /* include_version = */ true, stream_id_, quic::QUIC_STREAM_NO_ERROR, + /* include_stop_sending_if_v99 = */ false)); + } else { + AddWrite(ConstructRequestHeadersAndDataFramesPacket( + packet_number++, GetNthClientInitiatedBidirectionalStreamId(0), + kIncludeVersion, !kFin, DEFAULT_PRIORITY, 0, + &spdy_request_headers_frame_length, {kUploadData})); + AddWrite(ConstructClientAckPacket(packet_number++, 3, 1, 2)); + AddWrite(client_maker_.MakeAckAndRstPacket( + packet_number++, + /* include_version = */ false, stream_id_, + quic::QUIC_RST_ACKNOWLEDGEMENT, 4, 1, 1, + /* include_stop_sending_if_v99 = */ false)); + } + + Initialize(); + + upload_data_stream_ = std::make_unique<ChunkedUploadDataStream>(0); + auto* chunked_upload_stream = + static_cast<ChunkedUploadDataStream*>(upload_data_stream_.get()); + chunked_upload_stream->AppendData(kUploadData, chunk_size, false); + + request_.method = "POST"; + request_.url = GURL("https://www.example.org/"); + request_.upload_data_stream = upload_data_stream_.get(); + ASSERT_THAT(request_.upload_data_stream->Init( + TestCompletionCallback().callback(), NetLogWithSource()), + IsOk()); + ASSERT_THAT(stream_->InitializeStream(&request_, false, DEFAULT_PRIORITY, + net_log_.bound(), callback_.callback()), + IsOk()); + ASSERT_THAT(stream_->SendRequest(headers_, &response_, callback_.callback()), + IsError(ERR_IO_PENDING)); + + // Ack both packets in the request. + ProcessPacket(ConstructServerAckPacket(1, 1, 1, 1)); + + // Send the response headers (but not the body). + SetResponse("200 OK", string()); + size_t spdy_response_headers_frame_length; + ProcessPacket(ConstructResponseHeadersPacket( + 2, !kFin, &spdy_response_headers_frame_length)); + + // Send the response body. + const char kResponseBody[] = "Hello world!"; + std::string header2 = ConstructDataHeader(strlen(kResponseBody)); + ProcessPacket( + ConstructServerDataPacket(3, false, kFin, header2 + kResponseBody)); + + // Server resets stream with H3_NO_ERROR before request body is complete. + ProcessPacket(server_maker_.MakeRstPacket(4, /* include_version = */ false, + stream_id_, + quic::QUIC_STREAM_NO_ERROR)); + + // Finish feeding request body to QuicHttpStream. Data will be discarded. + chunked_upload_stream->AppendData(kUploadData, chunk_size, true); + EXPECT_THAT(callback_.WaitForResult(), IsOk()); + + // Verify response. + EXPECT_THAT(stream_->ReadResponseHeaders(callback_.callback()), IsOk()); + ASSERT_TRUE(response_.headers.get()); + EXPECT_EQ(200, response_.headers->response_code()); + EXPECT_TRUE(response_.headers->HasHeaderValue("Content-Type", "text/plain")); + ASSERT_EQ(static_cast<int>(strlen(kResponseBody)), + stream_->ReadResponseBody(read_buffer_.get(), read_buffer_->size(), + callback_.callback())); + EXPECT_TRUE(stream_->IsResponseBodyComplete()); + EXPECT_TRUE(AtEof()); + + // QuicHttpStream::GetTotalSent/ReceivedBytes currently only includes the + // headers and payload. + EXPECT_EQ(static_cast<int64_t>(spdy_request_headers_frame_length + + strlen(kUploadData) + header.length()), + stream_->GetTotalSentBytes()); + EXPECT_EQ(static_cast<int64_t>(spdy_response_headers_frame_length + + strlen(kResponseBody) + header2.length()), + stream_->GetTotalReceivedBytes()); +} + TEST_P(QuicHttpStreamTest, DestroyedEarly) { SetRequest("GET", "/", DEFAULT_PRIORITY); size_t spdy_request_headers_frame_length; diff --git a/chromium/net/quic/quic_network_transaction_unittest.cc b/chromium/net/quic/quic_network_transaction_unittest.cc index a95b95a9cfe..5dc3abdbe8c 100644 --- a/chromium/net/quic/quic_network_transaction_unittest.cc +++ b/chromium/net/quic/quic_network_transaction_unittest.cc @@ -159,23 +159,30 @@ std::string PrintToString(const PoolingTestParams& p) { "Dependency"); } -std::string GenerateQuicAltSvcHeader() { +std::string GenerateQuicAltSvcHeader( + const quic::ParsedQuicVersionVector& versions) { std::string altsvc_header = "Alt-Svc: "; std::string version_string; - for (const auto& version : quic::AllSupportedVersions()) { - if (version.handshake_protocol == quic::PROTOCOL_TLS1_3) { - altsvc_header.append(quic::AlpnForVersion(version)); - altsvc_header.append("=\":443\", "); + bool first_version = true; + for (const auto& version : versions) { + if (first_version) { + first_version = false; } else { + altsvc_header.append(", "); + } + altsvc_header.append(quic::AlpnForVersion(version)); + altsvc_header.append("=\":443\""); + if (version.SupportsGoogleAltSvcFormat()) { if (!version_string.empty()) { version_string.append(","); } version_string.append(base::NumberToString(version.transport_version)); } } - altsvc_header.append("quic=\":443\"; v=\""); - altsvc_header.append(version_string); - altsvc_header.append("\"\r\n"); + if (!version_string.empty()) { + altsvc_header.append(", quic=\":443\"; v=\"" + version_string + "\""); + } + altsvc_header.append("\r\n"); return altsvc_header; } @@ -361,7 +368,7 @@ class QuicNetworkTransactionTest uint64_t smallest_received, uint64_t least_unacked) { return client_maker_->MakeAckPacket(packet_number, largest_received, - smallest_received, least_unacked, true); + smallest_received, least_unacked); } std::unique_ptr<quic::QuicEncryptedPacket> ConstructClientAckAndRstPacket( @@ -371,9 +378,9 @@ class QuicNetworkTransactionTest uint64_t largest_received, uint64_t smallest_received, uint64_t least_unacked) { - return client_maker_->MakeAckAndRstPacket( - num, false, stream_id, error_code, largest_received, smallest_received, - least_unacked, true); + return client_maker_->MakeAckAndRstPacket(num, false, stream_id, error_code, + largest_received, + smallest_received, least_unacked); } std::unique_ptr<quic::QuicEncryptedPacket> ConstructClientRstPacket( @@ -390,7 +397,7 @@ class QuicNetworkTransactionTest uint64_t smallest_received, uint64_t least_unacked) { return client_maker_->MakeAckPacket(packet_number, largest_received, - smallest_received, least_unacked, true); + smallest_received, least_unacked); } std::unique_ptr<quic::QuicEncryptedPacket> @@ -427,7 +434,7 @@ class QuicNetworkTransactionTest uint64_t smallest_received, uint64_t least_unacked) { return server_maker_.MakeAckPacket(packet_number, largest_received, - smallest_received, least_unacked, false); + smallest_received, least_unacked); } std::unique_ptr<quic::QuicReceivedPacket> ConstructClientPriorityPacket( @@ -965,12 +972,22 @@ class QuicNetworkTransactionTest } std::string StreamCancellationQpackDecoderInstruction(int n) const { + return StreamCancellationQpackDecoderInstruction(n, true); + } + + std::string StreamCancellationQpackDecoderInstruction( + int n, + bool create_stream) const { const quic::QuicStreamId cancelled_stream_id = GetNthClientInitiatedBidirectionalStreamId(n); EXPECT_LT(cancelled_stream_id, 63u); const unsigned char opcode = 0x40; - return {opcode | static_cast<unsigned char>(cancelled_stream_id)}; + if (create_stream) { + return {0x03, opcode | static_cast<unsigned char>(cancelled_stream_id)}; + } else { + return {opcode | static_cast<unsigned char>(cancelled_stream_id)}; + } } static void AddCertificate(SSLSocketDataProvider* ssl_data) { @@ -1745,7 +1762,7 @@ TEST_P(QuicNetworkTransactionTest, DoNotUseQuicForUnsupportedVersion) { // in the stored AlternativeService is not supported by the client. However, // the response from the server will advertise new Alt-Svc with supported // versions. - std::string altsvc_header = GenerateQuicAltSvcHeader(); + std::string altsvc_header = GenerateQuicAltSvcHeader(supported_versions_); MockRead http_reads[] = { MockRead("HTTP/1.1 200 OK\r\n"), MockRead(altsvc_header.c_str()), @@ -1807,7 +1824,11 @@ TEST_P(QuicNetworkTransactionTest, DoNotUseQuicForUnsupportedVersion) { for (const auto& alt_svc_info : alt_svc_info_vector) { EXPECT_EQ(kProtoQUIC, alt_svc_info.alternative_service().protocol); for (const auto& version : alt_svc_info.advertised_versions()) { - alt_svc_negotiated_versions.push_back(version); + if (std::find(alt_svc_negotiated_versions.begin(), + alt_svc_negotiated_versions.end(), + version) == alt_svc_negotiated_versions.end()) { + alt_svc_negotiated_versions.push_back(version); + } } } @@ -2225,9 +2246,7 @@ TEST_P(QuicNetworkTransactionTest, // Client and server both support more than one QUIC_VERSION. // Client prefers |version_|, and then common_version_2. // Server prefers common_version_2, and then |version_|. - // In non-TLS version, |version_| will be picked. - // In TLS version, server's preference will be honored. - // TODO(crbug.com/1063060): fix the behavior to be consistent. + // We should honor the server's preference. // The picked version is verified via checking the version used by the // TestPacketMakers and the response. @@ -2259,18 +2278,11 @@ TEST_P(QuicNetworkTransactionTest, // |common_version_2|, |version_|. std::string QuicAltSvcWithVersionHeader; quic::ParsedQuicVersion picked_version = quic::UnsupportedQuicVersion(); - if (version_.handshake_protocol == quic::PROTOCOL_QUIC_CRYPTO) { - QuicAltSvcWithVersionHeader = base::StringPrintf( - "Alt-Svc: quic=\":443\";v=\"%d,%d\"\r\n\r\n", - common_version_2.transport_version, version_.transport_version); - picked_version = version_; // Use client's preference. - } else { QuicAltSvcWithVersionHeader = "Alt-Svc: " + quic::AlpnForVersion(common_version_2) + "=\":443\"; ma=3600, " + quic::AlpnForVersion(version_) + "=\":443\"; ma=3600\r\n\r\n"; picked_version = common_version_2; // Use server's preference. - } MockRead http_reads[] = { MockRead("HTTP/1.1 200 OK\r\n"), @@ -2468,7 +2480,7 @@ TEST_P(QuicNetworkTransactionTest, } } - std::string altsvc_header = GenerateQuicAltSvcHeader(); + std::string altsvc_header = GenerateQuicAltSvcHeader(supported_versions_); MockRead http_reads[] = { MockRead("HTTP/1.1 200 OK\r\n"), MockRead(altsvc_header.c_str()), @@ -2530,7 +2542,11 @@ TEST_P(QuicNetworkTransactionTest, for (const auto& alt_svc_info : alt_svc_info_vector) { EXPECT_EQ(kProtoQUIC, alt_svc_info.alternative_service().protocol); for (const auto& version : alt_svc_info.advertised_versions()) { - alt_svc_negotiated_versions.push_back(version); + if (std::find(alt_svc_negotiated_versions.begin(), + alt_svc_negotiated_versions.end(), + version) == alt_svc_negotiated_versions.end()) { + alt_svc_negotiated_versions.push_back(version); + } } } @@ -2680,8 +2696,10 @@ TEST_P(QuicNetworkTransactionTest, GoAwayWithConnectionMigrationOnPortsOnly) { // alternate network as well, QUIC is marked as broken and the brokenness will // not expire when default network changes. TEST_P(QuicNetworkTransactionTest, QuicFailsOnBothNetworksWhileTCPSucceeds) { - if (version_.handshake_protocol == quic::PROTOCOL_TLS1_3) { + if (version_.handshake_protocol == quic::PROTOCOL_TLS1_3 || + GetQuicReloadableFlag(quic_use_idle_network_detector)) { // QUIC with TLS1.3 handshake doesn't support 0-rtt. + // TODO(fayang): Add time driven idle network detection test. return; } SetUpTestForRetryConnectionOnAlternateNetwork(); @@ -2788,8 +2806,10 @@ TEST_P(QuicNetworkTransactionTest, QuicFailsOnBothNetworksWhileTCPSucceeds) { // alternate network, QUIC is marked as broken. The brokenness will expire when // the default network changes. TEST_P(QuicNetworkTransactionTest, RetryOnAlternateNetworkWhileTCPSucceeds) { - if (version_.handshake_protocol == quic::PROTOCOL_TLS1_3) { + if (version_.handshake_protocol == quic::PROTOCOL_TLS1_3 || + GetQuicReloadableFlag(quic_use_idle_network_detector)) { // QUIC with TLS1.3 handshake doesn't support 0-rtt. + // TODO(fayang): Add time driven idle network detection test. return; } @@ -2908,8 +2928,10 @@ TEST_P(QuicNetworkTransactionTest, RetryOnAlternateNetworkWhileTCPSucceeds) { // Much like above test, but verifies NetworkIsolationKeys are respected. TEST_P(QuicNetworkTransactionTest, RetryOnAlternateNetworkWhileTCPSucceedsWithNetworkIsolationKey) { - if (version_.handshake_protocol == quic::PROTOCOL_TLS1_3) { + if (version_.handshake_protocol == quic::PROTOCOL_TLS1_3 || + GetQuicReloadableFlag(quic_use_idle_network_detector)) { // QUIC with TLS1.3 handshake doesn't support 0-rtt. + // TODO(fayang): Add time driven idle network detection test. return; } @@ -3054,8 +3076,10 @@ TEST_P(QuicNetworkTransactionTest, // before handshake is confirmed. If TCP doesn't succeed but QUIC on the // alternative network succeeds, QUIC is not marked as broken. TEST_P(QuicNetworkTransactionTest, RetryOnAlternateNetworkWhileTCPHanging) { - if (version_.handshake_protocol == quic::PROTOCOL_TLS1_3) { + if (version_.handshake_protocol == quic::PROTOCOL_TLS1_3 || + GetQuicReloadableFlag(quic_use_idle_network_detector)) { // QUIC with TLS1.3 handshake doesn't support 0-rtt. + // TODO(fayang): Add time driven idle network detection test. return; } @@ -3298,291 +3322,7 @@ TEST_P(QuicNetworkTransactionTest, TimeoutAfterHandshakeConfirmed) { EXPECT_THAT(callback.WaitForResult(), IsError(ERR_QUIC_PROTOCOL_ERROR)); } -// Verify that if a QUIC connection RTOs, the QuicHttpStream will -// return QUIC_PROTOCOL_ERROR. -TEST_P(QuicNetworkTransactionTest, TooManyRtosAfterHandshakeConfirmed) { - if (version_.handshake_protocol == quic::PROTOCOL_TLS1_3) { - // QUIC with TLS1.3 handshake doesn't support 0-rtt. - return; - } - - context_.params()->retry_without_alt_svc_on_quic_errors = false; - context_.params()->connection_options.push_back(quic::k5RTO); - - // The request will initially go out over QUIC. - MockQuicData quic_data(version_); - spdy::SpdyPriority priority = - ConvertRequestPriorityToQuicPriority(DEFAULT_PRIORITY); - - client_maker_->set_save_packet_frames(true); - client_maker_->SetEncryptionLevel(quic::ENCRYPTION_ZERO_RTT); - int packet_number = 1; - if (VersionUsesHttp3(version_.transport_version)) { - quic_data.AddWrite( - SYNCHRONOUS, client_maker_->MakeInitialSettingsPacket(packet_number++)); - } - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_->MakeRequestHeadersPacket( - packet_number++, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, priority, GetRequestHeaders("GET", "https", "/"), 0, nullptr)); - - client_maker_->SetEncryptionLevel(quic::ENCRYPTION_FORWARD_SECURE); - if (VersionUsesHttp3(version_.transport_version)) { - // TLP 1 - quic_data.AddWrite(SYNCHRONOUS, - client_maker_->MakeRetransmissionPacket(1, 3, true)); - // TLP 2 - quic_data.AddWrite(SYNCHRONOUS, - client_maker_->MakeRetransmissionPacket(2, 4, true)); - // RTO 1 - quic_data.AddWrite(SYNCHRONOUS, - client_maker_->MakeRetransmissionPacket(1, 5, true)); - quic_data.AddWrite(SYNCHRONOUS, - client_maker_->MakeRetransmissionPacket(2, 6, true)); - // RTO 2 - quic_data.AddWrite(SYNCHRONOUS, - client_maker_->MakeRetransmissionPacket(1, 7, true)); - quic_data.AddWrite(SYNCHRONOUS, - client_maker_->MakeRetransmissionPacket(2, 8, true)); - // RTO 3 - quic_data.AddWrite(SYNCHRONOUS, - client_maker_->MakeRetransmissionPacket(1, 9, true)); - quic_data.AddWrite(SYNCHRONOUS, - client_maker_->MakeRetransmissionPacket(2, 10, true)); - // RTO 4 - quic_data.AddWrite(SYNCHRONOUS, - client_maker_->MakeRetransmissionPacket(1, 11, true)); - quic_data.AddWrite(SYNCHRONOUS, - client_maker_->MakeRetransmissionPacket(2, 12, true)); - // RTO 5 - quic_data.AddWrite(SYNCHRONOUS, - client_maker_->MakeConnectionClosePacket( - 13, true, quic::QUIC_TOO_MANY_RTOS, - "5 consecutive retransmission timeouts")); - } else { - // TLP 1 - quic_data.AddWrite(SYNCHRONOUS, - client_maker_->MakeRetransmissionPacket(1, 2, true)); - // TLP 2 - quic_data.AddWrite(SYNCHRONOUS, - client_maker_->MakeRetransmissionPacket(1, 3, true)); - // RTO 1 - quic_data.AddWrite(SYNCHRONOUS, - client_maker_->MakeRetransmissionPacket(1, 4, true)); - // RTO 2 - quic_data.AddWrite(SYNCHRONOUS, - client_maker_->MakeRetransmissionPacket(1, 5, true)); - // RTO 3 - quic_data.AddWrite(SYNCHRONOUS, - client_maker_->MakeRetransmissionPacket(1, 6, true)); - // RTO 4 - quic_data.AddWrite(SYNCHRONOUS, - client_maker_->MakeRetransmissionPacket(1, 7, true)); - // RTO 5 - quic_data.AddWrite(SYNCHRONOUS, - client_maker_->MakeConnectionClosePacket( - 8, true, quic::QUIC_TOO_MANY_RTOS, - "5 consecutive retransmission timeouts")); - } - - quic_data.AddRead(ASYNC, OK); - quic_data.AddSocketDataToFactory(&socket_factory_); - - // In order for a new QUIC session to be established via alternate-protocol - // without racing an HTTP connection, we need the host resolution to happen - // synchronously. Of course, even though QUIC *could* perform a 0-RTT - // connection to the the server, in this test we require confirmation - // before encrypting so the HTTP job will still start. - host_resolver_.set_synchronous_mode(true); - host_resolver_.rules()->AddIPLiteralRule("mail.example.org", "192.168.0.1", - ""); - - CreateSession(); - // Use a TestTaskRunner to avoid waiting in real time for timeouts. - QuicStreamFactoryPeer::SetAlarmFactory( - session_->quic_stream_factory(), - std::make_unique<QuicChromiumAlarmFactory>(quic_task_runner_.get(), - context_.clock())); - - AddQuicAlternateProtocolMapping(MockCryptoClientStream::ZERO_RTT); - - HttpNetworkTransaction trans(DEFAULT_PRIORITY, session_.get()); - TestCompletionCallback callback; - int rv = trans.Start(&request_, callback.callback(), net_log_.bound()); - EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); - - // Pump the message loop to get the request started. - base::RunLoop().RunUntilIdle(); - // Explicitly confirm the handshake. - crypto_client_stream_factory_.last_stream() - ->NotifySessionOneRttKeyAvailable(); - - // Run the QUIC session to completion. - quic_task_runner_->RunUntilIdle(); - - ExpectQuicAlternateProtocolMapping(); - ASSERT_TRUE(quic_data.AllWriteDataConsumed()); - EXPECT_THAT(callback.WaitForResult(), IsError(ERR_QUIC_PROTOCOL_ERROR)); -} - -// Verify that if a QUIC connection RTOs, while there are no active streams -// QUIC will not be marked as broken. -TEST_P(QuicNetworkTransactionTest, - TooManyRtosAfterHandshakeConfirmedAndStreamReset) { - if (version_.handshake_protocol == quic::PROTOCOL_TLS1_3) { - // QUIC with TLS1.3 handshake doesn't support 0-rtt. - return; - } - - context_.params()->connection_options.push_back(quic::k5RTO); - - // The request will initially go out over QUIC. - MockQuicData quic_data(version_); - spdy::SpdyPriority priority = - ConvertRequestPriorityToQuicPriority(DEFAULT_PRIORITY); - - client_maker_->set_save_packet_frames(true); - client_maker_->SetEncryptionLevel(quic::ENCRYPTION_ZERO_RTT); - int packet_number = 1; - if (VersionUsesHttp3(version_.transport_version)) { - quic_data.AddWrite( - SYNCHRONOUS, client_maker_->MakeInitialSettingsPacket(packet_number++)); - } - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_->MakeRequestHeadersPacket( - packet_number++, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, priority, GetRequestHeaders("GET", "https", "/"), 0, nullptr)); - - client_maker_->SetEncryptionLevel(quic::ENCRYPTION_FORWARD_SECURE); - - if (!VersionUsesHttp3(version_.transport_version)) { - quic_data.AddWrite(SYNCHRONOUS, - client_maker_->MakeRstPacket( - packet_number++, true, - GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED)); - // TLP 1 - quic_data.AddWrite(SYNCHRONOUS, client_maker_->MakeRetransmissionPacket( - 1, packet_number++, true)); - // TLP 2 - quic_data.AddWrite(SYNCHRONOUS, client_maker_->MakeRetransmissionPacket( - 2, packet_number++, true)); - // RTO 1 - quic_data.AddWrite(SYNCHRONOUS, client_maker_->MakeRetransmissionPacket( - 1, packet_number++, true)); - quic_data.AddWrite(SYNCHRONOUS, client_maker_->MakeRetransmissionPacket( - 2, packet_number++, true)); - // RTO 2 - quic_data.AddWrite(SYNCHRONOUS, client_maker_->MakeRetransmissionPacket( - 1, packet_number++, true)); - quic_data.AddWrite(SYNCHRONOUS, client_maker_->MakeRetransmissionPacket( - 2, packet_number++, true)); - // RTO 3 - quic_data.AddWrite(SYNCHRONOUS, client_maker_->MakeRetransmissionPacket( - 1, packet_number++, true)); - quic_data.AddWrite(SYNCHRONOUS, client_maker_->MakeRetransmissionPacket( - 2, packet_number++, true)); - // RTO 4 - quic_data.AddWrite(SYNCHRONOUS, client_maker_->MakeRetransmissionPacket( - 1, packet_number++, true)); - quic_data.AddWrite(SYNCHRONOUS, client_maker_->MakeRetransmissionPacket( - 2, packet_number++, true)); - // RTO 5 - quic_data.AddWrite(SYNCHRONOUS, - client_maker_->MakeConnectionClosePacket( - packet_number++, true, quic::QUIC_TOO_MANY_RTOS, - "5 consecutive retransmission timeouts")); - } else { - quic_data.AddWrite( - SYNCHRONOUS, ConstructClientDataPacket( - packet_number++, GetQpackDecoderStreamId(), true, - false, StreamCancellationQpackDecoderInstruction(0))); - quic_data.AddWrite(SYNCHRONOUS, - client_maker_->MakeRstPacket( - packet_number++, true, - GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED)); - client_maker_->RemoveSavedStreamFrames( - GetNthClientInitiatedBidirectionalStreamId(0)); - - // TLP 1 - quic_data.AddWrite(SYNCHRONOUS, client_maker_->MakeRetransmissionPacket( - 1, packet_number++, true)); - // TLP 2 - quic_data.AddWrite(SYNCHRONOUS, client_maker_->MakeRetransmissionPacket( - 2, packet_number++, true)); - // RTO 1 - quic_data.AddWrite(SYNCHRONOUS, client_maker_->MakeRetransmissionPacket( - 3, packet_number++, true)); - quic_data.AddWrite(SYNCHRONOUS, client_maker_->MakeRetransmissionPacket( - 4, packet_number++, true)); - // RTO 2 - quic_data.AddWrite(SYNCHRONOUS, client_maker_->MakeRetransmissionPacket( - 1, packet_number++, true)); - quic_data.AddWrite(SYNCHRONOUS, client_maker_->MakeRetransmissionPacket( - 2, packet_number++, true)); - // RTO 3 - quic_data.AddWrite(SYNCHRONOUS, client_maker_->MakeRetransmissionPacket( - 3, packet_number++, true)); - quic_data.AddWrite(SYNCHRONOUS, client_maker_->MakeRetransmissionPacket( - 4, packet_number++, true)); - // RTO 4 - quic_data.AddWrite(SYNCHRONOUS, client_maker_->MakeRetransmissionPacket( - 1, packet_number++, true)); - quic_data.AddWrite(SYNCHRONOUS, client_maker_->MakeRetransmissionPacket( - 2, packet_number++, true)); - // RTO 5 - quic_data.AddWrite(SYNCHRONOUS, - client_maker_->MakeConnectionClosePacket( - packet_number++, true, quic::QUIC_TOO_MANY_RTOS, - "5 consecutive retransmission timeouts")); - } - - quic_data.AddRead(ASYNC, OK); - quic_data.AddSocketDataToFactory(&socket_factory_); - - // In order for a new QUIC session to be established via alternate-protocol - // without racing an HTTP connection, we need the host resolution to happen - // synchronously. Of course, even though QUIC *could* perform a 0-RTT - // connection to the the server, in this test we require confirmation - // before encrypting so the HTTP job will still start. - host_resolver_.set_synchronous_mode(true); - host_resolver_.rules()->AddIPLiteralRule("mail.example.org", "192.168.0.1", - ""); - - CreateSession(); - // Use a TestTaskRunner to avoid waiting in real time for timeouts. - QuicStreamFactoryPeer::SetAlarmFactory( - session_->quic_stream_factory(), - std::make_unique<QuicChromiumAlarmFactory>(quic_task_runner_.get(), - context_.clock())); - - AddQuicAlternateProtocolMapping(MockCryptoClientStream::ZERO_RTT); - - auto trans = std::make_unique<HttpNetworkTransaction>(DEFAULT_PRIORITY, - session_.get()); - TestCompletionCallback callback; - int rv = trans->Start(&request_, callback.callback(), net_log_.bound()); - EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); - - // Pump the message loop to get the request started. - base::RunLoop().RunUntilIdle(); - // Explicitly confirm the handshake. - crypto_client_stream_factory_.last_stream() - ->NotifySessionOneRttKeyAvailable(); - - // Now cancel the request. - trans.reset(); - - // Run the QUIC session to completion. - quic_task_runner_->RunUntilIdle(); - - ExpectQuicAlternateProtocolMapping(); - - ASSERT_TRUE(quic_data.AllWriteDataConsumed()); -} +// TODO(fayang): Add time driven TOO_MANY_RTOS test. // Verify that if a QUIC protocol error occurs after the handshake is confirmed // the request fails with QUIC_PROTOCOL_ERROR. @@ -7586,7 +7326,7 @@ class QuicNetworkTransactionWithDestinationTest uint64_t least_unacked, QuicTestPacketMaker* maker) { return maker->MakeAckPacket(packet_number, largest_received, - smallest_received, least_unacked, true); + smallest_received, least_unacked); } std::unique_ptr<quic::QuicReceivedPacket> ConstructInitialSettingsPacket( @@ -8674,7 +8414,7 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyConnectReuseQuicSession) { mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientDataPacket( packet_num++, GetQpackDecoderStreamId(), true, false, - StreamCancellationQpackDecoderInstruction(1))); + StreamCancellationQpackDecoderInstruction(1, false))); } mock_quic_data.AddWrite( @@ -8938,7 +8678,7 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyConnectBadCertificate) { mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientDataPacket( packet_num++, GetQpackDecoderStreamId(), true, false, - StreamCancellationQpackDecoderInstruction(1))); + StreamCancellationQpackDecoderInstruction(1, false))); } mock_quic_data.AddWrite( SYNCHRONOUS, @@ -9240,8 +8980,8 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyAuth) { } server_data_offset += 10; - mock_quic_data.AddWrite( - SYNCHRONOUS, client_maker.MakeAckPacket(packet_num++, 2, 1, 1, true)); + mock_quic_data.AddWrite(SYNCHRONOUS, + client_maker.MakeAckPacket(packet_num++, 2, 1, 1)); if (VersionUsesHttp3(version_.transport_version)) { mock_quic_data.AddWrite( @@ -9298,7 +9038,7 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyAuth) { SYNCHRONOUS, client_maker.MakeAckAndDataPacket( packet_num++, false, GetQpackDecoderStreamId(), 3, 3, 1, false, - StreamCancellationQpackDecoderInstruction(1))); + StreamCancellationQpackDecoderInstruction(1, false))); mock_quic_data.AddWrite(SYNCHRONOUS, client_maker.MakeRstPacket( packet_num++, false, @@ -9309,7 +9049,7 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyAuth) { client_maker.MakeAckAndRstPacket( packet_num++, false, GetNthClientInitiatedBidirectionalStreamId(1), - quic::QUIC_STREAM_CANCELLED, 3, 3, 1, true)); + quic::QUIC_STREAM_CANCELLED, 3, 3, 1)); } mock_quic_data.AddSocketDataToFactory(&socket_factory_); @@ -9741,8 +9481,7 @@ TEST_P(QuicNetworkTransactionTest, NetworkIsolation) { 2, GetNthClientInitiatedBidirectionalStreamId(0), false, true, ConstructDataHeader(1) + "1")); partitioned_mock_quic_data1.AddWrite( - SYNCHRONOUS, - client_maker2.MakeAckPacket(packet_num2++, 2, 1, 1, true)); + SYNCHRONOUS, client_maker2.MakeAckPacket(packet_num2++, 2, 1, 1)); partitioned_mock_quic_data1.AddWrite( SYNCHRONOUS, @@ -9760,8 +9499,7 @@ TEST_P(QuicNetworkTransactionTest, NetworkIsolation) { 4, GetNthClientInitiatedBidirectionalStreamId(1), false, true, ConstructDataHeader(1) + "3")); partitioned_mock_quic_data1.AddWrite( - SYNCHRONOUS, - client_maker2.MakeAckPacket(packet_num2++, 4, 3, 1, true)); + SYNCHRONOUS, client_maker2.MakeAckPacket(packet_num2++, 4, 3, 1)); partitioned_mock_quic_data1.AddRead(SYNCHRONOUS, ERR_IO_PENDING); @@ -9803,8 +9541,7 @@ TEST_P(QuicNetworkTransactionTest, NetworkIsolation) { 2, GetNthClientInitiatedBidirectionalStreamId(0), false, true, ConstructDataHeader(1) + "2")); partitioned_mock_quic_data2.AddWrite( - SYNCHRONOUS, - client_maker3.MakeAckPacket(packet_num3++, 2, 1, 1, true)); + SYNCHRONOUS, client_maker3.MakeAckPacket(packet_num3++, 2, 1, 1)); partitioned_mock_quic_data2.AddRead(SYNCHRONOUS, ERR_IO_PENDING); @@ -9961,7 +9698,7 @@ TEST_P(QuicNetworkTransactionTest, NetworkIsolationTunnel) { 3, GetNthClientInitiatedBidirectionalStreamId(0), false, false, ConstructDataHeader(10) + std::string("0123456789"))); mock_quic_data[index]->AddWrite( - SYNCHRONOUS, client_maker.MakeAckPacket(packet_num++, 3, 2, 1, true)); + SYNCHRONOUS, client_maker.MakeAckPacket(packet_num++, 3, 2, 1)); mock_quic_data[index]->AddRead(SYNCHRONOUS, ERR_IO_PENDING); // No more data to read diff --git a/chromium/net/quic/quic_proxy_client_socket_unittest.cc b/chromium/net/quic/quic_proxy_client_socket_unittest.cc index 8fc4d25b53d..045cfeec480 100644 --- a/chromium/net/quic/quic_proxy_client_socket_unittest.cc +++ b/chromium/net/quic/quic_proxy_client_socket_unittest.cc @@ -115,8 +115,6 @@ class QuicProxyClientSocketTest : public ::testing::TestWithParam<TestParams>, static const bool kFin = true; static const bool kIncludeVersion = true; static const bool kIncludeDiversificationNonce = true; - static const bool kIncludeCongestionFeedback = true; - static const bool kSendFeedback = true; static size_t GetStreamFrameDataLengthFromPacketLength( quic::QuicByteCount packet_length, @@ -340,7 +338,7 @@ class QuicProxyClientSocketTest : public ::testing::TestWithParam<TestParams>, uint64_t least_unacked) { return client_maker_.MakeAckAndRstPacket( packet_number, !kIncludeVersion, client_data_stream_id1_, error_code, - largest_received, smallest_received, least_unacked, kSendFeedback, + largest_received, smallest_received, least_unacked, /*include_stop_sending=*/false); } @@ -352,7 +350,7 @@ class QuicProxyClientSocketTest : public ::testing::TestWithParam<TestParams>, uint64_t least_unacked) { return client_maker_.MakeAckAndRstPacket( packet_number, !kIncludeVersion, client_data_stream_id1_, error_code, - largest_received, smallest_received, least_unacked, kSendFeedback, + largest_received, smallest_received, least_unacked, /*include_stop_sending_if_v99=*/true); } @@ -437,8 +435,7 @@ class QuicProxyClientSocketTest : public ::testing::TestWithParam<TestParams>, uint64_t smallest_received, uint64_t least_unacked) { return client_maker_.MakeAckPacket(packet_number, largest_received, - smallest_received, least_unacked, - kSendFeedback); + smallest_received, least_unacked); } // Helper functions for constructing packets sent by the server diff --git a/chromium/net/quic/quic_server_info.cc b/chromium/net/quic/quic_server_info.cc index cdf6e0bc4a2..4b49337536a 100644 --- a/chromium/net/quic/quic_server_info.cc +++ b/chromium/net/quic/quic_server_info.cc @@ -6,6 +6,7 @@ #include <limits> +#include "base/logging.h" #include "base/pickle.h" #include "base/stl_util.h" diff --git a/chromium/net/quic/quic_stream_factory.cc b/chromium/net/quic/quic_stream_factory.cc index f076703d26c..3358bd3d4be 100644 --- a/chromium/net/quic/quic_stream_factory.cc +++ b/chromium/net/quic/quic_stream_factory.cc @@ -45,7 +45,6 @@ #include "net/quic/quic_chromium_connection_helper.h" #include "net/quic/quic_chromium_packet_reader.h" #include "net/quic/quic_chromium_packet_writer.h" -#include "net/quic/quic_client_session_cache.h" #include "net/quic/quic_context.h" #include "net/quic/quic_crypto_client_stream_factory.h" #include "net/quic/quic_http_stream.h" @@ -218,105 +217,6 @@ std::set<std::string> HostsFromOrigins(std::set<HostPortPair> origins) { } // namespace -// Responsible for verifying the certificates saved in -// quic::QuicCryptoClientConfig, and for notifying any associated requests when -// complete. Results from cert verification are ignored. -class QuicStreamFactory::CertVerifierJob { - public: - // ProofVerifierCallbackImpl is passed as the callback method to - // VerifyCertChain. The quic::ProofVerifier calls this class with the result - // of cert verification when verification is performed asynchronously. - class ProofVerifierCallbackImpl : public quic::ProofVerifierCallback { - public: - explicit ProofVerifierCallbackImpl(CertVerifierJob* job) : job_(job) {} - - ~ProofVerifierCallbackImpl() override {} - - void Run(bool ok, - const std::string& error_details, - std::unique_ptr<quic::ProofVerifyDetails>* details) override { - if (job_ == nullptr) - return; - job_->verify_callback_ = nullptr; - job_->OnComplete(); - } - - void Cancel() { job_ = nullptr; } - - private: - CertVerifierJob* job_; - }; - - CertVerifierJob( - std::unique_ptr<QuicCryptoClientConfigHandle> crypto_config_handle, - const quic::QuicServerId& server_id, - int cert_verify_flags, - const NetLogWithSource& net_log) - : crypto_config_handle_(std::move(crypto_config_handle)), - server_id_(server_id), - verify_callback_(nullptr), - verify_context_( - std::make_unique<ProofVerifyContextChromium>(cert_verify_flags, - net_log)), - start_time_(base::TimeTicks::Now()), - net_log_(net_log) {} - - ~CertVerifierJob() { - if (verify_callback_) - verify_callback_->Cancel(); - } - - // Starts verification of certs cached in the |crypto_config|. - quic::QuicAsyncStatus Run(CompletionOnceCallback callback) { - quic::QuicCryptoClientConfig* crypto_config = - crypto_config_handle_->GetConfig(); - quic::QuicCryptoClientConfig::CachedState* cached = - crypto_config->LookupOrCreate(server_id_); - auto verify_callback = std::make_unique<ProofVerifierCallbackImpl>(this); - auto* verify_callback_ptr = verify_callback.get(); - quic::QuicAsyncStatus status = - crypto_config->proof_verifier()->VerifyCertChain( - server_id_.host(), cached->certs(), - /*ocsp_response=*/std::string(), cached->cert_sct(), - verify_context_.get(), &verify_error_details_, &verify_details_, - std::move(verify_callback)); - if (status == quic::QUIC_PENDING) { - verify_callback_ = verify_callback_ptr; - callback_ = std::move(callback); - } - return status; - } - - void OnComplete() { - UMA_HISTOGRAM_TIMES("Net.QuicSession.CertVerifierJob.CompleteTime", - base::TimeTicks::Now() - start_time_); - if (!callback_.is_null()) - std::move(callback_).Run(OK); - } - - const quic::QuicServerId& server_id() const { return server_id_; } - - size_t EstimateMemoryUsage() const { - // TODO(xunjieli): crbug.com/669108. Track |verify_context_| and - // |verify_details_|. - return base::trace_event::EstimateMemoryUsage(verify_error_details_); - } - - private: - const std::unique_ptr<QuicCryptoClientConfigHandle> crypto_config_handle_; - const quic::QuicServerId server_id_; - ProofVerifierCallbackImpl* verify_callback_; - std::unique_ptr<quic::ProofVerifyContext> verify_context_; - std::unique_ptr<quic::ProofVerifyDetails> verify_details_; - std::string verify_error_details_; - const base::TimeTicks start_time_; - const NetLogWithSource net_log_; - CompletionOnceCallback callback_; - base::WeakPtrFactory<CertVerifierJob> weak_factory_{this}; - - DISALLOW_COPY_AND_ASSIGN(CertVerifierJob); -}; - // Refcounted class that owns quic::QuicCryptoClientConfig and tracks how many // consumers are using it currently. When the last reference is freed, the // QuicCryptoClientConfigHandle informs the owning QuicStreamFactory, moves it @@ -325,9 +225,8 @@ class QuicStreamFactory::QuicCryptoClientConfigOwner { public: QuicCryptoClientConfigOwner( std::unique_ptr<quic::ProofVerifier> proof_verifier, - std::unique_ptr<QuicClientSessionCache> session_cache, QuicStreamFactory* quic_stream_factory) - : config_(std::move(proof_verifier), std::move(session_cache)), + : config_(std::move(proof_verifier)), quic_stream_factory_(quic_stream_factory) { DCHECK(quic_stream_factory_); } @@ -1227,8 +1126,6 @@ QuicStreamFactory::~QuicStreamFactory() { all_sessions_.erase(all_sessions_.begin()); } active_jobs_.clear(); - while (!active_cert_verifier_jobs_.empty()) - active_cert_verifier_jobs_.erase(active_cert_verifier_jobs_.begin()); // This should have been moved to the recent map when all consumers of // QuicCryptoClientConfigs were deleted, in the above lines. @@ -1352,15 +1249,10 @@ int QuicStreamFactory::Create(const QuicSessionKey& session_key, if (!tick_clock_) tick_clock_ = base::DefaultTickClock::GetInstance(); - std::unique_ptr<CryptoClientConfigHandle> crypto_config_handle = - CreateCryptoConfigHandle(session_key.network_isolation_key()); - ignore_result(StartCertVerifyJob(*crypto_config_handle, - session_key.server_id(), cert_verify_flags, - net_log)); - QuicSessionAliasKey key(destination, session_key); std::unique_ptr<Job> job = std::make_unique<Job>( - this, quic_version, host_resolver_, key, std::move(crypto_config_handle), + this, quic_version, host_resolver_, key, + CreateCryptoConfigHandle(session_key.network_isolation_key()), WasQuicRecentlyBroken(session_key), params_.retry_on_alternate_network_before_handshake, params_.race_stale_dns_on_connection, priority, cert_verify_flags, @@ -1744,8 +1636,7 @@ void QuicStreamFactory::DumpMemoryStats( base::trace_event::EstimateMemoryUsage(ip_aliases_) + base::trace_event::EstimateMemoryUsage(session_peer_ip_) + base::trace_event::EstimateMemoryUsage(gone_away_aliases_) + - base::trace_event::EstimateMemoryUsage(active_jobs_) + - base::trace_event::EstimateMemoryUsage(active_cert_verifier_jobs_); + base::trace_event::EstimateMemoryUsage(active_jobs_); factory_dump->AddScalar(base::trace_event::MemoryAllocatorDump::kNameSize, base::trace_event::MemoryAllocatorDump::kUnitsBytes, memory_estimate); @@ -1755,9 +1646,6 @@ void QuicStreamFactory::DumpMemoryStats( factory_dump->AddScalar("active_jobs", base::trace_event::MemoryAllocatorDump::kUnitsObjects, active_jobs_.size()); - factory_dump->AddScalar("active_cert_jobs", - base::trace_event::MemoryAllocatorDump::kUnitsObjects, - active_cert_verifier_jobs_.size()); } bool QuicStreamFactory::HasMatchingIpSession(const QuicSessionAliasKey& key, @@ -1811,10 +1699,6 @@ void QuicStreamFactory::OnJobComplete(Job* job, int rv) { active_jobs_.erase(iter); } -void QuicStreamFactory::OnCertVerifyJobComplete(CertVerifierJob* job, int rv) { - active_cert_verifier_jobs_.erase(job->server_id()); -} - bool QuicStreamFactory::HasActiveSession( const QuicSessionKey& session_key) const { // TODO(rtenneti): crbug.com/498823 - delete active_sessions_.empty() check. @@ -1827,11 +1711,6 @@ bool QuicStreamFactory::HasActiveJob(const QuicSessionKey& session_key) const { return base::Contains(active_jobs_, session_key); } -bool QuicStreamFactory::HasActiveCertVerifierJob( - const quic::QuicServerId& server_id) const { - return base::Contains(active_cert_verifier_jobs_, server_id); -} - int QuicStreamFactory::CreateSession( const QuicSessionAliasKey& key, quic::ParsedQuicVersion quic_version, @@ -2048,30 +1927,6 @@ bool QuicStreamFactory::WasQuicRecentlyBroken( alternative_service, session_key.network_isolation_key()); } -quic::QuicAsyncStatus QuicStreamFactory::StartCertVerifyJob( - const CryptoClientConfigHandle& crypto_config_handle, - const quic::QuicServerId& server_id, - int cert_verify_flags, - const NetLogWithSource& net_log) { - if (!params_.race_cert_verification) - return quic::QUIC_FAILURE; - quic::QuicCryptoClientConfig::CachedState* cached = - crypto_config_handle.GetConfig()->LookupOrCreate(server_id); - if (!cached || cached->certs().empty() || - HasActiveCertVerifierJob(server_id)) { - return quic::QUIC_FAILURE; - } - std::unique_ptr<CertVerifierJob> cert_verifier_job(new CertVerifierJob( - std::make_unique<CryptoClientConfigHandle>(crypto_config_handle), - server_id, cert_verify_flags, net_log)); - quic::QuicAsyncStatus status = cert_verifier_job->Run( - base::BindOnce(&QuicStreamFactory::OnCertVerifyJobComplete, - base::Unretained(this), cert_verifier_job.get())); - if (status == quic::QUIC_PENDING) - active_cert_verifier_jobs_[server_id] = std::move(cert_verifier_job); - return status; -} - void QuicStreamFactory::InitializeMigrationOptions() { // The following list of options cannot be set immediately until // prerequisites are met. Cache the initial setting in local variables and @@ -2279,7 +2134,7 @@ QuicStreamFactory::CreateCryptoConfigHandle( cert_verifier_, ct_policy_enforcer_, transport_security_state_, cert_transparency_verifier_, HostsFromOrigins(params_.origins_to_force_quic_on)), - std::make_unique<QuicClientSessionCache>(), this); + this); quic::QuicCryptoClientConfig* crypto_config = crypto_config_owner->config(); crypto_config->set_user_agent_id(params_.user_agent_id); @@ -2316,17 +2171,6 @@ QuicStreamFactory::GetCryptoConfigForTesting( return CreateCryptoConfigHandle(network_isolation_key); } -quic::QuicAsyncStatus QuicStreamFactory::StartCertVerifyJobForTesting( - const quic::QuicServerId& server_id, - const NetworkIsolationKey& network_isolation_key, - int cert_verify_flags, - const NetLogWithSource& net_log) { - std::unique_ptr<QuicStreamFactory::CryptoClientConfigHandle> - crypto_config_handle = CreateCryptoConfigHandle(network_isolation_key); - return StartCertVerifyJob(*crypto_config_handle, server_id, cert_verify_flags, - net_log); -} - bool QuicStreamFactory::CryptoConfigCacheIsEmptyForTesting( const quic::QuicServerId& server_id, const NetworkIsolationKey& network_isolation_key) { diff --git a/chromium/net/quic/quic_stream_factory.h b/chromium/net/quic/quic_stream_factory.h index 4fd23ddec90..6e33a290557 100644 --- a/chromium/net/quic/quic_stream_factory.h +++ b/chromium/net/quic/quic_stream_factory.h @@ -362,7 +362,6 @@ class NET_EXPORT_PRIVATE QuicStreamFactory private: class Job; - class CertVerifierJob; class QuicCryptoClientConfigOwner; class CryptoClientConfigHandle; friend class test::QuicStreamFactoryPeer; @@ -376,8 +375,6 @@ class NET_EXPORT_PRIVATE QuicStreamFactory typedef std::map<IPEndPoint, SessionSet> IPAliasMap; typedef std::map<QuicChromiumClientSession*, IPEndPoint> SessionPeerIPMap; typedef std::map<QuicSessionKey, std::unique_ptr<Job>> JobMap; - typedef std::map<quic::QuicServerId, std::unique_ptr<CertVerifierJob>> - CertVerifierJobMap; using QuicCryptoClientConfigMap = std::map<NetworkIsolationKey, std::unique_ptr<QuicCryptoClientConfigOwner>>; @@ -385,10 +382,8 @@ class NET_EXPORT_PRIVATE QuicStreamFactory bool HasMatchingIpSession(const QuicSessionAliasKey& key, const AddressList& address_list); void OnJobComplete(Job* job, int rv); - void OnCertVerifyJobComplete(CertVerifierJob* job, int rv); bool HasActiveSession(const QuicSessionKey& session_key) const; bool HasActiveJob(const QuicSessionKey& session_key) const; - bool HasActiveCertVerifierJob(const quic::QuicServerId& server_id) const; int CreateSession(const QuicSessionAliasKey& key, quic::ParsedQuicVersion quic_version, int cert_verify_flags, @@ -425,20 +420,6 @@ class NET_EXPORT_PRIVATE QuicStreamFactory // Helper methods. bool WasQuicRecentlyBroken(const QuicSessionKey& session_key) const; - // Starts an asynchronous job for cert verification if - // |params_.race_cert_verification| is enabled and if there are cached certs - // for the given |server_id|. - // - // Takes a constant reference to a CryptoClientConfigHandle instead of a - // NetworkIsolationKey to force the caller to keep the corresponding - // QuicCryptoClientConfig alive. There's no guarantee it won't be garbage - // collected beyond when this method completes, otherwise. - quic::QuicAsyncStatus StartCertVerifyJob( - const CryptoClientConfigHandle& crypto_config_handle, - const quic::QuicServerId& server_id, - int cert_verify_flags, - const NetLogWithSource& net_log); - // Helper method to initialize the following migration options and check // pre-requisites: // - |params_.migrate_sessions_on_network_change_v2| @@ -479,12 +460,6 @@ class NET_EXPORT_PRIVATE QuicStreamFactory std::unique_ptr<QuicCryptoClientConfigHandle> GetCryptoConfigForTesting( const NetworkIsolationKey& network_isolation_key); - quic::QuicAsyncStatus StartCertVerifyJobForTesting( - const quic::QuicServerId& server_id, - const NetworkIsolationKey& network_isolation_key, - int cert_verify_flags, - const NetLogWithSource& net_log); - bool CryptoConfigCacheIsEmptyForTesting( const quic::QuicServerId& server_id, const NetworkIsolationKey& network_isolation_key); @@ -552,9 +527,6 @@ class NET_EXPORT_PRIVATE QuicStreamFactory JobMap active_jobs_; - // Map of quic::QuicServerId to owning CertVerifierJob. - CertVerifierJobMap active_cert_verifier_jobs_; - // PING timeout for connections. quic::QuicTime::Delta ping_timeout_; quic::QuicTime::Delta reduced_ping_timeout_; diff --git a/chromium/net/quic/quic_stream_factory_fuzzer.cc b/chromium/net/quic/quic_stream_factory_fuzzer.cc index 91083db5ea8..40aff46b5da 100644 --- a/chromium/net/quic/quic_stream_factory_fuzzer.cc +++ b/chromium/net/quic/quic_stream_factory_fuzzer.cc @@ -97,7 +97,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { data_provider.ConsumeBool() ? 1 : 0; params.close_sessions_on_ip_change = data_provider.ConsumeBool(); params.allow_server_migration = data_provider.ConsumeBool(); - params.race_cert_verification = data_provider.ConsumeBool(); params.estimate_initial_rtt = data_provider.ConsumeBool(); params.headers_include_h2_stream_dependency = data_provider.ConsumeBool(); params.enable_socket_recv_optimization = data_provider.ConsumeBool(); diff --git a/chromium/net/quic/quic_stream_factory_peer.cc b/chromium/net/quic/quic_stream_factory_peer.cc index fc68a8732f1..ac673b84b67 100644 --- a/chromium/net/quic/quic_stream_factory_peer.cc +++ b/chromium/net/quic/quic_stream_factory_peer.cc @@ -50,12 +50,6 @@ bool QuicStreamFactoryPeer::HasActiveJob(QuicStreamFactory* factory, false /* disable_secure_dns */)); } -bool QuicStreamFactoryPeer::HasActiveCertVerifierJob( - QuicStreamFactory* factory, - const quic::QuicServerId& server_id) { - return factory->HasActiveCertVerifierJob(server_id); -} - // static QuicChromiumClientSession* QuicStreamFactoryPeer::GetPendingSession( QuicStreamFactory* factory, @@ -123,27 +117,6 @@ quic::QuicTime::Delta QuicStreamFactoryPeer::GetPingTimeout( return factory->ping_timeout_; } -bool QuicStreamFactoryPeer::GetRaceCertVerification( - QuicStreamFactory* factory) { - return factory->params_.race_cert_verification; -} - -void QuicStreamFactoryPeer::SetRaceCertVerification( - QuicStreamFactory* factory, - bool race_cert_verification) { - factory->params_.race_cert_verification = race_cert_verification; -} - -quic::QuicAsyncStatus QuicStreamFactoryPeer::StartCertVerifyJob( - QuicStreamFactory* factory, - const quic::QuicServerId& server_id, - const NetworkIsolationKey& network_isolation_key, - int cert_verify_flags, - const NetLogWithSource& net_log) { - return factory->StartCertVerifyJobForTesting(server_id, network_isolation_key, - cert_verify_flags, net_log); -} - void QuicStreamFactoryPeer::SetYieldAfterPackets(QuicStreamFactory* factory, int yield_after_packets) { factory->yield_after_packets_ = yield_after_packets; diff --git a/chromium/net/quic/quic_stream_factory_peer.h b/chromium/net/quic/quic_stream_factory_peer.h index 60cc745903a..507aedda772 100644 --- a/chromium/net/quic/quic_stream_factory_peer.h +++ b/chromium/net/quic/quic_stream_factory_peer.h @@ -51,9 +51,6 @@ class QuicStreamFactoryPeer { static bool HasActiveJob(QuicStreamFactory* factory, const quic::QuicServerId& server_id); - static bool HasActiveCertVerifierJob(QuicStreamFactory* factory, - const quic::QuicServerId& server_id); - static QuicChromiumClientSession* GetPendingSession( QuicStreamFactory* factory, const quic::QuicServerId& server_id, @@ -79,21 +76,6 @@ class QuicStreamFactoryPeer { static quic::QuicTime::Delta GetPingTimeout(QuicStreamFactory* factory); - static bool GetRaceCertVerification(QuicStreamFactory* factory); - - static void SetRaceCertVerification(QuicStreamFactory* factory, - bool race_cert_verification); - - // When using this method, the caller should be holding onto a live - // NetworkIsolationKey, if it wants the results to stay alive in the - // per-NetworkIsolationKey cache. - static quic::QuicAsyncStatus StartCertVerifyJob( - QuicStreamFactory* factory, - const quic::QuicServerId& server_id, - const NetworkIsolationKey& network_isolation_key, - int cert_verify_flags, - const NetLogWithSource& net_log); - static void SetYieldAfterPackets(QuicStreamFactory* factory, int yield_after_packets); diff --git a/chromium/net/quic/quic_stream_factory_test.cc b/chromium/net/quic/quic_stream_factory_test.cc index bde0dd8bcb6..a4dd7ce26d3 100644 --- a/chromium/net/quic/quic_stream_factory_test.cc +++ b/chromium/net/quic/quic_stream_factory_test.cc @@ -312,11 +312,6 @@ class QuicStreamFactoryTestBase : public WithTaskEnvironment { return QuicStreamFactoryPeer::HasActiveJob(factory_.get(), server_id); } - bool HasActiveCertVerifierJob(const quic::QuicServerId& server_id) { - return QuicStreamFactoryPeer::HasActiveCertVerifierJob(factory_.get(), - server_id); - } - // Get the pending, not activated session, if there is only one session alive. QuicChromiumClientSession* GetPendingSession( const HostPortPair& host_port_pair) { @@ -819,12 +814,22 @@ class QuicStreamFactoryTestBase : public WithTaskEnvironment { } std::string StreamCancellationQpackDecoderInstruction(int n) const { + return StreamCancellationQpackDecoderInstruction(n, true); + } + + std::string StreamCancellationQpackDecoderInstruction( + int n, + bool create_stream) const { const quic::QuicStreamId cancelled_stream_id = GetNthClientInitiatedBidirectionalStreamId(n); EXPECT_LT(cancelled_stream_id, 63u); const unsigned char opcode = 0x40; - return {opcode | static_cast<unsigned char>(cancelled_stream_id)}; + if (create_stream) { + return {0x03, opcode | static_cast<unsigned char>(cancelled_stream_id)}; + } else { + return {opcode | static_cast<unsigned char>(cancelled_stream_id)}; + } } std::string ConstructDataHeader(size_t body_len) { @@ -1625,7 +1630,7 @@ TEST_P(QuicStreamFactoryTest, PoolingWithServerMigration) { "192.168.0.1", ""); IPEndPoint alt_address = IPEndPoint(IPAddress(1, 2, 3, 4), 443); quic::QuicConfig config; - config.SetAlternateServerAddressToSend(ToQuicSocketAddress(alt_address)); + config.SetIPv4AlternateServerAddressToSend(ToQuicSocketAddress(alt_address)); VerifyServerMigration(config, alt_address); @@ -2699,7 +2704,7 @@ void QuicStreamFactoryTestBase::TestMigrationOnNetworkMadeDefault( SYNCHRONOUS, client_maker_.MakeAckAndRstPacket( packet_num, false, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED, 2, 2, 1, true)); + quic::QUIC_STREAM_CANCELLED, 2, 2, 1)); } quic_data2.AddSocketDataToFactory(socket_factory_.get()); @@ -2895,7 +2900,7 @@ TEST_P(QuicStreamFactoryTest, MigratedToBlockedSocketAfterProbing) { SYNCHRONOUS, client_maker_.MakeAckAndRstPacket( packet_num++, false, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED, 2, 2, 1, true)); + quic::QUIC_STREAM_CANCELLED, 2, 2, 1)); } quic_data2.AddSocketDataToFactory(socket_factory_.get()); @@ -3775,7 +3780,7 @@ void QuicStreamFactoryTestBase::TestMigrationOnNetworkDisconnected( client_maker_.MakeAckAndRstPacket( packet_number++, false, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED, 1, 1, 1, true)); + quic::QUIC_STREAM_CANCELLED, 1, 1, 1)); } socket_data1.AddSocketDataToFactory(socket_factory_.get()); @@ -3919,7 +3924,7 @@ TEST_P(QuicStreamFactoryTest, NewNetworkConnectedAfterNoNetwork) { SYNCHRONOUS, client_maker_.MakeAckAndRstPacket( packet_num++, false, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED, 1, 1, 1, true)); + quic::QUIC_STREAM_CANCELLED, 1, 1, 1)); } socket_data1.AddSocketDataToFactory(socket_factory_.get()); @@ -4014,8 +4019,8 @@ TEST_P(QuicStreamFactoryTest, MigrateToProbingSocket) { server_maker_.MakeConnectivityProbingPacket(3, false)); quic_data2.AddRead(SYNCHRONOUS, server_maker_.MakeConnectivityProbingPacket(4, false)); - quic_data2.AddWrite( - ASYNC, client_maker_.MakeAckPacket(packet_number++, 1, 4, 1, 1, true)); + quic_data2.AddWrite(ASYNC, + client_maker_.MakeAckPacket(packet_number++, 1, 4, 1, 1)); quic_data2.AddRead( ASYNC, ConstructOkResponsePacket( @@ -4037,7 +4042,7 @@ TEST_P(QuicStreamFactoryTest, MigrateToProbingSocket) { client_maker_.MakeAckAndRstPacket( packet_number++, false, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED, 5, 1, 1, true)); + quic::QUIC_STREAM_CANCELLED, 5, 1, 1)); } quic_data2.AddSocketDataToFactory(socket_factory_.get()); @@ -4148,7 +4153,7 @@ TEST_P(QuicStreamFactoryTest, MigrateToProbingSocket) { // This test verifies that the connection migrates to the alternate network // early when path degrading is detected with an ASYNCHRONOUS write before // migration. -TEST_P(QuicStreamFactoryTest, MigrateEarlyOnPathDegradingAysnc) { +TEST_P(QuicStreamFactoryTest, MigrateEarlyOnPathDegradingAsync) { TestMigrationOnPathDegrading(/*async_write_before_migration*/ true); } @@ -4226,7 +4231,7 @@ void QuicStreamFactoryTestBase::TestMigrationOnPathDegrading( client_maker_.MakeAckAndRstPacket( packet_number++, false, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED, 2, 2, 1, true)); + quic::QUIC_STREAM_CANCELLED, 2, 2, 1)); } quic_data2.AddSocketDataToFactory(socket_factory_.get()); @@ -4446,7 +4451,7 @@ void QuicStreamFactoryTestBase::TestSimplePortMigrationOnPathDegrading() { client_maker_.MakeAckAndRstPacket( packet_number++, false, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED, 2, 2, 1, true)); + quic::QUIC_STREAM_CANCELLED, 2, 2, 1)); } quic_data2.AddSocketDataToFactory(socket_factory_.get()); @@ -4627,7 +4632,7 @@ TEST_P(QuicStreamFactoryTest, MultiplePortMigrationsExceedsMaxLimit) { // ACK and PING post migration after successful probing. quic_data2.AddWrite( SYNCHRONOUS, client_maker_.MakeAckPacket(packet_number++, 1 + 2 * i, - 1 + 2 * i, 1, true)); + 1 + 2 * i, 1)); quic_data2.AddWrite(SYNCHRONOUS, client_maker_.MakePingPacket(packet_number++, false)); } @@ -4649,8 +4654,8 @@ TEST_P(QuicStreamFactoryTest, MultiplePortMigrationsExceedsMaxLimit) { // response. quic_data2.AddRead(ASYNC, server_maker_.MakeConnectivityProbingPacket( server_packet_num++, false)); - quic_data2.AddWrite(SYNCHRONOUS, client_maker_.MakeAckPacket( - packet_number++, 9, 9, 1, true)); + quic_data2.AddWrite( + SYNCHRONOUS, client_maker_.MakeAckPacket(packet_number++, 9, 9, 1)); } quic_data2.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // EOF. quic_data2.AddSocketDataToFactory(socket_factory_.get()); @@ -4871,7 +4876,7 @@ TEST_P(QuicStreamFactoryTest, DoNotMigrateToBadSocketOnPathDegrading) { SYNCHRONOUS, client_maker_.MakeAckAndRstPacket( packet_num++, false, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED, 1, 1, 1, true)); + quic::QUIC_STREAM_CANCELLED, 1, 1, 1)); } quic_data.AddSocketDataToFactory(socket_factory_.get()); @@ -5004,9 +5009,8 @@ void QuicStreamFactoryTestBase::TestMigrateSessionWithDrainingStream( quic_data2.AddRead(ASYNC, server_maker_.MakeConnectivityProbingPacket(3, false)); // Ping packet to send after migration is completed. - quic_data2.AddWrite( - write_mode_for_queued_packet, - client_maker_.MakeAckPacket(packet_number++, 2, 3, 3, 1, true)); + quic_data2.AddWrite(write_mode_for_queued_packet, + client_maker_.MakeAckPacket(packet_number++, 2, 3, 3, 1)); if (write_mode_for_queued_packet == SYNCHRONOUS) { quic_data2.AddWrite(ASYNC, client_maker_.MakePingPacket(packet_number++, false)); @@ -5016,8 +5020,8 @@ void QuicStreamFactoryTestBase::TestMigrateSessionWithDrainingStream( ASYNC, ConstructOkResponsePacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false)); - quic_data2.AddWrite(SYNCHRONOUS, client_maker_.MakeAckPacket( - packet_number++, 1, 3, 1, 1, true)); + quic_data2.AddWrite(SYNCHRONOUS, + client_maker_.MakeAckPacket(packet_number++, 1, 3, 1, 1)); quic_data2.AddRead(SYNCHRONOUS, ERR_IO_PENDING); quic_data2.AddSocketDataToFactory(socket_factory_.get()); @@ -5192,7 +5196,7 @@ TEST_P(QuicStreamFactoryTest, MigrateOnNewNetworkConnectAfterPathDegrading) { SYNCHRONOUS, client_maker_.MakeAckAndRstPacket( packet_num++, false, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED, 2, 2, 1, true)); + quic::QUIC_STREAM_CANCELLED, 2, 2, 1)); } quic_data2.AddSocketDataToFactory(socket_factory_.get()); @@ -5479,7 +5483,7 @@ TEST_P(QuicStreamFactoryTest, MigrateOnPathDegradingWithNoNewNetwork) { SYNCHRONOUS, client_maker_.MakeAckAndRstPacket( packet_num++, false, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED, 1, 1, 1, true)); + quic::QUIC_STREAM_CANCELLED, 1, 1, 1)); } quic_data.AddSocketDataToFactory(socket_factory_.get()); @@ -5778,7 +5782,7 @@ TEST_P(QuicStreamFactoryTest, MigrateSessionEarlyConnectionMigrationDisabled) { // asynchronous write error will be blocked during migration on write error. New // packets would not be written until the one with write error is rewritten on // the new network. -TEST_P(QuicStreamFactoryTest, MigrateSessionOnAysncWriteError) { +TEST_P(QuicStreamFactoryTest, MigrateSessionOnAsyncWriteError) { InitializeConnectionMigrationV2Test( {kDefaultNetworkForTests, kNewNetworkForTests}); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); @@ -5835,15 +5839,15 @@ TEST_P(QuicStreamFactoryTest, MigrateSessionOnAysncWriteError) { SYNCHRONOUS, client_maker_.MakeAckAndRstPacket( packet_num++, false, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED, 1, 1, 1, true)); + quic::QUIC_STREAM_CANCELLED, 1, 1, 1)); } if (VersionUsesHttp3(version_.transport_version)) { socket_data1.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - packet_num++, GetQpackDecoderStreamId(), - /* should_include_version = */ true, - /* fin = */ false, StreamCancellationQpackDecoderInstruction(1))); + SYNCHRONOUS, client_maker_.MakeDataPacket( + packet_num++, GetQpackDecoderStreamId(), + /* should_include_version = */ true, + /* fin = */ false, + StreamCancellationQpackDecoderInstruction(1, false))); } socket_data1.AddWrite( SYNCHRONOUS, @@ -6065,8 +6069,8 @@ TEST_P(QuicStreamFactoryTest, MigrateBackToDefaultPostMigrationOnWriteError) { quic_data3.AddRead(ASYNC, server_maker_.MakeConnectivityProbingPacket(2, false)); quic_data3.AddRead(SYNCHRONOUS, ERR_IO_PENDING); - quic_data3.AddWrite( - ASYNC, client_maker_.MakeAckPacket(packet_num++, 1, 2, 1, 1, true)); + quic_data3.AddWrite(ASYNC, + client_maker_.MakeAckPacket(packet_num++, 1, 2, 1, 1)); if (VersionUsesHttp3(version_.transport_version)) { quic_data3.AddWrite( SYNCHRONOUS, client_maker_.MakeDataPacket( @@ -6319,7 +6323,7 @@ void QuicStreamFactoryTestBase:: SYNCHRONOUS, client_maker_.MakeAckAndRstPacket( packet_num++, false, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED, 1, 1, 1, true)); + quic::QUIC_STREAM_CANCELLED, 1, 1, 1)); } socket_data2.AddSocketDataToFactory(socket_factory_.get()); @@ -6559,7 +6563,7 @@ TEST_P(QuicStreamFactoryTest, SYNCHRONOUS, client_maker_.MakeAckAndRstPacket( packet_num++, false, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED, 1, 1, 1, true)); + quic::QUIC_STREAM_CANCELLED, 1, 1, 1)); } socket_data2.AddSocketDataToFactory(socket_factory_.get()); @@ -6693,7 +6697,7 @@ void QuicStreamFactoryTestBase::TestMigrationOnWriteError( SYNCHRONOUS, client_maker_.MakeAckAndRstPacket( packet_num++, false, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED, 1, 1, 1, true)); + quic::QUIC_STREAM_CANCELLED, 1, 1, 1)); } socket_data1.AddSocketDataToFactory(socket_factory_.get()); @@ -6895,14 +6899,14 @@ void QuicStreamFactoryTestBase::TestMigrationOnWriteErrorWithMultipleRequests( SYNCHRONOUS, client_maker_.MakeAckAndRstPacket( packet_num++, false, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED, 1, 1, 1, true)); + quic::QUIC_STREAM_CANCELLED, 1, 1, 1)); } if (VersionUsesHttp3(version_.transport_version)) { socket_data1.AddWrite( SYNCHRONOUS, client_maker_.MakeDataPacket( packet_num++, GetQpackDecoderStreamId(), true, false, - StreamCancellationQpackDecoderInstruction(1))); + StreamCancellationQpackDecoderInstruction(1, false))); } socket_data1.AddWrite( SYNCHRONOUS, @@ -7059,7 +7063,7 @@ void QuicStreamFactoryTestBase::TestMigrationOnWriteErrorMixedStreams( SYNCHRONOUS, client_maker_.MakeAckAndDataPacket( packet_number++, false, GetQpackDecoderStreamId(), 1, 1, 1, false, - StreamCancellationQpackDecoderInstruction(0))); + StreamCancellationQpackDecoderInstruction(0, false))); socket_data1.AddWrite(SYNCHRONOUS, client_maker_.MakeRstPacket( packet_number++, false, @@ -7070,7 +7074,7 @@ void QuicStreamFactoryTestBase::TestMigrationOnWriteErrorMixedStreams( client_maker_.MakeAckAndRstPacket( packet_number++, false, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED, 1, 1, 1, true)); + quic::QUIC_STREAM_CANCELLED, 1, 1, 1)); } socket_data1.AddSocketDataToFactory(socket_factory_.get()); @@ -7230,7 +7234,7 @@ void QuicStreamFactoryTestBase::TestMigrationOnWriteErrorMixedStreams2( SYNCHRONOUS, client_maker_.MakeAckAndDataPacket( packet_number++, false, GetQpackDecoderStreamId(), 1, 1, 1, false, - StreamCancellationQpackDecoderInstruction(0))); + StreamCancellationQpackDecoderInstruction(0, false))); socket_data1.AddWrite(SYNCHRONOUS, client_maker_.MakeRstPacket( packet_number++, false, @@ -7241,7 +7245,7 @@ void QuicStreamFactoryTestBase::TestMigrationOnWriteErrorMixedStreams2( client_maker_.MakeAckAndRstPacket( packet_number++, false, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED, 1, 1, 1, true)); + quic::QUIC_STREAM_CANCELLED, 1, 1, 1)); } socket_data1.AddSocketDataToFactory(socket_factory_.get()); @@ -7623,7 +7627,7 @@ void QuicStreamFactoryTestBase::TestMigrationOnMultipleWriteErrors( SYNCHRONOUS, client_maker_.MakeAckAndRstPacket( packet_num++, false, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED, 1, 1, 1, true)); + quic::QUIC_STREAM_CANCELLED, 1, 1, 1)); } socket_data2.AddSocketDataToFactory(socket_factory_.get()); @@ -7822,7 +7826,7 @@ void QuicStreamFactoryTestBase:: SYNCHRONOUS, client_maker_.MakeAckAndRstPacket( packet_num++, false, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED, 1, 1, 1, true)); + quic::QUIC_STREAM_CANCELLED, 1, 1, 1)); } socket_data1.AddSocketDataToFactory(socket_factory_.get()); @@ -7974,7 +7978,7 @@ void QuicStreamFactoryTestBase:: SYNCHRONOUS, client_maker_.MakeAckAndRstPacket( packet_num++, false, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED, 1, 1, 1, true)); + quic::QUIC_STREAM_CANCELLED, 1, 1, 1)); } socket_data1.AddSocketDataToFactory(socket_factory_.get()); @@ -8143,7 +8147,7 @@ void QuicStreamFactoryTestBase::TestMigrationOnWriteErrorPauseBeforeConnected( SYNCHRONOUS, client_maker_.MakeAckAndRstPacket( packet_num++, false, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED, 1, 1, 1, true)); + quic::QUIC_STREAM_CANCELLED, 1, 1, 1)); } socket_data1.AddSocketDataToFactory(socket_factory_.get()); @@ -8282,7 +8286,7 @@ TEST_P(QuicStreamFactoryTest, IgnoreWriteErrorFromOldWriterAfterMigration) { SYNCHRONOUS, client_maker_.MakeAckAndRstPacket( packet_num++, false, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED, 1, 1, 1, true)); + quic::QUIC_STREAM_CANCELLED, 1, 1, 1)); } socket_data1.AddSocketDataToFactory(socket_factory_.get()); @@ -8410,7 +8414,7 @@ TEST_P(QuicStreamFactoryTest, IgnoreReadErrorFromOldReaderAfterMigration) { SYNCHRONOUS, client_maker_.MakeAckAndRstPacket( packet_num++, false, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED, 1, 1, 1, true)); + quic::QUIC_STREAM_CANCELLED, 1, 1, 1)); } socket_data1.AddSocketDataToFactory(socket_factory_.get()); @@ -8543,7 +8547,7 @@ TEST_P(QuicStreamFactoryTest, IgnoreReadErrorOnOldReaderDuringMigration) { SYNCHRONOUS, client_maker_.MakeAckAndRstPacket( packet_num++, false, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED, 1, 1, 1, true)); + quic::QUIC_STREAM_CANCELLED, 1, 1, 1)); } socket_data1.AddSocketDataToFactory(socket_factory_.get()); @@ -8642,10 +8646,9 @@ TEST_P(QuicStreamFactoryTest, DefaultRetransmittableOnWireTimeoutForMigration) { base::StringPiece("Hello World"))); // Read an ACK from server which acks all client data. - socket_data1.AddRead(SYNCHRONOUS, - server_maker_.MakeAckPacket(3, 3, 1, 1, false)); - socket_data1.AddWrite( - ASYNC, client_maker_.MakeAckPacket(packet_num++, 2, 1, 1, false)); + socket_data1.AddRead(SYNCHRONOUS, server_maker_.MakeAckPacket(3, 3, 1, 1)); + socket_data1.AddWrite(ASYNC, + client_maker_.MakeAckPacket(packet_num++, 2, 1, 1)); // The PING packet sent for retransmittable on wire. socket_data1.AddWrite(SYNCHRONOUS, client_maker_.MakePingPacket(packet_num++, false)); @@ -8804,10 +8807,9 @@ TEST_P(QuicStreamFactoryTest, CustomRetransmittableOnWireTimeoutForMigration) { 2, GetNthClientInitiatedBidirectionalStreamId(0), false, false, base::StringPiece("Hello World"))); // Read an ACK from server which acks all client data. - socket_data1.AddRead(SYNCHRONOUS, - server_maker_.MakeAckPacket(3, 3, 1, 1, false)); - socket_data1.AddWrite( - ASYNC, client_maker_.MakeAckPacket(packet_num++, 2, 1, 1, false)); + socket_data1.AddRead(SYNCHRONOUS, server_maker_.MakeAckPacket(3, 3, 1, 1)); + socket_data1.AddWrite(ASYNC, + client_maker_.MakeAckPacket(packet_num++, 2, 1, 1)); // The PING packet sent for retransmittable on wire. socket_data1.AddWrite(SYNCHRONOUS, client_maker_.MakePingPacket(packet_num++, false)); @@ -8954,10 +8956,9 @@ TEST_P(QuicStreamFactoryTest, CustomRetransmittableOnWireTimeout) { 2, GetNthClientInitiatedBidirectionalStreamId(0), false, false, base::StringPiece("Hello World"))); // Read an ACK from server which acks all client data. - socket_data1.AddRead(SYNCHRONOUS, - server_maker_.MakeAckPacket(3, 2, 1, 1, false)); - socket_data1.AddWrite( - ASYNC, client_maker_.MakeAckPacket(packet_num++, 2, 1, 1, false)); + socket_data1.AddRead(SYNCHRONOUS, server_maker_.MakeAckPacket(3, 2, 1, 1)); + socket_data1.AddWrite(ASYNC, + client_maker_.MakeAckPacket(packet_num++, 2, 1, 1)); // The PING packet sent for retransmittable on wire. socket_data1.AddWrite(SYNCHRONOUS, client_maker_.MakePingPacket(packet_num++, false)); @@ -9102,10 +9103,9 @@ TEST_P(QuicStreamFactoryTest, NoRetransmittableOnWireTimeout) { 2, GetNthClientInitiatedBidirectionalStreamId(0), false, false, base::StringPiece("Hello World"))); // Read an ACK from server which acks all client data. - socket_data1.AddRead(SYNCHRONOUS, - server_maker_.MakeAckPacket(3, 2, 1, 1, false)); - socket_data1.AddWrite( - ASYNC, client_maker_.MakeAckPacket(packet_num++, 2, 1, 1, false)); + socket_data1.AddRead(SYNCHRONOUS, server_maker_.MakeAckPacket(3, 2, 1, 1)); + socket_data1.AddWrite(ASYNC, + client_maker_.MakeAckPacket(packet_num++, 2, 1, 1)); std::string header = ConstructDataHeader(6); socket_data1.AddRead( ASYNC, ConstructServerDataPacket( @@ -9241,10 +9241,9 @@ TEST_P(QuicStreamFactoryTest, 2, GetNthClientInitiatedBidirectionalStreamId(0), false, false, base::StringPiece("Hello World"))); // Read an ACK from server which acks all client data. - socket_data1.AddRead(SYNCHRONOUS, - server_maker_.MakeAckPacket(3, 2, 1, 1, false)); - socket_data1.AddWrite( - ASYNC, client_maker_.MakeAckPacket(packet_num++, 2, 1, 1, false)); + socket_data1.AddRead(SYNCHRONOUS, server_maker_.MakeAckPacket(3, 2, 1, 1)); + socket_data1.AddWrite(ASYNC, + client_maker_.MakeAckPacket(packet_num++, 2, 1, 1)); // The PING packet sent for retransmittable on wire. socket_data1.AddWrite(SYNCHRONOUS, client_maker_.MakePingPacket(packet_num++, false)); @@ -9391,10 +9390,9 @@ TEST_P(QuicStreamFactoryTest, 2, GetNthClientInitiatedBidirectionalStreamId(0), false, false, base::StringPiece("Hello World"))); // Read an ACK from server which acks all client data. - socket_data1.AddRead(SYNCHRONOUS, - server_maker_.MakeAckPacket(3, 2, 1, 1, false)); - socket_data1.AddWrite( - ASYNC, client_maker_.MakeAckPacket(packet_num++, 2, 1, 1, false)); + socket_data1.AddRead(SYNCHRONOUS, server_maker_.MakeAckPacket(3, 2, 1, 1)); + socket_data1.AddWrite(ASYNC, + client_maker_.MakeAckPacket(packet_num++, 2, 1, 1)); std::string header = ConstructDataHeader(6); socket_data1.AddRead( ASYNC, ConstructServerDataPacket( @@ -9599,7 +9597,7 @@ TEST_P(QuicStreamFactoryTest, // Migrate on asynchronous write error, old network disconnects after alternate // network connects. TEST_P(QuicStreamFactoryTest, - MigrateSessionOnWriteErrorWithDisconnectAfterConnectAysnc) { + MigrateSessionOnWriteErrorWithDisconnectAfterConnectAsync) { TestMigrationOnWriteErrorWithMultipleNotifications( ASYNC, /*disconnect_before_connect*/ false); } @@ -9615,7 +9613,7 @@ TEST_P(QuicStreamFactoryTest, // Migrate on asynchronous write error, old network disconnects before alternate // network connects. TEST_P(QuicStreamFactoryTest, - MigrateSessionOnWriteErrorWithDisconnectBeforeConnectAysnc) { + MigrateSessionOnWriteErrorWithDisconnectBeforeConnectAsync) { TestMigrationOnWriteErrorWithMultipleNotifications( ASYNC, /*disconnect_before_connect*/ true); } @@ -9735,7 +9733,7 @@ void QuicStreamFactoryTestBase:: SYNCHRONOUS, client_maker_.MakeAckAndRstPacket( packet_num++, false, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED, 1, 1, 1, true)); + quic::QUIC_STREAM_CANCELLED, 1, 1, 1)); } socket_data1.AddSocketDataToFactory(socket_factory_.get()); @@ -10130,7 +10128,7 @@ TEST_P(QuicStreamFactoryTest, ServerMigration) { SYNCHRONOUS, client_maker_.MakeAckAndRstPacket( packet_num++, false, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED, 1, 1, 1, true)); + quic::QUIC_STREAM_CANCELLED, 1, 1, 1)); } socket_data2.AddSocketDataToFactory(socket_factory_.get()); @@ -10170,7 +10168,7 @@ TEST_P(QuicStreamFactoryTest, ServerMigrationIPv4ToIPv4) { // Add alternate IPv4 server address to config. IPEndPoint alt_address = IPEndPoint(IPAddress(1, 2, 3, 4), 123); quic::QuicConfig config; - config.SetAlternateServerAddressToSend(ToQuicSocketAddress(alt_address)); + config.SetIPv4AlternateServerAddressToSend(ToQuicSocketAddress(alt_address)); VerifyServerMigration(config, alt_address); } @@ -10182,7 +10180,7 @@ TEST_P(QuicStreamFactoryTest, ServerMigrationIPv6ToIPv6) { IPEndPoint alt_address = IPEndPoint( IPAddress(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16), 123); quic::QuicConfig config; - config.SetAlternateServerAddressToSend(ToQuicSocketAddress(alt_address)); + config.SetIPv6AlternateServerAddressToSend(ToQuicSocketAddress(alt_address)); VerifyServerMigration(config, alt_address); } @@ -10193,7 +10191,7 @@ TEST_P(QuicStreamFactoryTest, ServerMigrationIPv6ToIPv4) { // Add alternate IPv4 server address to config. IPEndPoint alt_address = IPEndPoint(IPAddress(1, 2, 3, 4), 123); quic::QuicConfig config; - config.SetAlternateServerAddressToSend(ToQuicSocketAddress(alt_address)); + config.SetIPv4AlternateServerAddressToSend(ToQuicSocketAddress(alt_address)); IPEndPoint expected_address( ConvertIPv4ToIPv4MappedIPv6(alt_address.address()), alt_address.port()); VerifyServerMigration(config, expected_address); @@ -10210,7 +10208,7 @@ TEST_P(QuicStreamFactoryTest, ServerMigrationIPv4ToIPv6Fails) { IPEndPoint alt_address = IPEndPoint( IPAddress(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16), 123); quic::QuicConfig config; - config.SetAlternateServerAddressToSend(ToQuicSocketAddress(alt_address)); + config.SetIPv6AlternateServerAddressToSend(ToQuicSocketAddress(alt_address)); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); @@ -10969,78 +10967,6 @@ TEST_P(QuicStreamFactoryTest, } } -TEST_P(QuicStreamFactoryTest, StartCertVerifyJob) { - Initialize(); - - MockQuicData socket_data(version_); - socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); - if (VersionUsesHttp3(version_.transport_version)) - socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); - socket_data.AddSocketDataToFactory(socket_factory_.get()); - - // Save current state of |race_cert_verification|. - bool race_cert_verification = - QuicStreamFactoryPeer::GetRaceCertVerification(factory_.get()); - - // Need to hold onto this through the test, to keep the QuicCryptoClientConfig - // alive. - std::unique_ptr<QuicCryptoClientConfigHandle> crypto_config_handle = - QuicStreamFactoryPeer::GetCryptoConfig(factory_.get(), - NetworkIsolationKey()); - - // Load server config. - HostPortPair host_port_pair(kDefaultServerHostName, kDefaultServerPort); - quic::QuicServerId quic_server_id(host_port_pair_.host(), - host_port_pair_.port(), - privacy_mode_ == PRIVACY_MODE_ENABLED); - QuicStreamFactoryPeer::CacheDummyServerConfig(factory_.get(), quic_server_id, - NetworkIsolationKey()); - - QuicStreamFactoryPeer::SetRaceCertVerification(factory_.get(), true); - EXPECT_FALSE(HasActiveCertVerifierJob(quic_server_id)); - - // Start CertVerifyJob. - quic::QuicAsyncStatus status = QuicStreamFactoryPeer::StartCertVerifyJob( - factory_.get(), quic_server_id, NetworkIsolationKey(), - /*cert_verify_flags=*/0, net_log_); - if (status == quic::QUIC_PENDING) { - // Verify CertVerifierJob has started. - EXPECT_TRUE(HasActiveCertVerifierJob(quic_server_id)); - - while (HasActiveCertVerifierJob(quic_server_id)) { - base::RunLoop().RunUntilIdle(); - } - } - // Verify CertVerifierJob has finished. - EXPECT_FALSE(HasActiveCertVerifierJob(quic_server_id)); - - // Start a QUIC request. - QuicStreamRequest request(factory_.get()); - EXPECT_EQ( - ERR_IO_PENDING, - request.Request( - host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, - SocketTag(), NetworkIsolationKey(), false /* disable_secure_dns */, - /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, - failed_on_default_network_callback_, callback_.callback())); - - EXPECT_EQ(OK, callback_.WaitForResult()); - - std::unique_ptr<HttpStream> stream = CreateStream(&request); - EXPECT_TRUE(stream.get()); - - // Restore |race_cert_verification|. - QuicStreamFactoryPeer::SetRaceCertVerification(factory_.get(), - race_cert_verification); - - EXPECT_TRUE(socket_data.AllReadDataConsumed()); - EXPECT_TRUE(socket_data.AllWriteDataConsumed()); - - // Verify there are no outstanding CertVerifierJobs after request has - // finished. - EXPECT_FALSE(HasActiveCertVerifierJob(quic_server_id)); -} - TEST_P(QuicStreamFactoryTest, YieldAfterPackets) { if (version_.handshake_protocol == quic::PROTOCOL_TLS1_3 && version_.HasIetfQuicFrames()) { diff --git a/chromium/net/quic/quic_test_packet_maker.cc b/chromium/net/quic/quic_test_packet_maker.cc index 10234cc17a7..db63151afa8 100644 --- a/chromium/net/quic/quic_test_packet_maker.cc +++ b/chromium/net/quic/quic_test_packet_maker.cc @@ -306,11 +306,9 @@ QuicTestPacketMaker::MakeAckAndRstPacket( quic::QuicRstStreamErrorCode error_code, uint64_t largest_received, uint64_t smallest_received, - uint64_t least_unacked, - bool send_feedback) { + uint64_t least_unacked) { return MakeAckAndRstPacket(num, include_version, stream_id, error_code, largest_received, smallest_received, least_unacked, - send_feedback, /*include_stop_sending_if_v99=*/true); } @@ -323,7 +321,6 @@ QuicTestPacketMaker::MakeAckAndRstPacket( uint64_t largest_received, uint64_t smallest_received, uint64_t least_unacked, - bool send_feedback, bool include_stop_sending_if_v99) { InitializeHeader(num, include_version); @@ -479,10 +476,9 @@ std::unique_ptr<quic::QuicReceivedPacket> QuicTestPacketMaker::MakeAckPacket( uint64_t packet_number, uint64_t largest_received, uint64_t smallest_received, - uint64_t least_unacked, - bool send_feedback) { + uint64_t least_unacked) { return MakeAckPacket(packet_number, 1, largest_received, smallest_received, - least_unacked, send_feedback); + least_unacked); } std::unique_ptr<quic::QuicReceivedPacket> QuicTestPacketMaker::MakeAckPacket( @@ -490,8 +486,7 @@ std::unique_ptr<quic::QuicReceivedPacket> QuicTestPacketMaker::MakeAckPacket( uint64_t first_received, uint64_t largest_received, uint64_t smallest_received, - uint64_t least_unacked, - bool send_feedback) { + uint64_t least_unacked) { InitializeHeader(packet_number, /*include_version=*/false); AddQuicAckFrame(first_received, largest_received, smallest_received); return BuildPacket(); @@ -1353,8 +1348,6 @@ void QuicTestPacketMaker::MaybeAddHttp3SettingsFrames() { std::string data = type + settings_data + grease_data + max_push_id_data; AddQuicStreamFrame(stream_id, false, data); - AddQuicStreamFrame(stream_id + 4, false, "\x03"); - AddQuicStreamFrame(stream_id + 8, false, "\x02"); } } // namespace test diff --git a/chromium/net/quic/quic_test_packet_maker.h b/chromium/net/quic/quic_test_packet_maker.h index f153bbbce48..8df27cfbdb6 100644 --- a/chromium/net/quic/quic_test_packet_maker.h +++ b/chromium/net/quic/quic_test_packet_maker.h @@ -123,8 +123,7 @@ class QuicTestPacketMaker { quic::QuicRstStreamErrorCode error_code, uint64_t largest_received, uint64_t smallest_received, - uint64_t least_unacked, - bool send_feedback); + uint64_t least_unacked); std::unique_ptr<quic::QuicReceivedPacket> MakeAckAndRstPacket( uint64_t num, @@ -134,7 +133,6 @@ class QuicTestPacketMaker { uint64_t largest_received, uint64_t smallest_received, uint64_t least_unacked, - bool send_feedback, bool include_stop_sending_if_v99); std::unique_ptr<quic::QuicReceivedPacket> MakeRstAckAndConnectionClosePacket( @@ -205,16 +203,14 @@ class QuicTestPacketMaker { uint64_t packet_number, uint64_t largest_received, uint64_t smallest_received, - uint64_t least_unacked, - bool send_feedback); + uint64_t least_unacked); std::unique_ptr<quic::QuicReceivedPacket> MakeAckPacket( uint64_t packet_number, uint64_t first_received, uint64_t largest_received, uint64_t smallest_received, - uint64_t least_unacked, - bool send_feedback); + uint64_t least_unacked); std::unique_ptr<quic::QuicReceivedPacket> MakeDataPacket( uint64_t packet_number, diff --git a/chromium/net/quic/quic_transport_client.cc b/chromium/net/quic/quic_transport_client.cc index 08aefc2994a..6da53b0ac2e 100644 --- a/chromium/net/quic/quic_transport_client.cc +++ b/chromium/net/quic/quic_transport_client.cc @@ -26,6 +26,9 @@ std::set<std::string> HostsFromOrigins(std::set<HostPortPair> origins) { } } // namespace +constexpr quic::ParsedQuicVersion + QuicTransportClient::kQuicVersionForOriginTrial; + QuicTransportClient::QuicTransportClient( const GURL& url, const url::Origin& origin, @@ -134,13 +137,16 @@ int QuicTransportClient::DoInit() { // TODO(vasilvv): check if QUIC is disabled by policy. + // Ensure that for the duration of the origin trial, a fixed QUIC transport + // version is available. + supported_versions_.push_back(kQuicVersionForOriginTrial); + // Add other supported versions if available. for (quic::ParsedQuicVersion& version : quic_context_->params()->supported_versions) { - // QuicTransport requires TLS-style ALPN. - if (version.handshake_protocol != quic::PROTOCOL_TLS1_3) - continue; - if (!quic::VersionSupportsMessageFrames(version.transport_version)) + if (!quic::IsVersionValidForQuicTransport(version)) continue; + if (version == kQuicVersionForOriginTrial) + continue; // Skip as we've already added it above. supported_versions_.push_back(version); } if (supported_versions_.empty()) { diff --git a/chromium/net/quic/quic_transport_client.h b/chromium/net/quic/quic_transport_client.h index 27e83d80171..4f0f58ff8c8 100644 --- a/chromium/net/quic/quic_transport_client.h +++ b/chromium/net/quic/quic_transport_client.h @@ -16,6 +16,7 @@ #include "net/socket/client_socket_factory.h" #include "net/third_party/quiche/src/quic/core/crypto/quic_crypto_client_config.h" #include "net/third_party/quiche/src/quic/core/quic_config.h" +#include "net/third_party/quiche/src/quic/core/quic_versions.h" #include "net/third_party/quiche/src/quic/quic_transport/quic_transport_client_session.h" #include "url/gurl.h" #include "url/origin.h" @@ -96,6 +97,11 @@ class NET_EXPORT QuicTransportClient virtual void OnCanCreateNewOutgoingUnidirectionalStream() = 0; }; + // QUIC protocol version that is used in the origin trial. + static constexpr quic::ParsedQuicVersion kQuicVersionForOriginTrial = + quic::ParsedQuicVersion(quic::PROTOCOL_TLS1_3, + quic::QUIC_VERSION_IETF_DRAFT_27); + // |visitor| and |context| must outlive this object. QuicTransportClient(const GURL& url, const url::Origin& origin, diff --git a/chromium/net/quic/quic_transport_end_to_end_test.cc b/chromium/net/quic/quic_transport_end_to_end_test.cc index 7f8c35f4ab9..9783a05ac60 100644 --- a/chromium/net/quic/quic_transport_end_to_end_test.cc +++ b/chromium/net/quic/quic_transport_end_to_end_test.cc @@ -40,7 +40,7 @@ class MockVisitor : public QuicTransportClient::Visitor { class QuicTransportEndToEndTest : public TestWithTaskEnvironment { public: QuicTransportEndToEndTest() { - quic::QuicEnableVersion(quic::DefaultVersionForQuicTransport()); + quic::QuicEnableVersion(QuicTransportClient::kQuicVersionForOriginTrial); origin_ = url::Origin::Create(GURL{"https://example.org"}); isolation_key_ = NetworkIsolationKey(origin_, origin_); @@ -57,8 +57,7 @@ class QuicTransportEndToEndTest : public TestWithTaskEnvironment { builder.set_host_resolver(std::move(host_resolver)); auto quic_context = std::make_unique<QuicContext>(); - quic_context->params()->supported_versions.push_back( - quic::DefaultVersionForQuicTransport()); + quic_context->params()->supported_versions.clear(); // This is required to bypass the check that only allows known certificate // roots in QUIC. quic_context->params()->origins_to_force_quic_on.insert( diff --git a/chromium/net/quiche/common/platform/impl/quiche_text_utils_impl.h b/chromium/net/quiche/common/platform/impl/quiche_text_utils_impl.h index 037d5827a08..8f52eaf0fd6 100644 --- a/chromium/net/quiche/common/platform/impl/quiche_text_utils_impl.h +++ b/chromium/net/quiche/common/platform/impl/quiche_text_utils_impl.h @@ -7,6 +7,7 @@ #include <algorithm> #include <cstdint> +#include <sstream> #include <string> #include <vector> @@ -17,6 +18,7 @@ #include "base/strings/stringprintf.h" #include "net/base/hex_utils.h" #include "net/base/parse_number.h" +#include "net/third_party/quiche/src/common/platform/api/quiche_optional.h" #include "net/third_party/quiche/src/common/platform/api/quiche_string_piece.h" namespace quiche { @@ -29,6 +31,11 @@ class QuicheTextUtilsImpl { return base::StartsWith(data, prefix, base::CompareCase::SENSITIVE); } + // Returns true if |data| end with |suffix|, case sensitively. + static bool EndsWith(QuicheStringPiece data, QuicheStringPiece suffix) { + return base::EndsWith(data, suffix, base::CompareCase::SENSITIVE); + } + // Returns true of |data| ends with |suffix|, case insensitively. static bool EndsWithIgnoreCase(QuicheStringPiece data, QuicheStringPiece suffix) { @@ -115,6 +122,16 @@ class QuicheTextUtilsImpl { } } + // Decodes a base64-encoded |input|. Returns nullopt when the input is + // invalid. + static QuicheOptional<std::string> Base64Decode(QuicheStringPiece input) { + std::string output; + if (!base::Base64Decode(input, &output)) { + return QuicheOptional<std::string>(); + } + return output; + } + // Returns a std::string containing hex and ASCII representations of |binary|, // side-by-side in the style of hexdump. Non-printable characters will be // printed as '.' in the ASCII output. diff --git a/chromium/net/reporting/reporting_browsing_data_remover_unittest.cc b/chromium/net/reporting/reporting_browsing_data_remover_unittest.cc index 09ae18705f1..1ddb5c266ad 100644 --- a/chromium/net/reporting/reporting_browsing_data_remover_unittest.cc +++ b/chromium/net/reporting/reporting_browsing_data_remover_unittest.cc @@ -41,9 +41,10 @@ class ReportingBrowsingDataRemoverTest : public ReportingTestBase { } } + // TODO(chlily): Take NIK. void AddReport(const GURL& url) { - cache()->AddReport(url, kUserAgent_, kGroup_, kType_, - std::make_unique<base::DictionaryValue>(), 0, + cache()->AddReport(NetworkIsolationKey::Todo(), url, kUserAgent_, kGroup_, + kType_, std::make_unique<base::DictionaryValue>(), 0, tick_clock()->NowTicks(), 0); } diff --git a/chromium/net/reporting/reporting_cache.h b/chromium/net/reporting/reporting_cache.h index fb09d715b2e..d891801304e 100644 --- a/chromium/net/reporting/reporting_cache.h +++ b/chromium/net/reporting/reporting_cache.h @@ -10,6 +10,7 @@ #include <string> #include <vector> +#include "base/callback.h" #include "base/macros.h" #include "base/stl_util.h" #include "base/time/time.h" @@ -57,7 +58,8 @@ class NET_EXPORT ReportingCache { // // All parameters correspond to the desired values for the relevant fields in // ReportingReport. - virtual void AddReport(const GURL& url, + virtual void AddReport(const NetworkIsolationKey& network_isolation_key, + const GURL& url, const std::string& user_agent, const std::string& group_name, const std::string& type, @@ -128,8 +130,8 @@ class NET_EXPORT ReportingCache { // Adds a new client to the cache for |origin|, or updates the existing one // to match the new header. All values are assumed to be valid as they have // passed through the ReportingHeaderParser. - // TODO(chlily): Take NetworkIsolationKey. virtual void OnParsedHeader( + const NetworkIsolationKey& network_isolation_key, const url::Origin& origin, std::vector<ReportingEndpointGroup> parsed_header) = 0; diff --git a/chromium/net/reporting/reporting_cache_impl.cc b/chromium/net/reporting/reporting_cache_impl.cc index 82ca25254c7..14fc211c02d 100644 --- a/chromium/net/reporting/reporting_cache_impl.cc +++ b/chromium/net/reporting/reporting_cache_impl.cc @@ -29,17 +29,19 @@ ReportingCacheImpl::~ReportingCacheImpl() { } } -void ReportingCacheImpl::AddReport(const GURL& url, - const std::string& user_agent, - const std::string& group_name, - const std::string& type, - std::unique_ptr<const base::Value> body, - int depth, - base::TimeTicks queued, - int attempts) { - auto report = std::make_unique<ReportingReport>(url, user_agent, group_name, - type, std::move(body), depth, - queued, attempts); +void ReportingCacheImpl::AddReport( + const NetworkIsolationKey& network_isolation_key, + const GURL& url, + const std::string& user_agent, + const std::string& group_name, + const std::string& type, + std::unique_ptr<const base::Value> body, + int depth, + base::TimeTicks queued, + int attempts) { + auto report = std::make_unique<ReportingReport>( + network_isolation_key, url, user_agent, group_name, type, std::move(body), + depth, queued, attempts); auto inserted = reports_.insert(std::move(report)); DCHECK(inserted.second); @@ -84,6 +86,9 @@ base::Value ReportingCacheImpl::GetReportsAsValue() const { std::vector<base::Value> report_list; for (const ReportingReport* report : sorted_reports) { base::Value report_dict(base::Value::Type::DICTIONARY); + report_dict.SetKey( + "network_isolation_key", + base::Value(report->network_isolation_key.ToDebugString())); report_dict.SetKey("url", base::Value(report->url.spec())); report_dict.SetKey("group", base::Value(report->group)); report_dict.SetKey("type", base::Value(report->type)); @@ -215,12 +220,11 @@ bool ReportingCacheImpl::IsReportDoomedForTesting( } void ReportingCacheImpl::OnParsedHeader( + const NetworkIsolationKey& network_isolation_key, const url::Origin& origin, std::vector<ReportingEndpointGroup> parsed_header) { SanityCheckClients(); - // TODO(chlily): Respect NetworkIsolationKey. - NetworkIsolationKey network_isolation_key = NetworkIsolationKey::Todo(); Client new_client(network_isolation_key, origin); base::Time now = clock().Now(); new_client.last_used = now; @@ -234,11 +238,8 @@ void ReportingCacheImpl::OnParsedHeader( // Creates an endpoint group and sets its |last_used| to |now|. CachedReportingEndpointGroup new_group(parsed_endpoint_group, now); - // TODO(chlily): This DCHECK passes right now because the groups have their - // NIK set to an empty NIK by the header parser, and we also set the - // client's NIK to an empty NIK above. Eventually it should pass because the - // header parser should provide the NIK it used for the groups so that the - // client can be created using the same NIK. + // Consistency check: the new client should have the same NIK and origin as + // all groups parsed from this header. DCHECK_EQ(new_group.group_key.network_isolation_key, new_client.network_isolation_key); DCHECK_EQ(new_group.group_key.origin, new_client.origin); diff --git a/chromium/net/reporting/reporting_cache_impl.h b/chromium/net/reporting/reporting_cache_impl.h index a13623edf71..1a3df74b150 100644 --- a/chromium/net/reporting/reporting_cache_impl.h +++ b/chromium/net/reporting/reporting_cache_impl.h @@ -38,7 +38,8 @@ class ReportingCacheImpl : public ReportingCache { ~ReportingCacheImpl() override; // ReportingCache implementation - void AddReport(const GURL& url, + void AddReport(const NetworkIsolationKey& network_isolation_key, + const GURL& url, const std::string& user_agent, const std::string& group_name, const std::string& type, @@ -65,6 +66,7 @@ class ReportingCacheImpl : public ReportingCache { bool IsReportPendingForTesting(const ReportingReport* report) const override; bool IsReportDoomedForTesting(const ReportingReport* report) const override; void OnParsedHeader( + const NetworkIsolationKey& network_isolation_key, const url::Origin& origin, std::vector<ReportingEndpointGroup> parsed_header) override; std::set<url::Origin> GetAllOrigins() const override; diff --git a/chromium/net/reporting/reporting_cache_unittest.cc b/chromium/net/reporting/reporting_cache_unittest.cc index d1e03ae27ea..49739c243a5 100644 --- a/chromium/net/reporting/reporting_cache_unittest.cc +++ b/chromium/net/reporting/reporting_cache_unittest.cc @@ -99,6 +99,7 @@ class ReportingCacheTest : public ReportingTestBase, // Adds a new report to the cache, and returns it. const ReportingReport* AddAndReturnReport( + const NetworkIsolationKey& network_isolation_key, const GURL& url, const std::string& user_agent, const std::string& group, @@ -115,8 +116,8 @@ class ReportingCacheTest : public ReportingTestBase, // in test cases, so I've optimized for readability over execution speed. std::vector<const ReportingReport*> before; cache()->GetReports(&before); - cache()->AddReport(url, user_agent, group, type, std::move(body), depth, - queued, attempts); + cache()->AddReport(network_isolation_key, url, user_agent, group, type, + std::move(body), depth, queued, attempts); std::vector<const ReportingReport*> after; cache()->GetReports(&after); @@ -124,6 +125,7 @@ class ReportingCacheTest : public ReportingTestBase, // If report isn't in before, we've found the new instance. if (std::find(before.begin(), before.end(), report) == before.end()) { // Sanity check the result before we return it. + EXPECT_EQ(network_isolation_key, report->network_isolation_key); EXPECT_EQ(url, report->url); EXPECT_EQ(user_agent, report->user_agent); EXPECT_EQ(group, report->group); @@ -222,7 +224,7 @@ TEST_P(ReportingCacheTest, Reports) { cache()->GetReports(&reports); EXPECT_TRUE(reports.empty()); - cache()->AddReport(kUrl1_, kUserAgent_, kGroup1_, kType_, + cache()->AddReport(kNik_, kUrl1_, kUserAgent_, kGroup1_, kType_, std::make_unique<base::DictionaryValue>(), 0, kNowTicks_, 0); EXPECT_EQ(1, observer()->cached_reports_update_count()); @@ -231,6 +233,7 @@ TEST_P(ReportingCacheTest, Reports) { ASSERT_EQ(1u, reports.size()); const ReportingReport* report = reports[0]; ASSERT_TRUE(report); + EXPECT_EQ(kNik_, report->network_isolation_key); EXPECT_EQ(kUrl1_, report->url); EXPECT_EQ(kUserAgent_, report->user_agent); EXPECT_EQ(kGroup1_, report->group); @@ -260,10 +263,10 @@ TEST_P(ReportingCacheTest, Reports) { TEST_P(ReportingCacheTest, RemoveAllReports) { LoadReportingClients(); - cache()->AddReport(kUrl1_, kUserAgent_, kGroup1_, kType_, + cache()->AddReport(kNik_, kUrl1_, kUserAgent_, kGroup1_, kType_, std::make_unique<base::DictionaryValue>(), 0, kNowTicks_, 0); - cache()->AddReport(kUrl1_, kUserAgent_, kGroup1_, kType_, + cache()->AddReport(kNik_, kUrl1_, kUserAgent_, kGroup1_, kType_, std::make_unique<base::DictionaryValue>(), 0, kNowTicks_, 0); EXPECT_EQ(2, observer()->cached_reports_update_count()); @@ -282,7 +285,7 @@ TEST_P(ReportingCacheTest, RemoveAllReports) { TEST_P(ReportingCacheTest, RemovePendingReports) { LoadReportingClients(); - cache()->AddReport(kUrl1_, kUserAgent_, kGroup1_, kType_, + cache()->AddReport(kNik_, kUrl1_, kUserAgent_, kGroup1_, kType_, std::make_unique<base::DictionaryValue>(), 0, kNowTicks_, 0); EXPECT_EQ(1, observer()->cached_reports_update_count()); @@ -320,7 +323,7 @@ TEST_P(ReportingCacheTest, RemovePendingReports) { TEST_P(ReportingCacheTest, RemoveAllPendingReports) { LoadReportingClients(); - cache()->AddReport(kUrl1_, kUserAgent_, kGroup1_, kType_, + cache()->AddReport(kNik_, kUrl1_, kUserAgent_, kGroup1_, kType_, std::make_unique<base::DictionaryValue>(), 0, kNowTicks_, 0); EXPECT_EQ(1, observer()->cached_reports_update_count()); @@ -361,11 +364,11 @@ TEST_P(ReportingCacheTest, GetReportsAsValue) { // We need a reproducible expiry timestamp for this test case. const base::TimeTicks now = base::TimeTicks(); const ReportingReport* report1 = - AddAndReturnReport(kUrl1_, kUserAgent_, kGroup1_, kType_, + AddAndReturnReport(kNik_, kUrl1_, kUserAgent_, kGroup1_, kType_, std::make_unique<base::DictionaryValue>(), 0, now + base::TimeDelta::FromSeconds(200), 0); const ReportingReport* report2 = - AddAndReturnReport(kUrl1_, kUserAgent_, kGroup2_, kType_, + AddAndReturnReport(kOtherNik_, kUrl1_, kUserAgent_, kGroup2_, kType_, std::make_unique<base::DictionaryValue>(), 0, now + base::TimeDelta::FromSeconds(100), 1); // Mark report1 and report2 as pending. @@ -375,11 +378,13 @@ TEST_P(ReportingCacheTest, GetReportsAsValue) { cache()->RemoveReports({report2}, ReportingReport::Outcome::UNKNOWN); base::Value actual = cache()->GetReportsAsValue(); - base::Value expected = base::test::ParseJson(R"json( + base::Value expected = base::test::ParseJson(base::StringPrintf( + R"json( [ { "url": "https://origin1/path", "group": "group2", + "network_isolation_key": "%s", "type": "default", "status": "doomed", "body": {}, @@ -390,6 +395,7 @@ TEST_P(ReportingCacheTest, GetReportsAsValue) { { "url": "https://origin1/path", "group": "group1", + "network_isolation_key": "%s", "type": "default", "status": "pending", "body": {}, @@ -398,24 +404,27 @@ TEST_P(ReportingCacheTest, GetReportsAsValue) { "queued": "200000", }, ] - )json"); + )json", + kOtherNik_.ToDebugString().c_str(), kNik_.ToDebugString().c_str())); EXPECT_EQ(expected, actual); // Add two new reports that will show up as "queued". const ReportingReport* report3 = - AddAndReturnReport(kUrl2_, kUserAgent_, kGroup1_, kType_, + AddAndReturnReport(kNik_, kUrl2_, kUserAgent_, kGroup1_, kType_, std::make_unique<base::DictionaryValue>(), 2, now + base::TimeDelta::FromSeconds(200), 0); const ReportingReport* report4 = - AddAndReturnReport(kUrl1_, kUserAgent_, kGroup1_, kType_, + AddAndReturnReport(kOtherNik_, kUrl1_, kUserAgent_, kGroup1_, kType_, std::make_unique<base::DictionaryValue>(), 0, now + base::TimeDelta::FromSeconds(300), 0); actual = cache()->GetReportsAsValue(); - expected = base::test::ParseJson(R"json( + expected = base::test::ParseJson(base::StringPrintf( + R"json( [ { "url": "https://origin1/path", "group": "group2", + "network_isolation_key": "%s", "type": "default", "status": "doomed", "body": {}, @@ -426,6 +435,7 @@ TEST_P(ReportingCacheTest, GetReportsAsValue) { { "url": "https://origin1/path", "group": "group1", + "network_isolation_key": "%s", "type": "default", "status": "pending", "body": {}, @@ -436,6 +446,7 @@ TEST_P(ReportingCacheTest, GetReportsAsValue) { { "url": "https://origin2/path", "group": "group1", + "network_isolation_key": "%s", "type": "default", "status": "queued", "body": {}, @@ -446,6 +457,7 @@ TEST_P(ReportingCacheTest, GetReportsAsValue) { { "url": "https://origin1/path", "group": "group1", + "network_isolation_key": "%s", "type": "default", "status": "queued", "body": {}, @@ -454,7 +466,9 @@ TEST_P(ReportingCacheTest, GetReportsAsValue) { "queued": "300000", }, ] - )json"); + )json", + kOtherNik_.ToDebugString().c_str(), kNik_.ToDebugString().c_str(), + kNik_.ToDebugString().c_str(), kOtherNik_.ToDebugString().c_str())); EXPECT_EQ(expected, actual); // GetReportsToDeliver only returns the non-pending reports. @@ -911,7 +925,7 @@ TEST_P(ReportingCacheTest, GetClientsAsValue) { }, ] )json", - kNik_.ToDebugString().data(), kOtherNik_.ToDebugString().data())); + kNik_.ToDebugString().c_str(), kOtherNik_.ToDebugString().c_str())); // Compare disregarding order. auto expected_list = expected->TakeList(); @@ -1155,7 +1169,7 @@ TEST_P(ReportingCacheTest, EvictOldestReport) { // Enqueue the maximum number of reports, spaced apart in time. for (size_t i = 0; i < max_report_count; ++i) { - cache()->AddReport(kUrl1_, kUserAgent_, kGroup1_, kType_, + cache()->AddReport(kNik_, kUrl1_, kUserAgent_, kGroup1_, kType_, std::make_unique<base::DictionaryValue>(), 0, tick_clock()->NowTicks(), 0); tick_clock()->Advance(base::TimeDelta::FromMinutes(1)); @@ -1163,7 +1177,7 @@ TEST_P(ReportingCacheTest, EvictOldestReport) { EXPECT_EQ(max_report_count, report_count()); // Add one more report to force the cache to evict one. - cache()->AddReport(kUrl1_, kUserAgent_, kGroup1_, kType_, + cache()->AddReport(kNik_, kUrl1_, kUserAgent_, kGroup1_, kType_, std::make_unique<base::DictionaryValue>(), 0, tick_clock()->NowTicks(), 0); @@ -1188,7 +1202,7 @@ TEST_P(ReportingCacheTest, DontEvictPendingReports) { std::vector<const ReportingReport*> reports; for (size_t i = 0; i < max_report_count; ++i) { reports.push_back( - AddAndReturnReport(kUrl1_, kUserAgent_, kGroup1_, kType_, + AddAndReturnReport(kNik_, kUrl1_, kUserAgent_, kGroup1_, kType_, std::make_unique<base::DictionaryValue>(), 0, tick_clock()->NowTicks(), 0)); tick_clock()->Advance(base::TimeDelta::FromMinutes(1)); @@ -1201,7 +1215,7 @@ TEST_P(ReportingCacheTest, DontEvictPendingReports) { // Add one more report to force the cache to evict one. Since the cache has // only pending reports, it will be forced to evict the *new* report! - cache()->AddReport(kUrl1_, kUserAgent_, kGroup1_, kType_, + cache()->AddReport(kNik_, kUrl1_, kUserAgent_, kGroup1_, kType_, std::make_unique<base::DictionaryValue>(), 0, kNowTicks_, 0); diff --git a/chromium/net/reporting/reporting_delivery_agent.cc b/chromium/net/reporting/reporting_delivery_agent.cc index a5a2c49ef32..fca2421b239 100644 --- a/chromium/net/reporting/reporting_delivery_agent.cc +++ b/chromium/net/reporting/reporting_delivery_agent.cc @@ -11,8 +11,8 @@ #include <vector> #include "base/bind.h" +#include "base/check.h" #include "base/json/json_writer.h" -#include "base/logging.h" #include "base/time/tick_clock.h" #include "base/timer/timer.h" #include "base/values.h" diff --git a/chromium/net/reporting/reporting_delivery_agent_unittest.cc b/chromium/net/reporting/reporting_delivery_agent_unittest.cc index a079808db8f..893cdd61eb2 100644 --- a/chromium/net/reporting/reporting_delivery_agent_unittest.cc +++ b/chromium/net/reporting/reporting_delivery_agent_unittest.cc @@ -39,6 +39,7 @@ class ReportingDeliveryAgentTest : public ReportingTestBase { UsePolicy(policy); } + const NetworkIsolationKey kNik_ = NetworkIsolationKey::Todo(); const GURL kUrl_ = GURL("https://origin/path"); const GURL kSubdomainUrl_ = GURL("https://sub.origin/path"); const url::Origin kOrigin_ = url::Origin::Create(GURL("https://origin/")); @@ -48,7 +49,7 @@ class ReportingDeliveryAgentTest : public ReportingTestBase { const std::string kType_ = "type"; const base::Time kExpires_ = base::Time::Now() + base::TimeDelta::FromDays(7); const ReportingEndpointGroupKey kGroupKey_ = - ReportingEndpointGroupKey(NetworkIsolationKey(), kOrigin_, kGroup_); + ReportingEndpointGroupKey(kNik_, kOrigin_, kGroup_); }; TEST_F(ReportingDeliveryAgentTest, SuccessfulImmediateUpload) { @@ -56,8 +57,8 @@ TEST_F(ReportingDeliveryAgentTest, SuccessfulImmediateUpload) { body.SetString("key", "value"); ASSERT_TRUE(SetEndpointInCache(kGroupKey_, kEndpoint_, kExpires_)); - cache()->AddReport(kUrl_, kUserAgent_, kGroup_, kType_, body.CreateDeepCopy(), - 0, tick_clock()->NowTicks(), 0); + cache()->AddReport(kNik_, kUrl_, kUserAgent_, kGroup_, kType_, + body.CreateDeepCopy(), 0, tick_clock()->NowTicks(), 0); // Upload is automatically started when cache is modified. @@ -105,7 +106,7 @@ TEST_F(ReportingDeliveryAgentTest, SuccessfulImmediateSubdomainUpload) { ASSERT_TRUE(SetEndpointInCache(kGroupKey_, kEndpoint_, kExpires_, OriginSubdomains::INCLUDE)); - cache()->AddReport(kSubdomainUrl_, kUserAgent_, kGroup_, kType_, + cache()->AddReport(kNik_, kSubdomainUrl_, kUserAgent_, kGroup_, kType_, body.CreateDeepCopy(), 0, tick_clock()->NowTicks(), 0); // Upload is automatically started when cache is modified. @@ -155,7 +156,7 @@ TEST_F(ReportingDeliveryAgentTest, ASSERT_TRUE(SetEndpointInCache(kGroupKey_, kEndpoint_, kExpires_, OriginSubdomains::INCLUDE)); - cache()->AddReport(kSubdomainUrl_, kUserAgent_, kGroup_, kType_, + cache()->AddReport(kNik_, kSubdomainUrl_, kUserAgent_, kGroup_, kType_, body.CreateDeepCopy(), 0, tick_clock()->NowTicks(), 0); // Upload is automatically started when cache is modified. @@ -187,13 +188,13 @@ TEST_F(ReportingDeliveryAgentTest, SuccessfulDelayedUpload) { // Trigger and complete an upload to start the delivery timer. ASSERT_TRUE(SetEndpointInCache(kGroupKey_, kEndpoint_, kExpires_)); - cache()->AddReport(kUrl_, kUserAgent_, kGroup_, kType_, body.CreateDeepCopy(), - 0, tick_clock()->NowTicks(), 0); + cache()->AddReport(kNik_, kUrl_, kUserAgent_, kGroup_, kType_, + body.CreateDeepCopy(), 0, tick_clock()->NowTicks(), 0); pending_uploads()[0]->Complete(ReportingUploader::Outcome::SUCCESS); // Add another report to upload after a delay. - cache()->AddReport(kUrl_, kUserAgent_, kGroup_, kType_, body.CreateDeepCopy(), - 0, tick_clock()->NowTicks(), 0); + cache()->AddReport(kNik_, kUrl_, kUserAgent_, kGroup_, kType_, + body.CreateDeepCopy(), 0, tick_clock()->NowTicks(), 0); EXPECT_TRUE(delivery_timer()->IsRunning()); delivery_timer()->Fire(); @@ -238,7 +239,7 @@ TEST_F(ReportingDeliveryAgentTest, SuccessfulDelayedUpload) { TEST_F(ReportingDeliveryAgentTest, FailedUpload) { ASSERT_TRUE(SetEndpointInCache(kGroupKey_, kEndpoint_, kExpires_)); - cache()->AddReport(kUrl_, kUserAgent_, kGroup_, kType_, + cache()->AddReport(kNik_, kUrl_, kUserAgent_, kGroup_, kType_, std::make_unique<base::DictionaryValue>(), 0, tick_clock()->NowTicks(), 0); @@ -291,8 +292,8 @@ TEST_F(ReportingDeliveryAgentTest, DisallowedUpload) { body.SetString("key", "value"); ASSERT_TRUE(SetEndpointInCache(kGroupKey_, kEndpoint_, kExpires_)); - cache()->AddReport(kUrl_, kUserAgent_, kGroup_, kType_, body.CreateDeepCopy(), - 0, tick_clock()->NowTicks(), 0); + cache()->AddReport(kNik_, kUrl_, kUserAgent_, kGroup_, kType_, + body.CreateDeepCopy(), 0, tick_clock()->NowTicks(), 0); tick_clock()->Advance(base::TimeDelta::FromMilliseconds(kAgeMillis)); @@ -327,7 +328,7 @@ TEST_F(ReportingDeliveryAgentTest, RemoveEndpointUpload) { ASSERT_TRUE(SetEndpointInCache(kGroupKey_, kEndpoint_, kExpires_)); ASSERT_TRUE(SetEndpointInCache(kOtherGroupKey, kEndpoint_, kExpires_)); - cache()->AddReport(kUrl_, kUserAgent_, kGroup_, kType_, + cache()->AddReport(kNik_, kUrl_, kUserAgent_, kGroup_, kType_, std::make_unique<base::DictionaryValue>(), 0, tick_clock()->NowTicks(), 0); @@ -356,7 +357,7 @@ TEST_F(ReportingDeliveryAgentTest, RemoveEndpointUpload) { TEST_F(ReportingDeliveryAgentTest, ConcurrentRemove) { ASSERT_TRUE(SetEndpointInCache(kGroupKey_, kEndpoint_, kExpires_)); - cache()->AddReport(kUrl_, kUserAgent_, kGroup_, kType_, + cache()->AddReport(kNik_, kUrl_, kUserAgent_, kGroup_, kType_, std::make_unique<base::DictionaryValue>(), 0, tick_clock()->NowTicks(), 0); @@ -392,7 +393,7 @@ TEST_F(ReportingDeliveryAgentTest, ConcurrentRemoveDuringPermissionsCheck) { context()->test_delegate()->set_pause_permissions_check(true); ASSERT_TRUE(SetEndpointInCache(kGroupKey_, kEndpoint_, kExpires_)); - cache()->AddReport(kUrl_, kUserAgent_, kGroup_, kType_, + cache()->AddReport(kNik_, kUrl_, kUserAgent_, kGroup_, kType_, std::make_unique<base::DictionaryValue>(), 0, tick_clock()->NowTicks(), 0); @@ -434,17 +435,17 @@ TEST_F(ReportingDeliveryAgentTest, ASSERT_TRUE(SetEndpointInCache(kDifferentGroupKey, kEndpoint_, kExpires_)); // Trigger and complete an upload to start the delivery timer. - cache()->AddReport(kUrl_, kUserAgent_, kGroup_, kType_, + cache()->AddReport(kNik_, kUrl_, kUserAgent_, kGroup_, kType_, std::make_unique<base::DictionaryValue>(), 0, tick_clock()->NowTicks(), 0); pending_uploads()[0]->Complete(ReportingUploader::Outcome::SUCCESS); // Now that the delivery timer is running, these reports won't be immediately // uploaded. - cache()->AddReport(kUrl_, kUserAgent_, kGroup_, kType_, + cache()->AddReport(kNik_, kUrl_, kUserAgent_, kGroup_, kType_, std::make_unique<base::DictionaryValue>(), 0, tick_clock()->NowTicks(), 0); - cache()->AddReport(kDifferentUrl, kUserAgent_, kGroup_, kType_, + cache()->AddReport(kNik_, kDifferentUrl, kUserAgent_, kGroup_, kType_, std::make_unique<base::DictionaryValue>(), 0, tick_clock()->NowTicks(), 0); EXPECT_EQ(0u, pending_uploads().size()); @@ -467,7 +468,7 @@ TEST_F(ReportingDeliveryAgentTest, TEST_F(ReportingDeliveryAgentTest, SerializeUploadsToEndpoint) { ASSERT_TRUE(SetEndpointInCache(kGroupKey_, kEndpoint_, kExpires_)); - cache()->AddReport(kUrl_, kUserAgent_, kGroup_, kType_, + cache()->AddReport(kNik_, kUrl_, kUserAgent_, kGroup_, kType_, std::make_unique<base::DictionaryValue>(), 0, tick_clock()->NowTicks(), 0); @@ -475,7 +476,7 @@ TEST_F(ReportingDeliveryAgentTest, SerializeUploadsToEndpoint) { delivery_timer()->Fire(); EXPECT_EQ(1u, pending_uploads().size()); - cache()->AddReport(kUrl_, kUserAgent_, kGroup_, kType_, + cache()->AddReport(kNik_, kUrl_, kUserAgent_, kGroup_, kType_, std::make_unique<base::DictionaryValue>(), 0, tick_clock()->NowTicks(), 0); @@ -503,7 +504,7 @@ TEST_F(ReportingDeliveryAgentTest, SerializeUploadsToGroup) { ASSERT_TRUE(SetEndpointInCache(kGroupKey_, kEndpoint_, kExpires_)); ASSERT_TRUE(SetEndpointInCache(kGroupKey_, kDifferentEndpoint, kExpires_)); - cache()->AddReport(kUrl_, kUserAgent_, kGroup_, kType_, + cache()->AddReport(kNik_, kUrl_, kUserAgent_, kGroup_, kType_, std::make_unique<base::DictionaryValue>(), 0, tick_clock()->NowTicks(), 0); @@ -511,7 +512,7 @@ TEST_F(ReportingDeliveryAgentTest, SerializeUploadsToGroup) { delivery_timer()->Fire(); EXPECT_EQ(1u, pending_uploads().size()); - cache()->AddReport(kUrl_, kUserAgent_, kGroup_, kType_, + cache()->AddReport(kNik_, kUrl_, kUserAgent_, kGroup_, kType_, std::make_unique<base::DictionaryValue>(), 0, tick_clock()->NowTicks(), 0); @@ -542,10 +543,10 @@ TEST_F(ReportingDeliveryAgentTest, ParallelizeUploadsAcrossGroups) { ASSERT_TRUE( SetEndpointInCache(kDifferentGroupKey, kDifferentEndpoint, kExpires_)); - cache()->AddReport(kUrl_, kUserAgent_, kGroup_, kType_, + cache()->AddReport(kNik_, kUrl_, kUserAgent_, kGroup_, kType_, std::make_unique<base::DictionaryValue>(), 0, tick_clock()->NowTicks(), 0); - cache()->AddReport(kUrl_, kUserAgent_, kDifferentGroup, kType_, + cache()->AddReport(kNik_, kUrl_, kUserAgent_, kDifferentGroup, kType_, std::make_unique<base::DictionaryValue>(), 0, tick_clock()->NowTicks(), 0); diff --git a/chromium/net/reporting/reporting_endpoint_manager.cc b/chromium/net/reporting/reporting_endpoint_manager.cc index 35652768ebd..c903335b5e7 100644 --- a/chromium/net/reporting/reporting_endpoint_manager.cc +++ b/chromium/net/reporting/reporting_endpoint_manager.cc @@ -10,9 +10,10 @@ #include <utility> #include <vector> +#include "base/check.h" #include "base/containers/mru_cache.h" -#include "base/logging.h" #include "base/macros.h" +#include "base/notreached.h" #include "base/rand_util.h" #include "base/stl_util.h" #include "base/time/tick_clock.h" diff --git a/chromium/net/reporting/reporting_endpoint_manager_unittest.cc b/chromium/net/reporting/reporting_endpoint_manager_unittest.cc index d05153d547a..0e020936a79 100644 --- a/chromium/net/reporting/reporting_endpoint_manager_unittest.cc +++ b/chromium/net/reporting/reporting_endpoint_manager_unittest.cc @@ -47,7 +47,8 @@ class TestReportingCache : public ReportingCache { } // Everything below is NOTREACHED. - void AddReport(const GURL& url, + void AddReport(const NetworkIsolationKey& network_isolation_key, + const GURL& url, const std::string& user_agent, const std::string& group_name, const std::string& type, @@ -103,6 +104,7 @@ class TestReportingCache : public ReportingCache { return false; } void OnParsedHeader( + const NetworkIsolationKey& network_isolation_key, const url::Origin& origin, std::vector<ReportingEndpointGroup> parsed_header) override { NOTREACHED(); diff --git a/chromium/net/reporting/reporting_garbage_collector_unittest.cc b/chromium/net/reporting/reporting_garbage_collector_unittest.cc index 78ad1601ca0..71ea1cead48 100644 --- a/chromium/net/reporting/reporting_garbage_collector_unittest.cc +++ b/chromium/net/reporting/reporting_garbage_collector_unittest.cc @@ -26,6 +26,7 @@ class ReportingGarbageCollectorTest : public ReportingTestBase { return reports.size(); } + const NetworkIsolationKey kNik_; const GURL kUrl_ = GURL("https://origin/path"); const std::string kUserAgent_ = "Mozilla/1.0"; const std::string kGroup_ = "group"; @@ -41,7 +42,7 @@ TEST_F(ReportingGarbageCollectorTest, Created) { TEST_F(ReportingGarbageCollectorTest, Timer) { EXPECT_FALSE(garbage_collection_timer()->IsRunning()); - cache()->AddReport(kUrl_, kUserAgent_, kGroup_, kType_, + cache()->AddReport(kNik_, kUrl_, kUserAgent_, kGroup_, kType_, std::make_unique<base::DictionaryValue>(), 0, tick_clock()->NowTicks(), 0); @@ -53,7 +54,7 @@ TEST_F(ReportingGarbageCollectorTest, Timer) { } TEST_F(ReportingGarbageCollectorTest, Report) { - cache()->AddReport(kUrl_, kUserAgent_, kGroup_, kType_, + cache()->AddReport(kNik_, kUrl_, kUserAgent_, kGroup_, kType_, std::make_unique<base::DictionaryValue>(), 0, tick_clock()->NowTicks(), 0); garbage_collection_timer()->Fire(); @@ -62,7 +63,7 @@ TEST_F(ReportingGarbageCollectorTest, Report) { } TEST_F(ReportingGarbageCollectorTest, ExpiredReport) { - cache()->AddReport(kUrl_, kUserAgent_, kGroup_, kType_, + cache()->AddReport(kNik_, kUrl_, kUserAgent_, kGroup_, kType_, std::make_unique<base::DictionaryValue>(), 0, tick_clock()->NowTicks(), 0); tick_clock()->Advance(2 * policy().max_report_age); @@ -72,7 +73,7 @@ TEST_F(ReportingGarbageCollectorTest, ExpiredReport) { } TEST_F(ReportingGarbageCollectorTest, FailedReport) { - cache()->AddReport(kUrl_, kUserAgent_, kGroup_, kType_, + cache()->AddReport(kNik_, kUrl_, kUserAgent_, kGroup_, kType_, std::make_unique<base::DictionaryValue>(), 0, tick_clock()->NowTicks(), 0); diff --git a/chromium/net/reporting/reporting_header_parser.cc b/chromium/net/reporting/reporting_header_parser.cc index 12f0064a4b8..294f9039841 100644 --- a/chromium/net/reporting/reporting_header_parser.cc +++ b/chromium/net/reporting/reporting_header_parser.cc @@ -4,13 +4,14 @@ #include "net/reporting/reporting_header_parser.h" +#include <cstring> #include <string> #include <utility> #include <vector> #include "base/bind.h" +#include "base/check.h" #include "base/json/json_reader.h" -#include "base/logging.h" #include "base/metrics/histogram_macros.h" #include "base/time/time.h" #include "base/values.h" @@ -241,9 +242,11 @@ void ReportingHeaderParser::RecordHeaderDiscardedForJsonTooBig() { } // static -void ReportingHeaderParser::ParseHeader(ReportingContext* context, - const GURL& url, - std::unique_ptr<base::Value> value) { +void ReportingHeaderParser::ParseHeader( + ReportingContext* context, + const NetworkIsolationKey& network_isolation_key, + const GURL& url, + std::unique_ptr<base::Value> value) { DCHECK(url.SchemeIsCryptographic()); const base::ListValue* group_list = nullptr; @@ -254,7 +257,6 @@ void ReportingHeaderParser::ParseHeader(ReportingContext* context, ReportingCache* cache = context->cache(); url::Origin origin = url::Origin::Create(url); - NetworkIsolationKey network_isolation_key = NetworkIsolationKey::Todo(); std::vector<ReportingEndpointGroup> parsed_header; @@ -279,8 +281,8 @@ void ReportingHeaderParser::ParseHeader(ReportingContext* context, return; } - // TODO(chlily): Pass NIK to cache. - cache->OnParsedHeader(origin, std::move(parsed_header)); + cache->OnParsedHeader(network_isolation_key, origin, + std::move(parsed_header)); RecordHeaderOutcome(HeaderOutcome::PARSED); } diff --git a/chromium/net/reporting/reporting_header_parser.h b/chromium/net/reporting/reporting_header_parser.h index 3556904cdb1..adba204742a 100644 --- a/chromium/net/reporting/reporting_header_parser.h +++ b/chromium/net/reporting/reporting_header_parser.h @@ -17,6 +17,7 @@ class Value; namespace net { +class NetworkIsolationKey; class ReportingContext; class NET_EXPORT ReportingHeaderParser { @@ -79,8 +80,8 @@ class NET_EXPORT ReportingHeaderParser { static void RecordHeaderDiscardedForJsonInvalid(); static void RecordHeaderDiscardedForJsonTooBig(); - // TODO(chlily): Pass in the NetworkIsolationKey. static void ParseHeader(ReportingContext* context, + const NetworkIsolationKey& network_isolation_key, const GURL& url, std::unique_ptr<base::Value> value); diff --git a/chromium/net/reporting/reporting_header_parser_fuzzer.cc b/chromium/net/reporting/reporting_header_parser_fuzzer.cc index 58637b8d264..d52179fc790 100644 --- a/chromium/net/reporting/reporting_header_parser_fuzzer.cc +++ b/chromium/net/reporting/reporting_header_parser_fuzzer.cc @@ -10,6 +10,7 @@ #include "base/time/default_tick_clock.h" #include "base/time/time.h" #include "base/values.h" +#include "net/base/network_isolation_key.h" #include "net/reporting/reporting_cache.h" #include "net/reporting/reporting_header_parser.h" #include "net/reporting/reporting_policy.pb.h" @@ -38,7 +39,8 @@ void FuzzReportingHeaderParser(const std::string& data_json, // TODO: consider including proto definition for URL after moving that to // testing/libfuzzer/proto and creating a separate converter. - net::ReportingHeaderParser::ParseHeader(&context, GURL("https://origin/path"), + net::ReportingHeaderParser::ParseHeader(&context, net::NetworkIsolationKey(), + GURL("https://origin/path"), std::move(data_value)); if (context.cache()->GetEndpointCount() == 0) { return; diff --git a/chromium/net/reporting/reporting_header_parser_unittest.cc b/chromium/net/reporting/reporting_header_parser_unittest.cc index cedaa990d0a..fcedd578574 100644 --- a/chromium/net/reporting/reporting_header_parser_unittest.cc +++ b/chromium/net/reporting/reporting_header_parser_unittest.cc @@ -66,7 +66,7 @@ class ReportingHeaderParserTest : public ReportingTestBase, OriginSubdomains include_subdomains = OriginSubdomains::DEFAULT, base::TimeDelta ttl = base::TimeDelta::FromDays(1), url::Origin origin = url::Origin()) { - ReportingEndpointGroupKey group_key(NetworkIsolationKey() /* unused */, + ReportingEndpointGroupKey group_key(kNik_ /* unused */, url::Origin() /* unused */, name); ReportingEndpointGroup group; group.group_key = group_key; @@ -127,33 +127,43 @@ class ReportingHeaderParserTest : public ReportingTestBase, return s.str(); } - void ParseHeader(const GURL& url, const std::string& json) { + void ParseHeader(const NetworkIsolationKey& network_isolation_key, + const GURL& url, + const std::string& json) { std::unique_ptr<base::Value> value = base::JSONReader::ReadDeprecated("[" + json + "]"); - if (value) - ReportingHeaderParser::ParseHeader(context(), url, std::move(value)); + if (value) { + ReportingHeaderParser::ParseHeader(context(), network_isolation_key, url, + std::move(value)); + } } - const GURL kUrl_ = GURL("https://origin.test/path"); - const url::Origin kOrigin_ = - url::Origin::Create(GURL("https://origin.test/")); + const GURL kUrl1_ = GURL("https://origin1.test/path"); + const url::Origin kOrigin1_ = url::Origin::Create(kUrl1_); const GURL kUrl2_ = GURL("https://origin2.test/path"); - const url::Origin kOrigin2_ = - url::Origin::Create(GURL("https://origin2.test/")); + const url::Origin kOrigin2_ = url::Origin::Create(kUrl2_); + const NetworkIsolationKey kNik_; + const NetworkIsolationKey kOtherNik_ = + NetworkIsolationKey(kOrigin1_, kOrigin2_); const GURL kUrlEtld_ = GURL("https://co.uk/foo.html/"); const url::Origin kOriginEtld_ = url::Origin::Create(kUrlEtld_); - const GURL kEndpoint_ = GURL("https://endpoint.test/"); + const GURL kEndpoint1_ = GURL("https://endpoint1.test/"); const GURL kEndpoint2_ = GURL("https://endpoint2.test/"); const GURL kEndpoint3_ = GURL("https://endpoint3.test/"); const GURL kEndpointPathAbsolute_ = - GURL("https://origin.test/path-absolute-url"); - const std::string kGroup_ = "group"; + GURL("https://origin1.test/path-absolute-url"); + const std::string kGroup1_ = "group1"; const std::string kGroup2_ = "group2"; - const std::string kType_ = "type"; - const ReportingEndpointGroupKey kGroupKey_ = - ReportingEndpointGroupKey(NetworkIsolationKey(), kOrigin_, kGroup_); - const ReportingEndpointGroupKey kGroupKey2_ = - ReportingEndpointGroupKey(NetworkIsolationKey(), kOrigin_, kGroup2_); + // There are 2^3 = 8 of these to test the different combinations of matching + // vs mismatching NIK, origin, and group. + const ReportingEndpointGroupKey kGroupKey11_ = + ReportingEndpointGroupKey(kNik_, kOrigin1_, kGroup1_); + const ReportingEndpointGroupKey kGroupKey21_ = + ReportingEndpointGroupKey(kNik_, kOrigin2_, kGroup1_); + const ReportingEndpointGroupKey kGroupKey12_ = + ReportingEndpointGroupKey(kNik_, kOrigin1_, kGroup2_); + const ReportingEndpointGroupKey kGroupKey22_ = + ReportingEndpointGroupKey(kNik_, kOrigin2_, kGroup2_); private: std::unique_ptr<MockPersistentReportingStore> store_; @@ -210,7 +220,7 @@ TEST_P(ReportingHeaderParserTest, Invalid) { for (size_t i = 0; i < base::size(kInvalidHeaderTestCases); ++i) { auto& test_case = kInvalidHeaderTestCases[i]; - ParseHeader(kUrl_, test_case.header_value); + ParseHeader(kNik_, kUrl1_, test_case.header_value); EXPECT_EQ(0u, cache()->GetEndpointCount()) << "Invalid Report-To header (" << test_case.description << ": \"" @@ -225,22 +235,22 @@ TEST_P(ReportingHeaderParserTest, Invalid) { } TEST_P(ReportingHeaderParserTest, Basic) { - std::vector<ReportingEndpoint::EndpointInfo> endpoints = {{kEndpoint_}}; + std::vector<ReportingEndpoint::EndpointInfo> endpoints = {{kEndpoint1_}}; std::string header = - ConstructHeaderGroupString(MakeEndpointGroup(kGroup_, endpoints)); + ConstructHeaderGroupString(MakeEndpointGroup(kGroup1_, endpoints)); - ParseHeader(kUrl_, header); + ParseHeader(kNik_, kUrl1_, header); EXPECT_EQ(1u, cache()->GetEndpointGroupCountForTesting()); EXPECT_TRUE( - EndpointGroupExistsInCache(kGroupKey_, OriginSubdomains::DEFAULT)); - EXPECT_TRUE(ClientExistsInCacheForOrigin(kOrigin_)); + EndpointGroupExistsInCache(kGroupKey11_, OriginSubdomains::DEFAULT)); + EXPECT_TRUE(ClientExistsInCacheForOrigin(kOrigin1_)); EXPECT_EQ(1u, cache()->GetEndpointCount()); - ReportingEndpoint endpoint = FindEndpointInCache(kGroupKey_, kEndpoint_); + ReportingEndpoint endpoint = FindEndpointInCache(kGroupKey11_, kEndpoint1_); ASSERT_TRUE(endpoint); - EXPECT_EQ(kOrigin_, endpoint.group_key.origin); - EXPECT_EQ(kGroup_, endpoint.group_key.group_name); - EXPECT_EQ(kEndpoint_, endpoint.info.url); + EXPECT_EQ(kOrigin1_, endpoint.group_key.origin); + EXPECT_EQ(kGroup1_, endpoint.group_key.group_name); + EXPECT_EQ(kEndpoint1_, endpoint.info.url); EXPECT_EQ(ReportingEndpoint::EndpointInfo::kDefaultPriority, endpoint.info.priority); EXPECT_EQ(ReportingEndpoint::EndpointInfo::kDefaultWeight, @@ -252,9 +262,9 @@ TEST_P(ReportingHeaderParserTest, Basic) { EXPECT_EQ(1, mock_store()->StoredEndpointGroupsCount()); MockPersistentReportingStore::CommandList expected_commands; expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT, - kGroupKey_, kEndpoint_); + kGroupKey11_, kEndpoint1_); expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT_GROUP, - kGroupKey_); + kGroupKey11_); EXPECT_THAT(mock_store()->GetAllCommands(), testing::IsSupersetOf(expected_commands)); } @@ -262,20 +272,20 @@ TEST_P(ReportingHeaderParserTest, Basic) { TEST_P(ReportingHeaderParserTest, PathAbsoluteURLEndpoint) { std::string header = - "{\"group\": \"group\", \"max_age\":1, \"endpoints\": " + "{\"group\": \"group1\", \"max_age\":1, \"endpoints\": " "[{\"url\":\"/path-absolute-url\"}]}"; - ParseHeader(kUrl_, header); + ParseHeader(kNik_, kUrl1_, header); EXPECT_EQ(1u, cache()->GetEndpointGroupCountForTesting()); EXPECT_TRUE( - EndpointGroupExistsInCache(kGroupKey_, OriginSubdomains::DEFAULT)); - EXPECT_TRUE(ClientExistsInCacheForOrigin(kOrigin_)); + EndpointGroupExistsInCache(kGroupKey11_, OriginSubdomains::DEFAULT)); + EXPECT_TRUE(ClientExistsInCacheForOrigin(kOrigin1_)); EXPECT_EQ(1u, cache()->GetEndpointCount()); ReportingEndpoint endpoint = - FindEndpointInCache(kGroupKey_, kEndpointPathAbsolute_); + FindEndpointInCache(kGroupKey11_, kEndpointPathAbsolute_); ASSERT_TRUE(endpoint); - EXPECT_EQ(kOrigin_, endpoint.group_key.origin); - EXPECT_EQ(kGroup_, endpoint.group_key.group_name); + EXPECT_EQ(kOrigin1_, endpoint.group_key.origin); + EXPECT_EQ(kGroup1_, endpoint.group_key.group_name); EXPECT_EQ(kEndpointPathAbsolute_, endpoint.info.url); EXPECT_EQ(ReportingEndpoint::EndpointInfo::kDefaultPriority, endpoint.info.priority); @@ -289,12 +299,12 @@ TEST_P(ReportingHeaderParserTest, PathAbsoluteURLEndpoint) { MockPersistentReportingStore::CommandList expected_commands; expected_commands.emplace_back( CommandType::ADD_REPORTING_ENDPOINT, - ReportingEndpoint(kGroupKey_, ReportingEndpoint::EndpointInfo{ - kEndpointPathAbsolute_})); + ReportingEndpoint(kGroupKey11_, ReportingEndpoint::EndpointInfo{ + kEndpointPathAbsolute_})); expected_commands.emplace_back( CommandType::ADD_REPORTING_ENDPOINT_GROUP, CachedReportingEndpointGroup( - kGroupKey_, OriginSubdomains::DEFAULT /* irrelevant */, + kGroupKey11_, OriginSubdomains::DEFAULT /* irrelevant */, base::Time() /* irrelevant */, base::Time() /* irrelevant */)); EXPECT_THAT(mock_store()->GetAllCommands(), testing::IsSupersetOf(expected_commands)); @@ -302,22 +312,21 @@ TEST_P(ReportingHeaderParserTest, PathAbsoluteURLEndpoint) { } TEST_P(ReportingHeaderParserTest, OmittedGroupName) { - ReportingEndpointGroupKey kGroupKey(NetworkIsolationKey(), kOrigin_, - "default"); - std::vector<ReportingEndpoint::EndpointInfo> endpoints = {{kEndpoint_}}; + ReportingEndpointGroupKey kGroupKey(kNik_, kOrigin1_, "default"); + std::vector<ReportingEndpoint::EndpointInfo> endpoints = {{kEndpoint1_}}; std::string header = ConstructHeaderGroupString(MakeEndpointGroup(std::string(), endpoints)); - ParseHeader(kUrl_, header); + ParseHeader(kNik_, kUrl1_, header); EXPECT_EQ(1u, cache()->GetEndpointGroupCountForTesting()); EXPECT_TRUE(EndpointGroupExistsInCache(kGroupKey, OriginSubdomains::DEFAULT)); - EXPECT_TRUE(ClientExistsInCacheForOrigin(kOrigin_)); + EXPECT_TRUE(ClientExistsInCacheForOrigin(kOrigin1_)); EXPECT_EQ(1u, cache()->GetEndpointCount()); - ReportingEndpoint endpoint = FindEndpointInCache(kGroupKey, kEndpoint_); + ReportingEndpoint endpoint = FindEndpointInCache(kGroupKey, kEndpoint1_); ASSERT_TRUE(endpoint); - EXPECT_EQ(kOrigin_, endpoint.group_key.origin); + EXPECT_EQ(kOrigin1_, endpoint.group_key.origin); EXPECT_EQ("default", endpoint.group_key.group_name); - EXPECT_EQ(kEndpoint_, endpoint.info.url); + EXPECT_EQ(kEndpoint1_, endpoint.info.url); EXPECT_EQ(ReportingEndpoint::EndpointInfo::kDefaultPriority, endpoint.info.priority); EXPECT_EQ(ReportingEndpoint::EndpointInfo::kDefaultWeight, @@ -329,7 +338,7 @@ TEST_P(ReportingHeaderParserTest, OmittedGroupName) { EXPECT_EQ(1, mock_store()->StoredEndpointGroupsCount()); MockPersistentReportingStore::CommandList expected_commands; expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT, - kGroupKey, kEndpoint_); + kGroupKey, kEndpoint1_); expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT_GROUP, kGroupKey); EXPECT_THAT(mock_store()->GetAllCommands(), @@ -338,17 +347,17 @@ TEST_P(ReportingHeaderParserTest, OmittedGroupName) { } TEST_P(ReportingHeaderParserTest, IncludeSubdomainsTrue) { - std::vector<ReportingEndpoint::EndpointInfo> endpoints = {{kEndpoint_}}; + std::vector<ReportingEndpoint::EndpointInfo> endpoints = {{kEndpoint1_}}; std::string header = ConstructHeaderGroupString( - MakeEndpointGroup(kGroup_, endpoints, OriginSubdomains::INCLUDE)); - ParseHeader(kUrl_, header); + MakeEndpointGroup(kGroup1_, endpoints, OriginSubdomains::INCLUDE)); + ParseHeader(kNik_, kUrl1_, header); EXPECT_EQ(1u, cache()->GetEndpointGroupCountForTesting()); EXPECT_TRUE( - EndpointGroupExistsInCache(kGroupKey_, OriginSubdomains::INCLUDE)); + EndpointGroupExistsInCache(kGroupKey11_, OriginSubdomains::INCLUDE)); EXPECT_EQ(1u, cache()->GetEndpointCount()); - EXPECT_TRUE(EndpointExistsInCache(kGroupKey_, kEndpoint_)); + EXPECT_TRUE(EndpointExistsInCache(kGroupKey11_, kEndpoint1_)); if (mock_store()) { mock_store()->Flush(); @@ -356,27 +365,27 @@ TEST_P(ReportingHeaderParserTest, IncludeSubdomainsTrue) { EXPECT_EQ(1, mock_store()->StoredEndpointGroupsCount()); MockPersistentReportingStore::CommandList expected_commands; expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT, - kGroupKey_, kEndpoint_); + kGroupKey11_, kEndpoint1_); expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT_GROUP, - kGroupKey_); + kGroupKey11_); EXPECT_THAT(mock_store()->GetAllCommands(), testing::IsSupersetOf(expected_commands)); } } TEST_P(ReportingHeaderParserTest, IncludeSubdomainsFalse) { - std::vector<ReportingEndpoint::EndpointInfo> endpoints = {{kEndpoint_}}; + std::vector<ReportingEndpoint::EndpointInfo> endpoints = {{kEndpoint1_}}; std::string header = ConstructHeaderGroupString( - MakeEndpointGroup(kGroup_, endpoints, OriginSubdomains::EXCLUDE), + MakeEndpointGroup(kGroup1_, endpoints, OriginSubdomains::EXCLUDE), false /* omit_defaults */); - ParseHeader(kUrl_, header); + ParseHeader(kNik_, kUrl1_, header); EXPECT_EQ(1u, cache()->GetEndpointGroupCountForTesting()); EXPECT_TRUE( - EndpointGroupExistsInCache(kGroupKey_, OriginSubdomains::EXCLUDE)); + EndpointGroupExistsInCache(kGroupKey11_, OriginSubdomains::EXCLUDE)); EXPECT_EQ(1u, cache()->GetEndpointCount()); - EXPECT_TRUE(EndpointExistsInCache(kGroupKey_, kEndpoint_)); + EXPECT_TRUE(EndpointExistsInCache(kGroupKey11_, kEndpoint1_)); if (mock_store()) { mock_store()->Flush(); @@ -384,59 +393,57 @@ TEST_P(ReportingHeaderParserTest, IncludeSubdomainsFalse) { EXPECT_EQ(1, mock_store()->StoredEndpointGroupsCount()); MockPersistentReportingStore::CommandList expected_commands; expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT, - kGroupKey_, kEndpoint_); + kGroupKey11_, kEndpoint1_); expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT_GROUP, - kGroupKey_); + kGroupKey11_); EXPECT_THAT(mock_store()->GetAllCommands(), testing::IsSupersetOf(expected_commands)); } } TEST_P(ReportingHeaderParserTest, IncludeSubdomainsEtldRejected) { - ReportingEndpointGroupKey kGroupKey(NetworkIsolationKey(), kOriginEtld_, - kGroup_); - std::vector<ReportingEndpoint::EndpointInfo> endpoints = {{kEndpoint_}}; + ReportingEndpointGroupKey kGroupKey(kNik_, kOriginEtld_, kGroup1_); + std::vector<ReportingEndpoint::EndpointInfo> endpoints = {{kEndpoint1_}}; std::string header = ConstructHeaderGroupString( - MakeEndpointGroup(kGroup_, endpoints, OriginSubdomains::INCLUDE)); - ParseHeader(kUrlEtld_, header); + MakeEndpointGroup(kGroup1_, endpoints, OriginSubdomains::INCLUDE)); + ParseHeader(kNik_, kUrlEtld_, header); EXPECT_EQ(0u, cache()->GetEndpointGroupCountForTesting()); EXPECT_FALSE( EndpointGroupExistsInCache(kGroupKey, OriginSubdomains::INCLUDE)); EXPECT_EQ(0u, cache()->GetEndpointCount()); - EXPECT_FALSE(EndpointExistsInCache(kGroupKey, kEndpoint_)); + EXPECT_FALSE(EndpointExistsInCache(kGroupKey, kEndpoint1_)); } TEST_P(ReportingHeaderParserTest, NonIncludeSubdomainsEtldAccepted) { - ReportingEndpointGroupKey kGroupKey(NetworkIsolationKey(), kOriginEtld_, - kGroup_); - std::vector<ReportingEndpoint::EndpointInfo> endpoints = {{kEndpoint_}}; + ReportingEndpointGroupKey kGroupKey(kNik_, kOriginEtld_, kGroup1_); + std::vector<ReportingEndpoint::EndpointInfo> endpoints = {{kEndpoint1_}}; std::string header = ConstructHeaderGroupString( - MakeEndpointGroup(kGroup_, endpoints, OriginSubdomains::EXCLUDE)); - ParseHeader(kUrlEtld_, header); + MakeEndpointGroup(kGroup1_, endpoints, OriginSubdomains::EXCLUDE)); + ParseHeader(kNik_, kUrlEtld_, header); EXPECT_EQ(1u, cache()->GetEndpointGroupCountForTesting()); EXPECT_TRUE(EndpointGroupExistsInCache(kGroupKey, OriginSubdomains::EXCLUDE)); EXPECT_EQ(1u, cache()->GetEndpointCount()); - EXPECT_TRUE(EndpointExistsInCache(kGroupKey, kEndpoint_)); + EXPECT_TRUE(EndpointExistsInCache(kGroupKey, kEndpoint1_)); } TEST_P(ReportingHeaderParserTest, IncludeSubdomainsNotBoolean) { std::string header = - "{\"group\": \"" + kGroup_ + + "{\"group\": \"" + kGroup1_ + "\", " "\"max_age\":86400, \"include_subdomains\": \"NotABoolean\", " "\"endpoints\": [{\"url\":\"" + - kEndpoint_.spec() + "\"}]}"; - ParseHeader(kUrl_, header); + kEndpoint1_.spec() + "\"}]}"; + ParseHeader(kNik_, kUrl1_, header); EXPECT_EQ(1u, cache()->GetEndpointGroupCountForTesting()); EXPECT_TRUE( - EndpointGroupExistsInCache(kGroupKey_, OriginSubdomains::DEFAULT)); + EndpointGroupExistsInCache(kGroupKey11_, OriginSubdomains::DEFAULT)); EXPECT_EQ(1u, cache()->GetEndpointCount()); - EXPECT_TRUE(EndpointExistsInCache(kGroupKey_, kEndpoint_)); + EXPECT_TRUE(EndpointExistsInCache(kGroupKey11_, kEndpoint1_)); if (mock_store()) { mock_store()->Flush(); @@ -444,9 +451,9 @@ TEST_P(ReportingHeaderParserTest, IncludeSubdomainsNotBoolean) { EXPECT_EQ(1, mock_store()->StoredEndpointGroupsCount()); MockPersistentReportingStore::CommandList expected_commands; expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT, - kGroupKey_, kEndpoint_); + kGroupKey11_, kEndpoint1_); expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT_GROUP, - kGroupKey_); + kGroupKey11_); EXPECT_THAT(mock_store()->GetAllCommands(), testing::IsSupersetOf(expected_commands)); } @@ -455,17 +462,17 @@ TEST_P(ReportingHeaderParserTest, IncludeSubdomainsNotBoolean) { TEST_P(ReportingHeaderParserTest, NonDefaultPriority) { const int kNonDefaultPriority = 10; std::vector<ReportingEndpoint::EndpointInfo> endpoints = { - {kEndpoint_, kNonDefaultPriority}}; + {kEndpoint1_, kNonDefaultPriority}}; std::string header = - ConstructHeaderGroupString(MakeEndpointGroup(kGroup_, endpoints)); - ParseHeader(kUrl_, header); + ConstructHeaderGroupString(MakeEndpointGroup(kGroup1_, endpoints)); + ParseHeader(kNik_, kUrl1_, header); EXPECT_EQ(1u, cache()->GetEndpointGroupCountForTesting()); EXPECT_TRUE( - EndpointGroupExistsInCache(kGroupKey_, OriginSubdomains::DEFAULT)); + EndpointGroupExistsInCache(kGroupKey11_, OriginSubdomains::DEFAULT)); EXPECT_EQ(1u, cache()->GetEndpointCount()); - ReportingEndpoint endpoint = FindEndpointInCache(kGroupKey_, kEndpoint_); + ReportingEndpoint endpoint = FindEndpointInCache(kGroupKey11_, kEndpoint1_); ASSERT_TRUE(endpoint); EXPECT_EQ(kNonDefaultPriority, endpoint.info.priority); EXPECT_EQ(ReportingEndpoint::EndpointInfo::kDefaultWeight, @@ -477,9 +484,9 @@ TEST_P(ReportingHeaderParserTest, NonDefaultPriority) { EXPECT_EQ(1, mock_store()->StoredEndpointGroupsCount()); MockPersistentReportingStore::CommandList expected_commands; expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT, - kGroupKey_, kEndpoint_); + kGroupKey11_, kEndpoint1_); expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT_GROUP, - kGroupKey_); + kGroupKey11_); EXPECT_THAT(mock_store()->GetAllCommands(), testing::IsSupersetOf(expected_commands)); } @@ -488,18 +495,18 @@ TEST_P(ReportingHeaderParserTest, NonDefaultPriority) { TEST_P(ReportingHeaderParserTest, NonDefaultWeight) { const int kNonDefaultWeight = 10; std::vector<ReportingEndpoint::EndpointInfo> endpoints = { - {kEndpoint_, ReportingEndpoint::EndpointInfo::kDefaultPriority, + {kEndpoint1_, ReportingEndpoint::EndpointInfo::kDefaultPriority, kNonDefaultWeight}}; std::string header = - ConstructHeaderGroupString(MakeEndpointGroup(kGroup_, endpoints)); - ParseHeader(kUrl_, header); + ConstructHeaderGroupString(MakeEndpointGroup(kGroup1_, endpoints)); + ParseHeader(kNik_, kUrl1_, header); EXPECT_EQ(1u, cache()->GetEndpointGroupCountForTesting()); EXPECT_TRUE( - EndpointGroupExistsInCache(kGroupKey_, OriginSubdomains::DEFAULT)); + EndpointGroupExistsInCache(kGroupKey11_, OriginSubdomains::DEFAULT)); EXPECT_EQ(1u, cache()->GetEndpointCount()); - ReportingEndpoint endpoint = FindEndpointInCache(kGroupKey_, kEndpoint_); + ReportingEndpoint endpoint = FindEndpointInCache(kGroupKey11_, kEndpoint1_); ASSERT_TRUE(endpoint); EXPECT_EQ(ReportingEndpoint::EndpointInfo::kDefaultPriority, endpoint.info.priority); @@ -511,9 +518,9 @@ TEST_P(ReportingHeaderParserTest, NonDefaultWeight) { EXPECT_EQ(1, mock_store()->StoredEndpointGroupsCount()); MockPersistentReportingStore::CommandList expected_commands; expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT, - kGroupKey_, kEndpoint_); + kGroupKey11_, kEndpoint1_); expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT_GROUP, - kGroupKey_); + kGroupKey11_); EXPECT_THAT(mock_store()->GetAllCommands(), testing::IsSupersetOf(expected_commands)); } @@ -524,15 +531,15 @@ TEST_P(ReportingHeaderParserTest, MaxAge) { base::TimeDelta ttl = base::TimeDelta::FromSeconds(kMaxAgeSecs); base::Time expires = clock()->Now() + ttl; - std::vector<ReportingEndpoint::EndpointInfo> endpoints = {{kEndpoint_}}; + std::vector<ReportingEndpoint::EndpointInfo> endpoints = {{kEndpoint1_}}; std::string header = ConstructHeaderGroupString( - MakeEndpointGroup(kGroup_, endpoints, OriginSubdomains::DEFAULT, ttl)); + MakeEndpointGroup(kGroup1_, endpoints, OriginSubdomains::DEFAULT, ttl)); - ParseHeader(kUrl_, header); + ParseHeader(kNik_, kUrl1_, header); EXPECT_EQ(1u, cache()->GetEndpointGroupCountForTesting()); - EXPECT_TRUE(EndpointGroupExistsInCache(kGroupKey_, OriginSubdomains::DEFAULT, - expires)); + EXPECT_TRUE(EndpointGroupExistsInCache(kGroupKey11_, + OriginSubdomains::DEFAULT, expires)); if (mock_store()) { mock_store()->Flush(); @@ -540,40 +547,40 @@ TEST_P(ReportingHeaderParserTest, MaxAge) { EXPECT_EQ(1, mock_store()->StoredEndpointGroupsCount()); MockPersistentReportingStore::CommandList expected_commands; expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT, - kGroupKey_, kEndpoint_); + kGroupKey11_, kEndpoint1_); expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT_GROUP, - kGroupKey_); + kGroupKey11_); EXPECT_THAT(mock_store()->GetAllCommands(), testing::IsSupersetOf(expected_commands)); } } TEST_P(ReportingHeaderParserTest, MultipleEndpointsSameGroup) { - std::vector<ReportingEndpoint::EndpointInfo> endpoints = {{kEndpoint_}, + std::vector<ReportingEndpoint::EndpointInfo> endpoints = {{kEndpoint1_}, {kEndpoint2_}}; std::string header = - ConstructHeaderGroupString(MakeEndpointGroup(kGroup_, endpoints)); + ConstructHeaderGroupString(MakeEndpointGroup(kGroup1_, endpoints)); - ParseHeader(kUrl_, header); + ParseHeader(kNik_, kUrl1_, header); EXPECT_EQ(1u, cache()->GetEndpointGroupCountForTesting()); EXPECT_TRUE( - EndpointGroupExistsInCache(kGroupKey_, OriginSubdomains::DEFAULT)); - EXPECT_TRUE(ClientExistsInCacheForOrigin(kOrigin_)); + EndpointGroupExistsInCache(kGroupKey11_, OriginSubdomains::DEFAULT)); + EXPECT_TRUE(ClientExistsInCacheForOrigin(kOrigin1_)); EXPECT_EQ(2u, cache()->GetEndpointCount()); - ReportingEndpoint endpoint = FindEndpointInCache(kGroupKey_, kEndpoint_); + ReportingEndpoint endpoint = FindEndpointInCache(kGroupKey11_, kEndpoint1_); ASSERT_TRUE(endpoint); - EXPECT_EQ(kOrigin_, endpoint.group_key.origin); - EXPECT_EQ(kGroup_, endpoint.group_key.group_name); - EXPECT_EQ(kEndpoint_, endpoint.info.url); + EXPECT_EQ(kOrigin1_, endpoint.group_key.origin); + EXPECT_EQ(kGroup1_, endpoint.group_key.group_name); + EXPECT_EQ(kEndpoint1_, endpoint.info.url); EXPECT_EQ(ReportingEndpoint::EndpointInfo::kDefaultPriority, endpoint.info.priority); EXPECT_EQ(ReportingEndpoint::EndpointInfo::kDefaultWeight, endpoint.info.weight); - ReportingEndpoint endpoint2 = FindEndpointInCache(kGroupKey_, kEndpoint2_); + ReportingEndpoint endpoint2 = FindEndpointInCache(kGroupKey11_, kEndpoint2_); ASSERT_TRUE(endpoint2); - EXPECT_EQ(kOrigin_, endpoint2.group_key.origin); - EXPECT_EQ(kGroup_, endpoint2.group_key.group_name); + EXPECT_EQ(kOrigin1_, endpoint2.group_key.origin); + EXPECT_EQ(kGroup1_, endpoint2.group_key.group_name); EXPECT_EQ(kEndpoint2_, endpoint2.info.url); EXPECT_EQ(ReportingEndpoint::EndpointInfo::kDefaultPriority, endpoint2.info.priority); @@ -586,47 +593,45 @@ TEST_P(ReportingHeaderParserTest, MultipleEndpointsSameGroup) { EXPECT_EQ(1, mock_store()->StoredEndpointGroupsCount()); MockPersistentReportingStore::CommandList expected_commands; expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT, - kGroupKey_, kEndpoint_); + kGroupKey11_, kEndpoint1_); expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT, - kGroupKey_, kEndpoint2_); + kGroupKey11_, kEndpoint2_); expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT_GROUP, - kGroupKey_); + kGroupKey11_); EXPECT_THAT(mock_store()->GetAllCommands(), testing::IsSupersetOf(expected_commands)); } } TEST_P(ReportingHeaderParserTest, MultipleEndpointsDifferentGroups) { - ReportingEndpointGroupKey kOtherGroupKey(NetworkIsolationKey(), kOrigin_, - kGroup2_); - std::vector<ReportingEndpoint::EndpointInfo> endpoints1 = {{kEndpoint_}}; - std::vector<ReportingEndpoint::EndpointInfo> endpoints2 = {{kEndpoint_}}; + std::vector<ReportingEndpoint::EndpointInfo> endpoints1 = {{kEndpoint1_}}; + std::vector<ReportingEndpoint::EndpointInfo> endpoints2 = {{kEndpoint1_}}; std::string header = - ConstructHeaderGroupString(MakeEndpointGroup(kGroup_, endpoints1)) + + ConstructHeaderGroupString(MakeEndpointGroup(kGroup1_, endpoints1)) + ", " + ConstructHeaderGroupString(MakeEndpointGroup(kGroup2_, endpoints2)); - ParseHeader(kUrl_, header); + ParseHeader(kNik_, kUrl1_, header); EXPECT_EQ(2u, cache()->GetEndpointGroupCountForTesting()); EXPECT_TRUE( - EndpointGroupExistsInCache(kGroupKey_, OriginSubdomains::DEFAULT)); + EndpointGroupExistsInCache(kGroupKey11_, OriginSubdomains::DEFAULT)); EXPECT_TRUE( - EndpointGroupExistsInCache(kOtherGroupKey, OriginSubdomains::DEFAULT)); - EXPECT_TRUE(ClientExistsInCacheForOrigin(kOrigin_)); + EndpointGroupExistsInCache(kGroupKey12_, OriginSubdomains::DEFAULT)); + EXPECT_TRUE(ClientExistsInCacheForOrigin(kOrigin1_)); EXPECT_EQ(2u, cache()->GetEndpointCount()); - ReportingEndpoint endpoint = FindEndpointInCache(kGroupKey_, kEndpoint_); + ReportingEndpoint endpoint = FindEndpointInCache(kGroupKey11_, kEndpoint1_); ASSERT_TRUE(endpoint); - EXPECT_EQ(kOrigin_, endpoint.group_key.origin); - EXPECT_EQ(kGroup_, endpoint.group_key.group_name); + EXPECT_EQ(kOrigin1_, endpoint.group_key.origin); + EXPECT_EQ(kGroup1_, endpoint.group_key.group_name); EXPECT_EQ(ReportingEndpoint::EndpointInfo::kDefaultPriority, endpoint.info.priority); EXPECT_EQ(ReportingEndpoint::EndpointInfo::kDefaultWeight, endpoint.info.weight); - ReportingEndpoint endpoint2 = FindEndpointInCache(kOtherGroupKey, kEndpoint_); + ReportingEndpoint endpoint2 = FindEndpointInCache(kGroupKey12_, kEndpoint1_); ASSERT_TRUE(endpoint2); - EXPECT_EQ(kOrigin_, endpoint2.group_key.origin); + EXPECT_EQ(kOrigin1_, endpoint2.group_key.origin); EXPECT_EQ(kGroup2_, endpoint2.group_key.group_name); EXPECT_EQ(ReportingEndpoint::EndpointInfo::kDefaultPriority, endpoint2.info.priority); @@ -639,13 +644,13 @@ TEST_P(ReportingHeaderParserTest, MultipleEndpointsDifferentGroups) { EXPECT_EQ(2, mock_store()->StoredEndpointGroupsCount()); MockPersistentReportingStore::CommandList expected_commands; expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT, - kGroupKey_, kEndpoint_); + kGroupKey11_, kEndpoint1_); expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT, - kOtherGroupKey, kEndpoint_); + kGroupKey12_, kEndpoint1_); expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT_GROUP, - kGroupKey_); + kGroupKey11_); expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT_GROUP, - kOtherGroupKey); + kGroupKey12_); EXPECT_THAT(mock_store()->GetAllCommands(), testing::IsSupersetOf(expected_commands)); } @@ -653,42 +658,37 @@ TEST_P(ReportingHeaderParserTest, MultipleEndpointsDifferentGroups) { TEST_P(ReportingHeaderParserTest, MultipleHeadersFromDifferentOrigins) { // First origin sets a header with two endpoints in the same group. - std::vector<ReportingEndpoint::EndpointInfo> endpoints1 = {{kEndpoint_}, + std::vector<ReportingEndpoint::EndpointInfo> endpoints1 = {{kEndpoint1_}, {kEndpoint2_}}; std::string header1 = - ConstructHeaderGroupString(MakeEndpointGroup(kGroup_, endpoints1)); - ParseHeader(kUrl_, header1); + ConstructHeaderGroupString(MakeEndpointGroup(kGroup1_, endpoints1)); + ParseHeader(kNik_, kUrl1_, header1); // Second origin has two endpoint groups. - std::vector<ReportingEndpoint::EndpointInfo> endpoints2 = {{kEndpoint_}}; + std::vector<ReportingEndpoint::EndpointInfo> endpoints2 = {{kEndpoint1_}}; std::vector<ReportingEndpoint::EndpointInfo> endpoints3 = {{kEndpoint2_}}; std::string header2 = - ConstructHeaderGroupString(MakeEndpointGroup(kGroup_, endpoints2)) + + ConstructHeaderGroupString(MakeEndpointGroup(kGroup1_, endpoints2)) + ", " + ConstructHeaderGroupString(MakeEndpointGroup(kGroup2_, endpoints3)); - ParseHeader(kUrl2_, header2); + ParseHeader(kNik_, kUrl2_, header2); - EXPECT_TRUE(ClientExistsInCacheForOrigin(kOrigin_)); + EXPECT_TRUE(ClientExistsInCacheForOrigin(kOrigin1_)); EXPECT_TRUE(ClientExistsInCacheForOrigin(kOrigin2_)); - ReportingEndpointGroupKey kGroupKey1(NetworkIsolationKey(), kOrigin2_, - kGroup_); - ReportingEndpointGroupKey kGroupKey2(NetworkIsolationKey(), kOrigin2_, - kGroup2_); - EXPECT_EQ(3u, cache()->GetEndpointGroupCountForTesting()); EXPECT_TRUE( - EndpointGroupExistsInCache(kGroupKey_, OriginSubdomains::DEFAULT)); + EndpointGroupExistsInCache(kGroupKey11_, OriginSubdomains::DEFAULT)); EXPECT_TRUE( - EndpointGroupExistsInCache(kGroupKey1, OriginSubdomains::DEFAULT)); + EndpointGroupExistsInCache(kGroupKey21_, OriginSubdomains::DEFAULT)); EXPECT_TRUE( - EndpointGroupExistsInCache(kGroupKey2, OriginSubdomains::DEFAULT)); + EndpointGroupExistsInCache(kGroupKey22_, OriginSubdomains::DEFAULT)); EXPECT_EQ(4u, cache()->GetEndpointCount()); - EXPECT_TRUE(FindEndpointInCache(kGroupKey_, kEndpoint_)); - EXPECT_TRUE(FindEndpointInCache(kGroupKey_, kEndpoint2_)); - EXPECT_TRUE(FindEndpointInCache(kGroupKey1, kEndpoint_)); - EXPECT_TRUE(FindEndpointInCache(kGroupKey2, kEndpoint2_)); + EXPECT_TRUE(FindEndpointInCache(kGroupKey11_, kEndpoint1_)); + EXPECT_TRUE(FindEndpointInCache(kGroupKey11_, kEndpoint2_)); + EXPECT_TRUE(FindEndpointInCache(kGroupKey21_, kEndpoint1_)); + EXPECT_TRUE(FindEndpointInCache(kGroupKey22_, kEndpoint2_)); if (mock_store()) { mock_store()->Flush(); @@ -696,54 +696,247 @@ TEST_P(ReportingHeaderParserTest, MultipleHeadersFromDifferentOrigins) { EXPECT_EQ(3, mock_store()->StoredEndpointGroupsCount()); MockPersistentReportingStore::CommandList expected_commands; expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT, - kGroupKey_, kEndpoint_); + kGroupKey11_, kEndpoint1_); expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT, - kGroupKey_, kEndpoint2_); + kGroupKey11_, kEndpoint2_); expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT, - kGroupKey1, kEndpoint_); + kGroupKey21_, kEndpoint1_); expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT, - kGroupKey2, kEndpoint2_); + kGroupKey22_, kEndpoint2_); expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT_GROUP, - kGroupKey_); + kGroupKey11_); expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT_GROUP, - kGroupKey1); + kGroupKey21_); expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT_GROUP, - kGroupKey2); + kGroupKey22_); EXPECT_THAT(mock_store()->GetAllCommands(), testing::IsSupersetOf(expected_commands)); } } +// Test that each combination of NIK, origin, and group name is considered +// distinct. +// See also: ReportingCacheTest.ClientsKeyedByEndpointGroupKey +TEST_P(ReportingHeaderParserTest, EndpointGroupKey) { + // Raise the endpoint limits for this test. + ReportingPolicy policy; + policy.max_endpoints_per_origin = 5; // This test should use 4. + policy.max_endpoint_count = 20; // This test should use 16. + UsePolicy(policy); + + std::vector<ReportingEndpoint::EndpointInfo> endpoints1 = {{kEndpoint1_}, + {kEndpoint2_}}; + std::string header1 = + ConstructHeaderGroupString(MakeEndpointGroup(kGroup1_, endpoints1)) + + ", " + + ConstructHeaderGroupString(MakeEndpointGroup(kGroup2_, endpoints1)); + + const ReportingEndpointGroupKey kOtherGroupKey11 = + ReportingEndpointGroupKey(kOtherNik_, kOrigin1_, kGroup1_); + const ReportingEndpointGroupKey kOtherGroupKey21 = + ReportingEndpointGroupKey(kOtherNik_, kOrigin2_, kGroup1_); + const ReportingEndpointGroupKey kOtherGroupKey12 = + ReportingEndpointGroupKey(kOtherNik_, kOrigin1_, kGroup2_); + const ReportingEndpointGroupKey kOtherGroupKey22 = + ReportingEndpointGroupKey(kOtherNik_, kOrigin2_, kGroup2_); + + const struct { + NetworkIsolationKey network_isolation_key; + GURL url; + ReportingEndpointGroupKey group1_key; + ReportingEndpointGroupKey group2_key; + } kHeaderSources[] = { + {kNik_, kUrl1_, kGroupKey11_, kGroupKey12_}, + {kNik_, kUrl2_, kGroupKey21_, kGroupKey22_}, + {kOtherNik_, kUrl1_, kOtherGroupKey11, kOtherGroupKey12}, + {kOtherNik_, kUrl2_, kOtherGroupKey21, kOtherGroupKey22}, + }; + + size_t endpoint_group_count = 0u; + size_t endpoint_count = 0u; + MockPersistentReportingStore::CommandList expected_commands; + + // Set 2 endpoints in each of 2 groups for each of 2x2 combinations of + // (NIK, origin). + for (const auto& source : kHeaderSources) { + // Verify pre-parsing state + EXPECT_FALSE(FindEndpointInCache(source.group1_key, kEndpoint1_)); + EXPECT_FALSE(FindEndpointInCache(source.group1_key, kEndpoint2_)); + EXPECT_FALSE(FindEndpointInCache(source.group2_key, kEndpoint1_)); + EXPECT_FALSE(FindEndpointInCache(source.group2_key, kEndpoint2_)); + EXPECT_FALSE(EndpointGroupExistsInCache(source.group1_key, + OriginSubdomains::DEFAULT)); + EXPECT_FALSE(EndpointGroupExistsInCache(source.group2_key, + OriginSubdomains::DEFAULT)); + + ParseHeader(source.network_isolation_key, source.url, header1); + endpoint_group_count += 2u; + endpoint_count += 4u; + EXPECT_EQ(endpoint_group_count, cache()->GetEndpointGroupCountForTesting()); + EXPECT_EQ(endpoint_count, cache()->GetEndpointCount()); + + // Verify post-parsing state + EXPECT_TRUE(FindEndpointInCache(source.group1_key, kEndpoint1_)); + EXPECT_TRUE(FindEndpointInCache(source.group1_key, kEndpoint2_)); + EXPECT_TRUE(FindEndpointInCache(source.group2_key, kEndpoint1_)); + EXPECT_TRUE(FindEndpointInCache(source.group2_key, kEndpoint2_)); + EXPECT_TRUE(EndpointGroupExistsInCache(source.group1_key, + OriginSubdomains::DEFAULT)); + EXPECT_TRUE(EndpointGroupExistsInCache(source.group2_key, + OriginSubdomains::DEFAULT)); + + if (mock_store()) { + mock_store()->Flush(); + EXPECT_EQ(static_cast<int>(endpoint_count), + mock_store()->StoredEndpointsCount()); + EXPECT_EQ(static_cast<int>(endpoint_group_count), + mock_store()->StoredEndpointGroupsCount()); + expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT, + source.group1_key, kEndpoint1_); + expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT, + source.group1_key, kEndpoint2_); + expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT_GROUP, + source.group1_key); + expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT, + source.group2_key, kEndpoint1_); + expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT, + source.group2_key, kEndpoint2_); + expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT_GROUP, + source.group2_key); + EXPECT_THAT(mock_store()->GetAllCommands(), + testing::IsSupersetOf(expected_commands)); + } + } + + // Check that expected data is present in the ReportingCache at the end. + for (const auto& source : kHeaderSources) { + EXPECT_TRUE(FindEndpointInCache(source.group1_key, kEndpoint1_)); + EXPECT_TRUE(FindEndpointInCache(source.group1_key, kEndpoint2_)); + EXPECT_TRUE(FindEndpointInCache(source.group2_key, kEndpoint1_)); + EXPECT_TRUE(FindEndpointInCache(source.group2_key, kEndpoint2_)); + EXPECT_TRUE(EndpointGroupExistsInCache(source.group1_key, + OriginSubdomains::DEFAULT)); + EXPECT_TRUE(EndpointGroupExistsInCache(source.group2_key, + OriginSubdomains::DEFAULT)); + EXPECT_TRUE(cache()->ClientExistsForTesting( + source.network_isolation_key, url::Origin::Create(source.url))); + } + + // Test updating existing configurations + + // This removes endpoint 1, updates the priority of endpoint 2, and adds + // endpoint 3. + std::vector<ReportingEndpoint::EndpointInfo> endpoints2 = {{kEndpoint2_, 2}, + {kEndpoint3_}}; + // Removes group 1, updates include_subdomains for group 2. + std::string header2 = ConstructHeaderGroupString( + MakeEndpointGroup(kGroup2_, endpoints2, OriginSubdomains::INCLUDE)); + + for (const auto& source : kHeaderSources) { + // Verify pre-update state + EXPECT_TRUE(EndpointGroupExistsInCache(source.group1_key, + OriginSubdomains::DEFAULT)); + EXPECT_TRUE(EndpointGroupExistsInCache(source.group2_key, + OriginSubdomains::DEFAULT)); + EXPECT_TRUE(FindEndpointInCache(source.group2_key, kEndpoint1_)); + ReportingEndpoint endpoint = + FindEndpointInCache(source.group2_key, kEndpoint2_); + EXPECT_TRUE(endpoint); + EXPECT_EQ(ReportingEndpoint::EndpointInfo::kDefaultPriority, + endpoint.info.priority); + EXPECT_FALSE(FindEndpointInCache(source.group2_key, kEndpoint3_)); + + ParseHeader(source.network_isolation_key, source.url, header2); + endpoint_group_count--; + endpoint_count -= 2; + EXPECT_EQ(endpoint_group_count, cache()->GetEndpointGroupCountForTesting()); + EXPECT_EQ(endpoint_count, cache()->GetEndpointCount()); + + // Verify post-update state + EXPECT_FALSE(EndpointGroupExistsInCache(source.group1_key, + OriginSubdomains::DEFAULT)); + EXPECT_TRUE(EndpointGroupExistsInCache(source.group2_key, + OriginSubdomains::INCLUDE)); + EXPECT_FALSE(FindEndpointInCache(source.group2_key, kEndpoint1_)); + endpoint = FindEndpointInCache(source.group2_key, kEndpoint2_); + EXPECT_TRUE(endpoint); + EXPECT_EQ(2, endpoint.info.priority); + EXPECT_TRUE(FindEndpointInCache(source.group2_key, kEndpoint3_)); + + if (mock_store()) { + mock_store()->Flush(); + EXPECT_EQ(static_cast<int>(endpoint_count), + mock_store()->StoredEndpointsCount()); + EXPECT_EQ(static_cast<int>(endpoint_group_count), + mock_store()->StoredEndpointGroupsCount()); + expected_commands.emplace_back(CommandType::DELETE_REPORTING_ENDPOINT, + source.group1_key, kEndpoint1_); + expected_commands.emplace_back(CommandType::DELETE_REPORTING_ENDPOINT, + source.group1_key, kEndpoint2_); + expected_commands.emplace_back( + CommandType::DELETE_REPORTING_ENDPOINT_GROUP, source.group1_key); + expected_commands.emplace_back(CommandType::DELETE_REPORTING_ENDPOINT, + source.group2_key, kEndpoint1_); + expected_commands.emplace_back( + CommandType::UPDATE_REPORTING_ENDPOINT_DETAILS, source.group2_key, + kEndpoint2_); + expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT, + source.group2_key, kEndpoint3_); + expected_commands.emplace_back( + CommandType::UPDATE_REPORTING_ENDPOINT_GROUP_DETAILS, + source.group2_key); + EXPECT_THAT(mock_store()->GetAllCommands(), + testing::IsSupersetOf(expected_commands)); + } + } + + // Check that expected data is present in the ReportingCache at the end. + for (const auto& source : kHeaderSources) { + EXPECT_FALSE(FindEndpointInCache(source.group1_key, kEndpoint1_)); + EXPECT_FALSE(FindEndpointInCache(source.group1_key, kEndpoint2_)); + EXPECT_FALSE(FindEndpointInCache(source.group2_key, kEndpoint1_)); + EXPECT_TRUE(FindEndpointInCache(source.group2_key, kEndpoint2_)); + EXPECT_TRUE(FindEndpointInCache(source.group2_key, kEndpoint3_)); + EXPECT_FALSE(EndpointGroupExistsInCache(source.group1_key, + OriginSubdomains::DEFAULT)); + EXPECT_TRUE(EndpointGroupExistsInCache(source.group2_key, + OriginSubdomains::INCLUDE)); + EXPECT_TRUE(cache()->ClientExistsForTesting( + source.network_isolation_key, url::Origin::Create(source.url))); + } +} + TEST_P(ReportingHeaderParserTest, HeaderErroneouslyContainsMultipleGroupsOfSameName) { - std::vector<ReportingEndpoint::EndpointInfo> endpoints1 = {{kEndpoint_}}; + std::vector<ReportingEndpoint::EndpointInfo> endpoints1 = {{kEndpoint1_}}; std::vector<ReportingEndpoint::EndpointInfo> endpoints2 = {{kEndpoint2_}}; std::string header = - ConstructHeaderGroupString(MakeEndpointGroup(kGroup_, endpoints1)) + - ", " + ConstructHeaderGroupString(MakeEndpointGroup(kGroup_, endpoints2)); + ConstructHeaderGroupString(MakeEndpointGroup(kGroup1_, endpoints1)) + + ", " + + ConstructHeaderGroupString(MakeEndpointGroup(kGroup1_, endpoints2)); - ParseHeader(kUrl_, header); + ParseHeader(kNik_, kUrl1_, header); // Result is as if they set the two groups with the same name as one group. EXPECT_TRUE( - EndpointGroupExistsInCache(kGroupKey_, OriginSubdomains::DEFAULT)); + EndpointGroupExistsInCache(kGroupKey11_, OriginSubdomains::DEFAULT)); EXPECT_EQ(1u, cache()->GetEndpointGroupCountForTesting()); - EXPECT_TRUE(ClientExistsInCacheForOrigin(kOrigin_)); + EXPECT_TRUE(ClientExistsInCacheForOrigin(kOrigin1_)); EXPECT_EQ(2u, cache()->GetEndpointCount()); - ReportingEndpoint endpoint = FindEndpointInCache(kGroupKey_, kEndpoint_); + ReportingEndpoint endpoint = FindEndpointInCache(kGroupKey11_, kEndpoint1_); ASSERT_TRUE(endpoint); - EXPECT_EQ(kOrigin_, endpoint.group_key.origin); - EXPECT_EQ(kGroup_, endpoint.group_key.group_name); + EXPECT_EQ(kOrigin1_, endpoint.group_key.origin); + EXPECT_EQ(kGroup1_, endpoint.group_key.group_name); EXPECT_EQ(ReportingEndpoint::EndpointInfo::kDefaultPriority, endpoint.info.priority); EXPECT_EQ(ReportingEndpoint::EndpointInfo::kDefaultWeight, endpoint.info.weight); - ReportingEndpoint endpoint2 = FindEndpointInCache(kGroupKey_, kEndpoint2_); + ReportingEndpoint endpoint2 = FindEndpointInCache(kGroupKey11_, kEndpoint2_); ASSERT_TRUE(endpoint2); - EXPECT_EQ(kOrigin_, endpoint2.group_key.origin); - EXPECT_EQ(kGroup_, endpoint2.group_key.group_name); + EXPECT_EQ(kOrigin1_, endpoint2.group_key.origin); + EXPECT_EQ(kGroup1_, endpoint2.group_key.group_name); EXPECT_EQ(ReportingEndpoint::EndpointInfo::kDefaultPriority, endpoint2.info.priority); EXPECT_EQ(ReportingEndpoint::EndpointInfo::kDefaultWeight, @@ -755,11 +948,11 @@ TEST_P(ReportingHeaderParserTest, EXPECT_EQ(1, mock_store()->StoredEndpointGroupsCount()); MockPersistentReportingStore::CommandList expected_commands; expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT, - kGroupKey_, kEndpoint_); + kGroupKey11_, kEndpoint1_); expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT, - kGroupKey_, kEndpoint2_); + kGroupKey11_, kEndpoint2_); expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT_GROUP, - kGroupKey_); + kGroupKey11_); EXPECT_THAT(mock_store()->GetAllCommands(), testing::IsSupersetOf(expected_commands)); } @@ -767,83 +960,84 @@ TEST_P(ReportingHeaderParserTest, TEST_P(ReportingHeaderParserTest, HeaderErroneouslyContainsGroupsWithRedundantEndpoints) { - std::vector<ReportingEndpoint::EndpointInfo> endpoints = {{kEndpoint_}, - {kEndpoint_}}; + std::vector<ReportingEndpoint::EndpointInfo> endpoints = {{kEndpoint1_}, + {kEndpoint1_}}; std::string header = - ConstructHeaderGroupString(MakeEndpointGroup(kGroup_, endpoints)); - ParseHeader(kUrl_, header); + ConstructHeaderGroupString(MakeEndpointGroup(kGroup1_, endpoints)); + ParseHeader(kNik_, kUrl1_, header); // We should dedupe the identical endpoint URLs. EXPECT_EQ(1u, cache()->GetEndpointCount()); - ASSERT_TRUE(FindEndpointInCache(kGroupKey_, kEndpoint_)); + ASSERT_TRUE(FindEndpointInCache(kGroupKey11_, kEndpoint1_)); EXPECT_TRUE( - EndpointGroupExistsInCache(kGroupKey_, OriginSubdomains::DEFAULT)); + EndpointGroupExistsInCache(kGroupKey11_, OriginSubdomains::DEFAULT)); EXPECT_EQ(1u, cache()->GetEndpointGroupCountForTesting()); - EXPECT_TRUE(ClientExistsInCacheForOrigin(kOrigin_)); + EXPECT_TRUE(ClientExistsInCacheForOrigin(kOrigin1_)); } TEST_P(ReportingHeaderParserTest, HeaderErroneouslyContainsMultipleGroupsOfSameNameAndEndpoints) { - std::vector<ReportingEndpoint::EndpointInfo> endpoints = {{kEndpoint_}}; + std::vector<ReportingEndpoint::EndpointInfo> endpoints = {{kEndpoint1_}}; std::string header = - ConstructHeaderGroupString(MakeEndpointGroup(kGroup_, endpoints)) + ", " + - ConstructHeaderGroupString(MakeEndpointGroup(kGroup_, endpoints)); - ParseHeader(kUrl_, header); + ConstructHeaderGroupString(MakeEndpointGroup(kGroup1_, endpoints)) + + ", " + ConstructHeaderGroupString(MakeEndpointGroup(kGroup1_, endpoints)); + ParseHeader(kNik_, kUrl1_, header); // We should dedupe the identical endpoint URLs, even when they're in - // different headers. + // different group. EXPECT_EQ(1u, cache()->GetEndpointCount()); - ASSERT_TRUE(FindEndpointInCache(kGroupKey_, kEndpoint_)); + ASSERT_TRUE(FindEndpointInCache(kGroupKey11_, kEndpoint1_)); EXPECT_TRUE( - EndpointGroupExistsInCache(kGroupKey_, OriginSubdomains::DEFAULT)); + EndpointGroupExistsInCache(kGroupKey11_, OriginSubdomains::DEFAULT)); EXPECT_EQ(1u, cache()->GetEndpointGroupCountForTesting()); - EXPECT_TRUE(ClientExistsInCacheForOrigin(kOrigin_)); + EXPECT_TRUE(ClientExistsInCacheForOrigin(kOrigin1_)); } TEST_P(ReportingHeaderParserTest, HeaderErroneouslyContainsGroupsOfSameNameAndOverlappingEndpoints) { - std::vector<ReportingEndpoint::EndpointInfo> endpoints1 = {{kEndpoint_}, + std::vector<ReportingEndpoint::EndpointInfo> endpoints1 = {{kEndpoint1_}, {kEndpoint2_}}; - std::vector<ReportingEndpoint::EndpointInfo> endpoints2 = {{kEndpoint_}, + std::vector<ReportingEndpoint::EndpointInfo> endpoints2 = {{kEndpoint1_}, {kEndpoint3_}}; std::string header = - ConstructHeaderGroupString(MakeEndpointGroup(kGroup_, endpoints1)) + - ", " + ConstructHeaderGroupString(MakeEndpointGroup(kGroup_, endpoints2)); - ParseHeader(kUrl_, header); + ConstructHeaderGroupString(MakeEndpointGroup(kGroup1_, endpoints1)) + + ", " + + ConstructHeaderGroupString(MakeEndpointGroup(kGroup1_, endpoints2)); + ParseHeader(kNik_, kUrl1_, header); // We should dedupe the identical endpoint URLs, even when they're in - // different headers. + // different group. EXPECT_EQ(3u, cache()->GetEndpointCount()); - ASSERT_TRUE(FindEndpointInCache(kGroupKey_, kEndpoint_)); - ASSERT_TRUE(FindEndpointInCache(kGroupKey_, kEndpoint2_)); - ASSERT_TRUE(FindEndpointInCache(kGroupKey_, kEndpoint3_)); + ASSERT_TRUE(FindEndpointInCache(kGroupKey11_, kEndpoint1_)); + ASSERT_TRUE(FindEndpointInCache(kGroupKey11_, kEndpoint2_)); + ASSERT_TRUE(FindEndpointInCache(kGroupKey11_, kEndpoint3_)); EXPECT_TRUE( - EndpointGroupExistsInCache(kGroupKey_, OriginSubdomains::DEFAULT)); + EndpointGroupExistsInCache(kGroupKey11_, OriginSubdomains::DEFAULT)); EXPECT_EQ(1u, cache()->GetEndpointGroupCountForTesting()); - EXPECT_TRUE(ClientExistsInCacheForOrigin(kOrigin_)); + EXPECT_TRUE(ClientExistsInCacheForOrigin(kOrigin1_)); } TEST_P(ReportingHeaderParserTest, OverwriteOldHeader) { // First, the origin sets a header with two endpoints in the same group. std::vector<ReportingEndpoint::EndpointInfo> endpoints1 = { - {kEndpoint_, 10 /* priority */}, {kEndpoint2_}}; + {kEndpoint1_, 10 /* priority */}, {kEndpoint2_}}; std::string header1 = - ConstructHeaderGroupString(MakeEndpointGroup(kGroup_, endpoints1)); - ParseHeader(kUrl_, header1); + ConstructHeaderGroupString(MakeEndpointGroup(kGroup1_, endpoints1)); + ParseHeader(kNik_, kUrl1_, header1); - EXPECT_TRUE(ClientExistsInCacheForOrigin(kOrigin_)); + EXPECT_TRUE(ClientExistsInCacheForOrigin(kOrigin1_)); EXPECT_EQ(1u, cache()->GetEndpointGroupCountForTesting()); EXPECT_TRUE( - EndpointGroupExistsInCache(kGroupKey_, OriginSubdomains::DEFAULT)); + EndpointGroupExistsInCache(kGroupKey11_, OriginSubdomains::DEFAULT)); EXPECT_EQ(2u, cache()->GetEndpointCount()); - EXPECT_TRUE(FindEndpointInCache(kGroupKey_, kEndpoint_)); - EXPECT_TRUE(FindEndpointInCache(kGroupKey_, kEndpoint2_)); + EXPECT_TRUE(FindEndpointInCache(kGroupKey11_, kEndpoint1_)); + EXPECT_TRUE(FindEndpointInCache(kGroupKey11_, kEndpoint2_)); if (mock_store()) { mock_store()->Flush(); EXPECT_EQ(2, @@ -852,11 +1046,11 @@ TEST_P(ReportingHeaderParserTest, OverwriteOldHeader) { CommandType::ADD_REPORTING_ENDPOINT_GROUP)); MockPersistentReportingStore::CommandList expected_commands; expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT, - kGroupKey_, kEndpoint_); + kGroupKey11_, kEndpoint1_); expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT, - kGroupKey_, kEndpoint2_); + kGroupKey11_, kEndpoint2_); expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT_GROUP, - kGroupKey_); + kGroupKey11_); EXPECT_THAT(mock_store()->GetAllCommands(), testing::IsSupersetOf(expected_commands)); } @@ -864,28 +1058,28 @@ TEST_P(ReportingHeaderParserTest, OverwriteOldHeader) { // Second header from the same origin should overwrite the previous one. std::vector<ReportingEndpoint::EndpointInfo> endpoints2 = { // This endpoint should update the priority of the existing one. - {kEndpoint_, 20 /* priority */}}; + {kEndpoint1_, 20 /* priority */}}; // The second endpoint in this group will be deleted. // This group is new. std::vector<ReportingEndpoint::EndpointInfo> endpoints3 = {{kEndpoint2_}}; std::string header2 = - ConstructHeaderGroupString(MakeEndpointGroup(kGroup_, endpoints2)) + + ConstructHeaderGroupString(MakeEndpointGroup(kGroup1_, endpoints2)) + ", " + ConstructHeaderGroupString(MakeEndpointGroup(kGroup2_, endpoints3)); - ParseHeader(kUrl_, header2); + ParseHeader(kNik_, kUrl1_, header2); - EXPECT_TRUE(ClientExistsInCacheForOrigin(kOrigin_)); + EXPECT_TRUE(ClientExistsInCacheForOrigin(kOrigin1_)); EXPECT_TRUE( - EndpointGroupExistsInCache(kGroupKey_, OriginSubdomains::DEFAULT)); + EndpointGroupExistsInCache(kGroupKey11_, OriginSubdomains::DEFAULT)); EXPECT_TRUE( - EndpointGroupExistsInCache(kGroupKey2_, OriginSubdomains::DEFAULT)); + EndpointGroupExistsInCache(kGroupKey12_, OriginSubdomains::DEFAULT)); EXPECT_EQ(2u, cache()->GetEndpointCount()); - EXPECT_TRUE(FindEndpointInCache(kGroupKey_, kEndpoint_)); - EXPECT_EQ(20, FindEndpointInCache(kGroupKey_, kEndpoint_).info.priority); - EXPECT_FALSE(FindEndpointInCache(kGroupKey_, kEndpoint2_)); - EXPECT_TRUE(FindEndpointInCache(kGroupKey2_, kEndpoint2_)); + EXPECT_TRUE(FindEndpointInCache(kGroupKey11_, kEndpoint1_)); + EXPECT_EQ(20, FindEndpointInCache(kGroupKey11_, kEndpoint1_).info.priority); + EXPECT_FALSE(FindEndpointInCache(kGroupKey11_, kEndpoint2_)); + EXPECT_TRUE(FindEndpointInCache(kGroupKey12_, kEndpoint2_)); if (mock_store()) { mock_store()->Flush(); EXPECT_EQ(2 + 1, @@ -896,22 +1090,22 @@ TEST_P(ReportingHeaderParserTest, OverwriteOldHeader) { 1, mock_store()->CountCommands(CommandType::DELETE_REPORTING_ENDPOINT)); MockPersistentReportingStore::CommandList expected_commands; expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT, - kGroupKey2_, kEndpoint2_); + kGroupKey12_, kEndpoint2_); expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT_GROUP, - kGroupKey2_); + kGroupKey12_); expected_commands.emplace_back(CommandType::DELETE_REPORTING_ENDPOINT, - kGroupKey_, kEndpoint2_); + kGroupKey11_, kEndpoint2_); EXPECT_THAT(mock_store()->GetAllCommands(), testing::IsSupersetOf(expected_commands)); } } TEST_P(ReportingHeaderParserTest, OverwriteOldHeaderWithCompletelyNew) { - ReportingEndpointGroupKey kGroupKey1(NetworkIsolationKey(), kOrigin_, "1"); - ReportingEndpointGroupKey kGroupKey2(NetworkIsolationKey(), kOrigin_, "2"); - ReportingEndpointGroupKey kGroupKey3(NetworkIsolationKey(), kOrigin_, "3"); - ReportingEndpointGroupKey kGroupKey4(NetworkIsolationKey(), kOrigin_, "4"); - ReportingEndpointGroupKey kGroupKey5(NetworkIsolationKey(), kOrigin_, "5"); + ReportingEndpointGroupKey kGroupKey1(kNik_, kOrigin1_, "1"); + ReportingEndpointGroupKey kGroupKey2(kNik_, kOrigin1_, "2"); + ReportingEndpointGroupKey kGroupKey3(kNik_, kOrigin1_, "3"); + ReportingEndpointGroupKey kGroupKey4(kNik_, kOrigin1_, "4"); + ReportingEndpointGroupKey kGroupKey5(kNik_, kOrigin1_, "5"); std::vector<ReportingEndpoint::EndpointInfo> endpoints1_1 = {{MakeURL(10)}, {MakeURL(11)}}; std::vector<ReportingEndpoint::EndpointInfo> endpoints2_1 = {{MakeURL(20)}, @@ -922,8 +1116,8 @@ TEST_P(ReportingHeaderParserTest, OverwriteOldHeaderWithCompletelyNew) { ConstructHeaderGroupString(MakeEndpointGroup("1", endpoints1_1)) + ", " + ConstructHeaderGroupString(MakeEndpointGroup("2", endpoints2_1)) + ", " + ConstructHeaderGroupString(MakeEndpointGroup("3", endpoints3_1)); - ParseHeader(kUrl_, header1); - EXPECT_TRUE(ClientExistsInCacheForOrigin(kOrigin_)); + ParseHeader(kNik_, kUrl1_, header1); + EXPECT_TRUE(ClientExistsInCacheForOrigin(kOrigin1_)); EXPECT_EQ(3u, cache()->GetEndpointGroupCountForTesting()); EXPECT_TRUE( EndpointGroupExistsInCache(kGroupKey1, OriginSubdomains::DEFAULT)); @@ -969,8 +1163,8 @@ TEST_P(ReportingHeaderParserTest, OverwriteOldHeaderWithCompletelyNew) { ConstructHeaderGroupString(MakeEndpointGroup("1", endpoints1_2)) + ", " + ConstructHeaderGroupString(MakeEndpointGroup("2", endpoints2_2)) + ", " + ConstructHeaderGroupString(MakeEndpointGroup("3", endpoints3_2)); - ParseHeader(kUrl_, header2); - EXPECT_TRUE(ClientExistsInCacheForOrigin(kOrigin_)); + ParseHeader(kNik_, kUrl1_, header2); + EXPECT_TRUE(ClientExistsInCacheForOrigin(kOrigin1_)); EXPECT_EQ(3u, cache()->GetEndpointGroupCountForTesting()); EXPECT_TRUE( EndpointGroupExistsInCache(kGroupKey1, OriginSubdomains::DEFAULT)); @@ -1027,8 +1221,8 @@ TEST_P(ReportingHeaderParserTest, OverwriteOldHeaderWithCompletelyNew) { std::string header3 = ConstructHeaderGroupString(MakeEndpointGroup("4", endpoints4_3)) + ", " + ConstructHeaderGroupString(MakeEndpointGroup("5", endpoints5_3)); - ParseHeader(kUrl_, header3); - EXPECT_TRUE(ClientExistsInCacheForOrigin(kOrigin_)); + ParseHeader(kNik_, kUrl1_, header3); + EXPECT_TRUE(ClientExistsInCacheForOrigin(kOrigin1_)); EXPECT_EQ(2u, cache()->GetEndpointGroupCountForTesting()); EXPECT_TRUE( EndpointGroupExistsInCache(kGroupKey4, OriginSubdomains::DEFAULT)); @@ -1080,8 +1274,9 @@ TEST_P(ReportingHeaderParserTest, OverwriteOldHeaderWithCompletelyNew) { TEST_P(ReportingHeaderParserTest, ZeroMaxAgeRemovesEndpointGroup) { // Without a pre-existing client, max_age: 0 should do nothing. ASSERT_EQ(0u, cache()->GetEndpointCount()); - ParseHeader(kUrl_, "{\"endpoints\":[{\"url\":\"" + kEndpoint_.spec() + - "\"}],\"max_age\":0}"); + ParseHeader(kNik_, kUrl1_, + "{\"endpoints\":[{\"url\":\"" + kEndpoint1_.spec() + + "\"}],\"max_age\":0}"); EXPECT_EQ(0u, cache()->GetEndpointCount()); if (mock_store()) { mock_store()->Flush(); @@ -1092,20 +1287,20 @@ TEST_P(ReportingHeaderParserTest, ZeroMaxAgeRemovesEndpointGroup) { } // Set a header with two endpoint groups. - std::vector<ReportingEndpoint::EndpointInfo> endpoints1 = {{kEndpoint_}}; + std::vector<ReportingEndpoint::EndpointInfo> endpoints1 = {{kEndpoint1_}}; std::vector<ReportingEndpoint::EndpointInfo> endpoints2 = {{kEndpoint2_}}; std::string header1 = - ConstructHeaderGroupString(MakeEndpointGroup(kGroup_, endpoints1)) + + ConstructHeaderGroupString(MakeEndpointGroup(kGroup1_, endpoints1)) + ", " + ConstructHeaderGroupString(MakeEndpointGroup(kGroup2_, endpoints2)); - ParseHeader(kUrl_, header1); + ParseHeader(kNik_, kUrl1_, header1); - EXPECT_TRUE(ClientExistsInCacheForOrigin(kOrigin_)); + EXPECT_TRUE(ClientExistsInCacheForOrigin(kOrigin1_)); EXPECT_EQ(2u, cache()->GetEndpointGroupCountForTesting()); EXPECT_TRUE( - EndpointGroupExistsInCache(kGroupKey_, OriginSubdomains::DEFAULT)); + EndpointGroupExistsInCache(kGroupKey11_, OriginSubdomains::DEFAULT)); EXPECT_TRUE( - EndpointGroupExistsInCache(kGroupKey2_, OriginSubdomains::DEFAULT)); + EndpointGroupExistsInCache(kGroupKey12_, OriginSubdomains::DEFAULT)); EXPECT_EQ(2u, cache()->GetEndpointCount()); if (mock_store()) { mock_store()->Flush(); @@ -1115,35 +1310,35 @@ TEST_P(ReportingHeaderParserTest, ZeroMaxAgeRemovesEndpointGroup) { CommandType::ADD_REPORTING_ENDPOINT_GROUP)); MockPersistentReportingStore::CommandList expected_commands; expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT, - kGroupKey_, kEndpoint_); + kGroupKey11_, kEndpoint1_); expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT, - kGroupKey2_, kEndpoint2_); + kGroupKey12_, kEndpoint2_); expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT_GROUP, - kGroupKey_); + kGroupKey11_); expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT_GROUP, - kGroupKey2_); + kGroupKey12_); EXPECT_THAT(mock_store()->GetAllCommands(), testing::IsSupersetOf(expected_commands)); } // Set another header with max_age: 0 to delete one of the groups. std::string header2 = ConstructHeaderGroupString(MakeEndpointGroup( - kGroup_, endpoints1, OriginSubdomains::DEFAULT, + kGroup1_, endpoints1, OriginSubdomains::DEFAULT, base::TimeDelta::FromSeconds(0))) + ", " + ConstructHeaderGroupString(MakeEndpointGroup( kGroup2_, endpoints2)); // Other group stays. - ParseHeader(kUrl_, header2); + ParseHeader(kNik_, kUrl1_, header2); - EXPECT_TRUE(ClientExistsInCacheForOrigin(kOrigin_)); + EXPECT_TRUE(ClientExistsInCacheForOrigin(kOrigin1_)); EXPECT_EQ(1u, cache()->GetEndpointGroupCountForTesting()); // Group was deleted. EXPECT_FALSE( - EndpointGroupExistsInCache(kGroupKey_, OriginSubdomains::DEFAULT)); + EndpointGroupExistsInCache(kGroupKey11_, OriginSubdomains::DEFAULT)); // Other group remains in the cache. EXPECT_TRUE( - EndpointGroupExistsInCache(kGroupKey2_, OriginSubdomains::DEFAULT)); + EndpointGroupExistsInCache(kGroupKey12_, OriginSubdomains::DEFAULT)); EXPECT_EQ(1u, cache()->GetEndpointCount()); if (mock_store()) { mock_store()->Flush(); @@ -1157,9 +1352,9 @@ TEST_P(ReportingHeaderParserTest, ZeroMaxAgeRemovesEndpointGroup) { CommandType::DELETE_REPORTING_ENDPOINT_GROUP)); MockPersistentReportingStore::CommandList expected_commands; expected_commands.emplace_back(CommandType::DELETE_REPORTING_ENDPOINT, - kGroupKey_, kEndpoint_); + kGroupKey11_, kEndpoint1_); expected_commands.emplace_back(CommandType::DELETE_REPORTING_ENDPOINT_GROUP, - kGroupKey_); + kGroupKey11_); EXPECT_THAT(mock_store()->GetAllCommands(), testing::IsSupersetOf(expected_commands)); } @@ -1169,11 +1364,11 @@ TEST_P(ReportingHeaderParserTest, ZeroMaxAgeRemovesEndpointGroup) { std::string header3 = ConstructHeaderGroupString(MakeEndpointGroup( kGroup2_, std::vector<ReportingEndpoint::EndpointInfo>(), OriginSubdomains::DEFAULT, base::TimeDelta::FromSeconds(0))); - ParseHeader(kUrl_, header3); + ParseHeader(kNik_, kUrl1_, header3); // Deletion of the last remaining group also deletes the client for this // origin. - EXPECT_FALSE(ClientExistsInCacheForOrigin(kOrigin_)); + EXPECT_FALSE(ClientExistsInCacheForOrigin(kOrigin1_)); EXPECT_EQ(0u, cache()->GetEndpointGroupCountForTesting()); EXPECT_EQ(0u, cache()->GetEndpointCount()); if (mock_store()) { @@ -1188,9 +1383,9 @@ TEST_P(ReportingHeaderParserTest, ZeroMaxAgeRemovesEndpointGroup) { CommandType::DELETE_REPORTING_ENDPOINT_GROUP)); MockPersistentReportingStore::CommandList expected_commands; expected_commands.emplace_back(CommandType::DELETE_REPORTING_ENDPOINT, - kGroupKey2_, kEndpoint2_); + kGroupKey12_, kEndpoint2_); expected_commands.emplace_back(CommandType::DELETE_REPORTING_ENDPOINT_GROUP, - kGroupKey2_); + kGroupKey12_); EXPECT_THAT(mock_store()->GetAllCommands(), testing::IsSupersetOf(expected_commands)); } @@ -1203,8 +1398,8 @@ TEST_P(ReportingHeaderParserTest, EvictEndpointsOverPerOriginLimit1) { endpoints.push_back({MakeURL(i)}); } std::string header = - ConstructHeaderGroupString(MakeEndpointGroup(kGroup_, endpoints)); - ParseHeader(kUrl_, header); + ConstructHeaderGroupString(MakeEndpointGroup(kGroup1_, endpoints)); + ParseHeader(kNik_, kUrl1_, header); // Endpoint count should be at most the limit. EXPECT_GE(policy().max_endpoints_per_origin, cache()->GetEndpointCount()); @@ -1231,7 +1426,7 @@ TEST_P(ReportingHeaderParserTest, EvictEndpointsOverPerOriginLimit2) { if (i != policy().max_endpoints_per_origin) header = header + ", "; } - ParseHeader(kUrl_, header); + ParseHeader(kNik_, kUrl1_, header); // Endpoint count should be at most the limit. EXPECT_GE(policy().max_endpoints_per_origin, cache()->GetEndpointCount()); @@ -1256,14 +1451,15 @@ TEST_P(ReportingHeaderParserTest, EvictEndpointsOverGlobalLimit) { for (size_t i = 0; i < policy().max_endpoint_count; ++i) { std::vector<ReportingEndpoint::EndpointInfo> endpoints = {{MakeURL(i)}}; std::string header = - ConstructHeaderGroupString(MakeEndpointGroup(kGroup_, endpoints)); - ParseHeader(MakeURL(i), header); + ConstructHeaderGroupString(MakeEndpointGroup(kGroup1_, endpoints)); + ParseHeader(kNik_, MakeURL(i), header); } EXPECT_EQ(policy().max_endpoint_count, cache()->GetEndpointCount()); // Parse one more header to trigger eviction. - ParseHeader(kUrl_, "{\"endpoints\":[{\"url\":\"" + kEndpoint_.spec() + - "\"}],\"max_age\":1}"); + ParseHeader(kNik_, kUrl1_, + "{\"endpoints\":[{\"url\":\"" + kEndpoint1_.spec() + + "\"}],\"max_age\":1}"); // Endpoint count should be at most the limit. EXPECT_GE(policy().max_endpoint_count, cache()->GetEndpointCount()); diff --git a/chromium/net/reporting/reporting_network_change_observer_unittest.cc b/chromium/net/reporting/reporting_network_change_observer_unittest.cc index d5e07701b67..f5ae0ce626b 100644 --- a/chromium/net/reporting/reporting_network_change_observer_unittest.cc +++ b/chromium/net/reporting/reporting_network_change_observer_unittest.cc @@ -43,6 +43,7 @@ class ReportingNetworkChangeObserverTest : public ReportingTestBase { return reports.size(); } + const NetworkIsolationKey kNik_; const GURL kUrl_ = GURL("https://origin/path"); const url::Origin kOrigin_ = url::Origin::Create(kUrl_); const GURL kEndpoint_ = GURL("https://endpoint/"); @@ -59,7 +60,7 @@ TEST_F(ReportingNetworkChangeObserverTest, ClearNothing) { new_policy.persist_clients_across_network_changes = true; UsePolicy(new_policy); - cache()->AddReport(kUrl_, kUserAgent_, kGroup_, kType_, + cache()->AddReport(kNik_, kUrl_, kUserAgent_, kGroup_, kType_, std::make_unique<base::DictionaryValue>(), 0, tick_clock()->NowTicks(), 0); SetEndpoint(); @@ -78,7 +79,7 @@ TEST_F(ReportingNetworkChangeObserverTest, ClearReports) { new_policy.persist_clients_across_network_changes = true; UsePolicy(new_policy); - cache()->AddReport(kUrl_, kUserAgent_, kGroup_, kType_, + cache()->AddReport(kNik_, kUrl_, kUserAgent_, kGroup_, kType_, std::make_unique<base::DictionaryValue>(), 0, tick_clock()->NowTicks(), 0); SetEndpoint(); @@ -97,7 +98,7 @@ TEST_F(ReportingNetworkChangeObserverTest, ClearClients) { new_policy.persist_clients_across_network_changes = false; UsePolicy(new_policy); - cache()->AddReport(kUrl_, kUserAgent_, kGroup_, kType_, + cache()->AddReport(kNik_, kUrl_, kUserAgent_, kGroup_, kType_, std::make_unique<base::DictionaryValue>(), 0, tick_clock()->NowTicks(), 0); SetEndpoint(); @@ -116,7 +117,7 @@ TEST_F(ReportingNetworkChangeObserverTest, ClearReportsAndClients) { new_policy.persist_clients_across_network_changes = false; UsePolicy(new_policy); - cache()->AddReport(kUrl_, kUserAgent_, kGroup_, kType_, + cache()->AddReport(kNik_, kUrl_, kUserAgent_, kGroup_, kType_, std::make_unique<base::DictionaryValue>(), 0, tick_clock()->NowTicks(), 0); SetEndpoint(); diff --git a/chromium/net/reporting/reporting_report.cc b/chromium/net/reporting/reporting_report.cc index 5c7f3e57291..63648cff1b9 100644 --- a/chromium/net/reporting/reporting_report.cc +++ b/chromium/net/reporting/reporting_report.cc @@ -24,15 +24,18 @@ void RecordReportOutcome(ReportingReport::Outcome outcome) { } // namespace -ReportingReport::ReportingReport(const GURL& url, - const std::string& user_agent, - const std::string& group, - const std::string& type, - std::unique_ptr<const base::Value> body, - int depth, - base::TimeTicks queued, - int attempts) - : url(url), +ReportingReport::ReportingReport( + const NetworkIsolationKey& network_isolation_key, + const GURL& url, + const std::string& user_agent, + const std::string& group, + const std::string& type, + std::unique_ptr<const base::Value> body, + int depth, + base::TimeTicks queued, + int attempts) + : network_isolation_key(network_isolation_key), + url(url), user_agent(user_agent), group(group), type(type), diff --git a/chromium/net/reporting/reporting_report.h b/chromium/net/reporting/reporting_report.h index a80fa6c410b..02018ad25df 100644 --- a/chromium/net/reporting/reporting_report.h +++ b/chromium/net/reporting/reporting_report.h @@ -11,6 +11,7 @@ #include "base/optional.h" #include "base/time/time.h" #include "net/base/net_export.h" +#include "net/base/network_isolation_key.h" #include "url/gurl.h" namespace base { @@ -51,7 +52,8 @@ struct NET_EXPORT ReportingReport { }; // TODO(chlily): Remove |attempts| argument as it is (almost?) always 0. - ReportingReport(const GURL& url, + ReportingReport(const NetworkIsolationKey& network_isolation_key, + const GURL& url, const std::string& user_agent, const std::string& group, const std::string& type, @@ -69,6 +71,10 @@ struct NET_EXPORT ReportingReport { // Whether the report is part of an ongoing delivery attempt. bool IsUploadPending() const; + // The NIK of the request that triggered this report. (Not included in the + // delivered report.) + NetworkIsolationKey network_isolation_key; + // The URL of the document that triggered the report. (Included in the // delivered report.) GURL url; diff --git a/chromium/net/reporting/reporting_service.cc b/chromium/net/reporting/reporting_service.cc index a10ca1002b5..2a410343302 100644 --- a/chromium/net/reporting/reporting_service.cc +++ b/chromium/net/reporting/reporting_service.cc @@ -71,10 +71,12 @@ class ReportingServiceImpl : public ReportingService { // base::Unretained is safe because the callback is stored in // |task_backlog_| which will not outlive |this|. - DoOrBacklogTask(base::BindOnce(&ReportingServiceImpl::DoQueueReport, - base::Unretained(this), - std::move(sanitized_url), user_agent, group, - type, std::move(body), depth, queued_ticks)); + // TODO(chlily): Get NetworkIsolationKey from caller. + NetworkIsolationKey network_isolation_key = NetworkIsolationKey::Todo(); + DoOrBacklogTask(base::BindOnce( + &ReportingServiceImpl::DoQueueReport, base::Unretained(this), + network_isolation_key, std::move(sanitized_url), user_agent, group, + type, std::move(body), depth, queued_ticks)); } void ProcessHeader(const GURL& url, @@ -93,9 +95,10 @@ class ReportingServiceImpl : public ReportingService { } DVLOG(1) << "Received Reporting policy for " << url.GetOrigin(); - DoOrBacklogTask(base::BindOnce(&ReportingServiceImpl::DoProcessHeader, - base::Unretained(this), url, - std::move(header_value))); + // TODO(chlily): Get the proper NetworkIsolationKey from the caller. + DoOrBacklogTask(base::BindOnce( + &ReportingServiceImpl::DoProcessHeader, base::Unretained(this), + NetworkIsolationKey::Todo(), url, std::move(header_value))); } void RemoveBrowsingData(int data_type_mask, @@ -148,7 +151,8 @@ class ReportingServiceImpl : public ReportingService { std::move(task).Run(); } - void DoQueueReport(GURL sanitized_url, + void DoQueueReport(const NetworkIsolationKey& network_isolation_key, + GURL sanitized_url, const std::string& user_agent, const std::string& group, const std::string& type, @@ -156,16 +160,17 @@ class ReportingServiceImpl : public ReportingService { int depth, base::TimeTicks queued_ticks) { DCHECK(initialized_); - context_->cache()->AddReport(sanitized_url, user_agent, group, type, - std::move(body), depth, queued_ticks, - 0 /* attempts */); + context_->cache()->AddReport(network_isolation_key, sanitized_url, + user_agent, group, type, std::move(body), + depth, queued_ticks, 0 /* attempts */); } - void DoProcessHeader(const GURL& url, + void DoProcessHeader(const NetworkIsolationKey& network_isolation_key, + const GURL& url, std::unique_ptr<base::Value> header_value) { DCHECK(initialized_); - ReportingHeaderParser::ParseHeader(context_.get(), url, - std::move(header_value)); + ReportingHeaderParser::ParseHeader(context_.get(), network_isolation_key, + url, std::move(header_value)); } void DoRemoveBrowsingData( diff --git a/chromium/net/reporting/reporting_test_util.cc b/chromium/net/reporting/reporting_test_util.cc index 490231d3771..47ebd724330 100644 --- a/chromium/net/reporting/reporting_test_util.cc +++ b/chromium/net/reporting/reporting_test_util.cc @@ -9,9 +9,10 @@ #include <vector> #include "base/bind.h" +#include "base/check_op.h" #include "base/json/json_reader.h" -#include "base/logging.h" #include "base/memory/ptr_util.h" +#include "base/notreached.h" #include "base/strings/stringprintf.h" #include "base/test/simple_test_clock.h" #include "base/test/simple_test_tick_clock.h" diff --git a/chromium/net/reporting/reporting_uploader_unittest.cc b/chromium/net/reporting/reporting_uploader_unittest.cc index b1fb4ad3122..66b61e7e4ef 100644 --- a/chromium/net/reporting/reporting_uploader_unittest.cc +++ b/chromium/net/reporting/reporting_uploader_unittest.cc @@ -452,7 +452,7 @@ TEST_F(ReportingUploaderTest, DontSendCookies) { auto cookie = CanonicalCookie::Create(url, "foo=bar", base::Time::Now(), base::nullopt /* server_time */); context_.cookie_store()->SetCanonicalCookieAsync( - std::move(cookie), url.scheme(), CookieOptions::MakeAllInclusive(), + std::move(cookie), url, CookieOptions::MakeAllInclusive(), cookie_callback.MakeCallback()); cookie_callback.WaitUntilDone(); ASSERT_TRUE(cookie_callback.result().IsInclude()); diff --git a/chromium/net/server/http_server_fuzzer.cc b/chromium/net/server/http_server_fuzzer.cc index 0509bde4ca7..3bee3faf090 100644 --- a/chromium/net/server/http_server_fuzzer.cc +++ b/chromium/net/server/http_server_fuzzer.cc @@ -4,7 +4,7 @@ #include <fuzzer/FuzzedDataProvider.h> -#include "base/logging.h" +#include "base/check_op.h" #include "base/macros.h" #include "base/run_loop.h" #include "net/base/net_errors.h" diff --git a/chromium/net/server/http_server_unittest.cc b/chromium/net/server/http_server_unittest.cc index 509ece87cc8..824dbe484eb 100644 --- a/chromium/net/server/http_server_unittest.cc +++ b/chromium/net/server/http_server_unittest.cc @@ -15,13 +15,14 @@ #include "base/bind.h" #include "base/bind_helpers.h" #include "base/callback_helpers.h" +#include "base/check_op.h" #include "base/compiler_specific.h" #include "base/format_macros.h" #include "base/location.h" -#include "base/logging.h" #include "base/memory/ptr_util.h" #include "base/memory/ref_counted.h" #include "base/memory/weak_ptr.h" +#include "base/notreached.h" #include "base/run_loop.h" #include "base/single_thread_task_runner.h" #include "base/stl_util.h" diff --git a/chromium/net/server/web_socket.cc b/chromium/net/server/web_socket.cc index 60d90741667..89f4be2d1d2 100644 --- a/chromium/net/server/web_socket.cc +++ b/chromium/net/server/web_socket.cc @@ -7,8 +7,8 @@ #include <vector> #include "base/base64.h" +#include "base/check.h" #include "base/hash/sha1.h" -#include "base/logging.h" #include "base/strings/string_number_conversions.h" #include "base/strings/stringprintf.h" #include "base/sys_byteorder.h" diff --git a/chromium/net/server/web_socket_encoder.cc b/chromium/net/server/web_socket_encoder.cc index e6d4c64248b..760ff6b9ebd 100644 --- a/chromium/net/server/web_socket_encoder.cc +++ b/chromium/net/server/web_socket_encoder.cc @@ -8,7 +8,7 @@ #include <utility> #include <vector> -#include "base/logging.h" +#include "base/check.h" #include "base/memory/ptr_util.h" #include "base/strings/string_number_conversions.h" #include "net/base/io_buffer.h" diff --git a/chromium/net/socket/client_socket_handle.cc b/chromium/net/socket/client_socket_handle.cc index f23033c3273..f269dce0b3a 100644 --- a/chromium/net/socket/client_socket_handle.cc +++ b/chromium/net/socket/client_socket_handle.cc @@ -8,8 +8,9 @@ #include "base/bind.h" #include "base/bind_helpers.h" +#include "base/check_op.h" #include "base/compiler_specific.h" -#include "base/logging.h" +#include "base/notreached.h" #include "base/trace_event/trace_event.h" #include "net/base/net_errors.h" #include "net/base/trace_constants.h" diff --git a/chromium/net/socket/client_socket_pool.cc b/chromium/net/socket/client_socket_pool.cc index 8e9f7e601c7..d1ea3f31a25 100644 --- a/chromium/net/socket/client_socket_pool.cc +++ b/chromium/net/socket/client_socket_pool.cc @@ -7,8 +7,8 @@ #include <utility> #include "base/bind.h" +#include "base/check_op.h" #include "base/feature_list.h" -#include "base/logging.h" #include "net/base/features.h" #include "net/http/http_proxy_connect_job.h" #include "net/log/net_log_event_type.h" diff --git a/chromium/net/socket/client_socket_pool_base_unittest.cc b/chromium/net/socket/client_socket_pool_base_unittest.cc index 831ef5b373e..be3196e53bc 100644 --- a/chromium/net/socket/client_socket_pool_base_unittest.cc +++ b/chromium/net/socket/client_socket_pool_base_unittest.cc @@ -11,10 +11,11 @@ #include "base/bind.h" #include "base/bind_helpers.h" #include "base/callback.h" +#include "base/check_op.h" #include "base/location.h" -#include "base/logging.h" #include "base/memory/ref_counted.h" #include "base/memory/weak_ptr.h" +#include "base/notreached.h" #include "base/optional.h" #include "base/run_loop.h" #include "base/single_thread_task_runner.h" diff --git a/chromium/net/socket/client_socket_pool_manager.cc b/chromium/net/socket/client_socket_pool_manager.cc index 84e6de660dc..7e3e69664df 100644 --- a/chromium/net/socket/client_socket_pool_manager.cc +++ b/chromium/net/socket/client_socket_pool_manager.cc @@ -6,7 +6,7 @@ #include <memory> -#include "base/logging.h" +#include "base/check_op.h" #include "base/metrics/field_trial_params.h" #include "base/optional.h" #include "base/stl_util.h" diff --git a/chromium/net/socket/client_socket_pool_manager_impl.cc b/chromium/net/socket/client_socket_pool_manager_impl.cc index d1835a50c12..0d7a15110f6 100644 --- a/chromium/net/socket/client_socket_pool_manager_impl.cc +++ b/chromium/net/socket/client_socket_pool_manager_impl.cc @@ -7,7 +7,7 @@ #include <algorithm> #include <utility> -#include "base/logging.h" +#include "base/check_op.h" #include "base/values.h" #include "net/base/proxy_server.h" #include "net/http/http_network_session.h" diff --git a/chromium/net/socket/connect_job_test_util.cc b/chromium/net/socket/connect_job_test_util.cc index 45120b9b0e4..12f3ae24313 100644 --- a/chromium/net/socket/connect_job_test_util.cc +++ b/chromium/net/socket/connect_job_test_util.cc @@ -6,7 +6,7 @@ #include <utility> -#include "base/logging.h" +#include "base/check.h" #include "base/run_loop.h" #include "net/socket/stream_socket.h" #include "net/test/gtest_util.h" diff --git a/chromium/net/socket/connect_job_unittest.cc b/chromium/net/socket/connect_job_unittest.cc index 8c826557bb9..4f1c8e999d2 100644 --- a/chromium/net/socket/connect_job_unittest.cc +++ b/chromium/net/socket/connect_job_unittest.cc @@ -6,7 +6,6 @@ #include "base/bind.h" #include "base/callback.h" -#include "base/logging.h" #include "base/macros.h" #include "base/run_loop.h" #include "base/test/task_environment.h" diff --git a/chromium/net/socket/fuzzed_datagram_client_socket.cc b/chromium/net/socket/fuzzed_datagram_client_socket.cc index 4e8a71071bf..897332e1932 100644 --- a/chromium/net/socket/fuzzed_datagram_client_socket.cc +++ b/chromium/net/socket/fuzzed_datagram_client_socket.cc @@ -10,8 +10,8 @@ #include <string> #include "base/bind.h" +#include "base/check_op.h" #include "base/location.h" -#include "base/logging.h" #include "base/strings/string_piece.h" #include "base/threading/thread_task_runner_handle.h" #include "net/base/io_buffer.h" diff --git a/chromium/net/socket/fuzzed_socket.cc b/chromium/net/socket/fuzzed_socket.cc index c56543f794d..abdaeea46f1 100644 --- a/chromium/net/socket/fuzzed_socket.cc +++ b/chromium/net/socket/fuzzed_socket.cc @@ -9,8 +9,9 @@ #include <algorithm> #include "base/bind.h" +#include "base/check_op.h" #include "base/location.h" -#include "base/logging.h" +#include "base/notreached.h" #include "base/threading/thread_task_runner_handle.h" #include "net/base/io_buffer.h" #include "net/log/net_log_source_type.h" diff --git a/chromium/net/socket/fuzzed_socket_factory.cc b/chromium/net/socket/fuzzed_socket_factory.cc index 2b2a70e342a..fb2d12c973a 100644 --- a/chromium/net/socket/fuzzed_socket_factory.cc +++ b/chromium/net/socket/fuzzed_socket_factory.cc @@ -6,7 +6,7 @@ #include <fuzzer/FuzzedDataProvider.h> -#include "base/logging.h" +#include "base/notreached.h" #include "net/base/address_list.h" #include "net/base/ip_endpoint.h" #include "net/base/net_errors.h" diff --git a/chromium/net/socket/read_buffering_stream_socket.cc b/chromium/net/socket/read_buffering_stream_socket.cc index c60ac1b65f9..b56d55430ac 100644 --- a/chromium/net/socket/read_buffering_stream_socket.cc +++ b/chromium/net/socket/read_buffering_stream_socket.cc @@ -6,7 +6,8 @@ #include <algorithm> -#include "base/logging.h" +#include "base/check_op.h" +#include "base/notreached.h" #include "net/base/io_buffer.h" namespace net { diff --git a/chromium/net/socket/socket_bio_adapter.cc b/chromium/net/socket/socket_bio_adapter.cc index 182b9d6eaa4..8ff8c582533 100644 --- a/chromium/net/socket/socket_bio_adapter.cc +++ b/chromium/net/socket/socket_bio_adapter.cc @@ -9,8 +9,9 @@ #include <algorithm> #include "base/bind.h" +#include "base/check_op.h" #include "base/location.h" -#include "base/logging.h" +#include "base/notreached.h" #include "base/threading/thread_task_runner_handle.h" #include "net/base/io_buffer.h" #include "net/base/net_errors.h" diff --git a/chromium/net/socket/socket_bio_adapter_unittest.cc b/chromium/net/socket/socket_bio_adapter_unittest.cc index 4dcde7b83ba..f45056b17aa 100644 --- a/chromium/net/socket/socket_bio_adapter_unittest.cc +++ b/chromium/net/socket/socket_bio_adapter_unittest.cc @@ -8,9 +8,9 @@ #include <memory> +#include "base/check_op.h" #include "base/containers/span.h" #include "base/location.h" -#include "base/logging.h" #include "base/macros.h" #include "base/run_loop.h" #include "crypto/openssl_util.h" diff --git a/chromium/net/socket/socket_tag.cc b/chromium/net/socket/socket_tag.cc index ad550a0592a..7bf19b71d37 100644 --- a/chromium/net/socket/socket_tag.cc +++ b/chromium/net/socket/socket_tag.cc @@ -6,7 +6,7 @@ #include <tuple> -#include "base/logging.h" +#include "base/check.h" #if defined(OS_ANDROID) #include "net/android/network_library.h" diff --git a/chromium/net/socket/socks5_client_socket_fuzzer.cc b/chromium/net/socket/socks5_client_socket_fuzzer.cc index 6e79976c310..eb480d35676 100644 --- a/chromium/net/socket/socks5_client_socket_fuzzer.cc +++ b/chromium/net/socket/socks5_client_socket_fuzzer.cc @@ -9,7 +9,7 @@ #include <memory> -#include "base/logging.h" +#include "base/check_op.h" #include "net/base/address_list.h" #include "net/base/net_errors.h" diff --git a/chromium/net/socket/socks_client_socket_fuzzer.cc b/chromium/net/socket/socks_client_socket_fuzzer.cc index ebf9849bcdd..245e8a3881a 100644 --- a/chromium/net/socket/socks_client_socket_fuzzer.cc +++ b/chromium/net/socket/socks_client_socket_fuzzer.cc @@ -9,7 +9,7 @@ #include <memory> -#include "base/logging.h" +#include "base/check_op.h" #include "net/base/address_list.h" #include "net/base/net_errors.h" #include "net/base/network_isolation_key.h" diff --git a/chromium/net/socket/ssl_client_socket.h b/chromium/net/socket/ssl_client_socket.h index 705281a9597..680c9489066 100644 --- a/chromium/net/socket/ssl_client_socket.h +++ b/chromium/net/socket/ssl_client_socket.h @@ -68,12 +68,8 @@ class NET_EXPORT SSLClientSocket : public SSLSocket { // For signed_cert_timestamps_received_ and stapled_ocsp_response_received_. FRIEND_TEST_ALL_PREFIXES(SSLClientSocketTest, ConnectSignedCertTimestampsTLSExtension); - FRIEND_TEST_ALL_PREFIXES(SSLClientSocketTest, + FRIEND_TEST_ALL_PREFIXES(SSLClientSocketVersionTest, ConnectSignedCertTimestampsEnablesOCSP); - FRIEND_TEST_ALL_PREFIXES(SSLClientSocketTest, - ConnectSignedCertTimestampsDisabled); - FRIEND_TEST_ALL_PREFIXES(SSLClientSocketTest, - VerifyServerChainProperlyOrdered); // True if SCTs were received via a TLS extension. bool signed_cert_timestamps_received_; diff --git a/chromium/net/socket/ssl_client_socket_impl.cc b/chromium/net/socket/ssl_client_socket_impl.cc index 568b2dbc934..12fb37570a5 100644 --- a/chromium/net/socket/ssl_client_socket_impl.cc +++ b/chromium/net/socket/ssl_client_socket_impl.cc @@ -1490,19 +1490,19 @@ int SSLClientSocketImpl::DoPayloadWrite() { } void SSLClientSocketImpl::DoPeek() { - if (ssl_config_.disable_post_handshake_peek_for_testing || - !completed_connect_ || peek_complete_) { + if (!completed_connect_) { return; } crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); - if (ssl_config_.early_data_enabled && !recorded_early_data_result_) { + if (ssl_config_.early_data_enabled && !handled_early_data_result_) { // |SSL_peek| will implicitly run |SSL_do_handshake| if needed, but run it // manually to pick up the reject reason. int rv = SSL_do_handshake(ssl_.get()); int ssl_err = SSL_get_error(ssl_.get(), rv); - if (ssl_err == SSL_ERROR_WANT_READ || ssl_err == SSL_ERROR_WANT_WRITE) { + int err = rv > 0 ? OK : MapOpenSSLError(ssl_err, err_tracer); + if (err == ERR_IO_PENDING) { return; } @@ -1513,13 +1513,28 @@ void SSLClientSocketImpl::DoPeek() { UMA_HISTOGRAM_ENUMERATION("Net.SSLHandshakeEarlyDataReason", SSL_get_early_data_reason(ssl_.get()), ssl_early_data_reason_max_value + 1); - recorded_early_data_result_ = true; - if (ssl_err != SSL_ERROR_NONE) { + + // On early data reject, clear early data on any other sessions in the + // cache, so retries do not get stuck attempting 0-RTT. See + // https://crbug.com/1066623. + if (err == ERR_EARLY_DATA_REJECTED || + err == ERR_WRONG_VERSION_ON_EARLY_DATA) { + context_->ssl_client_session_cache()->ClearEarlyData( + GetSessionCacheKey(base::nullopt)); + } + + handled_early_data_result_ = true; + + if (err != OK) { peek_complete_ = true; return; } } + if (ssl_config_.disable_post_handshake_peek_for_testing || peek_complete_) { + return; + } + char byte; int rv = SSL_peek(ssl_.get(), &byte, 1); int ssl_err = SSL_get_error(ssl_.get(), rv); diff --git a/chromium/net/socket/ssl_client_socket_impl.h b/chromium/net/socket/ssl_client_socket_impl.h index 9ffa83052e8..7388274b5b6 100644 --- a/chromium/net/socket/ssl_client_socket_impl.h +++ b/chromium/net/socket/ssl_client_socket_impl.h @@ -220,9 +220,8 @@ class SSLClientSocketImpl : public SSLClientSocket, int user_write_buf_len_; bool first_post_handshake_write_ = true; - // True if we've already recorded the result of our attempt to - // use early data. - bool recorded_early_data_result_ = false; + // True if we've already handled the result of our attempt to use early data. + bool handled_early_data_result_ = false; // Used by DoPayloadRead() when attempting to fill the caller's buffer with // as much data as possible without blocking. diff --git a/chromium/net/socket/ssl_client_socket_unittest.cc b/chromium/net/socket/ssl_client_socket_unittest.cc index 8ae1e15e27c..41aea1c8951 100644 --- a/chromium/net/socket/ssl_client_socket_unittest.cc +++ b/chromium/net/socket/ssl_client_socket_unittest.cc @@ -733,8 +733,24 @@ class SSLClientSocketTest : public PlatformTest, public WithTaskEnvironment { spawned_test_server_ = nullptr; embedded_test_server_ = std::make_unique<EmbeddedTestServer>(EmbeddedTestServer::TYPE_HTTPS); - RegisterEmbeddedTestServerHandlers(embedded_test_server_.get()); embedded_test_server_->SetSSLConfig(cert, server_config); + return FinishStartingEmbeddedTestServer(); + } + + // Starts the embedded test server with the specified parameters. Returns true + // on success. + bool StartEmbeddedTestServer( + const EmbeddedTestServer::ServerCertificateConfig& cert_config, + const SSLServerConfig& server_config) { + spawned_test_server_ = nullptr; + embedded_test_server_ = + std::make_unique<EmbeddedTestServer>(EmbeddedTestServer::TYPE_HTTPS); + embedded_test_server_->SetSSLConfig(cert_config, server_config); + return FinishStartingEmbeddedTestServer(); + } + + bool FinishStartingEmbeddedTestServer() { + RegisterEmbeddedTestServerHandlers(embedded_test_server_.get()); if (!embedded_test_server_->Start()) { LOG(ERROR) << "Could not start EmbeddedTestServer"; return false; @@ -2908,14 +2924,15 @@ TEST_P(SSLClientSocketVersionTest, CTCompliantEVHistogram) { // Tests that OCSP stapling is requested, as per Certificate Transparency (RFC // 6962). -TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsEnablesOCSP) { - SpawnedTestServer::SSLOptions ssl_options; - ssl_options.staple_ocsp_response = true; +TEST_P(SSLClientSocketVersionTest, ConnectSignedCertTimestampsEnablesOCSP) { // The test server currently only knows how to generate OCSP responses // for a freshly minted certificate. - ssl_options.server_certificate = SpawnedTestServer::SSLOptions::CERT_AUTO; + EmbeddedTestServer::ServerCertificateConfig cert_config; + cert_config.stapled_ocsp_config = EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::GOOD, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}}); - ASSERT_TRUE(StartTestServer(ssl_options)); + ASSERT_TRUE(StartEmbeddedTestServer(cert_config, GetServerConfig())); SSLConfig ssl_config; @@ -4962,14 +4979,13 @@ TEST_F(SSLClientSocketZeroRTTTest, ZeroRTTEarlyDataLimit) { EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type); } -TEST_F(SSLClientSocketZeroRTTTest, ZeroRTTNoZeroRTTOnResume) { +TEST_F(SSLClientSocketZeroRTTTest, ZeroRTTReject) { ASSERT_TRUE(StartServer()); ASSERT_TRUE(RunInitialConnection()); SSLServerConfig server_config; server_config.early_data_enabled = false; server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_3; - SetServerConfig(server_config); // 0-RTT Connection @@ -4986,6 +5002,50 @@ TEST_F(SSLClientSocketZeroRTTTest, ZeroRTTNoZeroRTTOnResume) { EXPECT_EQ(ERR_EARLY_DATA_REJECTED, rv); rv = WriteAndWait(kRequest); EXPECT_EQ(ERR_EARLY_DATA_REJECTED, rv); + + // Retrying the connection should succeed. + socket = MakeClient(true); + ASSERT_THAT(Connect(), IsOk()); + ASSERT_THAT(MakeHTTPRequest(ssl_socket()), IsOk()); + SSLInfo ssl_info; + ASSERT_TRUE(GetSSLInfo(&ssl_info)); + EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); +} + +TEST_F(SSLClientSocketZeroRTTTest, ZeroRTTWrongVersion) { + ASSERT_TRUE(StartServer()); + ASSERT_TRUE(RunInitialConnection()); + + SSLServerConfig server_config; + server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2; + SetServerConfig(server_config); + + // 0-RTT Connection + FakeBlockingStreamSocket* socket = MakeClient(true); + socket->BlockReadResult(); + ASSERT_THAT(Connect(), IsOk()); + constexpr base::StringPiece kRequest = "GET /zerortt HTTP/1.0\r\n\r\n"; + EXPECT_EQ(static_cast<int>(kRequest.size()), WriteAndWait(kRequest)); + socket->UnblockReadResult(); + + // Expect early data to be rejected because the TLS version was incorrect. + scoped_refptr<IOBuffer> buf = base::MakeRefCounted<IOBuffer>(4096); + int rv = ReadAndWait(buf.get(), 4096); + EXPECT_EQ(ERR_WRONG_VERSION_ON_EARLY_DATA, rv); + rv = WriteAndWait(kRequest); + // TODO(https://crbug.com/1078515): This should be + // ERR_WRONG_VERSION_ON_EARLY_DATA. We assert on the current value so that, + // when the bug is fixed (likely in BoringSSL), we remember to fix the test to + // set a proper test expectation. + EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); + + // Retrying the connection should succeed. + socket = MakeClient(true); + ASSERT_THAT(Connect(), IsOk()); + ASSERT_THAT(MakeHTTPRequest(ssl_socket()), IsOk()); + SSLInfo ssl_info; + ASSERT_TRUE(GetSSLInfo(&ssl_info)); + EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); } // Test that the ConfirmHandshake successfully completes the handshake and that diff --git a/chromium/net/socket/ssl_server_socket_impl.cc b/chromium/net/socket/ssl_server_socket_impl.cc index 54d0e7cd8ad..499821e9b35 100644 --- a/chromium/net/socket/ssl_server_socket_impl.cc +++ b/chromium/net/socket/ssl_server_socket_impl.cc @@ -999,6 +999,12 @@ void SSLServerContextImpl::Init() { SSL_CTX_set_alpn_select_cb(ssl_ctx_.get(), &SocketImpl::ALPNSelectCallback, nullptr); + + if (!ssl_server_config_.ocsp_response.empty()) { + SSL_CTX_set_ocsp_response(ssl_ctx_.get(), + ssl_server_config_.ocsp_response.data(), + ssl_server_config_.ocsp_response.size()); + } } SSLServerContextImpl::~SSLServerContextImpl() = default; diff --git a/chromium/net/socket/ssl_server_socket_unittest.cc b/chromium/net/socket/ssl_server_socket_unittest.cc index b0ee305d721..c2b3325b1a6 100644 --- a/chromium/net/socket/ssl_server_socket_unittest.cc +++ b/chromium/net/socket/ssl_server_socket_unittest.cc @@ -21,12 +21,13 @@ #include "base/bind.h" #include "base/callback_helpers.h" +#include "base/check.h" #include "base/compiler_specific.h" #include "base/containers/queue.h" #include "base/files/file_path.h" #include "base/files/file_util.h" #include "base/location.h" -#include "base/logging.h" +#include "base/notreached.h" #include "base/run_loop.h" #include "base/single_thread_task_runner.h" #include "base/stl_util.h" diff --git a/chromium/net/socket/stream_socket.cc b/chromium/net/socket/stream_socket.cc index e9e292058b8..0665afb68d4 100644 --- a/chromium/net/socket/stream_socket.cc +++ b/chromium/net/socket/stream_socket.cc @@ -4,7 +4,7 @@ #include "net/socket/stream_socket.h" -#include "base/logging.h" +#include "base/notreached.h" namespace net { diff --git a/chromium/net/socket/tcp_client_socket.cc b/chromium/net/socket/tcp_client_socket.cc index 46d0a7d5854..551fc96edbd 100644 --- a/chromium/net/socket/tcp_client_socket.cc +++ b/chromium/net/socket/tcp_client_socket.cc @@ -8,9 +8,10 @@ #include "base/bind.h" #include "base/callback_helpers.h" -#include "base/logging.h" +#include "base/check_op.h" #include "base/memory/ptr_util.h" #include "base/metrics/histogram_macros.h" +#include "base/notreached.h" #include "base/time/time.h" #include "net/base/io_buffer.h" #include "net/base/ip_endpoint.h" diff --git a/chromium/net/socket/tcp_server_socket.cc b/chromium/net/socket/tcp_server_socket.cc index 133715434ea..3b9624b86f7 100644 --- a/chromium/net/socket/tcp_server_socket.cc +++ b/chromium/net/socket/tcp_server_socket.cc @@ -8,7 +8,8 @@ #include "base/bind.h" #include "base/bind_helpers.h" -#include "base/logging.h" +#include "base/check.h" +#include "base/notreached.h" #include "net/base/net_errors.h" #include "net/socket/socket_descriptor.h" #include "net/socket/tcp_client_socket.h" diff --git a/chromium/net/socket/transport_client_socket_pool.cc b/chromium/net/socket/transport_client_socket_pool.cc index c7d64949dde..3d5aff54368 100644 --- a/chromium/net/socket/transport_client_socket_pool.cc +++ b/chromium/net/socket/transport_client_socket_pool.cc @@ -8,12 +8,13 @@ #include <utility> #include "base/bind.h" +#include "base/check_op.h" #include "base/compiler_specific.h" #include "base/format_macros.h" #include "base/location.h" -#include "base/logging.h" #include "base/memory/ptr_util.h" #include "base/metrics/histogram_macros.h" +#include "base/notreached.h" #include "base/single_thread_task_runner.h" #include "base/strings/string_util.h" #include "base/strings/stringprintf.h" diff --git a/chromium/net/socket/transport_client_socket_pool_test_util.cc b/chromium/net/socket/transport_client_socket_pool_test_util.cc index 18159674b85..cdaecf20e99 100644 --- a/chromium/net/socket/transport_client_socket_pool_test_util.cc +++ b/chromium/net/socket/transport_client_socket_pool_test_util.cc @@ -9,10 +9,11 @@ #include <utility> #include "base/bind.h" +#include "base/check_op.h" #include "base/location.h" -#include "base/logging.h" #include "base/macros.h" #include "base/memory/weak_ptr.h" +#include "base/notreached.h" #include "base/run_loop.h" #include "base/single_thread_task_runner.h" #include "base/threading/thread_task_runner_handle.h" diff --git a/chromium/net/socket/transport_connect_job.cc b/chromium/net/socket/transport_connect_job.cc index 9d682e98535..14aa2783cc1 100644 --- a/chromium/net/socket/transport_connect_job.cc +++ b/chromium/net/socket/transport_connect_job.cc @@ -8,9 +8,10 @@ #include <utility> #include "base/bind.h" +#include "base/check_op.h" #include "base/compiler_specific.h" -#include "base/logging.h" #include "base/metrics/histogram_macros.h" +#include "base/notreached.h" #include "base/strings/string_util.h" #include "base/threading/thread_task_runner_handle.h" #include "base/trace_event/trace_event.h" diff --git a/chromium/net/socket/udp_socket_unittest.cc b/chromium/net/socket/udp_socket_unittest.cc index 18eb55670ca..2d04b0d027e 100644 --- a/chromium/net/socket/udp_socket_unittest.cc +++ b/chromium/net/socket/udp_socket_unittest.cc @@ -1155,7 +1155,7 @@ TEST_F(DscpManagerTest, SocketReAddedOnRecreateHandle) { .WillOnce(Return(true)); dscp_manager_->Set(DSCP_CS7); - auto error = std::make_unique<base::internal::ScopedClearLastError>(); + auto error = std::make_unique<base::ScopedClearLastError>(); ::SetLastError(ERROR_DEVICE_REINITIALIZATION_NEEDED); EXPECT_CALL(api_, AddSocketToFlow(_, _, _, _, _, _)).WillOnce(Return(false)); EXPECT_CALL(api_, SetFlow(_, _, _, _, _, _, _)).Times(0); diff --git a/chromium/net/socket/udp_socket_win.cc b/chromium/net/socket/udp_socket_win.cc index 0d080437839..f58a2b4b791 100644 --- a/chromium/net/socket/udp_socket_win.cc +++ b/chromium/net/socket/udp_socket_win.cc @@ -8,11 +8,12 @@ #include "base/bind.h" #include "base/callback.h" +#include "base/check_op.h" #include "base/lazy_instance.h" -#include "base/logging.h" #include "base/macros.h" #include "base/metrics/histogram_functions.h" #include "base/metrics/histogram_macros.h" +#include "base/notreached.h" #include "base/rand_util.h" #include "base/task/post_task.h" #include "base/task/thread_pool.h" diff --git a/chromium/net/socket/unix_domain_client_socket_posix.cc b/chromium/net/socket/unix_domain_client_socket_posix.cc index d0e4b3c5dd7..d9079da5c35 100644 --- a/chromium/net/socket/unix_domain_client_socket_posix.cc +++ b/chromium/net/socket/unix_domain_client_socket_posix.cc @@ -8,7 +8,8 @@ #include <sys/un.h> #include <utility> -#include "base/logging.h" +#include "base/check_op.h" +#include "base/notreached.h" #include "net/base/net_errors.h" #include "net/base/sockaddr_storage.h" #include "net/socket/socket_posix.h" diff --git a/chromium/net/socket/websocket_endpoint_lock_manager_unittest.cc b/chromium/net/socket/websocket_endpoint_lock_manager_unittest.cc index 8c3fcc16010..85d9929bd15 100644 --- a/chromium/net/socket/websocket_endpoint_lock_manager_unittest.cc +++ b/chromium/net/socket/websocket_endpoint_lock_manager_unittest.cc @@ -4,7 +4,7 @@ #include "net/socket/websocket_endpoint_lock_manager.h" -#include "base/logging.h" +#include "base/check.h" #include "base/macros.h" #include "base/run_loop.h" #include "base/time/time.h" diff --git a/chromium/net/socket/websocket_transport_client_socket_pool.cc b/chromium/net/socket/websocket_transport_client_socket_pool.cc index 9a46a622ef2..d153655749e 100644 --- a/chromium/net/socket/websocket_transport_client_socket_pool.cc +++ b/chromium/net/socket/websocket_transport_client_socket_pool.cc @@ -8,9 +8,10 @@ #include "base/bind.h" #include "base/callback_helpers.h" +#include "base/check_op.h" #include "base/compiler_specific.h" #include "base/location.h" -#include "base/logging.h" +#include "base/notreached.h" #include "base/numerics/safe_conversions.h" #include "base/strings/string_util.h" #include "base/threading/thread_task_runner_handle.h" diff --git a/chromium/net/socket/websocket_transport_connect_sub_job.cc b/chromium/net/socket/websocket_transport_connect_sub_job.cc index aea2802e52e..40bbb3ac667 100644 --- a/chromium/net/socket/websocket_transport_connect_sub_job.cc +++ b/chromium/net/socket/websocket_transport_connect_sub_job.cc @@ -5,7 +5,8 @@ #include "net/socket/websocket_transport_connect_sub_job.h" #include "base/bind.h" -#include "base/logging.h" +#include "base/check_op.h" +#include "base/notreached.h" #include "net/base/ip_endpoint.h" #include "net/base/net_errors.h" #include "net/log/net_log_with_source.h" diff --git a/chromium/net/spdy/buffered_spdy_framer.cc b/chromium/net/spdy/buffered_spdy_framer.cc index ec01527a7cf..484a860cd71 100644 --- a/chromium/net/spdy/buffered_spdy_framer.cc +++ b/chromium/net/spdy/buffered_spdy_framer.cc @@ -7,7 +7,7 @@ #include <algorithm> #include <utility> -#include "base/logging.h" +#include "base/check.h" #include "base/strings/string_util.h" #include "base/trace_event/memory_usage_estimator.h" diff --git a/chromium/net/spdy/multiplexed_http_stream.cc b/chromium/net/spdy/multiplexed_http_stream.cc index f47dc97bfb1..9d89e6e59de 100644 --- a/chromium/net/spdy/multiplexed_http_stream.cc +++ b/chromium/net/spdy/multiplexed_http_stream.cc @@ -6,7 +6,7 @@ #include <utility> -#include "base/logging.h" +#include "base/notreached.h" #include "net/http/http_raw_request_headers.h" #include "net/third_party/quiche/src/spdy/core/spdy_header_block.h" diff --git a/chromium/net/spdy/platform/impl/spdy_flags_impl.cc b/chromium/net/spdy/platform/impl/spdy_flags_impl.cc index e6c28036ce5..abb4a9a4d1b 100644 --- a/chromium/net/spdy/platform/impl/spdy_flags_impl.cc +++ b/chromium/net/spdy/platform/impl/spdy_flags_impl.cc @@ -4,6 +4,8 @@ #include "net/spdy/platform/impl/spdy_flags_impl.h" -bool spdy_enable_granular_decompress_errors = true; +// If true, use indexed name if possible when sending +// Literal Header Field without Indexing instruction. +bool spdy_hpack_use_indexed_name = true; namespace spdy {} // namespace spdy diff --git a/chromium/net/spdy/platform/impl/spdy_flags_impl.h b/chromium/net/spdy/platform/impl/spdy_flags_impl.h index 9dd6fb41486..ae3f74e26a4 100644 --- a/chromium/net/spdy/platform/impl/spdy_flags_impl.h +++ b/chromium/net/spdy/platform/impl/spdy_flags_impl.h @@ -7,7 +7,7 @@ #include "net/base/net_export.h" -NET_EXPORT_PRIVATE extern bool spdy_enable_granular_decompress_errors; +NET_EXPORT_PRIVATE extern bool spdy_hpack_use_indexed_name; inline bool GetSpdyReloadableFlagImpl(bool flag) { return flag; diff --git a/chromium/net/spdy/spdy_buffer.cc b/chromium/net/spdy/spdy_buffer.cc index f286b28ec5a..dbec2fa96f3 100644 --- a/chromium/net/spdy/spdy_buffer.cc +++ b/chromium/net/spdy/spdy_buffer.cc @@ -8,7 +8,7 @@ #include <utility> #include "base/callback.h" -#include "base/logging.h" +#include "base/check_op.h" #include "base/macros.h" #include "base/trace_event/memory_usage_estimator.h" #include "net/base/io_buffer.h" diff --git a/chromium/net/spdy/spdy_buffer_producer.cc b/chromium/net/spdy/spdy_buffer_producer.cc index 355f5ceea82..b5fd442f047 100644 --- a/chromium/net/spdy/spdy_buffer_producer.cc +++ b/chromium/net/spdy/spdy_buffer_producer.cc @@ -6,7 +6,7 @@ #include <utility> -#include "base/logging.h" +#include "base/check.h" #include "base/trace_event/memory_usage_estimator.h" #include "net/spdy/spdy_buffer.h" #include "net/third_party/quiche/src/spdy/core/spdy_protocol.h" diff --git a/chromium/net/spdy/spdy_http_stream.cc b/chromium/net/spdy/spdy_http_stream.cc index 85e4e32f95d..8c1b9b04f68 100644 --- a/chromium/net/spdy/spdy_http_stream.cc +++ b/chromium/net/spdy/spdy_http_stream.cc @@ -10,8 +10,8 @@ #include <utility> #include "base/bind.h" +#include "base/check_op.h" #include "base/location.h" -#include "base/logging.h" #include "base/metrics/histogram_macros.h" #include "base/single_thread_task_runner.h" #include "base/threading/thread_task_runner_handle.h" @@ -452,7 +452,7 @@ void SpdyHttpStream::OnDataReceived(std::unique_ptr<SpdyBuffer> buffer) { } void SpdyHttpStream::OnDataSent() { - if (HasUploadData()) { + if (request_info_ && HasUploadData()) { request_body_buf_size_ = 0; ReadAndSendRequestBodyData(); } else { diff --git a/chromium/net/spdy/spdy_network_transaction_unittest.cc b/chromium/net/spdy/spdy_network_transaction_unittest.cc index 86e73f84c75..1da839038e0 100644 --- a/chromium/net/spdy/spdy_network_transaction_unittest.cc +++ b/chromium/net/spdy/spdy_network_transaction_unittest.cc @@ -10372,4 +10372,70 @@ TEST_F(SpdyNetworkTransactionTest, DoNotGreaseFrameTypeWithConnect) { EXPECT_EQ("hello", response_data); } +// Regression test for https://crbug.com/1081955. +// Greasing frame types is enabled, the outgoing HEADERS frame is followed by a +// frame of reserved type, then an empty DATA frame to close the stream. +// Response arrives before reserved frame and DATA frame can be sent. +// SpdyHttpStream::OnDataSent() must not crash. +TEST_F(SpdyNetworkTransactionTest, OnDataSentDoesNotCrashWithGreasedFrameType) { + auto session_deps = std::make_unique<SpdySessionDependencies>(); + + const uint8_t type = 0x0b; + const uint8_t flags = 0xcc; + const std::string payload("foo"); + session_deps->greased_http2_frame = + base::Optional<net::SpdySessionPool::GreasedHttp2Frame>( + {type, flags, payload}); + + NormalSpdyTransactionHelper helper(request_, DEFAULT_PRIORITY, log_, + std::move(session_deps)); + + spdy::SpdyHeaderBlock headers( + spdy_util_.ConstructGetHeaderBlock(kDefaultUrl)); + spdy::SpdySerializedFrame req( + spdy_util_.ConstructSpdyHeaders(1, std::move(headers), DEFAULT_PRIORITY, + /* fin = */ false)); + + const char kRawFrameData[] = { + 0x00, 0x00, 0x03, // length + 0x0b, // type + 0xcc, // flags + 0x00, 0x00, 0x00, 0x01, // stream ID + 'f', 'o', 'o' // payload + }; + spdy::SpdySerializedFrame grease(const_cast<char*>(kRawFrameData), + base::size(kRawFrameData), + /* owns_buffer = */ false); + spdy::SpdySerializedFrame empty_body( + spdy_util_.ConstructSpdyDataFrame(1, "", true)); + + MockWrite writes[] = { + CreateMockWrite(req, 0), MockWrite(ASYNC, ERR_IO_PENDING, 2), + CreateMockWrite(grease, 3), CreateMockWrite(empty_body, 4)}; + + spdy::SpdySerializedFrame resp( + spdy_util_.ConstructSpdyGetReply(nullptr, 0, 1)); + spdy::SpdySerializedFrame response_body( + spdy_util_.ConstructSpdyDataFrame(1, true)); + + MockRead reads[] = {CreateMockRead(resp, 1), CreateMockRead(response_body, 5), + MockRead(ASYNC, 0, 6)}; + + SequencedSocketData data(reads, writes); + helper.RunPreTestSetup(); + helper.AddData(&data); + + TestCompletionCallback callback; + int rv = helper.trans()->Start(&request_, callback.callback(), log_); + base::RunLoop().RunUntilIdle(); + + // Response headers received. Resume sending |grease| and |empty_body|. + data.Resume(); + EXPECT_THAT(callback.GetResult(rv), IsOk()); + + base::RunLoop().RunUntilIdle(); + + helper.VerifyDataConsumed(); +} + } // namespace net diff --git a/chromium/net/spdy/spdy_proxy_client_socket.cc b/chromium/net/spdy/spdy_proxy_client_socket.cc index c7621eb2e4b..ef9682ed124 100644 --- a/chromium/net/spdy/spdy_proxy_client_socket.cc +++ b/chromium/net/spdy/spdy_proxy_client_socket.cc @@ -10,8 +10,9 @@ #include "base/bind.h" #include "base/bind_helpers.h" #include "base/callback_helpers.h" +#include "base/check_op.h" #include "base/location.h" -#include "base/logging.h" +#include "base/notreached.h" #include "base/single_thread_task_runner.h" #include "base/strings/string_util.h" #include "base/threading/thread_task_runner_handle.h" diff --git a/chromium/net/spdy/spdy_read_queue.cc b/chromium/net/spdy/spdy_read_queue.cc index 0c1eaf5d7b5..48ace9b1130 100644 --- a/chromium/net/spdy/spdy_read_queue.cc +++ b/chromium/net/spdy/spdy_read_queue.cc @@ -7,7 +7,7 @@ #include <algorithm> #include <utility> -#include "base/logging.h" +#include "base/check_op.h" #include "net/spdy/spdy_buffer.h" namespace net { diff --git a/chromium/net/spdy/spdy_session_pool.cc b/chromium/net/spdy/spdy_session_pool.cc index 3a452f07704..39e8183d579 100644 --- a/chromium/net/spdy/spdy_session_pool.cc +++ b/chromium/net/spdy/spdy_session_pool.cc @@ -8,7 +8,7 @@ #include <utility> #include "base/bind.h" -#include "base/logging.h" +#include "base/check_op.h" #include "base/metrics/histogram_macros.h" #include "base/stl_util.h" #include "base/strings/stringprintf.h" diff --git a/chromium/net/spdy/spdy_stream.cc b/chromium/net/spdy/spdy_stream.cc index 33f930a4c7e..ba8ffe66aff 100644 --- a/chromium/net/spdy/spdy_stream.cc +++ b/chromium/net/spdy/spdy_stream.cc @@ -9,11 +9,12 @@ #include <utility> #include "base/bind.h" +#include "base/check_op.h" #include "base/compiler_specific.h" #include "base/location.h" -#include "base/logging.h" #include "base/metrics/histogram_functions.h" #include "base/metrics/histogram_macros.h" +#include "base/notreached.h" #include "base/single_thread_task_runner.h" #include "base/strings/string_number_conversions.h" #include "base/strings/stringprintf.h" diff --git a/chromium/net/spdy/spdy_test_util_common.cc b/chromium/net/spdy/spdy_test_util_common.cc index addad65991e..1688a473575 100644 --- a/chromium/net/spdy/spdy_test_util_common.cc +++ b/chromium/net/spdy/spdy_test_util_common.cc @@ -9,8 +9,9 @@ #include "base/base64.h" #include "base/bind.h" +#include "base/check_op.h" #include "base/compiler_specific.h" -#include "base/logging.h" +#include "base/notreached.h" #include "base/optional.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_split.h" diff --git a/chromium/net/spdy/spdy_write_queue.cc b/chromium/net/spdy/spdy_write_queue.cc index e402e97b88e..622fcd4fd04 100644 --- a/chromium/net/spdy/spdy_write_queue.cc +++ b/chromium/net/spdy/spdy_write_queue.cc @@ -8,8 +8,8 @@ #include <utility> #include <vector> +#include "base/check_op.h" #include "base/containers/circular_deque.h" -#include "base/logging.h" #include "base/trace_event/memory_usage_estimator.h" #include "net/spdy/spdy_buffer.h" #include "net/spdy/spdy_buffer_producer.h" diff --git a/chromium/net/spdy/spdy_write_queue_unittest.cc b/chromium/net/spdy/spdy_write_queue_unittest.cc index aad01687b99..c8f229641bd 100644 --- a/chromium/net/spdy/spdy_write_queue_unittest.cc +++ b/chromium/net/spdy/spdy_write_queue_unittest.cc @@ -10,8 +10,8 @@ #include <utility> #include "base/bind.h" -#include "base/logging.h" #include "base/memory/ref_counted.h" +#include "base/notreached.h" #include "base/stl_util.h" #include "base/strings/string_number_conversions.h" #include "net/base/request_priority.h" diff --git a/chromium/net/ssl/ssl_cipher_suite_names.cc b/chromium/net/ssl/ssl_cipher_suite_names.cc index 1156ff1774b..fb852b7d005 100644 --- a/chromium/net/ssl/ssl_cipher_suite_names.cc +++ b/chromium/net/ssl/ssl_cipher_suite_names.cc @@ -4,7 +4,7 @@ #include "net/ssl/ssl_cipher_suite_names.h" -#include "base/logging.h" +#include "base/notreached.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_util.h" #include "net/ssl/ssl_connection_status_flags.h" diff --git a/chromium/net/ssl/ssl_client_auth_cache.cc b/chromium/net/ssl/ssl_client_auth_cache.cc index e8c05fc9de9..13fd956c6e1 100644 --- a/chromium/net/ssl/ssl_client_auth_cache.cc +++ b/chromium/net/ssl/ssl_client_auth_cache.cc @@ -4,7 +4,7 @@ #include "net/ssl/ssl_client_auth_cache.h" -#include "base/logging.h" +#include "base/check.h" #include "net/cert/x509_certificate.h" #include "net/ssl/ssl_private_key.h" diff --git a/chromium/net/ssl/ssl_client_session_cache.cc b/chromium/net/ssl/ssl_client_session_cache.cc index 7edbe7b81d6..00bd91764cc 100644 --- a/chromium/net/ssl/ssl_client_session_cache.cc +++ b/chromium/net/ssl/ssl_client_session_cache.cc @@ -93,6 +93,17 @@ void SSLClientSessionCache::Insert(const Key& cache_key, iter->second.Push(std::move(session)); } +void SSLClientSessionCache::ClearEarlyData(const Key& cache_key) { + auto iter = cache_.Get(cache_key); + if (iter != cache_.end()) { + for (auto& session : iter->second.sessions) { + if (session) { + session.reset(SSL_SESSION_copy_without_early_data(session.get())); + } + } + } +} + void SSLClientSessionCache::FlushForServer(const HostPortPair& server) { auto iter = cache_.begin(); while (iter != cache_.end()) { diff --git a/chromium/net/ssl/ssl_client_session_cache.h b/chromium/net/ssl/ssl_client_session_cache.h index f6ccc613c6f..2994c0c8a1d 100644 --- a/chromium/net/ssl/ssl_client_session_cache.h +++ b/chromium/net/ssl/ssl_client_session_cache.h @@ -78,6 +78,11 @@ class NET_EXPORT SSLClientSessionCache { // checked for stale entries. void Insert(const Key& cache_key, bssl::UniquePtr<SSL_SESSION> session); + // Clears early data support for all current sessions associated with + // |cache_key|. This may be used after a 0-RTT reject to avoid unnecessarily + // offering 0-RTT data on retries. See https://crbug.com/1066623. + void ClearEarlyData(const Key& cache_key); + // Removes all entries associated with |server|. void FlushForServer(const HostPortPair& server); diff --git a/chromium/net/ssl/ssl_config.h b/chromium/net/ssl/ssl_config.h index 9855190d150..40b61396fdf 100644 --- a/chromium/net/ssl/ssl_config.h +++ b/chromium/net/ssl/ssl_config.h @@ -142,8 +142,8 @@ struct NET_EXPORT SSLConfig { PrivacyMode privacy_mode = PRIVACY_MODE_DISABLED; // True if the post-handshake peeking of the transport should be skipped. This - // logic ensures 0-RTT and tickets are resolved early, but can interfere with - // some unit tests. + // logic ensures tickets are resolved early, but can interfere with some unit + // tests. bool disable_post_handshake_peek_for_testing = false; }; diff --git a/chromium/net/ssl/ssl_private_key.cc b/chromium/net/ssl/ssl_private_key.cc index 011c72dfed9..fe71104c2f8 100644 --- a/chromium/net/ssl/ssl_private_key.cc +++ b/chromium/net/ssl/ssl_private_key.cc @@ -4,7 +4,7 @@ #include "net/ssl/ssl_private_key.h" -#include "base/logging.h" +#include "base/notreached.h" #include "third_party/boringssl/src/include/openssl/evp.h" #include "third_party/boringssl/src/include/openssl/ssl.h" diff --git a/chromium/net/ssl/ssl_server_config.h b/chromium/net/ssl/ssl_server_config.h index b3ff437229e..6f2b65ded59 100644 --- a/chromium/net/ssl/ssl_server_config.h +++ b/chromium/net/ssl/ssl_server_config.h @@ -98,6 +98,9 @@ struct NET_EXPORT SSLServerConfig { // Layer Protocol Negotiation), in decreasing order of preference. Protocols // will be advertised in this order during TLS handshake. NextProtoVector alpn_protos; + + // If non-empty, the DER-encoded OCSP response to staple. + std::vector<uint8_t> ocsp_response; }; } // namespace net diff --git a/chromium/net/ssl/test_ssl_private_key.cc b/chromium/net/ssl/test_ssl_private_key.cc index aad199ddc58..98c8e3f122d 100644 --- a/chromium/net/ssl/test_ssl_private_key.cc +++ b/chromium/net/ssl/test_ssl_private_key.cc @@ -7,7 +7,6 @@ #include <memory> #include <utility> -#include "base/logging.h" #include "base/macros.h" #include "crypto/rsa_private_key.h" #include "net/base/net_errors.h" diff --git a/chromium/net/test/android/javatests/src/org/chromium/net/test/EmbeddedTestServer.java b/chromium/net/test/android/javatests/src/org/chromium/net/test/EmbeddedTestServer.java index 22a7a11f065..95f6890f8c0 100644 --- a/chromium/net/test/android/javatests/src/org/chromium/net/test/EmbeddedTestServer.java +++ b/chromium/net/test/android/javatests/src/org/chromium/net/test/EmbeddedTestServer.java @@ -494,6 +494,7 @@ public class EmbeddedTestServer { synchronized (mImplMonitor) { checkServiceLocked(); mImpl.destroy(); + mImpl = null; } } catch (RemoteException e) { throw new EmbeddedTestServerFailure("Failed to destroy native server.", e); diff --git a/chromium/net/test/cert_builder.cc b/chromium/net/test/cert_builder.cc index 461aba2cc96..81f1799371c 100644 --- a/chromium/net/test/cert_builder.cc +++ b/chromium/net/test/cert_builder.cc @@ -50,14 +50,6 @@ std::string Sha1WithRSAEncryption() { std::end(kSha1WithRSAEncryption)); } -std::string Md5WithRSAEncryption() { - const uint8_t kMd5WithRSAEncryption[] = {0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x01, 0x04, 0x05, 0x00}; - return std::string(std::begin(kMd5WithRSAEncryption), - std::end(kMd5WithRSAEncryption)); -} - // Adds bytes (specified as a StringPiece) to the given CBB. // The argument ordering follows the boringssl CBB_* api style. bool CBBAddBytes(CBB* cbb, base::StringPiece bytes) { @@ -72,29 +64,6 @@ bool CBBAddBytes(CBB* cbb, const uint8_t (&data)[N]) { return CBB_add_bytes(cbb, data, N); } -// Adds a RFC 5280 Time value to the given CBB. -// The argument ordering follows the boringssl CBB_* api style. -bool CBBAddTime(CBB* cbb, const base::Time& time) { - der::GeneralizedTime generalized_time; - if (!der::EncodeTimeAsGeneralizedTime(time, &generalized_time)) - return false; - CBB time_cbb; - if (generalized_time.year < 2050) { - uint8_t out[der::kUTCTimeLength]; - if (!der::EncodeUTCTime(generalized_time, out) || - !CBB_add_asn1(cbb, &time_cbb, CBS_ASN1_UTCTIME) || - !CBBAddBytes(&time_cbb, out) || !CBB_flush(cbb)) - return false; - } else { - uint8_t out[der::kGeneralizedTimeLength]; - if (!der::EncodeGeneralizedTime(generalized_time, out) || - !CBB_add_asn1(cbb, &time_cbb, CBS_ASN1_GENERALIZEDTIME) || - !CBBAddBytes(&time_cbb, out) || !CBB_flush(cbb)) - return false; - } - return true; -} - // Finalizes the CBB to a std::string. std::string FinishCBB(CBB* cbb) { size_t cbb_len; @@ -409,8 +378,8 @@ void CertBuilder::SetValidity(base::Time not_before, base::Time not_after) { CBB validity; ASSERT_TRUE(CBB_init(cbb.get(), 64)); ASSERT_TRUE(CBB_add_asn1(cbb.get(), &validity, CBS_ASN1_SEQUENCE)); - ASSERT_TRUE(CBBAddTime(&validity, not_before)); - ASSERT_TRUE(CBBAddTime(&validity, not_after)); + ASSERT_TRUE(x509_util::CBBAddTime(&validity, not_before)); + ASSERT_TRUE(x509_util::CBBAddTime(&validity, not_after)); validity_tlv_ = FinishCBB(cbb.get()); } @@ -463,6 +432,19 @@ uint64_t CertBuilder::GetSerialNumber() { return serial_number_; } +bool CertBuilder::GetValidity(base::Time* not_before, + base::Time* not_after) const { + der::GeneralizedTime not_before_generalized_time; + der::GeneralizedTime not_after_generalized_time; + if (!ParseValidity(der::Input(&validity_tlv_), ¬_before_generalized_time, + ¬_after_generalized_time) || + !GeneralizedTimeToTime(not_before_generalized_time, not_before) || + !GeneralizedTimeToTime(not_after_generalized_time, not_after)) { + return false; + } + return true; +} + EVP_PKEY* CertBuilder::GetKey() { if (!key_) GenerateKey(); @@ -488,118 +470,6 @@ std::string CertBuilder::GetDER() { return x509_util::CryptoBufferAsStringPiece(GetCertBuffer()).as_string(); } -// static -std::string CertBuilder::CreateCrl(CertBuilder* crl_issuer, - const std::vector<uint64_t>& revoked_serials, - DigestAlgorithm digest) { - std::string signature_algorithm; - const EVP_MD* md = nullptr; - switch (digest) { - case DigestAlgorithm::Sha256: { - signature_algorithm = Sha256WithRSAEncryption(); - md = EVP_sha256(); - break; - } - - case DigestAlgorithm::Sha1: { - signature_algorithm = Sha1WithRSAEncryption(); - md = EVP_sha1(); - break; - } - - case DigestAlgorithm::Md5: { - signature_algorithm = Md5WithRSAEncryption(); - md = EVP_md5(); - break; - } - - default: - ADD_FAILURE(); - return std::string(); - } - // TBSCertList ::= SEQUENCE { - // version Version OPTIONAL, - // -- if present, MUST be v2 - // signature AlgorithmIdentifier, - // issuer Name, - // thisUpdate Time, - // nextUpdate Time OPTIONAL, - // revokedCertificates SEQUENCE OF SEQUENCE { - // userCertificate CertificateSerialNumber, - // revocationDate Time, - // crlEntryExtensions Extensions OPTIONAL - // -- if present, version MUST be v2 - // } OPTIONAL, - // crlExtensions [0] EXPLICIT Extensions OPTIONAL - // -- if present, version MUST be v2 - // } - bssl::ScopedCBB tbs_cbb; - CBB tbs_cert_list, revoked_serials_cbb; - if (!CBB_init(tbs_cbb.get(), 10) || - !CBB_add_asn1(tbs_cbb.get(), &tbs_cert_list, CBS_ASN1_SEQUENCE) || - !CBB_add_asn1_uint64(&tbs_cert_list, 1 /* V2 */) || - !CBBAddBytes(&tbs_cert_list, signature_algorithm) || - !CBBAddBytes(&tbs_cert_list, crl_issuer->GetSubject()) || - !CBBAddTime(&tbs_cert_list, - base::Time::Now() - base::TimeDelta::FromDays(1)) || - !CBBAddTime(&tbs_cert_list, - base::Time::Now() + base::TimeDelta::FromDays(6))) { - ADD_FAILURE(); - return std::string(); - } - if (!revoked_serials.empty()) { - if (!CBB_add_asn1(&tbs_cert_list, &revoked_serials_cbb, - CBS_ASN1_SEQUENCE)) { - ADD_FAILURE(); - return std::string(); - } - for (const int64_t revoked_serial : revoked_serials) { - CBB revoked_serial_cbb; - if (!CBB_add_asn1(&revoked_serials_cbb, &revoked_serial_cbb, - CBS_ASN1_SEQUENCE) || - !CBB_add_asn1_uint64(&revoked_serial_cbb, revoked_serial) || - !CBBAddTime(&revoked_serial_cbb, - base::Time::Now() - base::TimeDelta::FromDays(1)) || - !CBB_flush(&revoked_serials_cbb)) { - ADD_FAILURE(); - return std::string(); - } - } - } - - std::string tbs_tlv = FinishCBB(tbs_cbb.get()); - - // CertificateList ::= SEQUENCE { - // tbsCertList TBSCertList, - // signatureAlgorithm AlgorithmIdentifier, - // signatureValue BIT STRING } - bssl::ScopedCBB crl_cbb; - CBB cert_list, signature; - bssl::ScopedEVP_MD_CTX ctx; - uint8_t* sig_out; - size_t sig_len; - if (!CBB_init(crl_cbb.get(), 10) || - !CBB_add_asn1(crl_cbb.get(), &cert_list, CBS_ASN1_SEQUENCE) || - !CBBAddBytes(&cert_list, tbs_tlv) || - !CBBAddBytes(&cert_list, signature_algorithm) || - !CBB_add_asn1(&cert_list, &signature, CBS_ASN1_BITSTRING) || - !CBB_add_u8(&signature, 0 /* no unused bits */) || - !EVP_DigestSignInit(ctx.get(), nullptr, md, nullptr, - crl_issuer->GetKey()) || - !EVP_DigestSign(ctx.get(), nullptr, &sig_len, - reinterpret_cast<const uint8_t*>(tbs_tlv.data()), - tbs_tlv.size()) || - !CBB_reserve(&signature, &sig_out, sig_len) || - !EVP_DigestSign(ctx.get(), sig_out, &sig_len, - reinterpret_cast<const uint8_t*>(tbs_tlv.data()), - tbs_tlv.size()) || - !CBB_did_write(&signature, sig_len)) { - ADD_FAILURE(); - return std::string(); - } - return FinishCBB(crl_cbb.get()); -} - void CertBuilder::Invalidate() { cert_.reset(); } diff --git a/chromium/net/test/cert_builder.h b/chromium/net/test/cert_builder.h index 89aa86569ff..ad3c350bf98 100644 --- a/chromium/net/test/cert_builder.h +++ b/chromium/net/test/cert_builder.h @@ -107,6 +107,10 @@ class CertBuilder { void SetRandomSerialNumber(); + // Returns the CertBuilder that issues this certificate. (Will be |this| if + // certificate is self-signed.) + CertBuilder* issuer() { return issuer_; } + // Returns a CRYPTO_BUFFER to the generated certificate. CRYPTO_BUFFER* GetCertBuffer(); @@ -118,6 +122,10 @@ class CertBuilder { // Returns the serial number for the generated certificate. uint64_t GetSerialNumber(); + // Parses and returns validity period for the generated certificate in + // |not_before| and |not_after|, returning true on success. + bool GetValidity(base::Time* not_before, base::Time* not_after) const; + // Returns the (RSA) key for the generated certificate. EVP_PKEY* GetKey(); @@ -131,13 +139,6 @@ class CertBuilder { // Returns a copy of the certificate's DER. std::string GetDER(); - // Creates a CRL issued and signed by |crl_issuer|, marking |revoked_serials| - // as revoked. - // Returns the DER-encoded CRL. - static std::string CreateCrl(CertBuilder* crl_issuer, - const std::vector<uint64_t>& revoked_serials, - DigestAlgorithm digest); - private: // Marks the generated certificate DER as invalid, so it will need to // be re-generated next time the DER is accessed. diff --git a/chromium/net/test/embedded_test_server/android/embedded_test_server_android.cc b/chromium/net/test/embedded_test_server/android/embedded_test_server_android.cc index c29ee54810a..02a8911f5a7 100644 --- a/chromium/net/test/embedded_test_server/android/embedded_test_server_android.cc +++ b/chromium/net/test/embedded_test_server/android/embedded_test_server_android.cc @@ -39,6 +39,9 @@ void EmbeddedTestServerAndroid::ConnectionListener::ReadFromSocket( test_server_android_->ReadFromSocket(static_cast<const void*>(&socket)); } +void EmbeddedTestServerAndroid::ConnectionListener:: + OnResponseCompletedSuccessfully(std::unique_ptr<StreamSocket> socket) {} + EmbeddedTestServerAndroid::EmbeddedTestServerAndroid( JNIEnv* env, const JavaRef<jobject>& jobj, diff --git a/chromium/net/test/embedded_test_server/android/embedded_test_server_android.h b/chromium/net/test/embedded_test_server/android/embedded_test_server_android.h index 57828f57793..b5d657db384 100644 --- a/chromium/net/test/embedded_test_server/android/embedded_test_server_android.h +++ b/chromium/net/test/embedded_test_server/android/embedded_test_server_android.h @@ -79,6 +79,8 @@ class EmbeddedTestServerAndroid { std::unique_ptr<StreamSocket> AcceptedSocket( std::unique_ptr<StreamSocket> socket) override; void ReadFromSocket(const StreamSocket& socket, int rv) override; + void OnResponseCompletedSuccessfully( + std::unique_ptr<StreamSocket> socket) override; private: EmbeddedTestServerAndroid* test_server_android_; diff --git a/chromium/net/test/embedded_test_server/controllable_http_response.cc b/chromium/net/test/embedded_test_server/controllable_http_response.cc index f393163dcb8..a3fd4996c3a 100644 --- a/chromium/net/test/embedded_test_server/controllable_http_response.cc +++ b/chromium/net/test/embedded_test_server/controllable_http_response.cc @@ -5,7 +5,7 @@ #include "net/test/embedded_test_server/controllable_http_response.h" #include "base/bind.h" -#include "base/logging.h" +#include "base/check_op.h" #include "base/strings/stringprintf.h" #include "base/threading/thread_task_runner_handle.h" diff --git a/chromium/net/test/embedded_test_server/embedded_test_server.cc b/chromium/net/test/embedded_test_server/embedded_test_server.cc index 01e94cd4a6a..36873f21b8a 100644 --- a/chromium/net/test/embedded_test_server/embedded_test_server.cc +++ b/chromium/net/test/embedded_test_server/embedded_test_server.cc @@ -45,6 +45,7 @@ #include "net/test/embedded_test_server/http_request.h" #include "net/test/embedded_test_server/http_response.h" #include "net/test/embedded_test_server/request_handler_util.h" +#include "net/test/revocation_builder.h" #include "net/test/test_data_directory.h" #include "third_party/boringssl/src/include/openssl/bytestring.h" #include "third_party/boringssl/src/include/openssl/evp.h" @@ -71,8 +72,185 @@ std::unique_ptr<HttpResponse> ServeResponseForPath( return http_response; } +// Serves response for |expected_path| or any subpath of it. +// |expected_path| should not include a trailing "/". +std::unique_ptr<HttpResponse> ServeResponseForSubPaths( + const std::string& expected_path, + HttpStatusCode status_code, + const std::string& content_type, + const std::string& content, + const HttpRequest& request) { + if (request.GetURL().path() != expected_path && + !base::StartsWith(request.GetURL().path(), expected_path + "/", + base::CompareCase::SENSITIVE)) { + return nullptr; + } + + auto http_response = std::make_unique<BasicHttpResponse>(); + http_response->set_code(status_code); + http_response->set_content_type(content_type); + http_response->set_content(content); + return http_response; +} + +bool MaybeCreateOCSPResponse(CertBuilder* target, + const EmbeddedTestServer::OCSPConfig& config, + std::string* out_response) { + using OCSPResponseType = EmbeddedTestServer::OCSPConfig::ResponseType; + + if (!config.single_responses.empty() && + config.response_type != OCSPResponseType::kSuccessful) { + // OCSPConfig contained single_responses for a non-successful response. + return false; + } + + if (config.response_type == OCSPResponseType::kOff) { + *out_response = std::string(); + return true; + } + + if (!target) { + // OCSPConfig enabled but corresponding certificate is null. + return false; + } + + switch (config.response_type) { + case OCSPResponseType::kOff: + return false; + case OCSPResponseType::kMalformedRequest: + *out_response = BuildOCSPResponseError( + OCSPResponse::ResponseStatus::MALFORMED_REQUEST); + return true; + case OCSPResponseType::kInternalError: + *out_response = + BuildOCSPResponseError(OCSPResponse::ResponseStatus::INTERNAL_ERROR); + return true; + case OCSPResponseType::kTryLater: + *out_response = + BuildOCSPResponseError(OCSPResponse::ResponseStatus::TRY_LATER); + return true; + case OCSPResponseType::kSigRequired: + *out_response = + BuildOCSPResponseError(OCSPResponse::ResponseStatus::SIG_REQUIRED); + return true; + case OCSPResponseType::kUnauthorized: + *out_response = + BuildOCSPResponseError(OCSPResponse::ResponseStatus::UNAUTHORIZED); + return true; + case OCSPResponseType::kInvalidResponse: + *out_response = "3"; + return true; + case OCSPResponseType::kInvalidResponseData: + *out_response = + BuildOCSPResponseWithResponseData(target->issuer()->GetKey(), + // OCTET_STRING { "not ocsp data" } + "\x04\x0dnot ocsp data"); + return true; + case OCSPResponseType::kSuccessful: + break; + } + + base::Time now = base::Time::Now(); + base::Time target_not_before, target_not_after; + if (!target->GetValidity(&target_not_before, &target_not_after)) + return false; + base::Time produced_at; + using OCSPProduced = EmbeddedTestServer::OCSPConfig::Produced; + switch (config.produced) { + case OCSPProduced::kValid: + produced_at = now - base::TimeDelta::FromDays(1); + break; + case OCSPProduced::kBeforeCert: + produced_at = target_not_before - base::TimeDelta::FromDays(1); + break; + case OCSPProduced::kAfterCert: + produced_at = target_not_after + base::TimeDelta::FromDays(1); + break; + } + + std::vector<OCSPBuilderSingleResponse> responses; + for (const auto& config_response : config.single_responses) { + OCSPBuilderSingleResponse response; + response.serial = target->GetSerialNumber(); + if (config_response.serial == + EmbeddedTestServer::OCSPConfig::SingleResponse::Serial::kMismatch) { + response.serial ^= 1; + } + response.cert_status = config_response.cert_status; + // |revocation_time| is ignored if |cert_status| is not REVOKED. + response.revocation_time = now - base::TimeDelta::FromDays(1000); + + using OCSPDate = EmbeddedTestServer::OCSPConfig::SingleResponse::Date; + switch (config_response.ocsp_date) { + case OCSPDate::kValid: + response.this_update = now - base::TimeDelta::FromDays(1); + response.next_update = + response.this_update + base::TimeDelta::FromDays(7); + break; + case OCSPDate::kOld: + response.this_update = now - base::TimeDelta::FromDays(8); + response.next_update = + response.this_update + base::TimeDelta::FromDays(7); + break; + case OCSPDate::kEarly: + response.this_update = now + base::TimeDelta::FromDays(1); + response.next_update = + response.this_update + base::TimeDelta::FromDays(7); + break; + case OCSPDate::kLong: + response.this_update = now - base::TimeDelta::FromDays(365); + response.next_update = + response.this_update + base::TimeDelta::FromDays(366); + break; + case OCSPDate::kLonger: + response.this_update = now - base::TimeDelta::FromDays(367); + response.next_update = + response.this_update + base::TimeDelta::FromDays(368); + break; + } + + responses.push_back(response); + } + *out_response = + BuildOCSPResponse(target->issuer()->GetSubject(), + target->issuer()->GetKey(), produced_at, responses); + return true; +} + } // namespace +EmbeddedTestServer::OCSPConfig::OCSPConfig() = default; +EmbeddedTestServer::OCSPConfig::OCSPConfig(ResponseType response_type) + : response_type(response_type) {} +EmbeddedTestServer::OCSPConfig::OCSPConfig( + std::vector<SingleResponse> single_responses, + Produced produced) + : response_type(ResponseType::kSuccessful), + produced(produced), + single_responses(std::move(single_responses)) {} +EmbeddedTestServer::OCSPConfig::OCSPConfig(const OCSPConfig&) = default; +EmbeddedTestServer::OCSPConfig::OCSPConfig(OCSPConfig&&) = default; +EmbeddedTestServer::OCSPConfig::~OCSPConfig() = default; +EmbeddedTestServer::OCSPConfig& EmbeddedTestServer::OCSPConfig::operator=( + const OCSPConfig&) = default; +EmbeddedTestServer::OCSPConfig& EmbeddedTestServer::OCSPConfig::operator=( + OCSPConfig&&) = default; + +EmbeddedTestServer::ServerCertificateConfig::ServerCertificateConfig() = + default; +EmbeddedTestServer::ServerCertificateConfig::ServerCertificateConfig( + const ServerCertificateConfig&) = default; +EmbeddedTestServer::ServerCertificateConfig::ServerCertificateConfig( + ServerCertificateConfig&&) = default; +EmbeddedTestServer::ServerCertificateConfig::~ServerCertificateConfig() = + default; +EmbeddedTestServer::ServerCertificateConfig& +EmbeddedTestServer::ServerCertificateConfig::operator=( + const ServerCertificateConfig&) = default; +EmbeddedTestServer::ServerCertificateConfig& +EmbeddedTestServer::ServerCertificateConfig::operator=( + ServerCertificateConfig&&) = default; + EmbeddedTestServer::EmbeddedTestServer() : EmbeddedTestServer(TYPE_HTTP) {} EmbeddedTestServer::EmbeddedTestServer(Type type) @@ -259,31 +437,106 @@ bool EmbeddedTestServer::GenerateCertAndKey() { std::unique_ptr<CertBuilder> static_root = CertBuilder::FromStaticCert( root_cert->cert_buffer(), root_private_key.get()); - CertificateList orig_leaf_and_intermediate = CreateCertificateListFromFile( - certs_dir, "ok_cert_by_intermediate.pem", X509Certificate::FORMAT_AUTO); - if (orig_leaf_and_intermediate.size() != 2) + // Will be nullptr if cert_config_.intermediate == kNone. + std::unique_ptr<CertBuilder> intermediate; + std::unique_ptr<CertBuilder> leaf; + + if (cert_config_.intermediate != IntermediateType::kNone) { + CertificateList orig_leaf_and_intermediate = CreateCertificateListFromFile( + certs_dir, "ok_cert_by_intermediate.pem", X509Certificate::FORMAT_AUTO); + if (orig_leaf_and_intermediate.size() != 2) + return false; + + intermediate = std::make_unique<CertBuilder>( + orig_leaf_and_intermediate[1]->cert_buffer(), static_root.get()); + + leaf = std::make_unique<CertBuilder>( + orig_leaf_and_intermediate[0]->cert_buffer(), intermediate.get()); + } else { + scoped_refptr<X509Certificate> orig_leaf = + ImportCertFromFile(certs_dir, "ok_cert.pem"); + if (!orig_leaf) + return false; + + leaf = std::make_unique<CertBuilder>(orig_leaf->cert_buffer(), + static_root.get()); + } + + std::vector<GURL> leaf_ca_issuers_urls; + std::vector<GURL> leaf_ocsp_urls; + + if (!cert_config_.policy_oids.empty()) { + leaf->SetCertificatePolicies(cert_config_.policy_oids); + if (intermediate) + intermediate->SetCertificatePolicies(cert_config_.policy_oids); + } + + const std::string leaf_serial_text = + base::NumberToString(leaf->GetSerialNumber()); + const std::string intermediate_serial_text = + intermediate ? base::NumberToString(intermediate->GetSerialNumber()) : ""; + + std::string ocsp_response; + if (!MaybeCreateOCSPResponse(leaf.get(), cert_config_.ocsp_config, + &ocsp_response)) { + return false; + } + if (!ocsp_response.empty()) { + std::string ocsp_path = "/ocsp/" + leaf_serial_text; + leaf_ocsp_urls.push_back(aia_http_server_->GetURL(ocsp_path)); + aia_http_server_->RegisterRequestHandler( + base::BindRepeating(ServeResponseForSubPaths, ocsp_path, HTTP_OK, + "application/ocsp-response", ocsp_response)); + } + + std::string stapled_ocsp_response; + if (!MaybeCreateOCSPResponse(leaf.get(), cert_config_.stapled_ocsp_config, + &stapled_ocsp_response)) { return false; + } + if (!stapled_ocsp_response.empty()) { + ssl_config_.ocsp_response = std::vector<uint8_t>( + stapled_ocsp_response.begin(), stapled_ocsp_response.end()); + } + + std::string intermediate_ocsp_response; + if (!MaybeCreateOCSPResponse(intermediate.get(), + cert_config_.intermediate_ocsp_config, + &intermediate_ocsp_response)) { + return false; + } + if (!intermediate_ocsp_response.empty()) { + std::string intermediate_ocsp_path = "/ocsp/" + intermediate_serial_text; + intermediate->SetCaIssuersAndOCSPUrls( + {}, {aia_http_server_->GetURL(intermediate_ocsp_path)}); + aia_http_server_->RegisterRequestHandler(base::BindRepeating( + ServeResponseForSubPaths, intermediate_ocsp_path, HTTP_OK, + "application/ocsp-response", intermediate_ocsp_response)); + } + + if (cert_config_.intermediate == IntermediateType::kByAIA) { + std::string ca_issuers_path = "/ca_issuers/" + intermediate_serial_text; + leaf_ca_issuers_urls.push_back(aia_http_server_->GetURL(ca_issuers_path)); - // Generate intermediate: - CertBuilder intermediate(orig_leaf_and_intermediate[1]->cert_buffer(), - static_root.get()); - std::string intermediate_serial_text = - base::NumberToString(intermediate.GetSerialNumber()); - std::string intermediate_der = intermediate.GetDER(); + // Setup AIA server to serve the intermediate referred to by the leaf. + aia_http_server_->RegisterRequestHandler( + base::BindRepeating(ServeResponseForPath, ca_issuers_path, HTTP_OK, + "application/pkix-cert", intermediate->GetDER())); + } - // Generate leaf: - CertBuilder leaf(orig_leaf_and_intermediate[0]->cert_buffer(), &intermediate); - std::string ca_issuers_path = "/ca_issuers/" + intermediate_serial_text; - leaf.SetCaIssuersUrl(aia_http_server_->GetURL(ca_issuers_path)); + if (!leaf_ca_issuers_urls.empty() || !leaf_ocsp_urls.empty()) { + leaf->SetCaIssuersAndOCSPUrls(leaf_ca_issuers_urls, leaf_ocsp_urls); + } - // Setup AIA server to serve the intermediate referred to by the leaf. - aia_http_server_->RegisterRequestHandler( - base::BindRepeating(ServeResponseForPath, ca_issuers_path, HTTP_OK, - "application/pkix-cert", intermediate_der)); + if (cert_config_.intermediate == IntermediateType::kByAIA) { + // Server certificate chain does not include the intermediate. + x509_cert_ = leaf->GetX509Certificate(); + } else { + // Server certificate chain will include the intermediate, if there is one. + x509_cert_ = leaf->GetX509CertificateChain(); + } - // Server certificate chain does not include the intermediate. - x509_cert_ = leaf.GetX509Certificate(); - private_key_ = bssl::UpRef(leaf.GetKey()); + private_key_ = bssl::UpRef(leaf->GetKey()); // If this server is already accepting connections but is being reconfigured, // start the new AIA server now. Otherwise, wait until @@ -388,8 +641,8 @@ void EmbeddedTestServer::HandleRequest(HttpConnection* connection, response->SendResponse( base::BindRepeating(&HttpConnection::SendResponseBytes, connection->GetWeakPtr()), - base::BindOnce(&EmbeddedTestServer::DidClose, weak_factory_.GetWeakPtr(), - connection)); + base::BindOnce(&EmbeddedTestServer::OnResponseCompleted, + weak_factory_.GetWeakPtr(), connection)); } GURL EmbeddedTestServer::GetURL(const std::string& relative_url) const { @@ -408,28 +661,53 @@ GURL EmbeddedTestServer::GetURL( return local_url.ReplaceComponents(replace_host); } -void EmbeddedTestServer::SetSSLConfig(ServerCertificate cert, - const SSLServerConfig& ssl_config) { +bool EmbeddedTestServer::GetAddressList(AddressList* address_list) const { + *address_list = AddressList(local_endpoint_); + return true; +} + +std::string EmbeddedTestServer::GetIPLiteralString() const { + return local_endpoint_.address().ToString(); +} + +void EmbeddedTestServer::SetSSLConfigInternal( + ServerCertificate cert, + const ServerCertificateConfig* cert_config, + const SSLServerConfig& ssl_config) { DCHECK(!Started()); cert_ = cert; + DCHECK(!cert_config || cert == CERT_AUTO); + cert_config_ = cert_config ? *cert_config : ServerCertificateConfig(); x509_cert_ = nullptr; private_key_ = nullptr; ssl_config_ = ssl_config; } -bool EmbeddedTestServer::GetAddressList(AddressList* address_list) const { - *address_list = AddressList(local_endpoint_); - return true; +void EmbeddedTestServer::SetSSLConfig(ServerCertificate cert, + const SSLServerConfig& ssl_config) { + SetSSLConfigInternal(cert, /*cert_config=*/nullptr, ssl_config); } -std::string EmbeddedTestServer::GetIPLiteralString() const { - return local_endpoint_.address().ToString(); +void EmbeddedTestServer::SetSSLConfig(ServerCertificate cert) { + SetSSLConfigInternal(cert, /*cert_config=*/nullptr, SSLServerConfig()); +} + +void EmbeddedTestServer::SetSSLConfig( + const ServerCertificateConfig& cert_config, + const SSLServerConfig& ssl_config) { + SetSSLConfigInternal(CERT_AUTO, &cert_config, ssl_config); +} + +void EmbeddedTestServer::SetSSLConfig( + const ServerCertificateConfig& cert_config) { + SetSSLConfigInternal(CERT_AUTO, &cert_config, SSLServerConfig()); } bool EmbeddedTestServer::ResetSSLConfigOnIOThread( ServerCertificate cert, const SSLServerConfig& ssl_config) { cert_ = cert; + cert_config_ = ServerCertificateConfig(); ssl_config_ = ssl_config; connections_.clear(); return InitializeSSLServerContext(); @@ -442,10 +720,6 @@ bool EmbeddedTestServer::ResetSSLConfig(ServerCertificate cert, base::Unretained(this), cert, ssl_config)); } -void EmbeddedTestServer::SetSSLConfig(ServerCertificate cert) { - SetSSLConfig(cert, SSLServerConfig()); -} - std::string EmbeddedTestServer::GetCertificateName() const { DCHECK(is_using_ssl_); switch (cert_) { @@ -470,7 +744,7 @@ std::string EmbeddedTestServer::GetCertificateName() const { return "bad_validity.pem"; case CERT_TEST_NAMES: return "test_names.pem"; - case CERT_AUTO_AIA_INTERMEDIATE: + case CERT_AUTO: return std::string(); } @@ -642,6 +916,22 @@ bool EmbeddedTestServer::HandleReadResult(HttpConnection* connection, int rv) { return true; } +void EmbeddedTestServer::OnResponseCompleted(HttpConnection* connection) { + DCHECK(io_thread_->task_runner()->BelongsToCurrentThread()); + DCHECK(connection); + DCHECK_EQ(1u, connections_.count(connection->socket_.get())); + + std::unique_ptr<StreamSocket> socket = std::move(connection->socket_); + connections_.erase(socket.get()); + + // |connection| is now invalid, don't use it again. + + // Only allow the connection listener to take the socket if it is still open. + if (socket->IsConnected() && connection_listener_) { + connection_listener_->OnResponseCompletedSuccessfully(std::move(socket)); + } +} + void EmbeddedTestServer::DidClose(HttpConnection* connection) { DCHECK(io_thread_->task_runner()->BelongsToCurrentThread()); DCHECK(connection); diff --git a/chromium/net/test/embedded_test_server/embedded_test_server.h b/chromium/net/test/embedded_test_server/embedded_test_server.h index 617b7b844c9..699e64f6a4c 100644 --- a/chromium/net/test/embedded_test_server/embedded_test_server.h +++ b/chromium/net/test/embedded_test_server/embedded_test_server.h @@ -23,6 +23,7 @@ #include "net/base/address_list.h" #include "net/base/host_port_pair.h" #include "net/base/ip_endpoint.h" +#include "net/cert/ocsp_revocation_status.h" #include "net/cert/x509_certificate.h" #include "net/socket/ssl_server_socket.h" #include "net/socket/stream_socket.h" @@ -130,12 +131,141 @@ class EmbeddedTestServer { // and rerunning net/data/ssl/scripts/generate-test-certs.sh. CERT_TEST_NAMES, - // TODO(crbug.com/846909): handle CERT_AUTO and CERT_AUTO_WITH_INTERMEDIATE + // A certificate will be generated at runtime. A ServerCertificateConfig + // passed to SetSSLConfig may be used to configure the details of the + // generated certificate. + CERT_AUTO, + }; + + enum class IntermediateType { + // Generated cert is issued directly by the CA. + kNone, + // Generated cert is issued by a generated intermediate cert, which is + // included in the TLS handshake. + kInHandshake, + // Generated cert is issued by a generated intermediate, which is NOT + // included in the TLS handshake, but is available through the leaf's + // AIA caIssuers URL. + kByAIA, + }; - // Generate an intermediate cert, and generate a test certificate issued by - // that intermediate with an AIA record for retrieving the intermediate. - // The intermediate is not included in the TLS handshake. - CERT_AUTO_AIA_INTERMEDIATE, + struct OCSPConfig { + // Enumerates the types of OCSP response that the testserver can produce. + enum class ResponseType { + // OCSP will not be enabled for the corresponding config. + kOff, + // These correspond to the OCSPResponseStatus enumeration in RFC + // 6960. + kSuccessful, + kMalformedRequest, + kInternalError, + kTryLater, + kSigRequired, + kUnauthorized, + // The response will not be valid OCSPResponse DER. + kInvalidResponse, + // OCSPResponse will be valid DER but the contained ResponseData will not. + kInvalidResponseData, + }; + + // OCSPProduced describes the time of the producedAt field in the + // OCSP response relative to the certificate the response is for. + enum class Produced { + // producedAt is between certificate's notBefore and notAfter dates. + kValid, + // producedAt is before certificate's notBefore date. + kBeforeCert, + // producedAt is after certificate's notAfter date. + kAfterCert, + }; + + struct SingleResponse { + // Date describes the thisUpdate..nextUpdate ranges for OCSP + // singleResponses, relative to the current time. + enum class Date { + // The singleResponse is valid for 7 days, and includes the current + // time. + kValid, + // The singleResponse is valid for 7 days, but nextUpdate is before the + // current time. + kOld, + // The singleResponse is valid for 7 days, but thisUpdate is after the + // current time. + kEarly, + // The singleResponse is valid for 366 days, and includes the current + // time. + kLong, + // The singleResponse is valid for 368 days, and includes the current + // time. + kLonger, + }; + + // Configures whether a generated OCSP singleResponse's serial field + // matches the serial number of the target certificate. + enum class Serial { + kMatch, + kMismatch, + }; + + OCSPRevocationStatus cert_status = OCSPRevocationStatus::GOOD; + Date ocsp_date = Date::kValid; + Serial serial = Serial::kMatch; + }; + + OCSPConfig(); + // Configure OCSP response with |response_type|. + explicit OCSPConfig(ResponseType response_type); + // Configure a successful OCSP response with |single_responses|. |produced| + // specifies the response's producedAt value, relative to the validity + // period of the certificate the OCSPConfig is for. + explicit OCSPConfig(std::vector<SingleResponse> single_responses, + Produced produced = Produced::kValid); + OCSPConfig(const OCSPConfig&); + OCSPConfig(OCSPConfig&&); + ~OCSPConfig(); + OCSPConfig& operator=(const OCSPConfig&); + OCSPConfig& operator=(OCSPConfig&&); + + ResponseType response_type = ResponseType::kOff; + Produced produced = Produced::kValid; + std::vector<SingleResponse> single_responses; + }; + + // Configuration for generated server certificate. + struct ServerCertificateConfig { + ServerCertificateConfig(); + ServerCertificateConfig(const ServerCertificateConfig&); + ServerCertificateConfig(ServerCertificateConfig&&); + ~ServerCertificateConfig(); + ServerCertificateConfig& operator=(const ServerCertificateConfig&); + ServerCertificateConfig& operator=(ServerCertificateConfig&&); + + // Configure whether the generated certificate chain should include an + // intermediate, and if so, how it is delivered to the client. + IntermediateType intermediate = IntermediateType::kNone; + + // Configure OCSP handling. + // Note: In the current implementation the AIA request handler does not + // actually parse the OCSP request (a different OCSP URL is used for each + // cert). So this is useful for testing the client's handling of the OCSP + // response, but not for testing that the client is sending a proper OCSP + // request. + // + // AIA OCSP for the leaf cert. If |kOff|, no AIA OCSP URL will be included + // in the leaf cert. + OCSPConfig ocsp_config; + // Stapled OCSP for the leaf cert. If |kOff|, OCSP Stapling will not be + // used. + OCSPConfig stapled_ocsp_config; + // AIA OCSP for the intermediate cert. If |kOff|, no AIA OCSP URL will be + // included in the intermediate cert. It is invalid to supply a + // configuration other than |kOff| if |intermediate| is |kNone|. + OCSPConfig intermediate_ocsp_config; + + // Certificate policy OIDs, in text notation (e.g. "1.2.3.4"). If + // non-empty, the policies will be added to the leaf cert and the + // intermediate cert (if an intermediate is configured). + std::vector<std::string> policy_oids; }; typedef base::RepeatingCallback<std::unique_ptr<HttpResponse>( @@ -222,8 +352,14 @@ class EmbeddedTestServer { // Returns the port number used by the server. uint16_t port() const { return port_; } + // SetSSLConfig sets the SSL configuration for the server. It is invalid to + // call after the server is started. If called multiple times, the last call + // will have effect. void SetSSLConfig(ServerCertificate cert, const SSLServerConfig& ssl_config); void SetSSLConfig(ServerCertificate cert); + void SetSSLConfig(const ServerCertificateConfig& cert_config, + const SSLServerConfig& ssl_config); + void SetSSLConfig(const ServerCertificateConfig& cert_config); // TODO(mattm): make this WARN_UNUSED_RESULT bool ResetSSLConfig(ServerCertificate cert, @@ -280,6 +416,12 @@ class EmbeddedTestServer { // Shuts down the server. void ShutdownOnIOThread(); + // Sets the SSL configuration for the server. It is invalid for |cert_config| + // to be non-null if |cert| is not CERT_AUTO. + void SetSSLConfigInternal(ServerCertificate cert, + const ServerCertificateConfig* cert_config, + const SSLServerConfig& ssl_config); + // Resets the SSLServerConfig on the IO thread. bool ResetSSLConfigOnIOThread(ServerCertificate cert, const SSLServerConfig& ssl_config); @@ -307,6 +449,11 @@ class EmbeddedTestServer { // request has been received. bool HandleReadResult(HttpConnection* connection, int rv); + // Called when |connection| is finished writing the response and the socket + // can be closed, allowing for |connnection_listener_| to take it if the + // socket is still open. + void OnResponseCompleted(HttpConnection* connection); + // Closes and removes the connection upon error or completion. void DidClose(HttpConnection* connection); @@ -364,6 +511,7 @@ class EmbeddedTestServer { net::SSLServerConfig ssl_config_; ServerCertificate cert_; + ServerCertificateConfig cert_config_; scoped_refptr<X509Certificate> x509_cert_; bssl::UniquePtr<EVP_PKEY> private_key_; std::unique_ptr<SSLServerContext> context_; diff --git a/chromium/net/test/embedded_test_server/embedded_test_server_connection_listener.h b/chromium/net/test/embedded_test_server/embedded_test_server_connection_listener.h index f205bbfcd86..89422d02a83 100644 --- a/chromium/net/test/embedded_test_server/embedded_test_server_connection_listener.h +++ b/chromium/net/test/embedded_test_server/embedded_test_server_connection_listener.h @@ -24,6 +24,13 @@ class EmbeddedTestServerConnectionListener { // Notified when a socket was read from by the EmbeddedTestServer. virtual void ReadFromSocket(const StreamSocket& socket, int rv) = 0; + // Notified when the EmbeddedTestServer has completed a request and response + // successfully on |socket|. The listener can take |socket| to manually handle + // further traffic on it (for example, if doing a proxy tunnel), otherwise + // |socket| is destroyed. + virtual void OnResponseCompletedSuccessfully( + std::unique_ptr<StreamSocket> socket) {} + protected: EmbeddedTestServerConnectionListener() {} diff --git a/chromium/net/test/embedded_test_server/embedded_test_server_unittest.cc b/chromium/net/test/embedded_test_server/embedded_test_server_unittest.cc index 58ed5958426..6508c1a32e9 100644 --- a/chromium/net/test/embedded_test_server/embedded_test_server_unittest.cc +++ b/chromium/net/test/embedded_test_server/embedded_test_server_unittest.cc @@ -33,8 +33,6 @@ #include "net/test/gtest_util.h" #include "net/test/test_with_task_environment.h" #include "net/traffic_annotation/network_traffic_annotation_test_helper.h" -#include "net/url_request/url_fetcher.h" -#include "net/url_request/url_fetcher_delegate.h" #include "net/url_request/url_request.h" #include "net/url_request/url_request_test_util.h" #include "testing/gmock/include/gmock/gmock.h" @@ -45,29 +43,6 @@ using net::test::IsOk; namespace net { namespace test_server { -namespace { - -// Gets the content from the given URLFetcher. -std::string GetContentFromFetcher(const URLFetcher& fetcher) { - std::string result; - const bool success = fetcher.GetResponseAsString(&result); - EXPECT_TRUE(success); - return result; -} - -// Gets the content type from the given URLFetcher. -std::string GetContentTypeFromFetcher(const URLFetcher& fetcher) { - const HttpResponseHeaders* headers = fetcher.GetResponseHeaders(); - if (headers) { - std::string content_type; - if (headers->GetMimeType(&content_type)) - return content_type; - } - return std::string(); -} - -} // namespace - // Gets notified by the EmbeddedTestServer on incoming connections being // accepted, read from, or closed. class TestConnectionListener @@ -76,6 +51,7 @@ class TestConnectionListener TestConnectionListener() : socket_accepted_count_(0), did_read_from_socket_(false), + did_get_socket_on_complete_(false), task_runner_(base::ThreadTaskRunnerHandle::Get()) {} ~TestConnectionListener() override = default; @@ -97,8 +73,17 @@ class TestConnectionListener did_read_from_socket_ = true; } + void OnResponseCompletedSuccessfully( + std::unique_ptr<StreamSocket> socket) override { + base::AutoLock lock(lock_); + did_get_socket_on_complete_ = socket && socket->IsConnected(); + complete_loop_.Quit(); + } + void WaitUntilFirstConnectionAccepted() { accept_loop_.Run(); } + void WaitUntilGotSocketFromResponseCompleted() { complete_loop_.Run(); } + size_t SocketAcceptedCount() const { base::AutoLock lock(lock_); return socket_accepted_count_; @@ -109,11 +94,18 @@ class TestConnectionListener return did_read_from_socket_; } + bool DidGetSocketOnComplete() const { + base::AutoLock lock(lock_); + return did_get_socket_on_complete_; + } + private: size_t socket_accepted_count_; bool did_read_from_socket_; + bool did_get_socket_on_complete_; base::RunLoop accept_loop_; + base::RunLoop complete_loop_; scoped_refptr<base::SingleThreadTaskRunner> task_runner_; mutable base::Lock lock_; @@ -123,22 +115,11 @@ class TestConnectionListener class EmbeddedTestServerTest : public testing::TestWithParam<EmbeddedTestServer::Type>, - public URLFetcherDelegate, public WithTaskEnvironment { public: - EmbeddedTestServerTest() - : num_responses_received_(0), - num_responses_expected_(0), - io_thread_("io_thread") {} + EmbeddedTestServerTest() {} void SetUp() override { - base::Thread::Options thread_options; - thread_options.message_pump_type = base::MessagePumpType::IO; - ASSERT_TRUE(io_thread_.StartWithOptions(thread_options)); - - request_context_getter_ = base::MakeRefCounted<TestURLRequestContextGetter>( - io_thread_.task_runner()); - server_ = std::make_unique<EmbeddedTestServer>(GetParam()); server_->SetConnectionListener(&connection_listener_); } @@ -148,23 +129,6 @@ class EmbeddedTestServerTest ASSERT_TRUE(server_->ShutdownAndWaitUntilComplete()); } - // URLFetcherDelegate override. - void OnURLFetchComplete(const URLFetcher* source) override { - ++num_responses_received_; - if (num_responses_received_ == num_responses_expected_) - std::move(quit_run_loop_).Run(); - } - - // Waits until the specified number of responses are received. - void WaitForResponses(int num_responses) { - num_responses_received_ = 0; - num_responses_expected_ = num_responses; - // Will be terminated in OnURLFetchComplete(). - base::RunLoop run_loop; - quit_run_loop_ = run_loop.QuitClosure(); - run_loop.Run(); - } - // Handles |request| sent to |path| and returns the response per |content|, // |content type|, and |code|. Saves the request URL for verification. std::unique_ptr<HttpResponse> HandleRequest(const std::string& path, @@ -187,12 +151,9 @@ class EmbeddedTestServerTest } protected: - int num_responses_received_; - int num_responses_expected_; std::string request_relative_url_; GURL request_absolute_url_; - base::Thread io_thread_; - scoped_refptr<TestURLRequestContextGetter> request_context_getter_; + TestURLRequestContext context_; TestConnectionListener connection_listener_; std::unique_ptr<EmbeddedTestServer> server_; base::OnceClosure quit_run_loop_; @@ -241,17 +202,22 @@ TEST_P(EmbeddedTestServerTest, RegisterRequestHandler) { "<b>Worked!</b>", "text/html", HTTP_OK)); ASSERT_TRUE(server_->Start()); - std::unique_ptr<URLFetcher> fetcher = - URLFetcher::Create(server_->GetURL("/test?q=foo"), URLFetcher::GET, this, - TRAFFIC_ANNOTATION_FOR_TESTS); - fetcher->SetRequestContext(request_context_getter_.get()); - fetcher->Start(); - WaitForResponses(1); + TestDelegate delegate; + std::unique_ptr<URLRequest> request( + context_.CreateRequest(server_->GetURL("/test?q=foo"), DEFAULT_PRIORITY, + &delegate, TRAFFIC_ANNOTATION_FOR_TESTS)); + + request->Start(); + delegate.RunUntilComplete(); - EXPECT_EQ(URLRequestStatus::SUCCESS, fetcher->GetStatus().status()); - EXPECT_EQ(HTTP_OK, fetcher->GetResponseCode()); - EXPECT_EQ("<b>Worked!</b>", GetContentFromFetcher(*fetcher)); - EXPECT_EQ("text/html", GetContentTypeFromFetcher(*fetcher)); + EXPECT_EQ(net::OK, delegate.request_status()); + ASSERT_TRUE(request->response_headers()); + EXPECT_EQ(HTTP_OK, request->response_headers()->response_code()); + EXPECT_EQ("<b>Worked!</b>", delegate.data_received()); + std::string content_type; + ASSERT_TRUE(request->response_headers()->GetNormalizedHeader("Content-Type", + &content_type)); + EXPECT_EQ("text/html", content_type); EXPECT_EQ("/test?q=foo", request_relative_url_); EXPECT_EQ(server_->GetURL("/test?q=foo"), request_absolute_url_); @@ -264,17 +230,22 @@ TEST_P(EmbeddedTestServerTest, ServeFilesFromDirectory) { src_dir.AppendASCII("net").AppendASCII("data")); ASSERT_TRUE(server_->Start()); - std::unique_ptr<URLFetcher> fetcher = - URLFetcher::Create(server_->GetURL("/test.html"), URLFetcher::GET, this, - TRAFFIC_ANNOTATION_FOR_TESTS); - fetcher->SetRequestContext(request_context_getter_.get()); - fetcher->Start(); - WaitForResponses(1); - - EXPECT_EQ(URLRequestStatus::SUCCESS, fetcher->GetStatus().status()); - EXPECT_EQ(HTTP_OK, fetcher->GetResponseCode()); - EXPECT_EQ("<p>Hello World!</p>", GetContentFromFetcher(*fetcher)); - EXPECT_EQ("text/html", GetContentTypeFromFetcher(*fetcher)); + TestDelegate delegate; + std::unique_ptr<URLRequest> request( + context_.CreateRequest(server_->GetURL("/test.html"), DEFAULT_PRIORITY, + &delegate, TRAFFIC_ANNOTATION_FOR_TESTS)); + + request->Start(); + delegate.RunUntilComplete(); + + EXPECT_EQ(net::OK, delegate.request_status()); + ASSERT_TRUE(request->response_headers()); + EXPECT_EQ(HTTP_OK, request->response_headers()->response_code()); + EXPECT_EQ("<p>Hello World!</p>", delegate.data_received()); + std::string content_type; + ASSERT_TRUE(request->response_headers()->GetNormalizedHeader("Content-Type", + &content_type)); + EXPECT_EQ("text/html", content_type); } TEST_P(EmbeddedTestServerTest, MockHeadersWithoutCRLF) { @@ -285,31 +256,38 @@ TEST_P(EmbeddedTestServerTest, MockHeadersWithoutCRLF) { "embedded_test_server")); ASSERT_TRUE(server_->Start()); - std::unique_ptr<URLFetcher> fetcher = - URLFetcher::Create(server_->GetURL("/mock-headers-without-crlf.html"), - URLFetcher::GET, this, TRAFFIC_ANNOTATION_FOR_TESTS); - fetcher->SetRequestContext(request_context_getter_.get()); - fetcher->Start(); - WaitForResponses(1); - - EXPECT_EQ(URLRequestStatus::SUCCESS, fetcher->GetStatus().status()); - EXPECT_EQ(HTTP_OK, fetcher->GetResponseCode()); - EXPECT_EQ("<p>Hello World!</p>", GetContentFromFetcher(*fetcher)); - EXPECT_EQ("text/html", GetContentTypeFromFetcher(*fetcher)); + TestDelegate delegate; + std::unique_ptr<URLRequest> request(context_.CreateRequest( + server_->GetURL("/mock-headers-without-crlf.html"), DEFAULT_PRIORITY, + &delegate, TRAFFIC_ANNOTATION_FOR_TESTS)); + + request->Start(); + delegate.RunUntilComplete(); + + EXPECT_EQ(net::OK, delegate.request_status()); + ASSERT_TRUE(request->response_headers()); + EXPECT_EQ(HTTP_OK, request->response_headers()->response_code()); + EXPECT_EQ("<p>Hello World!</p>", delegate.data_received()); + std::string content_type; + ASSERT_TRUE(request->response_headers()->GetNormalizedHeader("Content-Type", + &content_type)); + EXPECT_EQ("text/html", content_type); } TEST_P(EmbeddedTestServerTest, DefaultNotFoundResponse) { ASSERT_TRUE(server_->Start()); - std::unique_ptr<URLFetcher> fetcher = - URLFetcher::Create(server_->GetURL("/non-existent"), URLFetcher::GET, - this, TRAFFIC_ANNOTATION_FOR_TESTS); - fetcher->SetRequestContext(request_context_getter_.get()); + TestDelegate delegate; + std::unique_ptr<URLRequest> request( + context_.CreateRequest(server_->GetURL("/non-existent"), DEFAULT_PRIORITY, + &delegate, TRAFFIC_ANNOTATION_FOR_TESTS)); + + request->Start(); + delegate.RunUntilComplete(); - fetcher->Start(); - WaitForResponses(1); - EXPECT_EQ(URLRequestStatus::SUCCESS, fetcher->GetStatus().status()); - EXPECT_EQ(HTTP_NOT_FOUND, fetcher->GetResponseCode()); + EXPECT_EQ(net::OK, delegate.request_status()); + ASSERT_TRUE(request->response_headers()); + EXPECT_EQ(HTTP_NOT_FOUND, request->response_headers()->response_code()); } TEST_P(EmbeddedTestServerTest, ConnectionListenerAccept) { @@ -329,20 +307,44 @@ TEST_P(EmbeddedTestServerTest, ConnectionListenerAccept) { EXPECT_EQ(1u, connection_listener_.SocketAcceptedCount()); EXPECT_FALSE(connection_listener_.DidReadFromSocket()); + EXPECT_FALSE(connection_listener_.DidGetSocketOnComplete()); } TEST_P(EmbeddedTestServerTest, ConnectionListenerRead) { ASSERT_TRUE(server_->Start()); - std::unique_ptr<URLFetcher> fetcher = - URLFetcher::Create(server_->GetURL("/non-existent"), URLFetcher::GET, - this, TRAFFIC_ANNOTATION_FOR_TESTS); - fetcher->SetRequestContext(request_context_getter_.get()); + TestDelegate delegate; + std::unique_ptr<URLRequest> request( + context_.CreateRequest(server_->GetURL("/non-existent"), DEFAULT_PRIORITY, + &delegate, TRAFFIC_ANNOTATION_FOR_TESTS)); + + request->Start(); + delegate.RunUntilComplete(); + + EXPECT_EQ(1u, connection_listener_.SocketAcceptedCount()); + EXPECT_TRUE(connection_listener_.DidReadFromSocket()); +} + +TEST_P(EmbeddedTestServerTest, ConnectionListenerComplete) { + if (GetParam() == EmbeddedTestServer::TYPE_HTTP) { + // Test is flaky on HTTP. crbug/1073761. + return; + } + ASSERT_TRUE(server_->Start()); + + TestDelegate delegate; + std::unique_ptr<URLRequest> request( + context_.CreateRequest(server_->GetURL("/non-existent"), DEFAULT_PRIORITY, + &delegate, TRAFFIC_ANNOTATION_FOR_TESTS)); + + request->Start(); + delegate.RunUntilComplete(); - fetcher->Start(); - WaitForResponses(1); EXPECT_EQ(1u, connection_listener_.SocketAcceptedCount()); EXPECT_TRUE(connection_listener_.DidReadFromSocket()); + + connection_listener_.WaitUntilGotSocketFromResponseCompleted(); + EXPECT_TRUE(connection_listener_.DidGetSocketOnComplete()); } TEST_P(EmbeddedTestServerTest, ConcurrentFetches) { @@ -357,39 +359,61 @@ TEST_P(EmbeddedTestServerTest, ConcurrentFetches) { "No chocolates", "text/plain", HTTP_NOT_FOUND)); ASSERT_TRUE(server_->Start()); - std::unique_ptr<URLFetcher> fetcher1 = - URLFetcher::Create(server_->GetURL("/test1"), URLFetcher::GET, this, - TRAFFIC_ANNOTATION_FOR_TESTS); - fetcher1->SetRequestContext(request_context_getter_.get()); - std::unique_ptr<URLFetcher> fetcher2 = - URLFetcher::Create(server_->GetURL("/test2"), URLFetcher::GET, this, - TRAFFIC_ANNOTATION_FOR_TESTS); - fetcher2->SetRequestContext(request_context_getter_.get()); - std::unique_ptr<URLFetcher> fetcher3 = - URLFetcher::Create(server_->GetURL("/test3"), URLFetcher::GET, this, - TRAFFIC_ANNOTATION_FOR_TESTS); - fetcher3->SetRequestContext(request_context_getter_.get()); - - // Fetch the three URLs concurrently. - fetcher1->Start(); - fetcher2->Start(); - fetcher3->Start(); - WaitForResponses(3); - - EXPECT_EQ(URLRequestStatus::SUCCESS, fetcher1->GetStatus().status()); - EXPECT_EQ(HTTP_OK, fetcher1->GetResponseCode()); - EXPECT_EQ("Raspberry chocolate", GetContentFromFetcher(*fetcher1)); - EXPECT_EQ("text/html", GetContentTypeFromFetcher(*fetcher1)); - - EXPECT_EQ(URLRequestStatus::SUCCESS, fetcher2->GetStatus().status()); - EXPECT_EQ(HTTP_OK, fetcher2->GetResponseCode()); - EXPECT_EQ("Vanilla chocolate", GetContentFromFetcher(*fetcher2)); - EXPECT_EQ("text/html", GetContentTypeFromFetcher(*fetcher2)); - - EXPECT_EQ(URLRequestStatus::SUCCESS, fetcher3->GetStatus().status()); - EXPECT_EQ(HTTP_NOT_FOUND, fetcher3->GetResponseCode()); - EXPECT_EQ("No chocolates", GetContentFromFetcher(*fetcher3)); - EXPECT_EQ("text/plain", GetContentTypeFromFetcher(*fetcher3)); + TestDelegate delegate1; + std::unique_ptr<URLRequest> request1( + context_.CreateRequest(server_->GetURL("/test1"), DEFAULT_PRIORITY, + &delegate1, TRAFFIC_ANNOTATION_FOR_TESTS)); + TestDelegate delegate2; + std::unique_ptr<URLRequest> request2( + context_.CreateRequest(server_->GetURL("/test2"), DEFAULT_PRIORITY, + &delegate2, TRAFFIC_ANNOTATION_FOR_TESTS)); + TestDelegate delegate3; + std::unique_ptr<URLRequest> request3( + context_.CreateRequest(server_->GetURL("/test3"), DEFAULT_PRIORITY, + &delegate3, TRAFFIC_ANNOTATION_FOR_TESTS)); + + // Fetch the three URLs concurrently. Have to manually create RunLoops when + // running multiple requests simultaneously, to avoid the deprecated + // RunUntilIdle() path. + base::RunLoop run_loop1; + base::RunLoop run_loop2; + base::RunLoop run_loop3; + delegate1.set_on_complete(run_loop1.QuitClosure()); + delegate2.set_on_complete(run_loop2.QuitClosure()); + delegate3.set_on_complete(run_loop3.QuitClosure()); + request1->Start(); + request2->Start(); + request3->Start(); + run_loop1.Run(); + run_loop2.Run(); + run_loop3.Run(); + + EXPECT_EQ(net::OK, delegate2.request_status()); + ASSERT_TRUE(request1->response_headers()); + EXPECT_EQ(HTTP_OK, request1->response_headers()->response_code()); + EXPECT_EQ("Raspberry chocolate", delegate1.data_received()); + std::string content_type1; + ASSERT_TRUE(request1->response_headers()->GetNormalizedHeader( + "Content-Type", &content_type1)); + EXPECT_EQ("text/html", content_type1); + + EXPECT_EQ(net::OK, delegate2.request_status()); + ASSERT_TRUE(request2->response_headers()); + EXPECT_EQ(HTTP_OK, request2->response_headers()->response_code()); + EXPECT_EQ("Vanilla chocolate", delegate2.data_received()); + std::string content_type2; + ASSERT_TRUE(request2->response_headers()->GetNormalizedHeader( + "Content-Type", &content_type2)); + EXPECT_EQ("text/html", content_type2); + + EXPECT_EQ(net::OK, delegate3.request_status()); + ASSERT_TRUE(request3->response_headers()); + EXPECT_EQ(HTTP_NOT_FOUND, request3->response_headers()->response_code()); + EXPECT_EQ("No chocolates", delegate3.data_received()); + std::string content_type3; + ASSERT_TRUE(request3->response_headers()->GetNormalizedHeader( + "Content-Type", &content_type3)); + EXPECT_EQ("text/plain", content_type3); } namespace { @@ -451,7 +475,6 @@ std::unique_ptr<HttpResponse> HandleInfiniteRequest( // shutting down before it is discovered). TEST_P(EmbeddedTestServerTest, CloseDuringWrite) { CancelRequestDelegate cancel_delegate; - TestURLRequestContext context; cancel_delegate.set_cancel_in_response_started(true); server_->RegisterRequestHandler( base::BindRepeating(&HandlePrefixedRequest, "/infinite", @@ -459,8 +482,8 @@ TEST_P(EmbeddedTestServerTest, CloseDuringWrite) { ASSERT_TRUE(server_->Start()); std::unique_ptr<URLRequest> request = - context.CreateRequest(server_->GetURL("/infinite"), DEFAULT_PRIORITY, - &cancel_delegate, TRAFFIC_ANNOTATION_FOR_TESTS); + context_.CreateRequest(server_->GetURL("/infinite"), DEFAULT_PRIORITY, + &cancel_delegate, TRAFFIC_ANNOTATION_FOR_TESTS); request->Start(); cancel_delegate.WaitUntilDone(); } @@ -502,7 +525,6 @@ INSTANTIATE_TEST_SUITE_P(EmbeddedTestServerTestInstantiation, EmbeddedTestServerTest, testing::Values(EmbeddedTestServer::TYPE_HTTP, EmbeddedTestServer::TYPE_HTTPS)); - // Below test exercises EmbeddedTestServer's ability to cope with the situation // where there is no MessageLoop available on the thread at EmbeddedTestServer // initialization and/or destruction. @@ -514,8 +536,7 @@ class EmbeddedTestServerThreadingTest public WithTaskEnvironment {}; class EmbeddedTestServerThreadingTestDelegate - : public base::PlatformThread::Delegate, - public URLFetcherDelegate { + : public base::PlatformThread::Delegate { public: EmbeddedTestServerThreadingTestDelegate( bool message_loop_present_on_initialize, @@ -545,18 +566,15 @@ class EmbeddedTestServerThreadingTestDelegate base::MessagePumpType::IO); } - std::unique_ptr<URLFetcher> fetcher = - URLFetcher::Create(server.GetURL("/test?q=foo"), URLFetcher::GET, this, - TRAFFIC_ANNOTATION_FOR_TESTS); - auto test_context_getter = - base::MakeRefCounted<TestURLRequestContextGetter>( - executor->task_runner()); - fetcher->SetRequestContext(test_context_getter.get()); - base::RunLoop run_loop; - quit_run_loop_ = run_loop.QuitClosure(); - fetcher->Start(); - run_loop.Run(); - fetcher.reset(); + TestURLRequestContext context; + TestDelegate delegate; + std::unique_ptr<URLRequest> request( + context.CreateRequest(server.GetURL("/test?q=foo"), DEFAULT_PRIORITY, + &delegate, TRAFFIC_ANNOTATION_FOR_TESTS)); + + request->Start(); + delegate.RunUntilComplete(); + request.reset(); // Shut down. if (message_loop_present_on_shutdown_) @@ -565,18 +583,11 @@ class EmbeddedTestServerThreadingTestDelegate ASSERT_TRUE(server.ShutdownAndWaitUntilComplete()); } - // URLFetcherDelegate override. - void OnURLFetchComplete(const URLFetcher* source) override { - std::move(quit_run_loop_).Run(); - } - private: const bool message_loop_present_on_initialize_; const bool message_loop_present_on_shutdown_; const EmbeddedTestServer::Type type_; - base::OnceClosure quit_run_loop_; - DISALLOW_COPY_AND_ASSIGN(EmbeddedTestServerThreadingTestDelegate); }; diff --git a/chromium/net/test/embedded_test_server/http_response.cc b/chromium/net/test/embedded_test_server/http_response.cc index adf79c5bf1c..c4c80f78785 100644 --- a/chromium/net/test/embedded_test_server/http_response.cc +++ b/chromium/net/test/embedded_test_server/http_response.cc @@ -7,8 +7,8 @@ #include <utility> #include "base/bind.h" +#include "base/check.h" #include "base/format_macros.h" -#include "base/logging.h" #include "base/strings/string_util.h" #include "base/strings/stringprintf.h" #include "base/threading/sequenced_task_runner_handle.h" diff --git a/chromium/net/test/embedded_test_server/simple_connection_listener.cc b/chromium/net/test/embedded_test_server/simple_connection_listener.cc index e5d90f4050d..13f1c68f998 100644 --- a/chromium/net/test/embedded_test_server/simple_connection_listener.cc +++ b/chromium/net/test/embedded_test_server/simple_connection_listener.cc @@ -36,5 +36,8 @@ void SimpleConnectionListener::WaitForConnections() { run_loop_.Run(); } +void SimpleConnectionListener::OnResponseCompletedSuccessfully( + std::unique_ptr<StreamSocket> socket) {} + } // namespace test_server } // namespace net diff --git a/chromium/net/test/embedded_test_server/simple_connection_listener.h b/chromium/net/test/embedded_test_server/simple_connection_listener.h index 677fc2cc8d3..ac33245898f 100644 --- a/chromium/net/test/embedded_test_server/simple_connection_listener.h +++ b/chromium/net/test/embedded_test_server/simple_connection_listener.h @@ -40,6 +40,8 @@ class SimpleConnectionListener : public EmbeddedTestServerConnectionListener { std::unique_ptr<StreamSocket> AcceptedSocket( std::unique_ptr<StreamSocket> socket) override; void ReadFromSocket(const StreamSocket& socket, int rv) override; + void OnResponseCompletedSuccessfully( + std::unique_ptr<StreamSocket> socket) override; // Wait until the expected number of connections have been seen. void WaitForConnections(); diff --git a/chromium/net/test/net_test_suite.cc b/chromium/net/test/net_test_suite.cc index 98082e8c354..e5ef64c36b4 100644 --- a/chromium/net/test/net_test_suite.cc +++ b/chromium/net/test/net_test_suite.cc @@ -4,7 +4,7 @@ #include "net/test/net_test_suite.h" -#include "base/logging.h" +#include "base/check_op.h" #include "net/base/network_change_notifier.h" #include "net/http/http_stream_factory.h" #include "net/spdy/spdy_session.h" diff --git a/chromium/net/test/revocation_builder.cc b/chromium/net/test/revocation_builder.cc new file mode 100644 index 00000000000..2717fc7b9c9 --- /dev/null +++ b/chromium/net/test/revocation_builder.cc @@ -0,0 +1,511 @@ +// Copyright 2020 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/test/revocation_builder.h" + +#include "base/hash/sha1.h" +#include "net/cert/asn1_util.h" +#include "net/cert/x509_util.h" +#include "net/der/encode_values.h" +#include "net/der/input.h" +#include "testing/gtest/include/gtest/gtest.h" +#include "third_party/boringssl/src/include/openssl/bytestring.h" +#include "third_party/boringssl/src/include/openssl/mem.h" + +namespace net { + +namespace { + +std::string Sha256WithRSAEncryption() { + const uint8_t kSha256WithRSAEncryption[] = {0x30, 0x0D, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x01, 0x0b, 0x05, 0x00}; + return std::string(std::begin(kSha256WithRSAEncryption), + std::end(kSha256WithRSAEncryption)); +} + +std::string Sha1WithRSAEncryption() { + const uint8_t kSha1WithRSAEncryption[] = {0x30, 0x0D, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x01, 0x05, 0x05, 0x00}; + return std::string(std::begin(kSha1WithRSAEncryption), + std::end(kSha1WithRSAEncryption)); +} + +std::string Md5WithRSAEncryption() { + const uint8_t kMd5WithRSAEncryption[] = {0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x01, 0x04, 0x05, 0x00}; + return std::string(std::begin(kMd5WithRSAEncryption), + std::end(kMd5WithRSAEncryption)); +} + +std::string Sha1() { + // SEQUENCE { OBJECT_IDENTIFIER { 1.3.14.3.2.26 } } + const uint8_t kSHA1[] = {0x30, 0x07, 0x06, 0x05, 0x2b, + 0x0e, 0x03, 0x02, 0x1a}; + return std::string(std::begin(kSHA1), std::end(kSHA1)); +} + +// Adds bytes (specified as a StringPiece) to the given CBB. +// The argument ordering follows the boringssl CBB_* api style. +bool CBBAddBytes(CBB* cbb, base::StringPiece bytes) { + return CBB_add_bytes(cbb, reinterpret_cast<const uint8_t*>(bytes.data()), + bytes.size()); +} + +// Adds bytes (from fixed size array) to the given CBB. +// The argument ordering follows the boringssl CBB_* api style. +template <size_t N> +bool CBBAddBytes(CBB* cbb, const uint8_t (&data)[N]) { + return CBB_add_bytes(cbb, data, N); +} + +// Adds a GeneralizedTime value to the given CBB. +// The argument ordering follows the boringssl CBB_* api style. +bool CBBAddGeneralizedTime(CBB* cbb, const base::Time& time) { + der::GeneralizedTime generalized_time; + if (!der::EncodeTimeAsGeneralizedTime(time, &generalized_time)) + return false; + CBB time_cbb; + uint8_t out[der::kGeneralizedTimeLength]; + if (!der::EncodeGeneralizedTime(generalized_time, out) || + !CBB_add_asn1(cbb, &time_cbb, CBS_ASN1_GENERALIZEDTIME) || + !CBBAddBytes(&time_cbb, out) || !CBB_flush(cbb)) + return false; + return true; +} + +// Finalizes the CBB to a std::string. +std::string FinishCBB(CBB* cbb) { + size_t cbb_len; + uint8_t* cbb_bytes; + + if (!CBB_finish(cbb, &cbb_bytes, &cbb_len)) { + ADD_FAILURE() << "CBB_finish() failed"; + return std::string(); + } + + bssl::UniquePtr<uint8_t> delete_bytes(cbb_bytes); + return std::string(reinterpret_cast<char*>(cbb_bytes), cbb_len); +} + +std::string PKeyToSPK(const EVP_PKEY* pkey) { + bssl::ScopedCBB cbb; + if (!CBB_init(cbb.get(), 64) || !EVP_marshal_public_key(cbb.get(), pkey)) { + ADD_FAILURE(); + return std::string(); + } + std::string spki = FinishCBB(cbb.get()); + + base::StringPiece spk; + if (!asn1::ExtractSubjectPublicKeyFromSPKI(spki, &spk)) { + ADD_FAILURE(); + return std::string(); + } + + // ExtractSubjectPublicKeyFromSPKI() includes the unused bit count. For this + // application, the unused bit count must be zero, and is not included in the + // result. + if (!spk.starts_with("\0")) { + ADD_FAILURE(); + return std::string(); + } + spk.remove_prefix(1); + + return spk.as_string(); +} + +// Returns a DER-encoded OCSPResponse with the given |response_status|. +// |response_type| and |response| are optional and may be empty. +std::string EncodeOCSPResponse(OCSPResponse::ResponseStatus response_status, + der::Input response_type, + std::string response) { + // RFC 6960 section 4.2.1: + // + // OCSPResponse ::= SEQUENCE { + // responseStatus OCSPResponseStatus, + // responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } + // + // OCSPResponseStatus ::= ENUMERATED { + // successful (0), -- Response has valid confirmations + // malformedRequest (1), -- Illegal confirmation request + // internalError (2), -- Internal error in issuer + // tryLater (3), -- Try again later + // -- (4) is not used + // sigRequired (5), -- Must sign the request + // unauthorized (6) -- Request unauthorized + // } + // + // The value for responseBytes consists of an OBJECT IDENTIFIER and a + // response syntax identified by that OID encoded as an OCTET STRING. + // + // ResponseBytes ::= SEQUENCE { + // responseType OBJECT IDENTIFIER, + // response OCTET STRING } + bssl::ScopedCBB cbb; + CBB ocsp_response, ocsp_response_status, ocsp_response_bytes, + ocsp_response_bytes_sequence, ocsp_response_type, + ocsp_response_octet_string; + + if (!CBB_init(cbb.get(), 64 + response_type.Length() + response.size()) || + !CBB_add_asn1(cbb.get(), &ocsp_response, CBS_ASN1_SEQUENCE) || + !CBB_add_asn1(&ocsp_response, &ocsp_response_status, + CBS_ASN1_ENUMERATED) || + !CBB_add_u8(&ocsp_response_status, + static_cast<uint8_t>(response_status))) { + ADD_FAILURE(); + return std::string(); + } + + if (response_type.Length()) { + if (!CBB_add_asn1(&ocsp_response, &ocsp_response_bytes, + CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0) || + !CBB_add_asn1(&ocsp_response_bytes, &ocsp_response_bytes_sequence, + CBS_ASN1_SEQUENCE) || + !CBB_add_asn1(&ocsp_response_bytes_sequence, &ocsp_response_type, + CBS_ASN1_OBJECT) || + !CBBAddBytes(&ocsp_response_type, response_type.AsStringPiece()) || + !CBB_add_asn1(&ocsp_response_bytes_sequence, + &ocsp_response_octet_string, CBS_ASN1_OCTETSTRING) || + !CBBAddBytes(&ocsp_response_octet_string, response)) { + ADD_FAILURE(); + return std::string(); + } + } + + return FinishCBB(cbb.get()); +} + +// Adds a DER-encoded OCSP SingleResponse to |responses_cbb|. +// |issuer_name_hash| and |issuer_key_hash| should be binary SHA1 hashes. +bool AddOCSPSingleResponse(CBB* responses_cbb, + const OCSPBuilderSingleResponse& response, + const std::string& issuer_name_hash, + const std::string& issuer_key_hash) { + // RFC 6960 section 4.2.1: + // + // SingleResponse ::= SEQUENCE { + // certID CertID, + // certStatus CertStatus, + // thisUpdate GeneralizedTime, + // nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, + // singleExtensions [1] EXPLICIT Extensions OPTIONAL } + // + // CertStatus ::= CHOICE { + // good [0] IMPLICIT NULL, + // revoked [1] IMPLICIT RevokedInfo, + // unknown [2] IMPLICIT UnknownInfo } + // + // RevokedInfo ::= SEQUENCE { + // revocationTime GeneralizedTime, + // revocationReason [0] EXPLICIT CRLReason OPTIONAL } + // + // UnknownInfo ::= NULL + // + // RFC 6960 section 4.1.1: + // CertID ::= SEQUENCE { + // hashAlgorithm AlgorithmIdentifier, + // issuerNameHash OCTET STRING, -- Hash of issuer's DN + // issuerKeyHash OCTET STRING, -- Hash of issuer's public key + // serialNumber CertificateSerialNumber } + // + // The contents of CertID include the following fields: + // + // o hashAlgorithm is the hash algorithm used to generate the + // issuerNameHash and issuerKeyHash values. + // + // o issuerNameHash is the hash of the issuer's distinguished name + // (DN). The hash shall be calculated over the DER encoding of the + // issuer's name field in the certificate being checked. + // + // o issuerKeyHash is the hash of the issuer's public key. The hash + // shall be calculated over the value (excluding tag and length) of + // the subject public key field in the issuer's certificate. + // + // o serialNumber is the serial number of the certificate for which + // status is being requested. + + CBB single_response, issuer_name_hash_cbb, issuer_key_hash_cbb, cert_id; + if (!CBB_add_asn1(responses_cbb, &single_response, CBS_ASN1_SEQUENCE) || + !CBB_add_asn1(&single_response, &cert_id, CBS_ASN1_SEQUENCE) || + !CBBAddBytes(&cert_id, Sha1()) || + !CBB_add_asn1(&cert_id, &issuer_name_hash_cbb, CBS_ASN1_OCTETSTRING) || + !CBBAddBytes(&issuer_name_hash_cbb, issuer_name_hash) || + !CBB_add_asn1(&cert_id, &issuer_key_hash_cbb, CBS_ASN1_OCTETSTRING) || + !CBBAddBytes(&issuer_key_hash_cbb, issuer_key_hash) || + !CBB_add_asn1_uint64(&cert_id, response.serial)) { + ADD_FAILURE(); + return false; + } + + unsigned int cert_status_tag_number; + switch (response.cert_status) { + case OCSPRevocationStatus::GOOD: + cert_status_tag_number = CBS_ASN1_CONTEXT_SPECIFIC | 0; + break; + case OCSPRevocationStatus::REVOKED: + cert_status_tag_number = + CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 1; + break; + case OCSPRevocationStatus::UNKNOWN: + cert_status_tag_number = CBS_ASN1_CONTEXT_SPECIFIC | 2; + break; + } + + CBB cert_status_cbb; + if (!CBB_add_asn1(&single_response, &cert_status_cbb, + cert_status_tag_number)) { + ADD_FAILURE(); + return false; + } + if (response.cert_status == OCSPRevocationStatus::REVOKED && + !CBBAddGeneralizedTime(&cert_status_cbb, response.revocation_time)) { + ADD_FAILURE(); + return false; + } + + CBB next_update_cbb; + if (!CBBAddGeneralizedTime(&single_response, response.this_update) || + !CBB_add_asn1(&single_response, &next_update_cbb, + CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0) || + !CBBAddGeneralizedTime(&next_update_cbb, response.next_update)) { + ADD_FAILURE(); + return false; + } + + return CBB_flush(responses_cbb); +} + +} // namespace + +std::string BuildOCSPResponseError( + OCSPResponse::ResponseStatus response_status) { + DCHECK_NE(response_status, OCSPResponse::ResponseStatus::SUCCESSFUL); + return EncodeOCSPResponse(response_status, der::Input(), std::string()); +} + +std::string BuildOCSPResponse( + const std::string& responder_subject, + EVP_PKEY* responder_key, + base::Time produced_at, + const std::vector<OCSPBuilderSingleResponse>& responses) { + std::string responder_name_hash = base::SHA1HashString(responder_subject); + std::string responder_key_hash = + base::SHA1HashString(PKeyToSPK(responder_key)); + + // RFC 6960 section 4.2.1: + // + // ResponseData ::= SEQUENCE { + // version [0] EXPLICIT Version DEFAULT v1, + // responderID ResponderID, + // producedAt GeneralizedTime, + // responses SEQUENCE OF SingleResponse, + // responseExtensions [1] EXPLICIT Extensions OPTIONAL } + // + // ResponderID ::= CHOICE { + // byName [1] Name, + // byKey [2] KeyHash } + // + // KeyHash ::= OCTET STRING -- SHA-1 hash of responder's public key + // (excluding the tag and length fields) + bssl::ScopedCBB tbs_cbb; + CBB response_data, responder_id, responder_id_by_key, responses_cbb; + if (!CBB_init(tbs_cbb.get(), 64) || + !CBB_add_asn1(tbs_cbb.get(), &response_data, CBS_ASN1_SEQUENCE) || + // Version is the default v1, so it is not encoded. + !CBB_add_asn1(&response_data, &responder_id, + CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 2) || + !CBB_add_asn1(&responder_id, &responder_id_by_key, + CBS_ASN1_OCTETSTRING) || + !CBBAddBytes(&responder_id_by_key, responder_key_hash) || + !CBBAddGeneralizedTime(&response_data, produced_at) || + !CBB_add_asn1(&response_data, &responses_cbb, CBS_ASN1_SEQUENCE)) { + ADD_FAILURE(); + return std::string(); + } + + for (const auto& response : responses) { + if (!AddOCSPSingleResponse(&responses_cbb, response, responder_name_hash, + responder_key_hash)) { + return std::string(); + } + } + + // responseExtensions not currently supported. + + return BuildOCSPResponseWithResponseData(responder_key, + FinishCBB(tbs_cbb.get())); +} + +std::string BuildOCSPResponseWithResponseData( + EVP_PKEY* responder_key, + const std::string& tbs_response_data) { + // For a basic OCSP responder, responseType will be id-pkix-ocsp-basic. + // + // id-pkix-ocsp OBJECT IDENTIFIER ::= { id-ad-ocsp } + // id-pkix-ocsp-basic OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 } + // + // The value for response SHALL be the DER encoding of + // BasicOCSPResponse. + // + // BasicOCSPResponse ::= SEQUENCE { + // tbsResponseData ResponseData, + // signatureAlgorithm AlgorithmIdentifier, + // signature BIT STRING, + // certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } + // + // The value for signature SHALL be computed on the hash of the DER + // encoding of ResponseData. The responder MAY include certificates in + // the certs field of BasicOCSPResponse that help the OCSP client verify + // the responder's signature. If no certificates are included, then + // certs SHOULD be absent. + // + bssl::ScopedCBB basic_ocsp_response_cbb; + CBB basic_ocsp_response, signature; + bssl::ScopedEVP_MD_CTX ctx; + uint8_t* sig_out; + size_t sig_len; + if (!CBB_init(basic_ocsp_response_cbb.get(), 64 + tbs_response_data.size()) || + !CBB_add_asn1(basic_ocsp_response_cbb.get(), &basic_ocsp_response, + CBS_ASN1_SEQUENCE) || + !CBBAddBytes(&basic_ocsp_response, tbs_response_data) || + !CBBAddBytes(&basic_ocsp_response, Sha256WithRSAEncryption()) || + !CBB_add_asn1(&basic_ocsp_response, &signature, CBS_ASN1_BITSTRING) || + !CBB_add_u8(&signature, 0 /* no unused bits */) || + !EVP_DigestSignInit(ctx.get(), nullptr, EVP_sha256(), nullptr, + responder_key) || + !EVP_DigestSign( + ctx.get(), nullptr, &sig_len, + reinterpret_cast<const uint8_t*>(tbs_response_data.data()), + tbs_response_data.size()) || + !CBB_reserve(&signature, &sig_out, sig_len) || + !EVP_DigestSign( + ctx.get(), sig_out, &sig_len, + reinterpret_cast<const uint8_t*>(tbs_response_data.data()), + tbs_response_data.size()) || + !CBB_did_write(&signature, sig_len)) { + ADD_FAILURE(); + return std::string(); + } + + // certs field not currently supported. + + return EncodeOCSPResponse(OCSPResponse::ResponseStatus::SUCCESSFUL, + BasicOCSPResponseOid(), + FinishCBB(basic_ocsp_response_cbb.get())); +} + +std::string BuildCrl(const std::string& crl_issuer_subject, + EVP_PKEY* crl_issuer_key, + const std::vector<uint64_t>& revoked_serials, + DigestAlgorithm digest) { + std::string signature_algorithm; + const EVP_MD* md = nullptr; + switch (digest) { + case DigestAlgorithm::Sha256: { + signature_algorithm = Sha256WithRSAEncryption(); + md = EVP_sha256(); + break; + } + + case DigestAlgorithm::Sha1: { + signature_algorithm = Sha1WithRSAEncryption(); + md = EVP_sha1(); + break; + } + + case DigestAlgorithm::Md5: { + signature_algorithm = Md5WithRSAEncryption(); + md = EVP_md5(); + break; + } + + default: + ADD_FAILURE(); + return std::string(); + } + // TBSCertList ::= SEQUENCE { + // version Version OPTIONAL, + // -- if present, MUST be v2 + // signature AlgorithmIdentifier, + // issuer Name, + // thisUpdate Time, + // nextUpdate Time OPTIONAL, + // revokedCertificates SEQUENCE OF SEQUENCE { + // userCertificate CertificateSerialNumber, + // revocationDate Time, + // crlEntryExtensions Extensions OPTIONAL + // -- if present, version MUST be v2 + // } OPTIONAL, + // crlExtensions [0] EXPLICIT Extensions OPTIONAL + // -- if present, version MUST be v2 + // } + bssl::ScopedCBB tbs_cbb; + CBB tbs_cert_list, revoked_serials_cbb; + if (!CBB_init(tbs_cbb.get(), 10) || + !CBB_add_asn1(tbs_cbb.get(), &tbs_cert_list, CBS_ASN1_SEQUENCE) || + !CBB_add_asn1_uint64(&tbs_cert_list, 1 /* V2 */) || + !CBBAddBytes(&tbs_cert_list, signature_algorithm) || + !CBBAddBytes(&tbs_cert_list, crl_issuer_subject) || + !x509_util::CBBAddTime( + &tbs_cert_list, base::Time::Now() - base::TimeDelta::FromDays(1)) || + !x509_util::CBBAddTime( + &tbs_cert_list, base::Time::Now() + base::TimeDelta::FromDays(6))) { + ADD_FAILURE(); + return std::string(); + } + if (!revoked_serials.empty()) { + if (!CBB_add_asn1(&tbs_cert_list, &revoked_serials_cbb, + CBS_ASN1_SEQUENCE)) { + ADD_FAILURE(); + return std::string(); + } + for (const int64_t revoked_serial : revoked_serials) { + CBB revoked_serial_cbb; + if (!CBB_add_asn1(&revoked_serials_cbb, &revoked_serial_cbb, + CBS_ASN1_SEQUENCE) || + !CBB_add_asn1_uint64(&revoked_serial_cbb, revoked_serial) || + !x509_util::CBBAddTime( + &revoked_serial_cbb, + base::Time::Now() - base::TimeDelta::FromDays(1)) || + !CBB_flush(&revoked_serials_cbb)) { + ADD_FAILURE(); + return std::string(); + } + } + } + + std::string tbs_tlv = FinishCBB(tbs_cbb.get()); + + // CertificateList ::= SEQUENCE { + // tbsCertList TBSCertList, + // signatureAlgorithm AlgorithmIdentifier, + // signatureValue BIT STRING } + bssl::ScopedCBB crl_cbb; + CBB cert_list, signature; + bssl::ScopedEVP_MD_CTX ctx; + uint8_t* sig_out; + size_t sig_len; + if (!CBB_init(crl_cbb.get(), 10) || + !CBB_add_asn1(crl_cbb.get(), &cert_list, CBS_ASN1_SEQUENCE) || + !CBBAddBytes(&cert_list, tbs_tlv) || + !CBBAddBytes(&cert_list, signature_algorithm) || + !CBB_add_asn1(&cert_list, &signature, CBS_ASN1_BITSTRING) || + !CBB_add_u8(&signature, 0 /* no unused bits */) || + !EVP_DigestSignInit(ctx.get(), nullptr, md, nullptr, crl_issuer_key) || + !EVP_DigestSign(ctx.get(), nullptr, &sig_len, + reinterpret_cast<const uint8_t*>(tbs_tlv.data()), + tbs_tlv.size()) || + !CBB_reserve(&signature, &sig_out, sig_len) || + !EVP_DigestSign(ctx.get(), sig_out, &sig_len, + reinterpret_cast<const uint8_t*>(tbs_tlv.data()), + tbs_tlv.size()) || + !CBB_did_write(&signature, sig_len)) { + ADD_FAILURE(); + return std::string(); + } + return FinishCBB(crl_cbb.get()); +} +} // namespace net diff --git a/chromium/net/test/revocation_builder.h b/chromium/net/test/revocation_builder.h new file mode 100644 index 00000000000..6f0b7c8d0ed --- /dev/null +++ b/chromium/net/test/revocation_builder.h @@ -0,0 +1,63 @@ +// Copyright 2020 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_TEST_REVOCATION_BUILDER_H_ +#define NET_TEST_REVOCATION_BUILDER_H_ + +#include <string> +#include <vector> + +#include "base/time/time.h" +#include "net/cert/internal/ocsp.h" +#include "net/cert/ocsp_revocation_status.h" +#include "third_party/boringssl/src/include/openssl/evp.h" + +namespace net { + +struct OCSPBuilderSingleResponse { + // OCSP allows the OCSP responder and certificate issuer to be different, + // but this implementation currently assumes they are the same, thus issuer + // is not specified here. + // + // This implementation currently requires serial to be an unsigned 64 bit + // integer. + uint64_t serial; + OCSPRevocationStatus cert_status; + base::Time revocation_time; // Only used if |cert_status|==REVOKED. + base::Time this_update; + // nextUpdate is optional, but this implementation currently always encodes + // it. + base::Time next_update; + // singleExtensions not currently supported. +}; + +// Creates an OCSPResponse indicating a |response_status| error, which must +// not be ResponseStatus::SUCCESSFUL. +std::string BuildOCSPResponseError( + OCSPResponse::ResponseStatus response_status); + +// Creates an OCSPResponse from responder with DER subject |responder_subject| +// and public key |responder_key|, containing |responses|. +std::string BuildOCSPResponse( + const std::string& responder_subject, + EVP_PKEY* responder_key, + base::Time produced_at, + const std::vector<OCSPBuilderSingleResponse>& responses); + +// Creates an OCSPResponse signed by |responder_key| with |tbs_response_data| as +// the to-be-signed ResponseData. +std::string BuildOCSPResponseWithResponseData(EVP_PKEY* responder_key, + const std::string& response_data); + +// Creates a CRL issued by |crl_issuer_subject| and signed by |crl_issuer_key|, +// marking |revoked_serials| as revoked. +// Returns the DER-encoded CRL. +std::string BuildCrl(const std::string& crl_issuer_subject, + EVP_PKEY* crl_issuer_key, + const std::vector<uint64_t>& revoked_serials, + DigestAlgorithm digest); + +} // namespace net + +#endif // NET_TEST_REVOCATION_BUILDER_H_ diff --git a/chromium/net/test/scoped_disable_exit_on_dfatal.cc b/chromium/net/test/scoped_disable_exit_on_dfatal.cc index 3484c46ad1c..cc4c668b655 100644 --- a/chromium/net/test/scoped_disable_exit_on_dfatal.cc +++ b/chromium/net/test/scoped_disable_exit_on_dfatal.cc @@ -6,7 +6,6 @@ #include "base/bind.h" #include "base/callback.h" -#include "base/logging.h" #include "base/strings/string_piece.h" namespace net { diff --git a/chromium/net/test/spawned_test_server/base_test_server.cc b/chromium/net/test/spawned_test_server/base_test_server.cc index 475fc4b7649..22fd960a7f3 100644 --- a/chromium/net/test/spawned_test_server/base_test_server.cc +++ b/chromium/net/test/spawned_test_server/base_test_server.cc @@ -115,63 +115,6 @@ bool GetLocalCertificatesDir(const base::FilePath& certificates_dir, return true; } -std::string OCSPStatusToString( - const BaseTestServer::SSLOptions::OCSPStatus& ocsp_status) { - switch (ocsp_status) { - case BaseTestServer::SSLOptions::OCSP_OK: - return "ok"; - case BaseTestServer::SSLOptions::OCSP_REVOKED: - return "revoked"; - case BaseTestServer::SSLOptions::OCSP_INVALID_RESPONSE: - return "invalid"; - case BaseTestServer::SSLOptions::OCSP_UNAUTHORIZED: - return "unauthorized"; - case BaseTestServer::SSLOptions::OCSP_UNKNOWN: - return "unknown"; - case BaseTestServer::SSLOptions::OCSP_TRY_LATER: - return "later"; - case BaseTestServer::SSLOptions::OCSP_INVALID_RESPONSE_DATA: - return "invalid_data"; - case BaseTestServer::SSLOptions::OCSP_MISMATCHED_SERIAL: - return "mismatched_serial"; - } - NOTREACHED(); - return std::string(); -} - -std::string OCSPDateToString( - const BaseTestServer::SSLOptions::OCSPDate& ocsp_date) { - switch (ocsp_date) { - case BaseTestServer::SSLOptions::OCSP_DATE_VALID: - return "valid"; - case BaseTestServer::SSLOptions::OCSP_DATE_OLD: - return "old"; - case BaseTestServer::SSLOptions::OCSP_DATE_EARLY: - return "early"; - case BaseTestServer::SSLOptions::OCSP_DATE_LONG: - return "long"; - case BaseTestServer::SSLOptions::OCSP_DATE_LONGER: - return "longer"; - } - NOTREACHED(); - return std::string(); -} - -std::string OCSPProducedToString( - BaseTestServer::SSLOptions::OCSPProduced ocsp_produced) { - switch (ocsp_produced) { - case BaseTestServer::SSLOptions::OCSPProduced::OCSP_PRODUCED_VALID: - return "valid"; - case BaseTestServer::SSLOptions::OCSPProduced::OCSP_PRODUCED_BEFORE_CERT: - return "before"; - case BaseTestServer::SSLOptions::OCSPProduced::OCSP_PRODUCED_AFTER_CERT: - return "after"; - default: - NOTREACHED(); - return std::string(); - } -} - bool RegisterRootCertsInternal(const base::FilePath& file_path) { TestRootCerts* root_certs = TestRootCerts::GetInstance(); return root_certs->AddFromFile(file_path.AppendASCII("ocsp-test-root.pem")) && @@ -209,7 +152,6 @@ base::FilePath BaseTestServer::SSLOptions::GetCertificateFile() const { return base::FilePath( FILE_PATH_LITERAL("key_usage_rsa_digitalsignature.pem")); case CERT_AUTO: - case CERT_AUTO_WITH_INTERMEDIATE: return base::FilePath(); default: NOTREACHED(); @@ -217,98 +159,6 @@ base::FilePath BaseTestServer::SSLOptions::GetCertificateFile() const { return base::FilePath(); } -std::string BaseTestServer::SSLOptions::GetOCSPArgument() const { - if (server_certificate != CERT_AUTO && - server_certificate != CERT_AUTO_WITH_INTERMEDIATE) { - return std::string(); - } - - // |ocsp_responses| overrides when it is non-empty. - if (!ocsp_responses.empty()) { - std::string arg; - for (size_t i = 0; i < ocsp_responses.size(); i++) { - if (i != 0) - arg += ":"; - arg += OCSPStatusToString(ocsp_responses[i].status); - } - return arg; - } - - return OCSPStatusToString(ocsp_status); -} - -std::string BaseTestServer::SSLOptions::GetOCSPDateArgument() const { - if (server_certificate != CERT_AUTO && - server_certificate != CERT_AUTO_WITH_INTERMEDIATE) { - return std::string(); - } - - if (!ocsp_responses.empty()) { - std::string arg; - for (size_t i = 0; i < ocsp_responses.size(); i++) { - if (i != 0) - arg += ":"; - arg += OCSPDateToString(ocsp_responses[i].date); - } - return arg; - } - - return OCSPDateToString(ocsp_date); -} - -std::string BaseTestServer::SSLOptions::GetOCSPProducedArgument() const { - if (server_certificate != CERT_AUTO && - server_certificate != CERT_AUTO_WITH_INTERMEDIATE) { - return std::string(); - } - - return OCSPProducedToString(ocsp_produced); -} - -std::string BaseTestServer::SSLOptions::GetOCSPIntermediateArgument() const { - if (server_certificate != CERT_AUTO_WITH_INTERMEDIATE) - return std::string(); - - // |ocsp_intermediate_responses| overrides when it is non-empty. - if (!ocsp_intermediate_responses.empty()) { - std::string arg; - for (size_t i = 0; i < ocsp_intermediate_responses.size(); i++) { - if (i != 0) - arg += ":"; - arg += OCSPStatusToString(ocsp_intermediate_responses[i].status); - } - return arg; - } - - return OCSPStatusToString(ocsp_intermediate_status); -} - -std::string BaseTestServer::SSLOptions::GetOCSPIntermediateDateArgument() - const { - if (server_certificate != CERT_AUTO_WITH_INTERMEDIATE) - return std::string(); - - if (!ocsp_intermediate_responses.empty()) { - std::string arg; - for (size_t i = 0; i < ocsp_intermediate_responses.size(); i++) { - if (i != 0) - arg += ":"; - arg += OCSPDateToString(ocsp_intermediate_responses[i].date); - } - return arg; - } - - return OCSPDateToString(ocsp_intermediate_date); -} - -std::string BaseTestServer::SSLOptions::GetOCSPIntermediateProducedArgument() - const { - if (server_certificate != CERT_AUTO_WITH_INTERMEDIATE) - return std::string(); - - return OCSPProducedToString(ocsp_intermediate_produced); -} - BaseTestServer::BaseTestServer(Type type) : type_(type) { Init(GetHostname(type, ssl_options_)); } @@ -635,45 +485,6 @@ bool BaseTestServer::GenerateArguments(base::DictionaryValue* arguments) const { if (type_ == TYPE_HTTPS) { arguments->Set("https", std::make_unique<base::Value>()); - std::string ocsp_arg = ssl_options_.GetOCSPArgument(); - if (!ocsp_arg.empty()) - arguments->SetString("ocsp", ocsp_arg); - - std::string ocsp_date_arg = ssl_options_.GetOCSPDateArgument(); - if (!ocsp_date_arg.empty()) - arguments->SetString("ocsp-date", ocsp_date_arg); - - std::string ocsp_produced_arg = ssl_options_.GetOCSPProducedArgument(); - if (!ocsp_produced_arg.empty()) - arguments->SetString("ocsp-produced", ocsp_produced_arg); - - std::string ocsp_intermediate_arg = - ssl_options_.GetOCSPIntermediateArgument(); - if (!ocsp_intermediate_arg.empty()) - arguments->SetString("ocsp-intermediate", ocsp_intermediate_arg); - - std::string ocsp_intermediate_date_arg = - ssl_options_.GetOCSPIntermediateDateArgument(); - if (!ocsp_intermediate_date_arg.empty()) { - arguments->SetString("ocsp-intermediate-date", - ocsp_intermediate_date_arg); - } - - std::string ocsp_intermediate_produced_arg = - ssl_options_.GetOCSPIntermediateProducedArgument(); - if (!ocsp_intermediate_produced_arg.empty()) { - arguments->SetString("ocsp-intermediate-produced", - ocsp_intermediate_produced_arg); - } - - if (ssl_options_.cert_serial != 0) { - arguments->SetInteger("cert-serial", ssl_options_.cert_serial); - } - - if (!ssl_options_.cert_common_name.empty()) { - arguments->SetString("cert-common-name", ssl_options_.cert_common_name); - } - // Check key exchange argument. std::unique_ptr<base::ListValue> key_exchange_values(new base::ListValue()); GetKeyExchangesList(ssl_options_.key_exchanges, key_exchange_values.get()); @@ -702,12 +513,6 @@ bool BaseTestServer::GenerateArguments(base::DictionaryValue* arguments) const { &b64_scts_tls_ext); arguments->SetString("signed-cert-timestamps-tls-ext", b64_scts_tls_ext); } - if (ssl_options_.staple_ocsp_response) - arguments->Set("staple-ocsp-response", std::make_unique<base::Value>()); - if (ssl_options_.ocsp_server_unavailable) { - arguments->Set("ocsp-server-unavailable", - std::make_unique<base::Value>()); - } if (!ssl_options_.alpn_protocols.empty()) { std::unique_ptr<base::ListValue> alpn_protocols(new base::ListValue()); for (const std::string& proto : ssl_options_.alpn_protocols) { diff --git a/chromium/net/test/spawned_test_server/base_test_server.h b/chromium/net/test/spawned_test_server/base_test_server.h index 2e3cffe250e..17f919181cf 100644 --- a/chromium/net/test/spawned_test_server/base_test_server.h +++ b/chromium/net/test/spawned_test_server/base_test_server.h @@ -60,10 +60,6 @@ class BaseTestServer { // CERT_AUTO causes the testserver to generate a test certificate issued // by "Testing CA" (see net/data/ssl/certificates/ocsp-test-root.pem). CERT_AUTO, - // As with CERT_AUTO, but the chain will include a generated intermediate - // as well. The testserver will include the intermediate cert in the TLS - // handshake. - CERT_AUTO_WITH_INTERMEDIATE, CERT_MISMATCHED_NAME, CERT_EXPIRED, @@ -90,45 +86,6 @@ class BaseTestServer { CERT_BAD_VALIDITY, }; - // OCSPStatus enumerates the types of OCSP response that the testserver - // can produce. - enum OCSPStatus { - OCSP_OK, - OCSP_REVOKED, - OCSP_INVALID_RESPONSE, - OCSP_UNAUTHORIZED, - OCSP_UNKNOWN, - OCSP_INVALID_RESPONSE_DATA, - OCSP_TRY_LATER, - OCSP_MISMATCHED_SERIAL, - }; - - // OCSPDate enumerates the date ranges for OCSP responses that the - // testserver can produce. - enum OCSPDate { - OCSP_DATE_VALID, - OCSP_DATE_OLD, - OCSP_DATE_EARLY, - OCSP_DATE_LONG, - OCSP_DATE_LONGER, - }; - - // OCSPSingleResponse is used when specifying multiple stapled responses, - // each - // with their own CertStatus and date validity. - struct OCSPSingleResponse { - OCSPStatus status; - OCSPDate date; - }; - - // OCSPProduced enumerates the validity of the producedAt field in OCSP - // responses produced by the testserver. - enum OCSPProduced { - OCSP_PRODUCED_VALID, - OCSP_PRODUCED_BEFORE_CERT, - OCSP_PRODUCED_AFTER_CERT, - }; - // Bitmask of key exchange algorithms that the test server supports and that // can be selectively enabled or disabled. enum KeyExchange { @@ -198,86 +155,9 @@ class BaseTestServer { // |server_certificate|. base::FilePath GetCertificateFile() const; - // GetOCSPArgument returns the value of any OCSP argument to testserver or - // the empty string if there is none. - std::string GetOCSPArgument() const; - - // GetOCSPDateArgument returns the value of the OCSP date argument to - // testserver or the empty string if there is none. - std::string GetOCSPDateArgument() const; - - // GetOCSPProducedArgument returns the value of the OCSP produced argument - // to testserver or the empty string if there is none. - std::string GetOCSPProducedArgument() const; - - // GetOCSPIntermediateArgument returns the value of any OCSP intermediate - // argument to testserver or the empty string if there is none. - std::string GetOCSPIntermediateArgument() const; - - // GetOCSPIntermediateDateArgument returns the value of the OCSP - // intermediate date argument to testserver or the empty string if there is - // none. - std::string GetOCSPIntermediateDateArgument() const; - - // GetOCSPIntermediateProducedArgument returns the value of the OCSP - // intermediate produced argument to testserver or the empty string if - // there is none. - std::string GetOCSPIntermediateProducedArgument() const; - // The certificate to use when serving requests. ServerCertificate server_certificate = CERT_OK; - // If |server_certificate==CERT_AUTO| or |CERT_AUTO_WITH_INTERMEDIATE| then - // this determines the type of leaf OCSP response returned. Ignored if - // |ocsp_responses| is non-empty. - OCSPStatus ocsp_status = OCSP_OK; - - // If |server_certificate==CERT_AUTO| or |CERT_AUTO_WITH_INTERMEDIATE| then - // this determines the date range set on the leaf OCSP response returned. - // Ignore if |ocsp_responses| is non-empty. - OCSPDate ocsp_date = OCSP_DATE_VALID; - - // If |server_certificate==CERT_AUTO| or |CERT_AUTO_WITH_INTERMEDIATE|, - // contains the status and validity for multiple stapled responeses. - // Overrides |ocsp_status| and |ocsp_date| when - // non-empty. - std::vector<OCSPSingleResponse> ocsp_responses; - - // If |server_certificate==CERT_AUTO| or |CERT_AUTO_WITH_INTERMEDIATE| then - // this determines the validity of the producedAt field on the returned - // leaf OCSP response. - OCSPProduced ocsp_produced = OCSP_PRODUCED_VALID; - - // If |server_certificate==CERT_AUTO_WITH_INTERMEDIATE| then this - // determines the type of intermediate OCSP response returned. Ignored if - // |ocsp_intermediate_responses| is non-empty. - OCSPStatus ocsp_intermediate_status = OCSP_OK; - - // If |server_certificate==CERT_AUTO_WITH_INTERMEDIATE| then this - // determines the date range set on the intermediate OCSP response - // returned. Ignore if |ocsp_intermediate_responses| is non-empty. - OCSPDate ocsp_intermediate_date = OCSP_DATE_VALID; - - // If |server_certificate==CERT_AUTO_WITH_INTERMEDIATE|, contains the - // status and validity for multiple stapled responeses. Overrides - // |ocsp_intermediate_status| and |ocsp_intermediate_date| when non-empty. - // TODO(mattm): testserver doesn't actually staple OCSP responses for - // intermediates. - std::vector<OCSPSingleResponse> ocsp_intermediate_responses; - - // If |server_certificate==CERT_AUTO_WITH_INTERMEDIATE| then this - // determines the validity of the producedAt field on the returned - // intermediate OCSP response. - OCSPProduced ocsp_intermediate_produced = OCSP_PRODUCED_VALID; - - // If not zero, |cert_serial| will be the serial number of the - // auto-generated leaf certificate when |server_certificate==CERT_AUTO|. - uint64_t cert_serial = 0; - - // If not empty, |cert_common_name| will be the common name of the - // auto-generated leaf certificate when |server_certificate==CERT_AUTO|. - std::string cert_common_name; - // True if a CertificateRequest should be sent to the client during // handshaking. bool request_client_certificate = false; @@ -334,13 +214,6 @@ class BaseTestServer { // a TLS extension. std::string signed_cert_timestamps_tls_ext; - // Whether to staple the OCSP response. - bool staple_ocsp_response = false; - - // Whether to make the OCSP server unavailable. This does not affect the - // stapled OCSP response. - bool ocsp_server_unavailable = false; - // List of protocols to advertise in NPN extension. NPN is not supported if // list is empty. Note that regardless of what protocol is negotiated, the // test server will continue to speak HTTP/1.1. diff --git a/chromium/net/test/spawned_test_server/remote_test_server.cc b/chromium/net/test/spawned_test_server/remote_test_server.cc index 910c9a44d74..a3294cf86fa 100644 --- a/chromium/net/test/spawned_test_server/remote_test_server.cc +++ b/chromium/net/test/spawned_test_server/remote_test_server.cc @@ -12,6 +12,7 @@ #include "base/base_paths.h" #include "base/files/file_path.h" #include "base/files/file_util.h" +#include "base/json/json_reader.h" #include "base/json/json_writer.h" #include "base/logging.h" #include "base/message_loop/message_pump_type.h" @@ -19,12 +20,13 @@ #include "base/strings/string_number_conversions.h" #include "base/strings/string_split.h" #include "base/strings/stringprintf.h" +#include "base/threading/thread_restrictions.h" #include "base/values.h" +#include "build/build_config.h" #include "net/base/host_port_pair.h" #include "net/base/ip_endpoint.h" #include "net/base/net_errors.h" #include "net/test/spawned_test_server/remote_test_server_spawner_request.h" -#include "net/test/tcp_socket_proxy.h" #include "url/gurl.h" namespace net { @@ -52,6 +54,42 @@ std::string GetServerTypeString(BaseTestServer::Type type) { return std::string(); } +// Returns platform-specific path to the config file for the test server. +base::FilePath GetTestServerConfigFilePath() { + base::FilePath dir; +#if defined(OS_ANDROID) + base::PathService::Get(base::DIR_ANDROID_EXTERNAL_STORAGE, &dir); +#else + base::PathService::Get(base::DIR_TEMP, &dir); +#endif + return dir.AppendASCII("net-test-server-config"); +} + +// Reads base URL for the test server spawner. That URL is used to control the +// test server. +std::string ReadSpawnerUrlFromConfig() { + base::ScopedAllowBlockingForTesting allow_blocking; + + base::FilePath config_path = GetTestServerConfigFilePath(); + + if (!base::PathExists(config_path)) + return ""; + + std::string config_json; + if (!ReadFileToString(config_path, &config_json)) + LOG(FATAL) << "Failed to read " << config_path.value(); + + base::Optional<base::Value> config = base::JSONReader::Read(config_json); + if (!config) + LOG(FATAL) << "Failed to parse " << config_path.value(); + + std::string* result = config->FindStringKey("spawner_url_base"); + if (!result) + LOG(FATAL) << "spawner_url_base is not specified in the config"; + + return *result; +} + } // namespace RemoteTestServer::RemoteTestServer(Type type, @@ -88,22 +126,6 @@ bool RemoteTestServer::StartInBackground() { // pass right server type to Python test server. arguments_dict.SetString("server-type", GetServerTypeString(type())); - // If the server is expected to handle OCSP, it needs to know what port - // number to write into the AIA urls. Initialize the ocsp proxy to - // reserve a port, and pass it to the testserver so it can generate - // certificates for the OCSP server valid for the proxied port. Note that - // the test spawer may forward OCSP a second time, from the device to the - // host. - bool ocsp_server_enabled = - type() == TYPE_HTTPS && !ssl_options().GetOCSPArgument().empty(); - if (ocsp_server_enabled) { - ocsp_proxy_ = std::make_unique<TcpSocketProxy>(io_thread_.task_runner()); - bool initialized = ocsp_proxy_->Initialize(); - CHECK(initialized); - arguments_dict.SetKey("ocsp-proxy-port-number", - base::Value(ocsp_proxy_->local_port())); - } - // Generate JSON-formatted argument string. std::string arguments_string; base::JSONWriter::Write(arguments_dict, &arguments_string); @@ -111,8 +133,7 @@ bool RemoteTestServer::StartInBackground() { return false; start_request_ = std::make_unique<RemoteTestServerSpawnerRequest>( - io_thread_.task_runner(), config_.GetSpawnerUrl("start"), - arguments_string); + io_thread_.task_runner(), GetSpawnerUrl("start"), arguments_string); return true; } @@ -133,28 +154,7 @@ bool RemoteTestServer::BlockUntilStarted() { return false; } - // If the server is not on localhost then start a proxy on localhost to - // forward connections to the server. - if (config_.address() != IPAddress::IPv4Localhost()) { - test_server_proxy_ = - std::make_unique<TcpSocketProxy>(io_thread_.task_runner()); - bool initialized = test_server_proxy_->Initialize(); - CHECK(initialized); - test_server_proxy_->Start(IPEndPoint(config_.address(), remote_port_)); - - SetPort(test_server_proxy_->local_port()); - } else { - SetPort(remote_port_); - } - - if (ocsp_proxy_) { - base::Optional<int> ocsp_port_value = server_data().FindIntKey("ocsp_port"); - if (ocsp_port_value) { - ocsp_proxy_->Start(IPEndPoint(config_.address(), *ocsp_port_value)); - } else { - LOG(WARNING) << "testserver.py didn't return ocsp_port."; - } - } + SetPort(remote_port_); return SetupWhenServerStarted(); } @@ -166,8 +166,7 @@ bool RemoteTestServer::Stop() { std::unique_ptr<RemoteTestServerSpawnerRequest> kill_request = std::make_unique<RemoteTestServerSpawnerRequest>( io_thread_.task_runner(), - config_.GetSpawnerUrl( - base::StringPrintf("kill?port=%d", remote_port_)), + GetSpawnerUrl(base::StringPrintf("kill?port=%d", remote_port_)), std::string()); if (!kill_request->WaitForCompletion(nullptr)) @@ -195,7 +194,7 @@ bool RemoteTestServer::Init(const base::FilePath& document_root) { if (document_root.IsAbsolute()) return false; - config_ = RemoteTestServerConfig::Load(); + spawner_url_base_ = ReadSpawnerUrlFromConfig(); bool thread_started = io_thread_.StartWithOptions( base::Thread::Options(base::MessagePumpType::IO, 0)); @@ -214,4 +213,12 @@ bool RemoteTestServer::Init(const base::FilePath& document_root) { return true; } +GURL RemoteTestServer::GetSpawnerUrl(const std::string& command) const { + CHECK(!spawner_url_base_.empty()); + std::string url = spawner_url_base_ + "/" + command; + GURL result = GURL(url); + CHECK(result.is_valid()) << url; + return result; +} + } // namespace net diff --git a/chromium/net/test/spawned_test_server/remote_test_server.h b/chromium/net/test/spawned_test_server/remote_test_server.h index 4fb3396c237..ca6588923dd 100644 --- a/chromium/net/test/spawned_test_server/remote_test_server.h +++ b/chromium/net/test/spawned_test_server/remote_test_server.h @@ -10,12 +10,10 @@ #include "base/macros.h" #include "base/threading/thread.h" #include "net/test/spawned_test_server/base_test_server.h" -#include "net/test/spawned_test_server/remote_test_server_config.h" namespace net { class RemoteTestServerSpawnerRequest; -class TcpSocketProxy; // The RemoteTestServer runs an external Python-based test server in another // machine that is different from the machine that executes the tests. It is @@ -31,6 +29,19 @@ class TcpSocketProxy; // this spawner communicator. The spawner is implemented in // build/util/lib/common/chrome_test_server_spawner.py . // +// URL for the spawner server is discovered by reading config file that's +// expected to be written on the test device by the test scrips. Location of the +// config dependends on platform: +// - Android: DIR_ANDROID_EXTERNAL_STORAGE/net-test-server-config +// - other: DIR_TEMP/net-test-server-config +// +// The config file must be stored in the following format: +// { +// 'spawner_url_base': 'http://localhost:5000' +// } +// +// 'spawner_url_base' specifies base URL for the spawner. +// // Currently the following two commands are supported by spawner. // // (1) Start Python test server, format is: @@ -81,10 +92,15 @@ class RemoteTestServer : public BaseTestServer { private: bool Init(const base::FilePath& document_root); - RemoteTestServerConfig config_; + // Returns URL for the specified spawner |command|. + GURL GetSpawnerUrl(const std::string& command) const; + + // URL of the test server spawner. Read from the config file during + // initialization. + std::string spawner_url_base_; // Thread used to run all IO activity in RemoteTestServerSpawnerRequest and - // |test_server_proxy_|. + // |ocsp_proxy_|. base::Thread io_thread_; std::unique_ptr<RemoteTestServerSpawnerRequest> start_request_; @@ -92,9 +108,6 @@ class RemoteTestServer : public BaseTestServer { // Server port. Non-zero when the server is running. int remote_port_ = 0; - std::unique_ptr<TcpSocketProxy> test_server_proxy_; - std::unique_ptr<TcpSocketProxy> ocsp_proxy_; - DISALLOW_COPY_AND_ASSIGN(RemoteTestServer); }; diff --git a/chromium/net/test/spawned_test_server/remote_test_server_config.cc b/chromium/net/test/spawned_test_server/remote_test_server_config.cc deleted file mode 100644 index 3b1f4d42060..00000000000 --- a/chromium/net/test/spawned_test_server/remote_test_server_config.cc +++ /dev/null @@ -1,97 +0,0 @@ -// Copyright 2017 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/test/spawned_test_server/remote_test_server_config.h" - -#include "base/base_paths.h" -#include "base/environment.h" -#include "base/files/file_path.h" -#include "base/files/file_util.h" -#include "base/json/json_reader.h" -#include "base/lazy_instance.h" -#include "base/path_service.h" -#include "base/threading/thread_restrictions.h" -#include "base/values.h" -#include "build/build_config.h" -#include "url/gurl.h" - -#if defined(OS_FUCHSIA) -#include "base/base_paths_fuchsia.h" -#endif - -namespace net { - -namespace { - -base::FilePath GetTestServerConfigFilePath() { - base::FilePath dir; -#if defined(OS_ANDROID) - base::PathService::Get(base::DIR_ANDROID_EXTERNAL_STORAGE, &dir); -#else - base::PathService::Get(base::DIR_TEMP, &dir); -#endif - return dir.AppendASCII("net-test-server-config"); -} - -} // namespace - -RemoteTestServerConfig::RemoteTestServerConfig() = default; -RemoteTestServerConfig::~RemoteTestServerConfig() {} - -RemoteTestServerConfig::RemoteTestServerConfig( - const RemoteTestServerConfig& other) = default; -RemoteTestServerConfig& RemoteTestServerConfig::operator=( - const RemoteTestServerConfig&) = default; - -RemoteTestServerConfig RemoteTestServerConfig::Load() { - base::ScopedAllowBlockingForTesting allow_blocking; - - RemoteTestServerConfig result; - - base::FilePath config_path = GetTestServerConfigFilePath(); - - // Use defaults if the file doesn't exists. - if (!base::PathExists(config_path)) - return result; - - std::string config_json; - if (!ReadFileToString(config_path, &config_json)) - LOG(FATAL) << "Failed to read " << config_path.value(); - - std::unique_ptr<base::DictionaryValue> config = base::DictionaryValue::From( - base::JSONReader::ReadDeprecated(config_json)); - if (!config) - LOG(FATAL) << "Failed to parse " << config_path.value(); - - std::string address_str; - if (config->GetString("address", &address_str)) { - if (!result.address_.AssignFromIPLiteral(address_str)) { - LOG(FATAL) << "Invalid address specified in test server config: " - << address_str; - } - } else { - LOG(WARNING) << "address isn't specified in test server config."; - } - - if (config->GetString("spawner_url_base", &result.spawner_url_base_)) { - GURL url(result.spawner_url_base_); - if (!url.is_valid()) { - LOG(FATAL) << "Invalid spawner_url_base specified in test server config: " - << result.spawner_url_base_; - } - } - - return result; -} - -GURL RemoteTestServerConfig::GetSpawnerUrl(const std::string& command) const { - CHECK(!spawner_url_base_.empty()) - << "spawner_url_base is expected, but not set in test server config."; - std::string url = spawner_url_base_ + "/" + command; - GURL result = GURL(url); - CHECK(result.is_valid()) << url; - return result; -} - -} // namespace net diff --git a/chromium/net/test/spawned_test_server/remote_test_server_config.h b/chromium/net/test/spawned_test_server/remote_test_server_config.h deleted file mode 100644 index 82686e329be..00000000000 --- a/chromium/net/test/spawned_test_server/remote_test_server_config.h +++ /dev/null @@ -1,63 +0,0 @@ -// Copyright 2017 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef NET_TEST_SPAWNED_TEST_SERVER_REMOTE_TEST_SERVER_CONFIG_H_ -#define NET_TEST_SPAWNED_TEST_SERVER_REMOTE_TEST_SERVER_CONFIG_H_ - -#include <string> - -#include "base/macros.h" -#include "net/base/ip_address.h" - -class GURL; - -namespace net { - -// RemoteTestServerConfig is responsible for loading test server configuration -// from a file. Expected config location depends on platform: -// - Android: DIR_ANDROID_EXTERNAL_STORAGE/net-test-server-config -// - Fuchsia: /system/net-test-server-config -// - other platforms: DIR_TEMP/net-test-server-config -// -// If the config file doesn't exist then the default configuration is used. By -// default the server is started on 127.0.0.1. -// -// If the config file exists then it must be stored in the following format: -// { -// 'address': '127.0.0.1', -// 'spawner_url_base': 'http://localhost:5000' -// } -// -// 'spawner_url_base' specifies base URL to connect to the test server spawner -// responsible for starting and stopping test server. Currently spawner is used -// only on Android and Fuchsia. 'address' specifies IP address for the test -// server. -class RemoteTestServerConfig { - public: - RemoteTestServerConfig(); - ~RemoteTestServerConfig(); - - RemoteTestServerConfig(const RemoteTestServerConfig& other); - RemoteTestServerConfig& operator=(const RemoteTestServerConfig&); - - // Returns current test server configuration, loading it from a file if the - // file exists. - static RemoteTestServerConfig Load(); - - // IP address to use used to connect to the testserver. - const IPAddress& address() const { return address_; } - - // GURL for the test server spawner. - GURL GetSpawnerUrl(const std::string& command) const; - - private: - // Defaults that can be overridden with a config file. - IPAddress address_ = {127, 0, 0, 1}; - - std::string spawner_url_base_; -}; - -} // namespace net - -#endif // NET_TEST_SPAWNED_TEST_SERVER_REMOTE_TEST_SERVER_CONFIG_H_ diff --git a/chromium/net/test/tcp_socket_proxy.cc b/chromium/net/test/tcp_socket_proxy.cc deleted file mode 100644 index 50537346b7e..00000000000 --- a/chromium/net/test/tcp_socket_proxy.cc +++ /dev/null @@ -1,355 +0,0 @@ -// Copyright 2017 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/test/tcp_socket_proxy.h" - -#include <memory> -#include <vector> - -#include "base/bind.h" -#include "base/callback.h" -#include "base/memory/weak_ptr.h" -#include "base/single_thread_task_runner.h" -#include "base/synchronization/waitable_event.h" -#include "base/threading/thread_checker.h" -#include "net/base/io_buffer.h" -#include "net/base/net_errors.h" -#include "net/socket/stream_socket.h" -#include "net/socket/tcp_client_socket.h" -#include "net/socket/tcp_server_socket.h" -#include "net/traffic_annotation/network_traffic_annotation_test_helper.h" - -namespace net { - -namespace { - -const int kBufferSize = 1024; - -// Helper that reads data from one socket and then forwards to another socket. -class SocketDataPump { - public: - SocketDataPump(StreamSocket* from_socket, - StreamSocket* to_socket, - base::OnceClosure on_done_callback) - : from_socket_(from_socket), - to_socket_(to_socket), - on_done_callback_(std::move(on_done_callback)) { - read_buffer_ = base::MakeRefCounted<IOBuffer>(kBufferSize); - } - - ~SocketDataPump() { DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); } - - void Start() { Read(); } - - private: - void Read() { - DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); - DCHECK(!write_buffer_); - - int result = - from_socket_->Read(read_buffer_.get(), kBufferSize, - base::BindOnce(&SocketDataPump::HandleReadResult, - base::Unretained(this))); - if (result != ERR_IO_PENDING) - HandleReadResult(result); - } - - void HandleReadResult(int result) { - DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); - - if (result <= 0) { - std::move(on_done_callback_).Run(); - return; - } - - write_buffer_ = - base::MakeRefCounted<DrainableIOBuffer>(read_buffer_, result); - Write(); - } - - void Write() { - DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); - DCHECK(write_buffer_); - - int result = - to_socket_->Write(write_buffer_.get(), write_buffer_->BytesRemaining(), - base::BindOnce(&SocketDataPump::HandleWriteResult, - base::Unretained(this)), - TRAFFIC_ANNOTATION_FOR_TESTS); - if (result != ERR_IO_PENDING) - HandleWriteResult(result); - } - - void HandleWriteResult(int result) { - DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); - - if (result <= 0) { - std::move(on_done_callback_).Run(); - return; - } - - write_buffer_->DidConsume(result); - if (write_buffer_->BytesRemaining()) { - Write(); - } else { - write_buffer_ = nullptr; - Read(); - } - } - - StreamSocket* from_socket_; - StreamSocket* to_socket_; - - scoped_refptr<IOBuffer> read_buffer_; - scoped_refptr<DrainableIOBuffer> write_buffer_; - - base::OnceClosure on_done_callback_; - - THREAD_CHECKER(thread_checker_); - - DISALLOW_COPY_AND_ASSIGN(SocketDataPump); -}; - -// ConnectionProxy is responsible for proxying one connection to a remote -// address. -class ConnectionProxy { - public: - explicit ConnectionProxy(std::unique_ptr<StreamSocket> local_socket); - ~ConnectionProxy(); - - void Start(const IPEndPoint& remote_endpoint, - base::OnceClosure on_done_callback); - - private: - void Close(); - - void HandleConnectResult(const IPEndPoint& remote_endpoint, int result); - - base::OnceClosure on_done_callback_; - - std::unique_ptr<StreamSocket> local_socket_; - std::unique_ptr<StreamSocket> remote_socket_; - - std::unique_ptr<SocketDataPump> incoming_pump_; - std::unique_ptr<SocketDataPump> outgoing_pump_; - - THREAD_CHECKER(thread_checker_); - - base::WeakPtrFactory<ConnectionProxy> weak_factory_{this}; - - DISALLOW_COPY_AND_ASSIGN(ConnectionProxy); -}; - -ConnectionProxy::ConnectionProxy(std::unique_ptr<StreamSocket> local_socket) - : local_socket_(std::move(local_socket)) {} - -ConnectionProxy::~ConnectionProxy() { - DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); -} - -void ConnectionProxy::Start(const IPEndPoint& remote_endpoint, - base::OnceClosure on_done_callback) { - DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); - - on_done_callback_ = std::move(on_done_callback); - remote_socket_ = std::make_unique<TCPClientSocket>( - AddressList(remote_endpoint), nullptr, nullptr, NetLogSource()); - int result = remote_socket_->Connect( - base::BindOnce(&ConnectionProxy::HandleConnectResult, - base::Unretained(this), remote_endpoint)); - if (result != ERR_IO_PENDING) - HandleConnectResult(remote_endpoint, result); -} - -void ConnectionProxy::HandleConnectResult(const IPEndPoint& remote_endpoint, - int result) { - DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); - DCHECK(!incoming_pump_); - DCHECK(!outgoing_pump_); - - if (result < 0) { - LOG(ERROR) << "Connection to " << remote_endpoint.ToString() - << " failed: " << ErrorToString(result); - Close(); - return; - } - - incoming_pump_ = std::make_unique<SocketDataPump>( - remote_socket_.get(), local_socket_.get(), - base::BindOnce(&ConnectionProxy::Close, base::Unretained(this))); - outgoing_pump_ = std::make_unique<SocketDataPump>( - local_socket_.get(), remote_socket_.get(), - base::BindOnce(&ConnectionProxy::Close, base::Unretained(this))); - - auto self = weak_factory_.GetWeakPtr(); - incoming_pump_->Start(); - if (!self) - return; - - outgoing_pump_->Start(); -} - -void ConnectionProxy::Close() { - DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); - - local_socket_.reset(); - remote_socket_.reset(); - std::move(on_done_callback_).Run(); -} - -} // namespace - -// TcpSocketProxy implementation that runs on a background IO thread. -class TcpSocketProxy::Core { - public: - Core(); - ~Core(); - - void Initialize(int local_port, base::WaitableEvent* initialized_event); - void Start(const IPEndPoint& remote_endpoint); - uint16_t local_port() const { return local_port_; } - - private: - void DoAcceptLoop(); - void OnAcceptResult(int result); - void HandleAcceptResult(int result); - void OnConnectionClosed(ConnectionProxy* connection); - - IPEndPoint remote_endpoint_; - - std::unique_ptr<TCPServerSocket> socket_; - - uint16_t local_port_ = 0; - std::vector<std::unique_ptr<ConnectionProxy>> connections_; - - std::unique_ptr<StreamSocket> accepted_socket_; - - DISALLOW_COPY_AND_ASSIGN(Core); -}; - -TcpSocketProxy::Core::Core() {} - -void TcpSocketProxy::Core::Initialize(int local_port, - base::WaitableEvent* initialized_event) { - DCHECK(!socket_); - - local_port_ = 0; - - socket_ = std::make_unique<TCPServerSocket>(nullptr, net::NetLogSource()); - int result = - socket_->Listen(IPEndPoint(IPAddress::IPv4Localhost(), local_port), 5); - if (result != OK) { - LOG(ERROR) << "TcpServerSocket::Listen() returned " - << ErrorToString(result); - } else { - // Get local port number. - IPEndPoint address; - result = socket_->GetLocalAddress(&address); - if (result != OK) { - LOG(ERROR) << "TcpServerSocket::GetLocalAddress() returned " - << ErrorToString(result); - } else { - local_port_ = address.port(); - } - } - - if (initialized_event) - initialized_event->Signal(); -} - -void TcpSocketProxy::Core::Start(const IPEndPoint& remote_endpoint) { - DCHECK(socket_); - - remote_endpoint_ = remote_endpoint; - DoAcceptLoop(); -} - -TcpSocketProxy::Core::~Core() {} - -void TcpSocketProxy::Core::DoAcceptLoop() { - int result = OK; - while (result == OK) { - result = socket_->Accept( - &accepted_socket_, - base::BindOnce(&Core::OnAcceptResult, base::Unretained(this))); - if (result != ERR_IO_PENDING) - HandleAcceptResult(result); - } -} - -void TcpSocketProxy::Core::OnAcceptResult(int result) { - HandleAcceptResult(result); - if (result == OK) - DoAcceptLoop(); -} - -void TcpSocketProxy::Core::HandleAcceptResult(int result) { - DCHECK_NE(result, ERR_IO_PENDING); - - if (result < 0) { - LOG(ERROR) << "Error when accepting a connection: " - << ErrorToString(result); - return; - } - - std::unique_ptr<ConnectionProxy> connection_proxy = - std::make_unique<ConnectionProxy>(std::move(accepted_socket_)); - ConnectionProxy* connection_proxy_ptr = connection_proxy.get(); - connections_.push_back(std::move(connection_proxy)); - - // Start() may invoke the callback so it needs to be called after the - // connection is pushed to connections_. - connection_proxy_ptr->Start( - remote_endpoint_, - base::BindOnce(&Core::OnConnectionClosed, base::Unretained(this), - connection_proxy_ptr)); -} - -void TcpSocketProxy::Core::OnConnectionClosed(ConnectionProxy* connection) { - for (auto it = connections_.begin(); it != connections_.end(); ++it) { - if (it->get() == connection) { - connections_.erase(it); - return; - } - } - NOTREACHED(); -} - -TcpSocketProxy::TcpSocketProxy( - scoped_refptr<base::SingleThreadTaskRunner> io_task_runner) - : io_task_runner_(io_task_runner), core_(std::make_unique<Core>()) {} - -bool TcpSocketProxy::Initialize(int local_port) { - DCHECK(!local_port_); - - if (io_task_runner_->BelongsToCurrentThread()) { - core_->Initialize(local_port, nullptr); - } else { - base::WaitableEvent initialized_event( - base::WaitableEvent::ResetPolicy::MANUAL, - base::WaitableEvent::InitialState::NOT_SIGNALED); - io_task_runner_->PostTask( - FROM_HERE, - base::BindOnce(&Core::Initialize, base::Unretained(core_.get()), - local_port, &initialized_event)); - initialized_event.Wait(); - } - - local_port_ = core_->local_port(); - - return local_port_ != 0; -} - -TcpSocketProxy::~TcpSocketProxy() { - DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); - io_task_runner_->DeleteSoon(FROM_HERE, std::move(core_)); -} - -void TcpSocketProxy::Start(const IPEndPoint& remote_endpoint) { - io_task_runner_->PostTask( - FROM_HERE, base::BindOnce(&Core::Start, base::Unretained(core_.get()), - remote_endpoint)); -} - -} // namespace net diff --git a/chromium/net/test/tcp_socket_proxy.h b/chromium/net/test/tcp_socket_proxy.h deleted file mode 100644 index d0933f254f5..00000000000 --- a/chromium/net/test/tcp_socket_proxy.h +++ /dev/null @@ -1,62 +0,0 @@ -// Copyright 2017 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef NET_TEST_TCP_SOCKET_PROXY_H_ -#define NET_TEST_TCP_SOCKET_PROXY_H_ - -#include <stdint.h> - -#include <memory> - -#include "base/memory/ref_counted.h" -#include "base/threading/thread_checker.h" - -namespace base { -class SingleThreadTaskRunner; -} // namespace base - -namespace net { - -class IPEndPoint; - -// TcpSocketProxy proxies TCP connection from localhost to a remote IP address. -class TcpSocketProxy { - public: - explicit TcpSocketProxy( - scoped_refptr<base::SingleThreadTaskRunner> io_task_runner); - ~TcpSocketProxy(); - - // Initializes local socket for the proxy. If |local_port| is not 0 then the - // proxy will listen on that port. Otherwise the socket will be bound to an - // available port and local_port() should be used to get the port number. - // Returns false if initialization fails. - bool Initialize(int local_port = 0); - - // Local port number for the proxy or 0 if the proxy is not initialized. - uint16_t local_port() const { return local_port_; } - - // Starts the proxy for the specified |remote_endpoint|. Must be called after - // a successful Initialize() call and before any incoming connection on - // local_port() are initiated. Port number in |remote_endpoint| may be - // different from local_port(). - void Start(const IPEndPoint& remote_endpoint); - - private: - class Core; - - scoped_refptr<base::SingleThreadTaskRunner> io_task_runner_; - - // Core implements the proxy functionality. It runs on |io_task_runner_|. - std::unique_ptr<Core> core_; - - uint16_t local_port_ = 0; - - THREAD_CHECKER(thread_checker_); - - DISALLOW_COPY_AND_ASSIGN(TcpSocketProxy); -}; - -} // namespace net - -#endif // NET_TEST_TCP_SOCKET_PROXY_H_ diff --git a/chromium/net/test/tcp_socket_proxy_unittest.cc b/chromium/net/test/tcp_socket_proxy_unittest.cc deleted file mode 100644 index 6750648a3f0..00000000000 --- a/chromium/net/test/tcp_socket_proxy_unittest.cc +++ /dev/null @@ -1,177 +0,0 @@ -// Copyright 2017 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/test/tcp_socket_proxy.h" - -#include "base/message_loop/message_pump_type.h" -#include "base/threading/thread.h" -#include "build/build_config.h" -#include "net/base/io_buffer.h" -#include "net/base/test_completion_callback.h" -#include "net/socket/tcp_client_socket.h" -#include "net/socket/tcp_server_socket.h" -#include "net/test/gtest_util.h" -#include "net/test/test_with_task_environment.h" -#include "net/traffic_annotation/network_traffic_annotation_test_helper.h" -#include "testing/gmock/include/gmock/gmock.h" -#include "testing/gtest/include/gtest/gtest.h" - -using net::test::IsOk; - -namespace net { - -class TcpSocketProxyTest : public TestWithTaskEnvironment { - public: - TcpSocketProxyTest() : io_thread_("TcpSocketProxyTest IO Thread") { - EXPECT_TRUE(io_thread_.StartWithOptions( - base::Thread::Options(base::MessagePumpType::IO, 0))); - - listen_socket_ = - std::make_unique<TCPServerSocket>(nullptr, net::NetLogSource()); - int result = - listen_socket_->Listen(IPEndPoint(IPAddress::IPv4Localhost(), 0), 5); - EXPECT_THAT(result, IsOk()); - - // Get local address. - IPEndPoint address; - result = listen_socket_->GetLocalAddress(&address); - EXPECT_THAT(result, IsOk()); - - proxy_ = std::make_unique<TcpSocketProxy>(io_thread_.task_runner()); - EXPECT_TRUE(proxy_->Initialize()); - - proxy_address_ = - IPEndPoint(IPAddress::IPv4Localhost(), proxy_->local_port()); - proxy_->Start(address); - } - - void MakeConnection(std::unique_ptr<StreamSocket>* client_socket, - std::unique_ptr<StreamSocket>* server_socket) { - TestCompletionCallback connect_callback; - *client_socket = std::make_unique<TCPClientSocket>( - AddressList(proxy_address_), nullptr, nullptr, NetLogSource()); - int connect_result = (*client_socket)->Connect(connect_callback.callback()); - - TestCompletionCallback accept_callback; - int result = - listen_socket_->Accept(server_socket, accept_callback.callback()); - - ASSERT_THAT(connect_callback.GetResult(connect_result), IsOk()); - ASSERT_THAT(accept_callback.GetResult(result), IsOk()); - - EXPECT_TRUE((*server_socket)->IsConnected()); - EXPECT_TRUE((*client_socket)->IsConnected()); - } - - void SendAndReceiveData(StreamSocket* socket1, StreamSocket* socket2) { - // Send just one byte to ensure we will need only one Write() and only one - // Read(). - char test_message = '0'; - - scoped_refptr<IOBuffer> write_buffer = base::MakeRefCounted<IOBuffer>(1); - *write_buffer->data() = test_message; - TestCompletionCallback write_callback; - int write_result = - socket1->Write(write_buffer.get(), 1, write_callback.callback(), - TRAFFIC_ANNOTATION_FOR_TESTS); - - scoped_refptr<IOBufferWithSize> read_buffer = - base::MakeRefCounted<IOBufferWithSize>(1024); - TestCompletionCallback read_callback; - int read_result = socket2->Read(read_buffer.get(), read_buffer->size(), - read_callback.callback()); - - ASSERT_EQ(write_callback.GetResult(write_result), 1); - ASSERT_EQ(read_callback.GetResult(read_result), 1); - - EXPECT_EQ(test_message, *read_buffer->data()); - } - - void ExpectClosed(StreamSocket* socket) { - scoped_refptr<IOBufferWithSize> read_buffer = - base::MakeRefCounted<IOBufferWithSize>(1024); - TestCompletionCallback read_callback; - int read_result = socket->Read(read_buffer.get(), read_buffer->size(), - read_callback.callback()); - - EXPECT_EQ(read_callback.GetResult(read_result), 0); - EXPECT_FALSE(socket->IsConnected()); - } - - protected: - base::Thread io_thread_; - - // Server socket that simulates testserver that TcpSocketProxy normally - // would connect to. - std::unique_ptr<TCPServerSocket> listen_socket_; - - std::unique_ptr<TcpSocketProxy> proxy_; - - private: - IPEndPoint proxy_address_; -}; - -TEST_F(TcpSocketProxyTest, SendAndReceive) { - std::unique_ptr<StreamSocket> client_socket; - std::unique_ptr<StreamSocket> server_socket; - MakeConnection(&client_socket, &server_socket); - SendAndReceiveData(client_socket.get(), server_socket.get()); - SendAndReceiveData(server_socket.get(), client_socket.get()); -} - -TEST_F(TcpSocketProxyTest, TwoConnections) { - std::unique_ptr<StreamSocket> client_socket1; - std::unique_ptr<StreamSocket> server_socket1; - MakeConnection(&client_socket1, &server_socket1); - - std::unique_ptr<StreamSocket> client_socket2; - std::unique_ptr<StreamSocket> server_socket2; - MakeConnection(&client_socket2, &server_socket2); - - SendAndReceiveData(client_socket1.get(), server_socket1.get()); - SendAndReceiveData(client_socket2.get(), server_socket2.get()); - SendAndReceiveData(server_socket1.get(), client_socket1.get()); - SendAndReceiveData(server_socket2.get(), client_socket2.get()); -} - -// Close socket on the server side and verify that it's closed on the client -// side. -// TODO(crbug.com/804429): This test hangs occasionally on iOS. -#if defined(OS_IOS) -#define MAYBE_DisconnectServer DISABLED_DisconnectServer -#else -#define MAYBE_DisconnectServer DisconnectServer -#endif -TEST_F(TcpSocketProxyTest, MAYBE_DisconnectServer) { - std::unique_ptr<StreamSocket> client_socket; - std::unique_ptr<StreamSocket> server_socket; - MakeConnection(&client_socket, &server_socket); - server_socket.reset(); - ExpectClosed(client_socket.get()); -} - -// Close socket on the client side and verify that it's closed on the server -// side. -// TODO(crbug.com/804429): This test hangs occasionally on iOS. -#if defined(OS_IOS) -#define MAYBE_DisconnectClient DISABLED_DisconnectClient -#else -#define MAYBE_DisconnectClient DisconnectClient -#endif -TEST_F(TcpSocketProxyTest, MAYBE_DisconnectClient) { - std::unique_ptr<StreamSocket> client_socket; - std::unique_ptr<StreamSocket> server_socket; - MakeConnection(&client_socket, &server_socket); - client_socket.reset(); - ExpectClosed(server_socket.get()); -} - -// Initialize() must fail if the port is in use. -TEST_F(TcpSocketProxyTest, PortInUse) { - // Try initializing second proxy on the same port. - auto proxy2 = std::make_unique<TcpSocketProxy>(io_thread_.task_runner()); - EXPECT_FALSE(proxy2->Initialize(proxy_->local_port())); -} - -} // namespace net diff --git a/chromium/net/test/url_request/url_request_failed_job.cc b/chromium/net/test/url_request/url_request_failed_job.cc index 30008616927..78f74f4f90c 100644 --- a/chromium/net/test/url_request/url_request_failed_job.cc +++ b/chromium/net/test/url_request/url_request_failed_job.cc @@ -5,8 +5,8 @@ #include "net/test/url_request/url_request_failed_job.h" #include "base/bind.h" +#include "base/check_op.h" #include "base/location.h" -#include "base/logging.h" #include "base/single_thread_task_runner.h" #include "base/stl_util.h" #include "base/strings/string_number_conversions.h" @@ -184,7 +184,7 @@ URLRequestFailedJob::~URLRequestFailedJob() = default; void URLRequestFailedJob::StartAsync() { if (phase_ == START) { if (net_error_ != ERR_IO_PENDING) { - NotifyStartError(URLRequestStatus(URLRequestStatus::FAILED, net_error_)); + NotifyStartError(net_error_); return; } return; diff --git a/chromium/net/test/url_request/url_request_test_job_backed_by_file.cc b/chromium/net/test/url_request/url_request_test_job_backed_by_file.cc index 68edacec627..72e0655e1f0 100644 --- a/chromium/net/test/url_request/url_request_test_job_backed_by_file.cc +++ b/chromium/net/test/url_request/url_request_test_job_backed_by_file.cc @@ -23,7 +23,6 @@ #include "base/bind.h" #include "base/compiler_specific.h" #include "base/files/file_util.h" -#include "base/metrics/histogram_macros.h" #include "base/strings/string_util.h" #include "base/strings/stringprintf.h" #include "base/synchronization/lock.h" @@ -143,9 +142,8 @@ void URLRequestTestJobBackedByFile::GetResponseInfo(HttpResponseInfo* info) { return; auto headers = base::MakeRefCounted<net::HttpResponseHeaders>("HTTP/1.1 200 OK"); - headers->AddHeader(base::StringPrintf("%s: %s", - net::HttpRequestHeaders::kContentType, - meta_info_.mime_type.c_str())); + headers->AddHeader(net::HttpRequestHeaders::kContentType, + meta_info_.mime_type); info->headers = headers; } @@ -163,7 +161,6 @@ URLRequestTestJobBackedByFile::SetUpSourceStream() { if (!base::LowerCaseEqualsASCII(file_path_.Extension(), ".svgz")) return source; - UMA_HISTOGRAM_BOOLEAN("Net.FileSVGZLoadCount", true); return GzipSourceStream::Create(std::move(source), SourceStream::TYPE_GZIP); } @@ -211,7 +208,7 @@ void URLRequestTestJobBackedByFile::DidFetchMetaInfo( void URLRequestTestJobBackedByFile::DidOpen(int result) { OnOpenComplete(result); if (result != OK) { - NotifyStartError(URLRequestStatus(URLRequestStatus::FAILED, result)); + NotifyStartError(result); return; } @@ -245,8 +242,7 @@ void URLRequestTestJobBackedByFile::DidSeek(int64_t result) { OnSeekComplete(result); if (result < 0) { - NotifyStartError(URLRequestStatus(URLRequestStatus::FAILED, - ERR_REQUEST_RANGE_NOT_SATISFIABLE)); + NotifyStartError(ERR_REQUEST_RANGE_NOT_SATISFIABLE); return; } diff --git a/chromium/net/test/url_request/url_request_test_job_backed_by_file_unittest.cc b/chromium/net/test/url_request/url_request_test_job_backed_by_file_unittest.cc index 2f18b2014d7..50f2007caa6 100644 --- a/chromium/net/test/url_request/url_request_test_job_backed_by_file_unittest.cc +++ b/chromium/net/test/url_request/url_request_test_job_backed_by_file_unittest.cc @@ -6,10 +6,10 @@ #include <memory> +#include "base/check.h" #include "base/files/file_path.h" #include "base/files/file_util.h" #include "base/files/scoped_temp_dir.h" -#include "base/logging.h" #include "base/run_loop.h" #include "base/strings/stringprintf.h" #include "base/threading/thread_task_runner_handle.h" diff --git a/chromium/net/third_party/quiche/BUILD.gn b/chromium/net/third_party/quiche/BUILD.gn index 55850473980..59a75e2132a 100644 --- a/chromium/net/third_party/quiche/BUILD.gn +++ b/chromium/net/third_party/quiche/BUILD.gn @@ -387,8 +387,6 @@ source_set("quiche") { "src/quic/core/quic_blocked_writer_interface.h", "src/quic/core/quic_buffer_allocator.cc", "src/quic/core/quic_buffer_allocator.h", - "src/quic/core/quic_buffered_packet_store.cc", - "src/quic/core/quic_buffered_packet_store.h", "src/quic/core/quic_circular_deque.h", "src/quic/core/quic_clock.cc", "src/quic/core/quic_clock.h", @@ -852,6 +850,8 @@ source_set("quic_test_tools_core") { "src/quic/test_tools/failing_proof_source.h", "src/quic/test_tools/fake_proof_source.cc", "src/quic/test_tools/fake_proof_source.h", + "src/quic/test_tools/first_flight.cc", + "src/quic/test_tools/first_flight.h", "src/quic/test_tools/mock_clock.cc", "src/quic/test_tools/mock_clock.h", "src/quic/test_tools/mock_quic_client_promised_info.cc", @@ -957,6 +957,8 @@ source_set("quic_test_tools_core") { "src/quic/test_tools/simulator/switch.h", "src/quic/test_tools/simulator/traffic_policer.cc", "src/quic/test_tools/simulator/traffic_policer.h", + "src/quic/test_tools/test_certificates.cc", + "src/quic/test_tools/test_certificates.h", "src/quic/tools/quic_tcp_like_trace_converter.cc", "src/quic/tools/quic_tcp_like_trace_converter.h", ] @@ -1015,6 +1017,8 @@ source_set("simple_quic_tools_core") { "src/quic/core/http/quic_spdy_client_stream.h", "src/quic/core/http/quic_spdy_server_stream_base.cc", "src/quic/core/http/quic_spdy_server_stream_base.h", + "src/quic/core/quic_buffered_packet_store.cc", + "src/quic/core/quic_buffered_packet_store.h", "src/quic/core/quic_dispatcher.cc", "src/quic/core/quic_dispatcher.h", "src/quic/core/quic_packet_writer_wrapper.cc", @@ -1022,6 +1026,8 @@ source_set("simple_quic_tools_core") { "src/quic/core/quic_process_packet_interface.h", "src/quic/core/quic_time_wait_list_manager.cc", "src/quic/core/quic_time_wait_list_manager.h", + "src/quic/core/tls_chlo_extractor.cc", + "src/quic/core/tls_chlo_extractor.h", "src/quic/platform/api/quic_default_proof_providers.h", "src/quic/platform/api/quic_system_event_loop.h", "src/quic/tools/fake_proof_verifier.h", @@ -1053,6 +1059,8 @@ source_set("simple_quic_tools_core") { "src/quic/tools/quic_transport_simple_server_session.h", "src/quic/tools/quic_url.cc", "src/quic/tools/quic_url.h", + "src/quic/tools/simple_ticket_crypter.cc", + "src/quic/tools/simple_ticket_crypter.h", ] deps = [ "//base", @@ -1344,12 +1352,12 @@ source_set("quiche_tests") { "src/quic/core/quic_time_test.cc", "src/quic/core/quic_time_wait_list_manager_test.cc", "src/quic/core/quic_trace_visitor_test.cc", - "src/quic/core/quic_types_test.cc", "src/quic/core/quic_unacked_packet_map_test.cc", "src/quic/core/quic_utils_test.cc", "src/quic/core/quic_version_manager_test.cc", "src/quic/core/quic_versions_test.cc", "src/quic/core/quic_write_blocked_list_test.cc", + "src/quic/core/tls_chlo_extractor_test.cc", "src/quic/core/tls_handshaker_test.cc", "src/quic/core/uber_quic_stream_id_manager_test.cc", "src/quic/core/uber_received_packet_manager_test.cc", @@ -1375,6 +1383,7 @@ source_set("quiche_tests") { "src/quic/test_tools/simulator/simulator_test.cc", "src/quic/tools/quic_memory_cache_backend_test.cc", "src/quic/tools/quic_tcp_like_trace_converter_test.cc", + "src/quic/tools/simple_ticket_crypter_test.cc", "src/spdy/core/array_output_buffer.cc", "src/spdy/core/array_output_buffer.h", "src/spdy/core/array_output_buffer_test.cc", diff --git a/chromium/net/third_party/quiche/src/common/platform/api/quiche_text_utils.h b/chromium/net/third_party/quiche/src/common/platform/api/quiche_text_utils.h index c58c6767d76..2cf920f2c2a 100644 --- a/chromium/net/third_party/quiche/src/common/platform/api/quiche_text_utils.h +++ b/chromium/net/third_party/quiche/src/common/platform/api/quiche_text_utils.h @@ -8,6 +8,7 @@ #include <string> #include "net/third_party/quiche/src/common/platform/api/quiche_export.h" +#include "net/third_party/quiche/src/common/platform/api/quiche_optional.h" #include "net/third_party/quiche/src/common/platform/api/quiche_string_piece.h" #include "net/quiche/common/platform/impl/quiche_text_utils_impl.h" @@ -22,6 +23,12 @@ class QUICHE_EXPORT QuicheTextUtils { return quiche::QuicheTextUtilsImpl::StartsWith(data, prefix); } + // Returns true if |data| ends with |suffix|, case sensitively. + static bool EndsWith(quiche::QuicheStringPiece data, + quiche::QuicheStringPiece suffix) { + return quiche::QuicheTextUtilsImpl::EndsWith(data, suffix); + } + // Returns true if |data| ends with |suffix|, case insensitively. static bool EndsWithIgnoreCase(quiche::QuicheStringPiece data, quiche::QuicheStringPiece suffix) { @@ -101,6 +108,12 @@ class QUICHE_EXPORT QuicheTextUtils { return quiche::QuicheTextUtilsImpl::Base64Encode(data, data_len, output); } + // Decodes a base64-encoded |input|. Returns nullopt when the input is + // invalid. + static QuicheOptional<std::string> Base64Decode(QuicheStringPiece input) { + return quiche::QuicheTextUtilsImpl::Base64Decode(input); + } + // Returns a string containing hex and ASCII representations of |binary|, // side-by-side in the style of hexdump. Non-printable characters will be // printed as '.' in the ASCII output. diff --git a/chromium/net/third_party/quiche/src/common/quiche_data_reader.cc b/chromium/net/third_party/quiche/src/common/quiche_data_reader.cc index 38546516137..344501378b5 100644 --- a/chromium/net/third_party/quiche/src/common/quiche_data_reader.cc +++ b/chromium/net/third_party/quiche/src/common/quiche_data_reader.cc @@ -4,6 +4,8 @@ #include "net/third_party/quiche/src/common/quiche_data_reader.h" +#include <cstring> + #include "net/third_party/quiche/src/common/platform/api/quiche_endian.h" #include "net/third_party/quiche/src/common/platform/api/quiche_logging.h" #include "net/third_party/quiche/src/common/platform/api/quiche_str_cat.h" @@ -85,6 +87,17 @@ bool QuicheDataReader::ReadStringPiece16(quiche::QuicheStringPiece* result) { return ReadStringPiece(result, result_len); } +bool QuicheDataReader::ReadStringPiece8(quiche::QuicheStringPiece* result) { + // Read resultant length. + uint8_t result_len; + if (!ReadUInt8(&result_len)) { + // OnFailure() already called. + return false; + } + + return ReadStringPiece(result, result_len); +} + bool QuicheDataReader::ReadStringPiece(quiche::QuicheStringPiece* result, size_t size) { // Make sure that we have enough data to read. diff --git a/chromium/net/third_party/quiche/src/common/quiche_data_reader.h b/chromium/net/third_party/quiche/src/common/quiche_data_reader.h index c837172731c..cf62a164708 100644 --- a/chromium/net/third_party/quiche/src/common/quiche_data_reader.h +++ b/chromium/net/third_party/quiche/src/common/quiche_data_reader.h @@ -11,6 +11,7 @@ #include "net/third_party/quiche/src/common/platform/api/quiche_endian.h" #include "net/third_party/quiche/src/common/platform/api/quiche_export.h" +#include "net/third_party/quiche/src/common/platform/api/quiche_logging.h" #include "net/third_party/quiche/src/common/platform/api/quiche_string_piece.h" namespace quiche { @@ -65,6 +66,15 @@ class QUICHE_EXPORT_PRIVATE QuicheDataReader { // Returns true on success, false otherwise. bool ReadStringPiece16(quiche::QuicheStringPiece* result); + // Reads a string prefixed with 8-bit length into the given output parameter. + // + // NOTE: Does not copy but rather references strings in the underlying buffer. + // This should be kept in mind when handling memory management! + // + // Forwards the internal iterator on success. + // Returns true on success, false otherwise. + bool ReadStringPiece8(quiche::QuicheStringPiece* result); + // Reads a given number of bytes into the given buffer. The buffer // must be of adequate size. // Forwards the internal iterator on success. diff --git a/chromium/net/third_party/quiche/src/common/quiche_data_writer.h b/chromium/net/third_party/quiche/src/common/quiche_data_writer.h index 8df1f908451..cded0fa16c8 100644 --- a/chromium/net/third_party/quiche/src/common/quiche_data_writer.h +++ b/chromium/net/third_party/quiche/src/common/quiche_data_writer.h @@ -7,10 +7,12 @@ #include <cstddef> #include <cstdint> +#include <cstring> #include <limits> #include "net/third_party/quiche/src/common/platform/api/quiche_endian.h" #include "net/third_party/quiche/src/common/platform/api/quiche_export.h" +#include "net/third_party/quiche/src/common/platform/api/quiche_logging.h" #include "net/third_party/quiche/src/common/platform/api/quiche_string_piece.h" namespace quiche { diff --git a/chromium/net/third_party/quiche/src/http2/decoder/decode_http2_structures.cc b/chromium/net/third_party/quiche/src/http2/decoder/decode_http2_structures.cc index f106ab0a91e..8eccaf808df 100644 --- a/chromium/net/third_party/quiche/src/http2/decoder/decode_http2_structures.cc +++ b/chromium/net/third_party/quiche/src/http2/decoder/decode_http2_structures.cc @@ -5,6 +5,7 @@ #include "net/third_party/quiche/src/http2/decoder/decode_http2_structures.h" #include <cstdint> +#include <cstring> #include "net/third_party/quiche/src/http2/decoder/decode_buffer.h" #include "net/third_party/quiche/src/http2/http2_constants.h" diff --git a/chromium/net/third_party/quiche/src/http2/decoder/http2_structure_decoder.cc b/chromium/net/third_party/quiche/src/http2/decoder/http2_structure_decoder.cc index f30a91be163..3a5b1eb6ece 100644 --- a/chromium/net/third_party/quiche/src/http2/decoder/http2_structure_decoder.cc +++ b/chromium/net/third_party/quiche/src/http2/decoder/http2_structure_decoder.cc @@ -5,6 +5,7 @@ #include "net/third_party/quiche/src/http2/decoder/http2_structure_decoder.h" #include <algorithm> +#include <cstring> #include "net/third_party/quiche/src/http2/platform/api/http2_bug_tracker.h" diff --git a/chromium/net/third_party/quiche/src/http2/hpack/decoder/hpack_decoder.cc b/chromium/net/third_party/quiche/src/http2/hpack/decoder/hpack_decoder.cc index 1013292dda4..b879511a7dc 100644 --- a/chromium/net/third_party/quiche/src/http2/hpack/decoder/hpack_decoder.cc +++ b/chromium/net/third_party/quiche/src/http2/hpack/decoder/hpack_decoder.cc @@ -16,9 +16,7 @@ HpackDecoder::HpackDecoder(HpackDecoderListener* listener, : decoder_state_(listener), entry_buffer_(&decoder_state_, max_string_size), block_decoder_(&entry_buffer_), - error_(HpackDecodingError::kOk), - http2_skip_querying_entry_buffer_error_( - GetHttp2ReloadableFlag(http2_skip_querying_entry_buffer_error)) {} + error_(HpackDecodingError::kOk) {} HpackDecoder::~HpackDecoder() = default; @@ -108,21 +106,7 @@ bool HpackDecoder::DetectError() { if (decoder_state_.error() != HpackDecodingError::kOk) { HTTP2_DVLOG(2) << "Error detected in decoder_state_"; HTTP2_CODE_COUNT_N(decompress_failure_3, 10, 23); - HTTP2_CODE_COUNT_N(http2_skip_querying_entry_buffer_error, 1, 3); error_ = decoder_state_.error(); - } else if (entry_buffer_.error_detected()) { - // This should never happen, because if an error had occured in - // |entry_buffer_|, it would have notified its listener, |decoder_state_|. - if (http2_skip_querying_entry_buffer_error_) { - HTTP2_CODE_COUNT_N(http2_skip_querying_entry_buffer_error, 2, 3); - } else { - HTTP2_DVLOG(2) << "Error detected in entry_buffer_"; - HTTP2_CODE_COUNT_N(decompress_failure_3, 9, 23); - HTTP2_CODE_COUNT_N(http2_skip_querying_entry_buffer_error, 3, 3); - // Since this code path should never be executed, error code does not - // matter as long as it is not HpackDecodingError::kOk. - error_ = HpackDecodingError::kIndexVarintError; - } } return error_ != HpackDecodingError::kOk; diff --git a/chromium/net/third_party/quiche/src/http2/hpack/decoder/hpack_decoder.h b/chromium/net/third_party/quiche/src/http2/hpack/decoder/hpack_decoder.h index 6e6360432c5..efe334d13b4 100644 --- a/chromium/net/third_party/quiche/src/http2/hpack/decoder/hpack_decoder.h +++ b/chromium/net/third_party/quiche/src/http2/hpack/decoder/hpack_decoder.h @@ -121,9 +121,6 @@ class QUICHE_EXPORT_PRIVATE HpackDecoder { // Error code if an error has occurred, HpackDecodingError::kOk otherwise. HpackDecodingError error_; - - // Latched value of reloadable_flag_http2_skip_querying_entry_buffer_error. - const bool http2_skip_querying_entry_buffer_error_; }; } // namespace http2 diff --git a/chromium/net/third_party/quiche/src/quic/core/chlo_extractor_test.cc b/chromium/net/third_party/quiche/src/quic/core/chlo_extractor_test.cc index e293902faad..1b6a6164234 100644 --- a/chromium/net/third_party/quiche/src/quic/core/chlo_extractor_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/chlo_extractor_test.cc @@ -12,6 +12,7 @@ #include "net/third_party/quiche/src/quic/core/quic_utils.h" #include "net/third_party/quiche/src/quic/platform/api/quic_test.h" #include "net/third_party/quiche/src/quic/test_tools/crypto_test_utils.h" +#include "net/third_party/quiche/src/quic/test_tools/first_flight.h" #include "net/third_party/quiche/src/quic/test_tools/quic_test_utils.h" #include "net/third_party/quiche/src/common/platform/api/quiche_arraysize.h" #include "net/third_party/quiche/src/common/platform/api/quiche_string_piece.h" @@ -32,50 +33,54 @@ class TestDelegate : public ChloExtractor::Delegate { version_ = version; connection_id_ = connection_id; chlo_ = chlo.DebugString(); + quiche::QuicheStringPiece alpn_value; + if (chlo.GetStringPiece(kALPN, &alpn_value)) { + alpn_ = std::string(alpn_value); + } } QuicConnectionId connection_id() const { return connection_id_; } QuicTransportVersion transport_version() const { return version_; } const std::string& chlo() const { return chlo_; } + const std::string& alpn() const { return alpn_; } private: QuicConnectionId connection_id_; QuicTransportVersion version_; std::string chlo_; + std::string alpn_; }; -class ChloExtractorTest : public QuicTest { +class ChloExtractorTest : public QuicTestWithParam<ParsedQuicVersion> { public: - ChloExtractorTest() { - header_.destination_connection_id = TestConnectionId(); - header_.destination_connection_id_included = CONNECTION_ID_PRESENT; - header_.version_flag = true; - header_.version = AllSupportedVersions().front(); - header_.reset_flag = false; - header_.packet_number_length = PACKET_4BYTE_PACKET_NUMBER; - header_.packet_number = QuicPacketNumber(1); - if (QuicVersionHasLongHeaderLengths(header_.version.transport_version)) { - header_.retry_token_length_length = VARIABLE_LENGTH_INTEGER_LENGTH_1; - header_.length_length = VARIABLE_LENGTH_INTEGER_LENGTH_2; - } - } + ChloExtractorTest() : version_(GetParam()) {} - void MakePacket(ParsedQuicVersion version, - quiche::QuicheStringPiece data, + void MakePacket(quiche::QuicheStringPiece data, bool munge_offset, bool munge_stream_id) { + QuicPacketHeader header; + header.destination_connection_id = TestConnectionId(); + header.destination_connection_id_included = CONNECTION_ID_PRESENT; + header.version_flag = true; + header.version = version_; + header.reset_flag = false; + header.packet_number_length = PACKET_4BYTE_PACKET_NUMBER; + header.packet_number = QuicPacketNumber(1); + if (version_.HasLongHeaderLengths()) { + header.retry_token_length_length = VARIABLE_LENGTH_INTEGER_LENGTH_1; + header.length_length = VARIABLE_LENGTH_INTEGER_LENGTH_2; + } QuicFrames frames; size_t offset = 0; if (munge_offset) { offset++; } - QuicFramer framer(SupportedVersions(header_.version), QuicTime::Zero(), + QuicFramer framer(SupportedVersions(version_), QuicTime::Zero(), Perspective::IS_CLIENT, kQuicDefaultConnectionIdLength); framer.SetInitialObfuscators(TestConnectionId()); - if (!QuicVersionUsesCryptoFrames(version.transport_version) || - munge_stream_id) { + if (!version_.UsesCryptoFrames() || munge_stream_id) { QuicStreamId stream_id = - QuicUtils::GetCryptoStreamId(version.transport_version); + QuicUtils::GetCryptoStreamId(version_.transport_version); if (munge_stream_id) { stream_id++; } @@ -86,11 +91,11 @@ class ChloExtractorTest : public QuicTest { QuicFrame(new QuicCryptoFrame(ENCRYPTION_INITIAL, offset, data))); } std::unique_ptr<QuicPacket> packet( - BuildUnsizedDataPacket(&framer, header_, frames)); + BuildUnsizedDataPacket(&framer, header, frames)); EXPECT_TRUE(packet != nullptr); size_t encrypted_length = - framer.EncryptPayload(ENCRYPTION_INITIAL, header_.packet_number, - *packet, buffer_, QUICHE_ARRAYSIZE(buffer_)); + framer.EncryptPayload(ENCRYPTION_INITIAL, header.packet_number, *packet, + buffer_, QUICHE_ARRAYSIZE(buffer_)); ASSERT_NE(0u, encrypted_length); packet_ = std::make_unique<QuicEncryptedPacket>(buffer_, encrypted_length); EXPECT_TRUE(packet_ != nullptr); @@ -98,79 +103,77 @@ class ChloExtractorTest : public QuicTest { } protected: + ParsedQuicVersion version_; TestDelegate delegate_; - QuicPacketHeader header_; std::unique_ptr<QuicEncryptedPacket> packet_; char buffer_[kMaxOutgoingPacketSize]; }; -TEST_F(ChloExtractorTest, FindsValidChlo) { +INSTANTIATE_TEST_SUITE_P( + ChloExtractorTests, + ChloExtractorTest, + ::testing::ValuesIn(AllSupportedVersionsWithQuicCrypto()), + ::testing::PrintToStringParamName()); + +TEST_P(ChloExtractorTest, FindsValidChlo) { CryptoHandshakeMessage client_hello; client_hello.set_tag(kCHLO); std::string client_hello_str(client_hello.GetSerialized().AsStringPiece()); - // Construct a CHLO with each supported version - for (ParsedQuicVersion version : AllSupportedVersions()) { - SCOPED_TRACE(version); - header_.version = version; - if (QuicVersionHasLongHeaderLengths(version.transport_version) && - header_.version_flag) { - header_.retry_token_length_length = VARIABLE_LENGTH_INTEGER_LENGTH_1; - header_.length_length = VARIABLE_LENGTH_INTEGER_LENGTH_2; - } else { - header_.retry_token_length_length = VARIABLE_LENGTH_INTEGER_LENGTH_0; - header_.length_length = VARIABLE_LENGTH_INTEGER_LENGTH_0; - } - MakePacket(version, client_hello_str, /*munge_offset*/ false, - /*munge_stream_id*/ false); - EXPECT_TRUE(ChloExtractor::Extract(*packet_, version, {}, &delegate_, - kQuicDefaultConnectionIdLength)) - << ParsedQuicVersionToString(version); - EXPECT_EQ(version.transport_version, delegate_.transport_version()); - EXPECT_EQ(header_.destination_connection_id, delegate_.connection_id()); - EXPECT_EQ(client_hello.DebugString(), delegate_.chlo()) - << ParsedQuicVersionToString(version); - } + + MakePacket(client_hello_str, /*munge_offset=*/false, + /*munge_stream_id=*/false); + EXPECT_TRUE(ChloExtractor::Extract(*packet_, version_, {}, &delegate_, + kQuicDefaultConnectionIdLength)); + EXPECT_EQ(version_.transport_version, delegate_.transport_version()); + EXPECT_EQ(TestConnectionId(), delegate_.connection_id()); + EXPECT_EQ(client_hello.DebugString(), delegate_.chlo()); } -TEST_F(ChloExtractorTest, DoesNotFindValidChloOnWrongStream) { - ParsedQuicVersion version = AllSupportedVersions()[0]; - if (QuicVersionUsesCryptoFrames(version.transport_version)) { +TEST_P(ChloExtractorTest, DoesNotFindValidChloOnWrongStream) { + if (version_.UsesCryptoFrames()) { + // When crypto frames are in use we do not use stream frames. return; } CryptoHandshakeMessage client_hello; client_hello.set_tag(kCHLO); std::string client_hello_str(client_hello.GetSerialized().AsStringPiece()); - MakePacket(version, client_hello_str, - /*munge_offset*/ false, /*munge_stream_id*/ true); - EXPECT_FALSE(ChloExtractor::Extract(*packet_, version, {}, &delegate_, + MakePacket(client_hello_str, + /*munge_offset=*/false, /*munge_stream_id=*/true); + EXPECT_FALSE(ChloExtractor::Extract(*packet_, version_, {}, &delegate_, kQuicDefaultConnectionIdLength)); } -TEST_F(ChloExtractorTest, DoesNotFindValidChloOnWrongOffset) { - ParsedQuicVersion version = AllSupportedVersions()[0]; +TEST_P(ChloExtractorTest, DoesNotFindValidChloOnWrongOffset) { CryptoHandshakeMessage client_hello; client_hello.set_tag(kCHLO); std::string client_hello_str(client_hello.GetSerialized().AsStringPiece()); - MakePacket(version, client_hello_str, /*munge_offset*/ true, - /*munge_stream_id*/ false); - EXPECT_FALSE(ChloExtractor::Extract(*packet_, version, {}, &delegate_, + MakePacket(client_hello_str, /*munge_offset=*/true, + /*munge_stream_id=*/false); + EXPECT_FALSE(ChloExtractor::Extract(*packet_, version_, {}, &delegate_, kQuicDefaultConnectionIdLength)); } -TEST_F(ChloExtractorTest, DoesNotFindInvalidChlo) { - ParsedQuicVersion version = AllSupportedVersions()[0]; - if (QuicVersionUsesCryptoFrames(version.transport_version)) { - return; - } - MakePacket(version, "foo", /*munge_offset*/ false, - /*munge_stream_id*/ true); - EXPECT_FALSE(ChloExtractor::Extract(*packet_, version, {}, &delegate_, +TEST_P(ChloExtractorTest, DoesNotFindInvalidChlo) { + MakePacket("foo", /*munge_offset=*/false, + /*munge_stream_id=*/false); + EXPECT_FALSE(ChloExtractor::Extract(*packet_, version_, {}, &delegate_, kQuicDefaultConnectionIdLength)); } +TEST_P(ChloExtractorTest, FirstFlight) { + std::vector<std::unique_ptr<QuicReceivedPacket>> packets = + GetFirstFlightOfPackets(version_); + ASSERT_EQ(packets.size(), 1u); + EXPECT_TRUE(ChloExtractor::Extract(*packets[0], version_, {}, &delegate_, + kQuicDefaultConnectionIdLength)); + EXPECT_EQ(version_.transport_version, delegate_.transport_version()); + EXPECT_EQ(TestConnectionId(), delegate_.connection_id()); + EXPECT_EQ(AlpnForVersion(version_), delegate_.alpn()); +} + } // namespace } // namespace test } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/congestion_control/bandwidth_sampler.cc b/chromium/net/third_party/quiche/src/quic/core/congestion_control/bandwidth_sampler.cc index c929e8b55cc..f885c94794c 100644 --- a/chromium/net/third_party/quiche/src/quic/core/congestion_control/bandwidth_sampler.cc +++ b/chromium/net/third_party/quiche/src/quic/core/congestion_control/bandwidth_sampler.cc @@ -382,14 +382,15 @@ BandwidthSample BandwidthSampler::OnPacketAcknowledgedInner( } else { QUIC_CODE_COUNT_N(quic_prev_ack_time_larger_than_current_ack_time, 2, 2); } - QUIC_BUG << "Time of the previously acked packet:" - << a0.ack_time.ToDebuggingValue() - << " is larger than the ack time of the current packet:" - << ack_time.ToDebuggingValue() - << ". acked packet number:" << packet_number - << ", total_bytes_acked_:" << total_bytes_acked_ - << ", overestimate_avoidance_:" << overestimate_avoidance_ - << ", sent_packet:" << sent_packet; + QUIC_LOG_EVERY_N_SEC(ERROR, 60) + << "Time of the previously acked packet:" + << a0.ack_time.ToDebuggingValue() + << " is larger than the ack time of the current packet:" + << ack_time.ToDebuggingValue() + << ". acked packet number:" << packet_number + << ", total_bytes_acked_:" << total_bytes_acked_ + << ", overestimate_avoidance_:" << overestimate_avoidance_ + << ", sent_packet:" << sent_packet; return BandwidthSample(); } QuicBandwidth ack_rate = QuicBandwidth::FromBytesAndTimeDelta( @@ -403,13 +404,15 @@ BandwidthSample BandwidthSampler::OnPacketAcknowledgedInner( sample.rtt = ack_time - sent_packet.sent_time; SentPacketToSendTimeState(sent_packet, &sample.state_at_send); - QUIC_BUG_IF(sample.bandwidth.IsZero()) - << "ack_rate: " << ack_rate << ", send_rate: " << send_rate - << ". acked packet number:" << packet_number - << ", overestimate_avoidance_:" << overestimate_avoidance_ << "a1:{" - << total_bytes_acked_ << "@" << ack_time << "}, a0:{" - << a0.total_bytes_acked << "@" << a0.ack_time - << "}, sent_packet:" << sent_packet; + if (sample.bandwidth.IsZero()) { + QUIC_LOG_EVERY_N_SEC(ERROR, 60) + << "ack_rate: " << ack_rate << ", send_rate: " << send_rate + << ". acked packet number:" << packet_number + << ", overestimate_avoidance_:" << overestimate_avoidance_ << "a1:{" + << total_bytes_acked_ << "@" << ack_time << "}, a0:{" + << a0.total_bytes_acked << "@" << a0.ack_time + << "}, sent_packet:" << sent_packet; + } return sample; } diff --git a/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_misc.cc b/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_misc.cc index 5a3046794be..90df9a0c0da 100644 --- a/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_misc.cc +++ b/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_misc.cc @@ -60,9 +60,7 @@ Bbr2NetworkModel::Bbr2NetworkModel(const Bbr2Params* params, : params_(params), bandwidth_sampler_([](QuicRoundTripCount max_height_tracker_window_length, const BandwidthSampler* old_sampler) { - if (GetQuicReloadableFlag(quic_bbr_copy_sampler_state_from_v1_to_v2) && - old_sampler != nullptr) { - QUIC_RELOADABLE_FLAG_COUNT(quic_bbr_copy_sampler_state_from_v1_to_v2); + if (old_sampler != nullptr) { return BandwidthSampler(*old_sampler); } return BandwidthSampler(/*unacked_packet_map=*/nullptr, @@ -111,10 +109,8 @@ void Bbr2NetworkModel::OnCongestionEventStart( // Avoid updating |max_bandwidth_filter_| if a) this is a loss-only event, or // b) all packets in |acked_packets| did not generate valid samples. (e.g. ack // of ack-only packets). In both cases, total_bytes_acked() will not change. - if (!fix_zero_bw_on_loss_only_event_ || - (prior_bytes_acked != total_bytes_acked())) { - QUIC_BUG_IF((prior_bytes_acked != total_bytes_acked()) && - sample.sample_max_bandwidth.IsZero()) + if (prior_bytes_acked != total_bytes_acked()) { + QUIC_BUG_IF(sample.sample_max_bandwidth.IsZero()) << total_bytes_acked() - prior_bytes_acked << " bytes from " << acked_packets.size() << " packets have been acked, but sample_max_bandwidth is zero."; @@ -123,14 +119,6 @@ void Bbr2NetworkModel::OnCongestionEventStart( congestion_event->sample_max_bandwidth = sample.sample_max_bandwidth; max_bandwidth_filter_.Update(congestion_event->sample_max_bandwidth); } - } else { - if (acked_packets.empty()) { - QUIC_RELOADABLE_FLAG_COUNT_N(quic_bbr_fix_zero_bw_on_loss_only_event, 3, - 4); - } else { - QUIC_RELOADABLE_FLAG_COUNT_N(quic_bbr_fix_zero_bw_on_loss_only_event, 4, - 4); - } } if (!sample.sample_rtt.IsInfinite()) { @@ -196,15 +184,17 @@ void Bbr2NetworkModel::AdaptLowerBounds( if (bandwidth_lo_.IsInfinite()) { bandwidth_lo_ = MaxBandwidth(); } - if (inflight_lo_ == inflight_lo_default()) { - inflight_lo_ = congestion_event.prior_cwnd; - } - bandwidth_lo_ = std::max(bandwidth_latest_, bandwidth_lo_ * (1.0 - Params().beta)); QUIC_DVLOG(3) << "bandwidth_lo_ updated to " << bandwidth_lo_ << ", bandwidth_latest_ is " << bandwidth_latest_; + if (Params().ignore_inflight_lo) { + return; + } + if (inflight_lo_ == inflight_lo_default()) { + inflight_lo_ = congestion_event.prior_cwnd; + } inflight_lo_ = std::max<QuicByteCount>( inflight_latest_, inflight_lo_ * (1.0 - Params().beta)); } @@ -292,6 +282,15 @@ void Bbr2NetworkModel::RestartRound() { round_trip_counter_.RestartRound(); } +void Bbr2NetworkModel::cap_inflight_lo(QuicByteCount cap) { + if (Params().ignore_inflight_lo) { + return; + } + if (inflight_lo_ != inflight_lo_default() && inflight_lo_ > cap) { + inflight_lo_ = cap; + } +} + QuicByteCount Bbr2NetworkModel::inflight_hi_with_headroom() const { QuicByteCount headroom = inflight_hi_ * Params().inflight_hi_headroom; diff --git a/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_misc.h b/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_misc.h index 63a11e14681..e110a4c3297 100644 --- a/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_misc.h +++ b/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_misc.h @@ -77,7 +77,8 @@ struct QUIC_EXPORT_PRIVATE Bbr2Params { // The gain for both CWND and PacingRate at startup. // TODO(wub): Maybe change to the newly derived value of 2.773 (4 * ln(2)). - float startup_gain = 2.885; + float startup_cwnd_gain = 2.885; + float startup_pacing_gain = 2.885; // Full bandwidth is declared if the total bandwidth growth is less than // |startup_full_bw_threshold| times in the last |startup_full_bw_rounds| @@ -175,8 +176,14 @@ struct QUIC_EXPORT_PRIVATE Bbr2Params { GetQuicReloadableFlag(quic_bbr2_add_ack_height_to_queueing_threshold); // Can be disabled by connection option 'B2RP'. - bool avoid_unnecessary_probe_rtt = - GetQuicReloadableFlag(quic_bbr2_avoid_unnecessary_probe_rtt); + bool avoid_unnecessary_probe_rtt = true; + + // Can be disabled by connection option 'B2CL'. + bool avoid_too_low_probe_bw_cwnd = + GetQuicReloadableFlag(quic_bbr2_avoid_too_low_probe_bw_cwnd); + + // Can be enabled by connection option 'B2LO'. + bool ignore_inflight_lo = false; }; class QUIC_EXPORT_PRIVATE RoundTripCounter { @@ -420,11 +427,7 @@ class QUIC_EXPORT_PRIVATE Bbr2NetworkModel { return std::numeric_limits<QuicByteCount>::max(); } void clear_inflight_lo() { inflight_lo_ = inflight_lo_default(); } - void cap_inflight_lo(QuicByteCount cap) { - if (inflight_lo_ != inflight_lo_default() && inflight_lo_ > cap) { - inflight_lo_ = cap; - } - } + void cap_inflight_lo(QuicByteCount cap); QuicByteCount inflight_hi_with_headroom() const; QuicByteCount inflight_hi() const { return inflight_hi_; } @@ -472,9 +475,6 @@ class QUIC_EXPORT_PRIVATE Bbr2NetworkModel { float cwnd_gain_; float pacing_gain_; - - const bool fix_zero_bw_on_loss_only_event_ = - GetQuicReloadableFlag(quic_bbr_fix_zero_bw_on_loss_only_event); }; enum class Bbr2Mode : uint8_t { diff --git a/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_probe_bw.cc b/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_probe_bw.cc index 1a7a7193a16..6fb7eee8059 100644 --- a/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_probe_bw.cc +++ b/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_probe_bw.cc @@ -79,12 +79,36 @@ Bbr2Mode Bbr2ProbeBwMode::OnCongestionEvent( } Limits<QuicByteCount> Bbr2ProbeBwMode::GetCwndLimits() const { - if (cycle_.phase == CyclePhase::PROBE_CRUISE) { + if (!GetQuicReloadableFlag(quic_bbr2_avoid_too_low_probe_bw_cwnd)) { + if (cycle_.phase == CyclePhase::PROBE_CRUISE) { + return NoGreaterThan( + std::min(model_->inflight_lo(), model_->inflight_hi_with_headroom())); + } + return NoGreaterThan( - std::min(model_->inflight_lo(), model_->inflight_hi_with_headroom())); + std::min(model_->inflight_lo(), model_->inflight_hi())); + } + + QUIC_RELOADABLE_FLAG_COUNT(quic_bbr2_avoid_too_low_probe_bw_cwnd); + + QuicByteCount upper_limit = + std::min(model_->inflight_lo(), cycle_.phase == CyclePhase::PROBE_CRUISE + ? model_->inflight_hi_with_headroom() + : model_->inflight_hi()); + + if (Params().avoid_too_low_probe_bw_cwnd) { + // Ensure upper_limit is at least BDP + AckHeight. + QuicByteCount bdp_with_ack_height = + model_->BDP(model_->MaxBandwidth()) + model_->MaxAckHeight(); + if (upper_limit < bdp_with_ack_height) { + QUIC_DVLOG(3) << sender_ << " Rasing upper_limit from " << upper_limit + << " to " << bdp_with_ack_height; + QUIC_CODE_COUNT(quic_bbr2_avoid_too_low_probe_bw_cwnd_in_effect); + upper_limit = bdp_with_ack_height; + } } - return NoGreaterThan(std::min(model_->inflight_lo(), model_->inflight_hi())); + return NoGreaterThan(upper_limit); } bool Bbr2ProbeBwMode::IsProbingForBandwidth() const { diff --git a/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_sender.cc b/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_sender.cc index 4d794432ec4..8c0171bc9bf 100644 --- a/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_sender.cc +++ b/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_sender.cc @@ -108,6 +108,37 @@ void Bbr2Sender::SetFromConfig(const QuicConfig& config, if (config.HasClientRequestedIndependentOption(kB2RP, perspective)) { params_.avoid_unnecessary_probe_rtt = false; } + if (GetQuicReloadableFlag(quic_bbr2_avoid_too_low_probe_bw_cwnd) && + config.HasClientRequestedIndependentOption(kB2CL, perspective)) { + params_.avoid_too_low_probe_bw_cwnd = false; + } + if (GetQuicReloadableFlag(quic_bbr2_fewer_startup_round_trips) && + config.HasClientRequestedIndependentOption(k1RTT, perspective)) { + QUIC_RELOADABLE_FLAG_COUNT_N(quic_bbr2_fewer_startup_round_trips, 1, 2); + params_.startup_full_bw_rounds = 1; + } + if (GetQuicReloadableFlag(quic_bbr2_fewer_startup_round_trips) && + config.HasClientRequestedIndependentOption(k2RTT, perspective)) { + QUIC_RELOADABLE_FLAG_COUNT_N(quic_bbr2_fewer_startup_round_trips, 2, 2); + params_.startup_full_bw_rounds = 2; + } + if (GetQuicReloadableFlag(quic_bbr2_ignore_inflight_lo) && + config.HasClientRequestedIndependentOption(kB2LO, perspective)) { + QUIC_RELOADABLE_FLAG_COUNT(quic_bbr2_ignore_inflight_lo); + params_.ignore_inflight_lo = true; + } + + ApplyConnectionOptions(config.ClientRequestedIndependentOptions(perspective)); +} + +void Bbr2Sender::ApplyConnectionOptions( + const QuicTagVector& connection_options) { + if (GetQuicReloadableFlag(quic_bbr2_lower_startup_cwnd_gain) && + ContainsQuicTag(connection_options, kBBQ2)) { + // 2 is the lower, derived gain for CWND. + params_.startup_cwnd_gain = 2; + params_.drain_cwnd_gain = 2; + } } Limits<QuicByteCount> Bbr2Sender::GetCwndLimitsByMode() const { @@ -206,7 +237,6 @@ void Bbr2Sender::OnCongestionEvent(bool /*rtt_updated*/, last_sample_is_app_limited_ = congestion_event.last_sample_is_app_limited; if (congestion_event.bytes_in_flight == 0 && params().avoid_unnecessary_probe_rtt) { - QUIC_RELOADABLE_FLAG_COUNT_N(quic_bbr2_avoid_unnecessary_probe_rtt, 2, 2); OnEnterQuiescence(event_time); } @@ -301,7 +331,6 @@ void Bbr2Sender::OnPacketSent(QuicTime sent_time, << ", total_lost:" << model_.total_bytes_lost() << " @ " << sent_time; if (bytes_in_flight == 0 && params().avoid_unnecessary_probe_rtt) { - QUIC_RELOADABLE_FLAG_COUNT_N(quic_bbr2_avoid_unnecessary_probe_rtt, 1, 2); OnExitQuiescence(sent_time); } model_.OnPacketSent(sent_time, bytes_in_flight, packet_number, bytes, diff --git a/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_sender.h b/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_sender.h index d68a6a13265..60824cdbd4b 100644 --- a/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_sender.h +++ b/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_sender.h @@ -50,6 +50,8 @@ class QUIC_EXPORT_PRIVATE Bbr2Sender final : public SendAlgorithmInterface { void SetFromConfig(const QuicConfig& config, Perspective perspective) override; + void ApplyConnectionOptions(const QuicTagVector& connection_options) override; + void AdjustNetworkParameters(const NetworkParams& params) override; void SetInitialCongestionWindowInPackets( @@ -173,8 +175,8 @@ class QUIC_EXPORT_PRIVATE Bbr2Sender final : public SendAlgorithmInterface { QuicRandom* random_; QuicConnectionStats* connection_stats_; - // Don't use it directly outside of SetFromConfig. Instead, use params() to - // get read-only access. + // Don't use it directly outside of SetFromConfig and ApplyConnectionOptions. + // Instead, use params() to get read-only access. Bbr2Params params_; Bbr2NetworkModel model_; diff --git a/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_simulator_test.cc b/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_simulator_test.cc index 949b2834e89..f803ab68cdf 100644 --- a/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_simulator_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_simulator_test.cc @@ -890,11 +890,8 @@ TEST_F(Bbr2DefaultTopologyTest, ProbeRttAfterQuiescenceImmediatelyExits) { sender_->OnPacketSent(SimulatedNow(), /*bytes_in_flight=*/0, sender_unacked_map()->largest_sent_packet() + 1, kDefaultMaxPacketSize, HAS_RETRANSMITTABLE_DATA); - if (GetQuicReloadableFlag(quic_bbr2_avoid_unnecessary_probe_rtt)) { - EXPECT_EQ(sender_->ExportDebugState().mode, Bbr2Mode::PROBE_BW); - } else { - EXPECT_EQ(sender_->ExportDebugState().mode, Bbr2Mode::PROBE_RTT); - } + + EXPECT_EQ(sender_->ExportDebugState().mode, Bbr2Mode::PROBE_BW); } TEST_F(Bbr2DefaultTopologyTest, ProbeBwAfterQuiescencePostponeMinRttTimestamp) { @@ -921,7 +918,7 @@ TEST_F(Bbr2DefaultTopologyTest, ProbeBwAfterQuiescencePostponeMinRttTimestamp) { // Wait for entering a quiescence of 15 seconds. ASSERT_TRUE(simulator_.RunUntilOrTimeout( [this]() { return sender_unacked_map()->bytes_in_flight() == 0; }, - params.RTT())); + params.RTT() + timeout)); simulator_.RunFor(QuicTime::Delta::FromSeconds(15)); @@ -929,19 +926,13 @@ TEST_F(Bbr2DefaultTopologyTest, ProbeBwAfterQuiescencePostponeMinRttTimestamp) { SendBursts(params, 1, kDefaultTCPMSS, QuicTime::Delta::Zero()); const QuicTime min_rtt_timestamp_after_idle = sender_->ExportDebugState().min_rtt_timestamp; - if (GetQuicReloadableFlag(quic_bbr2_avoid_unnecessary_probe_rtt)) { - EXPECT_LT(min_rtt_timestamp_before_idle + QuicTime::Delta::FromSeconds(14), - min_rtt_timestamp_after_idle); - } else { - EXPECT_EQ(min_rtt_timestamp_before_idle, min_rtt_timestamp_after_idle); - } + + EXPECT_LT(min_rtt_timestamp_before_idle + QuicTime::Delta::FromSeconds(14), + min_rtt_timestamp_after_idle); } // Regression test for http://shortn/_Jt1QWtshAM. TEST_F(Bbr2DefaultTopologyTest, SwitchToBbr2MidConnection) { - if (!GetQuicReloadableFlag(quic_bbr_copy_sampler_state_from_v1_to_v2)) { - return; - } QuicTime now = QuicTime::Zero(); BbrSender old_sender(sender_connection()->clock()->Now(), sender_connection()->sent_packet_manager().GetRttStats(), @@ -1039,7 +1030,7 @@ TEST_F(Bbr2DefaultTopologyTest, SwitchToBbr2MidConnection) { // Receiver class MultiSenderTopologyParams { public: - static const size_t kNumLocalLinks = 8; + static constexpr size_t kNumLocalLinks = 8; std::array<LinkParams, kNumLocalLinks> local_links = { LinkParams(10000, 1987), LinkParams(10000, 1993), LinkParams(10000, 1997), LinkParams(10000, 1999), LinkParams(10000, 2003), LinkParams(10000, 2011), diff --git a/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_startup.cc b/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_startup.cc index 8514d2accbc..1141ca09e05 100644 --- a/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_startup.cc +++ b/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_startup.cc @@ -47,8 +47,8 @@ Bbr2Mode Bbr2StartupMode::OnCongestionEvent( CheckExcessiveLosses(congestion_event); - model_->set_pacing_gain(Params().startup_gain); - model_->set_cwnd_gain(Params().startup_gain); + model_->set_pacing_gain(Params().startup_pacing_gain); + model_->set_cwnd_gain(Params().startup_cwnd_gain); // TODO(wub): Maybe implement STARTUP => PROBE_RTT. return full_bandwidth_reached_ ? Bbr2Mode::DRAIN : Bbr2Mode::STARTUP; diff --git a/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_startup.h b/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_startup.h index e8f37ff9b81..378a4fd83fd 100644 --- a/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_startup.h +++ b/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_startup.h @@ -33,6 +33,8 @@ class QUIC_EXPORT_PRIVATE Bbr2StartupMode final : public Bbr2ModeBase { const Bbr2CongestionEvent& congestion_event) override; Limits<QuicByteCount> GetCwndLimits() const override { + // Inflight_lo is never set in STARTUP. + DCHECK_EQ(Bbr2NetworkModel::inflight_lo_default(), model_->inflight_lo()); return NoGreaterThan(model_->inflight_lo()); } diff --git a/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr_sender.cc b/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr_sender.cc index 8331611252d..f150ec14787 100644 --- a/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr_sender.cc +++ b/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr_sender.cc @@ -259,9 +259,6 @@ bool BbrSender::IsPipeSufficientlyFull() const { void BbrSender::SetFromConfig(const QuicConfig& config, Perspective perspective) { - if (config.HasClientRequestedIndependentOption(kLRTT, perspective)) { - exit_startup_on_loss_ = true; - } if (config.HasClientRequestedIndependentOption(k1RTT, perspective)) { num_startup_rtts_ = 1; } @@ -303,10 +300,6 @@ void BbrSender::SetFromConfig(const QuicConfig& config, set_high_cwnd_gain(kDerivedHighGain); set_drain_gain(1.f / kDerivedHighGain); } - if (!exit_startup_on_loss_ && - config.HasClientRequestedIndependentOption(kBBQ2, perspective)) { - set_high_cwnd_gain(kDerivedHighCWNDGain); - } if (config.HasClientRequestedIndependentOption(kBBQ3, perspective)) { enable_ack_aggregation_during_startup_ = true; } @@ -327,6 +320,18 @@ void BbrSender::SetFromConfig(const QuicConfig& config, quic_avoid_overestimate_bandwidth_with_aggregation, 3, 4); sampler_.EnableOverestimateAvoidance(); } + + ApplyConnectionOptions(config.ClientRequestedIndependentOptions(perspective)); +} + +void BbrSender::ApplyConnectionOptions( + const QuicTagVector& connection_options) { + if (ContainsQuicTag(connection_options, kLRTT)) { + exit_startup_on_loss_ = true; + } + if (ContainsQuicTag(connection_options, kBBQ2)) { + set_high_cwnd_gain(kDerivedHighCWNDGain); + } } void BbrSender::AdjustNetworkParameters(const NetworkParams& params) { @@ -428,10 +433,8 @@ void BbrSender::OnCongestionEvent(bool /*rtt_updated*/, // packets in |acked_packets| did not generate valid samples. (e.g. ack of // ack-only packets). In both cases, sampler_.total_bytes_acked() will not // change. - if (!fix_zero_bw_on_loss_only_event_ || - (total_bytes_acked_before != sampler_.total_bytes_acked())) { - QUIC_BUG_IF((total_bytes_acked_before != sampler_.total_bytes_acked()) && - sample.sample_max_bandwidth.IsZero()) + if (total_bytes_acked_before != sampler_.total_bytes_acked()) { + QUIC_BUG_IF(sample.sample_max_bandwidth.IsZero()) << sampler_.total_bytes_acked() - total_bytes_acked_before << " bytes from " << acked_packets.size() << " packets have been acked, but sample_max_bandwidth is zero."; @@ -439,15 +442,8 @@ void BbrSender::OnCongestionEvent(bool /*rtt_updated*/, sample.sample_max_bandwidth > max_bandwidth_.GetBest()) { max_bandwidth_.Update(sample.sample_max_bandwidth, round_trip_count_); } - } else { - if (acked_packets.empty()) { - QUIC_RELOADABLE_FLAG_COUNT_N(quic_bbr_fix_zero_bw_on_loss_only_event, 1, - 4); - } else { - QUIC_RELOADABLE_FLAG_COUNT_N(quic_bbr_fix_zero_bw_on_loss_only_event, 2, - 4); - } } + if (!sample.sample_rtt.IsInfinite()) { min_rtt_expired = MaybeUpdateMinRtt(event_time, sample.sample_rtt); } @@ -503,7 +499,16 @@ CongestionControlType BbrSender::GetCongestionControlType() const { } QuicTime::Delta BbrSender::GetMinRtt() const { - return !min_rtt_.IsZero() ? min_rtt_ : rtt_stats_->initial_rtt(); + if (!min_rtt_.IsZero()) { + return min_rtt_; + } + if (GetQuicReloadableFlag(quic_bbr_use_available_min_rtt)) { + // min_rtt could be available if the handshake packet gets neutered then + // gets acknowledged. This could only happen for QUIC crypto where we do not + // drop keys. + return rtt_stats_->MinOrInitialRtt(); + } + return rtt_stats_->initial_rtt(); } QuicByteCount BbrSender::GetTargetCongestionWindow(float gain) const { @@ -920,16 +925,9 @@ void BbrSender::CalculateRecoveryWindow(QuicByteCount bytes_acked, recovery_window_ += bytes_acked; } - // Sanity checks. Ensure that we always allow to send at least an MSS or - // |bytes_acked| in response, whichever is larger. + // Always allow sending at least |bytes_acked| in response. recovery_window_ = std::max( recovery_window_, unacked_packets_->bytes_in_flight() + bytes_acked); - if (GetQuicReloadableFlag(quic_bbr_one_mss_conservation)) { - QUIC_RELOADABLE_FLAG_COUNT(quic_bbr_one_mss_conservation); - recovery_window_ = - std::max(recovery_window_, - unacked_packets_->bytes_in_flight() + kMaxSegmentSize); - } recovery_window_ = std::max(min_congestion_window_, recovery_window_); } diff --git a/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr_sender.h b/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr_sender.h index ab5d8197419..c7285d76f24 100644 --- a/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr_sender.h +++ b/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr_sender.h @@ -106,6 +106,7 @@ class QUIC_EXPORT_PRIVATE BbrSender : public SendAlgorithmInterface { void SetFromConfig(const QuicConfig& config, Perspective perspective) override; + void ApplyConnectionOptions(const QuicTagVector& connection_options) override; void AdjustNetworkParameters(const NetworkParams& params) override; void SetInitialCongestionWindowInPackets( @@ -390,9 +391,6 @@ class QUIC_EXPORT_PRIVATE BbrSender : public SendAlgorithmInterface { // or it's time for high gain mode. bool drain_to_target_; - const bool fix_zero_bw_on_loss_only_event_ = - GetQuicReloadableFlag(quic_bbr_fix_zero_bw_on_loss_only_event); - // True if network parameters are adjusted, and this will be reset if // overshooting is detected and pacing rate gets slowed. bool network_parameters_adjusted_; diff --git a/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr_sender_test.cc b/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr_sender_test.cc index e07931b8c79..e50a7c04c61 100644 --- a/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr_sender_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr_sender_test.cc @@ -341,7 +341,6 @@ TEST_F(BbrSenderTest, SimpleTransferSmallBuffer) { } TEST_F(BbrSenderTest, RemoveBytesLostInRecovery) { - SetQuicReloadableFlag(quic_bbr_one_mss_conservation, false); // Disable Ack Decimation on the receiver, because it can increase srtt. QuicConnectionPeer::SetAckMode(receiver_.connection(), AckMode::TCP_ACKING); CreateDefaultSetup(); @@ -1372,9 +1371,7 @@ TEST_F(BbrSenderTest, LossOnlyCongestionEvent) { lost_packets); // Bandwidth estimate should not change for the loss only event. - if (GetQuicReloadableFlag(quic_bbr_fix_zero_bw_on_loss_only_event)) { - EXPECT_EQ(prior_bandwidth_estimate, sender_->BandwidthEstimate()); - } + EXPECT_EQ(prior_bandwidth_estimate, sender_->BandwidthEstimate()); } } // namespace test diff --git a/chromium/net/third_party/quiche/src/quic/core/congestion_control/general_loss_algorithm.cc b/chromium/net/third_party/quiche/src/quic/core/congestion_control/general_loss_algorithm.cc index 6c090136c1a..f00045e7b8e 100644 --- a/chromium/net/third_party/quiche/src/quic/core/congestion_control/general_loss_algorithm.cc +++ b/chromium/net/third_party/quiche/src/quic/core/congestion_control/general_loss_algorithm.cc @@ -15,7 +15,7 @@ namespace quic { GeneralLossAlgorithm::GeneralLossAlgorithm() : loss_detection_timeout_(QuicTime::Zero()), reordering_shift_(kDefaultLossDelayShift), - reordering_threshold_(kNumberOfNacksBeforeRetransmission), + reordering_threshold_(kDefaultPacketReorderingThreshold), use_adaptive_reordering_threshold_(true), use_adaptive_time_threshold_(false), use_packet_threshold_for_runt_packets_(true), @@ -23,15 +23,17 @@ GeneralLossAlgorithm::GeneralLossAlgorithm() packet_number_space_(NUM_PACKET_NUMBER_SPACES) {} // Uses nack counts to decide when packets are lost. -void GeneralLossAlgorithm::DetectLosses( +LossDetectionInterface::DetectionStats GeneralLossAlgorithm::DetectLosses( const QuicUnackedPacketMap& unacked_packets, QuicTime time, const RttStats& rtt_stats, QuicPacketNumber largest_newly_acked, const AckedPacketVector& packets_acked, LostPacketVector* packets_lost) { + DetectionStats detection_stats; + loss_detection_timeout_ = QuicTime::Zero(); - if (!packets_acked.empty() && + if (!packets_acked.empty() && least_in_flight_.IsInitialized() && packets_acked.front().packet_number == least_in_flight_) { if (packets_acked.back().packet_number == largest_newly_acked && least_in_flight_ + packets_acked.size() - 1 == largest_newly_acked) { @@ -40,7 +42,7 @@ void GeneralLossAlgorithm::DetectLosses( // do not use this optimization if largest_newly_acked is not the largest // packet in packets_acked. least_in_flight_ = largest_newly_acked + 1; - return; + return detection_stats; } // There is hole in acked_packets, increment least_in_flight_ if possible. for (const auto& acked : packets_acked) { @@ -50,6 +52,7 @@ void GeneralLossAlgorithm::DetectLosses( ++least_in_flight_; } } + QuicTime::Delta max_rtt = std::max(rtt_stats.previous_srtt(), rtt_stats.latest_rtt()); max_rtt = std::max(kAlarmGranularity, max_rtt); @@ -77,19 +80,23 @@ void GeneralLossAlgorithm::DetectLosses( // Skip packets of different packet number space. continue; } + if (!it->in_flight) { continue; } + + if (largest_newly_acked - packet_number > + detection_stats.sent_packets_max_sequence_reordering) { + detection_stats.sent_packets_max_sequence_reordering = + largest_newly_acked - packet_number; + } + // Packet threshold loss detection. // Skip packet threshold loss detection if largest_newly_acked is a runt. const bool skip_packet_threshold_detection = !use_packet_threshold_for_runt_packets_ && it->bytes_sent > unacked_packets.GetTransmissionInfo(largest_newly_acked).bytes_sent; - if (skip_packet_threshold_detection) { - QUIC_RELOADABLE_FLAG_COUNT_N( - quic_skip_packet_threshold_loss_detection_with_runt, 2, 2); - } if (!skip_packet_threshold_detection && largest_newly_acked - packet_number >= reordering_threshold_) { packets_lost->push_back(LostPacket(packet_number, it->bytes_sent)); @@ -112,6 +119,8 @@ void GeneralLossAlgorithm::DetectLosses( // There is no in flight packet. least_in_flight_ = largest_newly_acked + 1; } + + return detection_stats; } QuicTime GeneralLossAlgorithm::GetLossTimeout() const { diff --git a/chromium/net/third_party/quiche/src/quic/core/congestion_control/general_loss_algorithm.h b/chromium/net/third_party/quiche/src/quic/core/congestion_control/general_loss_algorithm.h index 7ab0d536eb7..ee8ba64c2d7 100644 --- a/chromium/net/third_party/quiche/src/quic/core/congestion_control/general_loss_algorithm.h +++ b/chromium/net/third_party/quiche/src/quic/core/congestion_control/general_loss_algorithm.h @@ -11,6 +11,7 @@ #include "net/third_party/quiche/src/quic/core/congestion_control/loss_detection_interface.h" #include "net/third_party/quiche/src/quic/core/quic_packets.h" #include "net/third_party/quiche/src/quic/core/quic_time.h" +#include "net/third_party/quiche/src/quic/core/quic_types.h" #include "net/third_party/quiche/src/quic/core/quic_unacked_packet_map.h" #include "net/third_party/quiche/src/quic/platform/api/quic_export.h" @@ -21,21 +22,21 @@ namespace quic { // Also implements TCP's early retransmit(RFC5827). class QUIC_EXPORT_PRIVATE GeneralLossAlgorithm : public LossDetectionInterface { public: - // TCP retransmits after 3 nacks. - static const QuicPacketCount kNumberOfNacksBeforeRetransmission = 3; - GeneralLossAlgorithm(); GeneralLossAlgorithm(const GeneralLossAlgorithm&) = delete; GeneralLossAlgorithm& operator=(const GeneralLossAlgorithm&) = delete; ~GeneralLossAlgorithm() override {} + void SetFromConfig(const QuicConfig& /*config*/, + Perspective /*perspective*/) override {} + // Uses |largest_acked| and time to decide when packets are lost. - void DetectLosses(const QuicUnackedPacketMap& unacked_packets, - QuicTime time, - const RttStats& rtt_stats, - QuicPacketNumber largest_newly_acked, - const AckedPacketVector& packets_acked, - LostPacketVector* packets_lost) override; + DetectionStats DetectLosses(const QuicUnackedPacketMap& unacked_packets, + QuicTime time, + const RttStats& rtt_stats, + QuicPacketNumber largest_newly_acked, + const AckedPacketVector& packets_acked, + LostPacketVector* packets_lost) override; // Returns a non-zero value when the early retransmit timer is active. QuicTime GetLossTimeout() const override; @@ -66,6 +67,8 @@ class QUIC_EXPORT_PRIVATE GeneralLossAlgorithm : public LossDetectionInterface { void Reset(); + QuicPacketCount reordering_threshold() const { return reordering_threshold_; } + int reordering_shift() const { return reordering_shift_; } void set_reordering_shift(int reordering_shift) { diff --git a/chromium/net/third_party/quiche/src/quic/core/congestion_control/general_loss_algorithm_test.cc b/chromium/net/third_party/quiche/src/quic/core/congestion_control/general_loss_algorithm_test.cc index 7bef933b93f..1a58ade2695 100644 --- a/chromium/net/third_party/quiche/src/quic/core/congestion_control/general_loss_algorithm_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/congestion_control/general_loss_algorithm_test.cc @@ -61,12 +61,25 @@ class GeneralLossAlgorithmTest : public QuicTest { void VerifyLosses(uint64_t largest_newly_acked, const AckedPacketVector& packets_acked, const std::vector<uint64_t>& losses_expected) { + return VerifyLosses(largest_newly_acked, packets_acked, losses_expected, + quiche::QuicheOptional<QuicPacketCount>()); + } + + void VerifyLosses(uint64_t largest_newly_acked, + const AckedPacketVector& packets_acked, + const std::vector<uint64_t>& losses_expected, + quiche::QuicheOptional<QuicPacketCount> + max_sequence_reordering_expected) { unacked_packets_.MaybeUpdateLargestAckedOfPacketNumberSpace( APPLICATION_DATA, QuicPacketNumber(largest_newly_acked)); LostPacketVector lost_packets; - loss_algorithm_.DetectLosses(unacked_packets_, clock_.Now(), rtt_stats_, - QuicPacketNumber(largest_newly_acked), - packets_acked, &lost_packets); + LossDetectionInterface::DetectionStats stats = loss_algorithm_.DetectLosses( + unacked_packets_, clock_.Now(), rtt_stats_, + QuicPacketNumber(largest_newly_acked), packets_acked, &lost_packets); + if (max_sequence_reordering_expected.has_value()) { + EXPECT_EQ(stats.sent_packets_max_sequence_reordering, + max_sequence_reordering_expected.value()); + } ASSERT_EQ(losses_expected.size(), lost_packets.size()); for (size_t i = 0; i < losses_expected.size(); ++i) { EXPECT_EQ(lost_packets[i].packet_number, @@ -91,19 +104,19 @@ TEST_F(GeneralLossAlgorithmTest, NackRetransmit1Packet) { unacked_packets_.RemoveFromInFlight(QuicPacketNumber(2)); packets_acked.push_back(AckedPacket( QuicPacketNumber(2), kMaxOutgoingPacketSize, QuicTime::Zero())); - VerifyLosses(2, packets_acked, std::vector<uint64_t>{}); + VerifyLosses(2, packets_acked, std::vector<uint64_t>{}, 1); packets_acked.clear(); // No loss on two acks. unacked_packets_.RemoveFromInFlight(QuicPacketNumber(3)); packets_acked.push_back(AckedPacket( QuicPacketNumber(3), kMaxOutgoingPacketSize, QuicTime::Zero())); - VerifyLosses(3, packets_acked, std::vector<uint64_t>{}); + VerifyLosses(3, packets_acked, std::vector<uint64_t>{}, 2); packets_acked.clear(); // Loss on three acks. unacked_packets_.RemoveFromInFlight(QuicPacketNumber(4)); packets_acked.push_back(AckedPacket( QuicPacketNumber(4), kMaxOutgoingPacketSize, QuicTime::Zero())); - VerifyLosses(4, packets_acked, {1}); + VerifyLosses(4, packets_acked, {1}, 3); EXPECT_EQ(QuicTime::Zero(), loss_algorithm_.GetLossTimeout()); } diff --git a/chromium/net/third_party/quiche/src/quic/core/congestion_control/loss_detection_interface.h b/chromium/net/third_party/quiche/src/quic/core/congestion_control/loss_detection_interface.h index 729cbad62ad..8d91976de45 100644 --- a/chromium/net/third_party/quiche/src/quic/core/congestion_control/loss_detection_interface.h +++ b/chromium/net/third_party/quiche/src/quic/core/congestion_control/loss_detection_interface.h @@ -8,8 +8,10 @@ #define QUICHE_QUIC_CORE_CONGESTION_CONTROL_LOSS_DETECTION_INTERFACE_H_ #include "net/third_party/quiche/src/quic/core/congestion_control/send_algorithm_interface.h" +#include "net/third_party/quiche/src/quic/core/quic_config.h" #include "net/third_party/quiche/src/quic/core/quic_packets.h" #include "net/third_party/quiche/src/quic/core/quic_time.h" +#include "net/third_party/quiche/src/quic/core/quic_types.h" #include "net/third_party/quiche/src/quic/platform/api/quic_export.h" namespace quic { @@ -20,13 +22,23 @@ class RttStats; class QUIC_EXPORT_PRIVATE LossDetectionInterface { public: virtual ~LossDetectionInterface() {} + + virtual void SetFromConfig(const QuicConfig& config, + Perspective perspective) = 0; + + struct QUIC_NO_EXPORT DetectionStats { + // Maximum sequence reordering observed in newly acked packets. + QuicPacketCount sent_packets_max_sequence_reordering = 0; + }; + // Called when a new ack arrives or the loss alarm fires. - virtual void DetectLosses(const QuicUnackedPacketMap& unacked_packets, - QuicTime time, - const RttStats& rtt_stats, - QuicPacketNumber largest_newly_acked, - const AckedPacketVector& packets_acked, - LostPacketVector* packets_lost) = 0; + virtual DetectionStats DetectLosses( + const QuicUnackedPacketMap& unacked_packets, + QuicTime time, + const RttStats& rtt_stats, + QuicPacketNumber largest_newly_acked, + const AckedPacketVector& packets_acked, + LostPacketVector* packets_lost) = 0; // Get the time the LossDetectionAlgorithm wants to re-evaluate losses. // Returns QuicTime::Zero if no alarm needs to be set. diff --git a/chromium/net/third_party/quiche/src/quic/core/congestion_control/pacing_sender.h b/chromium/net/third_party/quiche/src/quic/core/congestion_control/pacing_sender.h index 781a9211951..a8436f8fc7d 100644 --- a/chromium/net/third_party/quiche/src/quic/core/congestion_control/pacing_sender.h +++ b/chromium/net/third_party/quiche/src/quic/core/congestion_control/pacing_sender.h @@ -74,10 +74,14 @@ class QUIC_EXPORT_PRIVATE PacingSender { QuicBandwidth PacingRate(QuicByteCount bytes_in_flight) const; - QuicTime ideal_next_packet_send_time() const { - return ideal_next_packet_send_time_; + NextReleaseTimeResult GetNextReleaseTime() const { + bool allow_burst = (burst_tokens_ > 0 || lumpy_tokens_ > 0); + return {ideal_next_packet_send_time_, allow_burst}; } + protected: + uint32_t lumpy_tokens() const { return lumpy_tokens_; } + private: friend class test::QuicSentPacketManagerPeer; diff --git a/chromium/net/third_party/quiche/src/quic/core/congestion_control/pacing_sender_test.cc b/chromium/net/third_party/quiche/src/quic/core/congestion_control/pacing_sender_test.cc index 3ca80cda87a..8c298d9ccfb 100644 --- a/chromium/net/third_party/quiche/src/quic/core/congestion_control/pacing_sender_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/congestion_control/pacing_sender_test.cc @@ -27,6 +27,16 @@ namespace test { const QuicByteCount kBytesInFlight = 1024; const int kInitialBurstPackets = 10; +class TestPacingSender : public PacingSender { + public: + using PacingSender::lumpy_tokens; + using PacingSender::PacingSender; + + QuicTime ideal_next_packet_send_time() const { + return GetNextReleaseTime().release_time; + } +}; + class PacingSenderTest : public QuicTest { protected: PacingSenderTest() @@ -34,7 +44,7 @@ class PacingSenderTest : public QuicTest { infinite_time_(QuicTime::Delta::Infinite()), packet_number_(1), mock_sender_(new StrictMock<MockSendAlgorithm>()), - pacing_sender_(new PacingSender) { + pacing_sender_(new TestPacingSender) { pacing_sender_->set_sender(mock_sender_.get()); // Pick arbitrary time. clock_.AdvanceTime(QuicTime::Delta::FromMilliseconds(9)); @@ -44,7 +54,7 @@ class PacingSenderTest : public QuicTest { void InitPacingRate(QuicPacketCount burst_size, QuicBandwidth bandwidth) { mock_sender_ = std::make_unique<StrictMock<MockSendAlgorithm>>(); - pacing_sender_ = std::make_unique<PacingSender>(); + pacing_sender_ = std::make_unique<TestPacingSender>(); pacing_sender_->set_sender(mock_sender_.get()); EXPECT_CALL(*mock_sender_, PacingRate(_)).WillRepeatedly(Return(bandwidth)); EXPECT_CALL(*mock_sender_, BandwidthEstimate()) @@ -132,7 +142,7 @@ class PacingSenderTest : public QuicTest { MockClock clock_; QuicPacketNumber packet_number_; std::unique_ptr<StrictMock<MockSendAlgorithm>> mock_sender_; - std::unique_ptr<PacingSender> pacing_sender_; + std::unique_ptr<TestPacingSender> pacing_sender_; }; TEST_F(PacingSenderTest, NoSend) { @@ -466,5 +476,77 @@ TEST_F(PacingSenderTest, NoLumpyPacingForLowBandwidthFlows) { } } +TEST_F(PacingSenderTest, IdealNextPacketSendTimeWithLumpyPacing) { + // Set lumpy size to be 3, and cwnd faction to 0.5 + SetQuicFlag(FLAGS_quic_lumpy_pacing_size, 3); + SetQuicFlag(FLAGS_quic_lumpy_pacing_cwnd_fraction, 0.5f); + + // Configure pacing rate of 1 packet per millisecond. + QuicTime::Delta inter_packet_delay = QuicTime::Delta::FromMilliseconds(1); + InitPacingRate(kInitialBurstPackets, + QuicBandwidth::FromBytesAndTimeDelta(kMaxOutgoingPacketSize, + inter_packet_delay)); + + // Send kInitialBurstPackets packets, and verify that they are not paced. + for (int i = 0; i < kInitialBurstPackets; ++i) { + CheckPacketIsSentImmediately(); + } + + CheckPacketIsSentImmediately(); + EXPECT_EQ(pacing_sender_->ideal_next_packet_send_time(), + clock_.Now() + inter_packet_delay); + EXPECT_EQ(pacing_sender_->lumpy_tokens(), 2u); + + CheckPacketIsSentImmediately(); + EXPECT_EQ(pacing_sender_->ideal_next_packet_send_time(), + clock_.Now() + 2 * inter_packet_delay); + EXPECT_EQ(pacing_sender_->lumpy_tokens(), 1u); + + CheckPacketIsSentImmediately(); + EXPECT_EQ(pacing_sender_->ideal_next_packet_send_time(), + clock_.Now() + 3 * inter_packet_delay); + EXPECT_EQ(pacing_sender_->lumpy_tokens(), 0u); + + CheckPacketIsDelayed(3 * inter_packet_delay); + + // Wake up on time. + clock_.AdvanceTime(3 * inter_packet_delay); + CheckPacketIsSentImmediately(); + EXPECT_EQ(pacing_sender_->ideal_next_packet_send_time(), + clock_.Now() + inter_packet_delay); + EXPECT_EQ(pacing_sender_->lumpy_tokens(), 2u); + + CheckPacketIsSentImmediately(); + EXPECT_EQ(pacing_sender_->ideal_next_packet_send_time(), + clock_.Now() + 2 * inter_packet_delay); + EXPECT_EQ(pacing_sender_->lumpy_tokens(), 1u); + + CheckPacketIsSentImmediately(); + EXPECT_EQ(pacing_sender_->ideal_next_packet_send_time(), + clock_.Now() + 3 * inter_packet_delay); + EXPECT_EQ(pacing_sender_->lumpy_tokens(), 0u); + + CheckPacketIsDelayed(3 * inter_packet_delay); + + // Wake up late. + clock_.AdvanceTime(4.5 * inter_packet_delay); + CheckPacketIsSentImmediately(); + EXPECT_EQ(pacing_sender_->ideal_next_packet_send_time(), + clock_.Now() - 0.5 * inter_packet_delay); + EXPECT_EQ(pacing_sender_->lumpy_tokens(), 2u); + + CheckPacketIsSentImmediately(); + EXPECT_EQ(pacing_sender_->ideal_next_packet_send_time(), + clock_.Now() + 0.5 * inter_packet_delay); + EXPECT_EQ(pacing_sender_->lumpy_tokens(), 1u); + + CheckPacketIsSentImmediately(); + EXPECT_EQ(pacing_sender_->ideal_next_packet_send_time(), + clock_.Now() + 1.5 * inter_packet_delay); + EXPECT_EQ(pacing_sender_->lumpy_tokens(), 0u); + + CheckPacketIsDelayed(1.5 * inter_packet_delay); +} + } // namespace test } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/congestion_control/rtt_stats.h b/chromium/net/third_party/quiche/src/quic/core/congestion_control/rtt_stats.h index 9062c7a339c..f247c1caa28 100644 --- a/chromium/net/third_party/quiche/src/quic/core/congestion_control/rtt_stats.h +++ b/chromium/net/third_party/quiche/src/quic/core/congestion_control/rtt_stats.h @@ -72,6 +72,10 @@ class QUIC_EXPORT_PRIVATE RttStats { return smoothed_rtt_.IsZero() ? initial_rtt_ : smoothed_rtt_; } + QuicTime::Delta MinOrInitialRtt() const { + return min_rtt_.IsZero() ? initial_rtt_ : min_rtt_; + } + // Sets an initial RTT to be used for SmoothedRtt before any RTT updates. void set_initial_rtt(QuicTime::Delta initial_rtt) { if (initial_rtt.ToMicroseconds() <= 0) { diff --git a/chromium/net/third_party/quiche/src/quic/core/congestion_control/send_algorithm_interface.cc b/chromium/net/third_party/quiche/src/quic/core/congestion_control/send_algorithm_interface.cc index d7b2eca3c74..9d003c59a66 100644 --- a/chromium/net/third_party/quiche/src/quic/core/congestion_control/send_algorithm_interface.cc +++ b/chromium/net/third_party/quiche/src/quic/core/congestion_control/send_algorithm_interface.cc @@ -45,12 +45,7 @@ SendAlgorithmInterface* SendAlgorithmInterface::Create( ? static_cast<BbrSender*>(old_send_algorithm) : nullptr); case kPCC: - if (GetQuicReloadableFlag(quic_enable_pcc3)) { - return CreatePccSender(clock, rtt_stats, unacked_packets, random, stats, - initial_congestion_window, - max_congestion_window); - } - // Fall back to CUBIC if PCC is disabled. + // PCC is work has stalled, fall back to CUBIC instead. QUIC_FALLTHROUGH_INTENDED; case kCubicBytes: return new TcpCubicSenderBytes( diff --git a/chromium/net/third_party/quiche/src/quic/core/congestion_control/send_algorithm_interface.h b/chromium/net/third_party/quiche/src/quic/core/congestion_control/send_algorithm_interface.h index 2bfc2dfbcf3..ea0c375d8aa 100644 --- a/chromium/net/third_party/quiche/src/quic/core/congestion_control/send_algorithm_interface.h +++ b/chromium/net/third_party/quiche/src/quic/core/congestion_control/send_algorithm_interface.h @@ -86,6 +86,9 @@ class QUIC_EXPORT_PRIVATE SendAlgorithmInterface { virtual void SetFromConfig(const QuicConfig& config, Perspective perspective) = 0; + virtual void ApplyConnectionOptions( + const QuicTagVector& connection_options) = 0; + // Sets the initial congestion window in number of packets. May be ignored // if called after the initial congestion window is no longer relevant. virtual void SetInitialCongestionWindowInPackets(QuicPacketCount packets) = 0; diff --git a/chromium/net/third_party/quiche/src/quic/core/congestion_control/tcp_cubic_sender_bytes.h b/chromium/net/third_party/quiche/src/quic/core/congestion_control/tcp_cubic_sender_bytes.h index 7a36f761c1a..59ca7f875be 100644 --- a/chromium/net/third_party/quiche/src/quic/core/congestion_control/tcp_cubic_sender_bytes.h +++ b/chromium/net/third_party/quiche/src/quic/core/congestion_control/tcp_cubic_sender_bytes.h @@ -46,6 +46,8 @@ class QUIC_EXPORT_PRIVATE TcpCubicSenderBytes : public SendAlgorithmInterface { // Start implementation of SendAlgorithmInterface. void SetFromConfig(const QuicConfig& config, Perspective perspective) override; + void ApplyConnectionOptions( + const QuicTagVector& /*connection_options*/) override {} void AdjustNetworkParameters(const NetworkParams& params) override; void SetNumEmulatedConnections(int num_connections); void SetInitialCongestionWindowInPackets( diff --git a/chromium/net/third_party/quiche/src/quic/core/congestion_control/uber_loss_algorithm.cc b/chromium/net/third_party/quiche/src/quic/core/congestion_control/uber_loss_algorithm.cc index 73b26f5cda7..0f294d6b94e 100644 --- a/chromium/net/third_party/quiche/src/quic/core/congestion_control/uber_loss_algorithm.cc +++ b/chromium/net/third_party/quiche/src/quic/core/congestion_control/uber_loss_algorithm.cc @@ -6,6 +6,7 @@ #include <algorithm> +#include "net/third_party/quiche/src/quic/core/crypto/crypto_protocol.h" #include "net/third_party/quiche/src/quic/platform/api/quic_bug_tracker.h" namespace quic { @@ -17,13 +18,24 @@ UberLossAlgorithm::UberLossAlgorithm() { } } -void UberLossAlgorithm::DetectLosses( +void UberLossAlgorithm::SetFromConfig(const QuicConfig& config, + Perspective perspective) { + if (config.HasClientRequestedIndependentOption(kELDT, perspective) && + tuner_ != nullptr) { + tuning_enabled_ = true; + MaybeStartTuning(); + } +} + +LossDetectionInterface::DetectionStats UberLossAlgorithm::DetectLosses( const QuicUnackedPacketMap& unacked_packets, QuicTime time, const RttStats& rtt_stats, QuicPacketNumber /*largest_newly_acked*/, const AckedPacketVector& packets_acked, LostPacketVector* packets_lost) { + DetectionStats overall_stats; + for (int8_t i = INITIAL_DATA; i < NUM_PACKET_NUMBER_SPACES; ++i) { const QuicPacketNumber largest_acked = unacked_packets.GetLargestAckedOfPacketNumberSpace( @@ -35,10 +47,16 @@ void UberLossAlgorithm::DetectLosses( continue; } - general_loss_algorithms_[i].DetectLosses(unacked_packets, time, rtt_stats, - largest_acked, packets_acked, - packets_lost); + DetectionStats stats = general_loss_algorithms_[i].DetectLosses( + unacked_packets, time, rtt_stats, largest_acked, packets_acked, + packets_lost); + + overall_stats.sent_packets_max_sequence_reordering = + std::max(overall_stats.sent_packets_max_sequence_reordering, + stats.sent_packets_max_sequence_reordering); } + + return overall_stats; } QuicTime UberLossAlgorithm::GetLossTimeout() const { @@ -78,7 +96,7 @@ void UberLossAlgorithm::SetLossDetectionTuner( } void UberLossAlgorithm::MaybeStartTuning() { - if (tuner_ == nullptr || tuner_started_) { + if (tuner_started_ || !tuning_enabled_ || !min_rtt_available_) { return; } @@ -88,6 +106,7 @@ void UberLossAlgorithm::MaybeStartTuning() { void UberLossAlgorithm::OnConfigNegotiated() {} void UberLossAlgorithm::OnMinRttAvailable() { + min_rtt_available_ = true; MaybeStartTuning(); } @@ -128,6 +147,10 @@ void UberLossAlgorithm::EnableAdaptiveTimeThreshold() { } } +QuicPacketCount UberLossAlgorithm::GetPacketReorderingThreshold() const { + return general_loss_algorithms_[APPLICATION_DATA].reordering_threshold(); +} + void UberLossAlgorithm::DisablePacketThresholdForRuntPackets() { for (int8_t i = INITIAL_DATA; i < NUM_PACKET_NUMBER_SPACES; ++i) { general_loss_algorithms_[i].disable_packet_threshold_for_runt_packets(); diff --git a/chromium/net/third_party/quiche/src/quic/core/congestion_control/uber_loss_algorithm.h b/chromium/net/third_party/quiche/src/quic/core/congestion_control/uber_loss_algorithm.h index ff1ac817b3c..86b652572b7 100644 --- a/chromium/net/third_party/quiche/src/quic/core/congestion_control/uber_loss_algorithm.h +++ b/chromium/net/third_party/quiche/src/quic/core/congestion_control/uber_loss_algorithm.h @@ -6,6 +6,7 @@ #define QUICHE_QUIC_CORE_CONGESTION_CONTROL_UBER_LOSS_ALGORITHM_H_ #include "net/third_party/quiche/src/quic/core/congestion_control/general_loss_algorithm.h" +#include "net/third_party/quiche/src/quic/core/quic_types.h" #include "net/third_party/quiche/src/common/platform/api/quiche_optional.h" namespace quic { @@ -46,13 +47,16 @@ class QUIC_EXPORT_PRIVATE UberLossAlgorithm : public LossDetectionInterface { UberLossAlgorithm& operator=(const UberLossAlgorithm&) = delete; ~UberLossAlgorithm() override {} + void SetFromConfig(const QuicConfig& config, + Perspective perspective) override; + // Detects lost packets. - void DetectLosses(const QuicUnackedPacketMap& unacked_packets, - QuicTime time, - const RttStats& rtt_stats, - QuicPacketNumber largest_newly_acked, - const AckedPacketVector& packets_acked, - LostPacketVector* packets_lost) override; + DetectionStats DetectLosses(const QuicUnackedPacketMap& unacked_packets, + QuicTime time, + const RttStats& rtt_stats, + QuicPacketNumber largest_newly_acked, + const AckedPacketVector& packets_acked, + LostPacketVector* packets_lost) override; // Returns the earliest time the early retransmit timer should be active. QuicTime GetLossTimeout() const override; @@ -85,6 +89,10 @@ class QUIC_EXPORT_PRIVATE UberLossAlgorithm : public LossDetectionInterface { // Enable adaptive time threshold of all packet number spaces. void EnableAdaptiveTimeThreshold(); + // Get the packet reordering threshold from the APPLICATION_DATA PN space. + // Always 3 when adaptive reordering is not enabled. + QuicPacketCount GetPacketReorderingThreshold() const; + // Disable packet threshold loss detection for *runt* packets. void DisablePacketThresholdForRuntPackets(); @@ -103,6 +111,8 @@ class QUIC_EXPORT_PRIVATE UberLossAlgorithm : public LossDetectionInterface { std::unique_ptr<LossDetectionTunerInterface> tuner_; LossDetectionParameters tuned_parameters_; bool tuner_started_ = false; + bool min_rtt_available_ = false; + bool tuning_enabled_ = false; // Whether tuning is enabled by config. }; } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/congestion_control/uber_loss_algorithm_test.cc b/chromium/net/third_party/quiche/src/quic/core/congestion_control/uber_loss_algorithm_test.cc index a3daf095d56..6fd949f317a 100644 --- a/chromium/net/third_party/quiche/src/quic/core/congestion_control/uber_loss_algorithm_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/congestion_control/uber_loss_algorithm_test.cc @@ -11,6 +11,7 @@ #include "net/third_party/quiche/src/quic/platform/api/quic_test.h" #include "net/third_party/quiche/src/quic/test_tools/mock_clock.h" #include "net/third_party/quiche/src/quic/test_tools/quic_unacked_packet_map_peer.h" +#include "net/third_party/quiche/src/common/platform/api/quiche_optional.h" namespace quic { namespace test { @@ -64,10 +65,23 @@ class UberLossAlgorithmTest : public QuicTest { void VerifyLosses(uint64_t largest_newly_acked, const AckedPacketVector& packets_acked, const std::vector<uint64_t>& losses_expected) { + return VerifyLosses(largest_newly_acked, packets_acked, losses_expected, + quiche::QuicheOptional<QuicPacketCount>()); + } + + void VerifyLosses(uint64_t largest_newly_acked, + const AckedPacketVector& packets_acked, + const std::vector<uint64_t>& losses_expected, + quiche::QuicheOptional<QuicPacketCount> + max_sequence_reordering_expected) { LostPacketVector lost_packets; - loss_algorithm_.DetectLosses(*unacked_packets_, clock_.Now(), rtt_stats_, - QuicPacketNumber(largest_newly_acked), - packets_acked, &lost_packets); + LossDetectionInterface::DetectionStats stats = loss_algorithm_.DetectLosses( + *unacked_packets_, clock_.Now(), rtt_stats_, + QuicPacketNumber(largest_newly_acked), packets_acked, &lost_packets); + if (max_sequence_reordering_expected.has_value()) { + EXPECT_EQ(stats.sent_packets_max_sequence_reordering, + max_sequence_reordering_expected.value()); + } ASSERT_EQ(losses_expected.size(), lost_packets.size()); for (size_t i = 0; i < losses_expected.size(); ++i) { EXPECT_EQ(lost_packets[i].packet_number, @@ -98,7 +112,7 @@ TEST_F(UberLossAlgorithmTest, ScenarioA) { unacked_packets_->MaybeUpdateLargestAckedOfPacketNumberSpace( HANDSHAKE_DATA, QuicPacketNumber(4)); // Verify no packet is detected lost. - VerifyLosses(4, packets_acked_, std::vector<uint64_t>{}); + VerifyLosses(4, packets_acked_, std::vector<uint64_t>{}, 0); EXPECT_EQ(QuicTime::Zero(), loss_algorithm_.GetLossTimeout()); } @@ -114,7 +128,7 @@ TEST_F(UberLossAlgorithmTest, ScenarioB) { unacked_packets_->MaybeUpdateLargestAckedOfPacketNumberSpace( APPLICATION_DATA, QuicPacketNumber(4)); // No packet loss by acking 4. - VerifyLosses(4, packets_acked_, std::vector<uint64_t>{}); + VerifyLosses(4, packets_acked_, std::vector<uint64_t>{}, 1); EXPECT_EQ(clock_.Now() + 1.25 * rtt_stats_.smoothed_rtt(), loss_algorithm_.GetLossTimeout()); @@ -122,14 +136,14 @@ TEST_F(UberLossAlgorithmTest, ScenarioB) { AckPackets({6}); unacked_packets_->MaybeUpdateLargestAckedOfPacketNumberSpace( APPLICATION_DATA, QuicPacketNumber(6)); - VerifyLosses(6, packets_acked_, std::vector<uint64_t>{3}); + VerifyLosses(6, packets_acked_, std::vector<uint64_t>{3}, 3); EXPECT_EQ(clock_.Now() + 1.25 * rtt_stats_.smoothed_rtt(), loss_algorithm_.GetLossTimeout()); packets_acked_.clear(); clock_.AdvanceTime(1.25 * rtt_stats_.latest_rtt()); // Verify 5 will be early retransmitted. - VerifyLosses(6, packets_acked_, {5}); + VerifyLosses(6, packets_acked_, {5}, 1); } TEST_F(UberLossAlgorithmTest, ScenarioC) { @@ -151,14 +165,14 @@ TEST_F(UberLossAlgorithmTest, ScenarioC) { unacked_packets_->MaybeUpdateLargestAckedOfPacketNumberSpace( HANDSHAKE_DATA, QuicPacketNumber(5)); // No packet loss by acking 5. - VerifyLosses(5, packets_acked_, std::vector<uint64_t>{}); + VerifyLosses(5, packets_acked_, std::vector<uint64_t>{}, 2); EXPECT_EQ(clock_.Now() + 1.25 * rtt_stats_.smoothed_rtt(), loss_algorithm_.GetLossTimeout()); packets_acked_.clear(); clock_.AdvanceTime(1.25 * rtt_stats_.latest_rtt()); // Verify 2 and 3 will be early retransmitted. - VerifyLosses(5, packets_acked_, std::vector<uint64_t>{2, 3}); + VerifyLosses(5, packets_acked_, std::vector<uint64_t>{2, 3}, 2); } // Regression test for b/133771183. diff --git a/chromium/net/third_party/quiche/src/quic/core/crypto/certificate_view.cc b/chromium/net/third_party/quiche/src/quic/core/crypto/certificate_view.cc index 6400528c8fd..0f17d121ca0 100644 --- a/chromium/net/third_party/quiche/src/quic/core/crypto/certificate_view.cc +++ b/chromium/net/third_party/quiche/src/quic/core/crypto/certificate_view.cc @@ -6,15 +6,24 @@ #include <cstdint> #include <memory> +#include <string> +#include "third_party/boringssl/src/include/openssl/base.h" #include "third_party/boringssl/src/include/openssl/bytestring.h" +#include "third_party/boringssl/src/include/openssl/digest.h" #include "third_party/boringssl/src/include/openssl/ec.h" #include "third_party/boringssl/src/include/openssl/evp.h" #include "third_party/boringssl/src/include/openssl/nid.h" +#include "third_party/boringssl/src/include/openssl/rsa.h" +#include "third_party/boringssl/src/include/openssl/ssl.h" #include "net/third_party/quiche/src/quic/core/crypto/boring_utils.h" +#include "net/third_party/quiche/src/quic/platform/api/quic_bug_tracker.h" #include "net/third_party/quiche/src/quic/platform/api/quic_ip_address.h" #include "net/third_party/quiche/src/quic/platform/api/quic_logging.h" +#include "net/third_party/quiche/src/common/platform/api/quiche_optional.h" +#include "net/third_party/quiche/src/common/platform/api/quiche_str_cat.h" #include "net/third_party/quiche/src/common/platform/api/quiche_string_piece.h" +#include "net/third_party/quiche/src/common/platform/api/quiche_text_utils.h" // The literals below were encoded using `ascii2der | xxd -i`. The comments // above the literals are the contents in the der2ascii syntax. @@ -27,10 +36,110 @@ constexpr uint8_t kX509Version[] = {0x02, 0x01, 0x02}; // 2.5.29.17 constexpr uint8_t kSubjectAltNameOid[] = {0x55, 0x1d, 0x11}; +enum class PublicKeyType { + kRsa, + kP256, + kP384, + kEd25519, + kUnknown, +}; + +PublicKeyType PublicKeyTypeFromKey(EVP_PKEY* public_key) { + switch (EVP_PKEY_id(public_key)) { + case EVP_PKEY_RSA: + return PublicKeyType::kRsa; + case EVP_PKEY_EC: { + const EC_KEY* key = EVP_PKEY_get0_EC_KEY(public_key); + if (key == nullptr) { + return PublicKeyType::kUnknown; + } + const EC_GROUP* group = EC_KEY_get0_group(key); + if (group == nullptr) { + return PublicKeyType::kUnknown; + } + const int curve_nid = EC_GROUP_get_curve_name(group); + switch (curve_nid) { + case NID_X9_62_prime256v1: + return PublicKeyType::kP256; + case NID_secp384r1: + return PublicKeyType::kP384; + default: + return PublicKeyType::kUnknown; + } + } + case EVP_PKEY_ED25519: + return PublicKeyType::kEd25519; + default: + return PublicKeyType::kUnknown; + } +} + +PublicKeyType PublicKeyTypeFromSignatureAlgorithm( + uint16_t signature_algorithm) { + switch (signature_algorithm) { + case SSL_SIGN_RSA_PSS_RSAE_SHA256: + return PublicKeyType::kRsa; + case SSL_SIGN_ECDSA_SECP256R1_SHA256: + return PublicKeyType::kP384; + case SSL_SIGN_ECDSA_SECP384R1_SHA384: + return PublicKeyType::kP384; + case SSL_SIGN_ED25519: + return PublicKeyType::kEd25519; + default: + return PublicKeyType::kUnknown; + } +} + } // namespace namespace quic { +PemReadResult ReadNextPemMessage(std::istream* input) { + constexpr quiche::QuicheStringPiece kPemBegin = "-----BEGIN "; + constexpr quiche::QuicheStringPiece kPemEnd = "-----END "; + constexpr quiche::QuicheStringPiece kPemDashes = "-----"; + + std::string line_buffer, encoded_message_contents, expected_end; + bool pending_message = false; + PemReadResult result; + while (std::getline(*input, line_buffer)) { + quiche::QuicheStringPiece line(line_buffer); + quiche::QuicheTextUtils::RemoveLeadingAndTrailingWhitespace(&line); + + // Handle BEGIN lines. + if (!pending_message && + quiche::QuicheTextUtils::StartsWith(line, kPemBegin) && + quiche::QuicheTextUtils::EndsWith(line, kPemDashes)) { + result.type = std::string( + line.substr(kPemBegin.size(), + line.size() - kPemDashes.size() - kPemBegin.size())); + expected_end = quiche::QuicheStrCat(kPemEnd, result.type, kPemDashes); + pending_message = true; + continue; + } + + // Handle END lines. + if (pending_message && line == expected_end) { + quiche::QuicheOptional<std::string> data = + quiche::QuicheTextUtils::Base64Decode(encoded_message_contents); + if (data.has_value()) { + result.status = PemReadResult::kOk; + result.contents = data.value(); + } else { + result.status = PemReadResult::kError; + } + return result; + } + + if (pending_message) { + encoded_message_contents.append(std::string(line)); + } + } + bool eof_reached = input->eof() && !pending_message; + return PemReadResult{ + .status = (eof_reached ? PemReadResult::kEof : PemReadResult::kError)}; +} + std::unique_ptr<CertificateView> CertificateView::ParseSingleCertificate( quiche::QuicheStringPiece certificate) { std::unique_ptr<CertificateView> result(new CertificateView()); @@ -207,6 +316,24 @@ bool CertificateView::ParseExtensions(CBS extensions) { return true; } +std::vector<std::string> CertificateView::LoadPemFromStream( + std::istream* input) { + std::vector<std::string> result; + for (;;) { + PemReadResult read_result = ReadNextPemMessage(input); + if (read_result.status == PemReadResult::kEof) { + return result; + } + if (read_result.status != PemReadResult::kOk) { + return std::vector<std::string>(); + } + if (read_result.type != "CERTIFICATE") { + continue; + } + result.emplace_back(std::move(read_result.contents)); + } +} + bool CertificateView::ValidatePublicKeyParameters() { // The profile here affects what certificates can be used: // (1) when QUIC is used as a server library without any custom certificate @@ -215,32 +342,130 @@ bool CertificateView::ValidatePublicKeyParameters() { // The goal is to allow at minimum any certificate that would be allowed on a // regular Web session over TLS 1.3 while ensuring we do not expose any // algorithms we don't want to support long-term. - switch (EVP_PKEY_id(public_key_.get())) { - case EVP_PKEY_RSA: + PublicKeyType key_type = PublicKeyTypeFromKey(public_key_.get()); + switch (key_type) { + case PublicKeyType::kRsa: return EVP_PKEY_bits(public_key_.get()) >= 2048; - case EVP_PKEY_EC: { - const EC_KEY* key = EVP_PKEY_get0_EC_KEY(public_key_.get()); - if (key == nullptr) { - return false; - } - const EC_GROUP* group = EC_KEY_get0_group(key); - if (group == nullptr) { - return false; - } - const int curve_nid = EC_GROUP_get_curve_name(group); - switch (curve_nid) { - case NID_X9_62_prime256v1: - case NID_secp384r1: - return true; - default: - return false; - } - } - case EVP_PKEY_ED25519: + case PublicKeyType::kP256: + case PublicKeyType::kP384: + case PublicKeyType::kEd25519: return true; default: return false; } } +bool CertificateView::VerifySignature(quiche::QuicheStringPiece data, + quiche::QuicheStringPiece signature, + uint16_t signature_algorithm) const { + if (PublicKeyTypeFromSignatureAlgorithm(signature_algorithm) != + PublicKeyTypeFromKey(public_key_.get())) { + QUIC_BUG << "Mismatch between the requested signature algorithm and the " + "type of the public key."; + return false; + } + + bssl::ScopedEVP_MD_CTX md_ctx; + EVP_PKEY_CTX* pctx; + if (!EVP_DigestVerifyInit( + md_ctx.get(), &pctx, + SSL_get_signature_algorithm_digest(signature_algorithm), nullptr, + public_key_.get())) { + return false; + } + if (SSL_is_signature_algorithm_rsa_pss(signature_algorithm)) { + if (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) || + !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1)) { + return false; + } + } + return EVP_DigestVerify( + md_ctx.get(), reinterpret_cast<const uint8_t*>(signature.data()), + signature.size(), reinterpret_cast<const uint8_t*>(data.data()), + data.size()); +} + +std::unique_ptr<CertificatePrivateKey> CertificatePrivateKey::LoadFromDer( + quiche::QuicheStringPiece private_key) { + std::unique_ptr<CertificatePrivateKey> result(new CertificatePrivateKey()); + CBS private_key_cbs = StringPieceToCbs(private_key); + result->private_key_.reset(EVP_parse_private_key(&private_key_cbs)); + if (result->private_key_ == nullptr || CBS_len(&private_key_cbs) != 0) { + return nullptr; + } + return result; +} + +std::unique_ptr<CertificatePrivateKey> CertificatePrivateKey::LoadPemFromStream( + std::istream* input) { + PemReadResult result = ReadNextPemMessage(input); + if (result.status != PemReadResult::kOk) { + return nullptr; + } + // RFC 5958 OneAsymmetricKey message. + if (result.type == "PRIVATE KEY") { + return LoadFromDer(result.contents); + } + // Legacy OpenSSL format: PKCS#1 (RFC 8017) RSAPrivateKey message. + if (result.type == "RSA PRIVATE KEY") { + CBS private_key_cbs = StringPieceToCbs(result.contents); + bssl::UniquePtr<RSA> rsa(RSA_parse_private_key(&private_key_cbs)); + if (rsa == nullptr || CBS_len(&private_key_cbs) != 0) { + return nullptr; + } + + std::unique_ptr<CertificatePrivateKey> key(new CertificatePrivateKey()); + key->private_key_.reset(EVP_PKEY_new()); + EVP_PKEY_assign_RSA(key->private_key_.get(), rsa.release()); + return key; + } + // Unknown format. + return nullptr; +} + +std::string CertificatePrivateKey::Sign(quiche::QuicheStringPiece input, + uint16_t signature_algorithm) { + if (PublicKeyTypeFromSignatureAlgorithm(signature_algorithm) != + PublicKeyTypeFromKey(private_key_.get())) { + QUIC_BUG << "Mismatch between the requested signature algorithm and the " + "type of the private key."; + return ""; + } + + bssl::ScopedEVP_MD_CTX md_ctx; + EVP_PKEY_CTX* pctx; + if (!EVP_DigestSignInit( + md_ctx.get(), &pctx, + SSL_get_signature_algorithm_digest(signature_algorithm), + /*e=*/nullptr, private_key_.get())) { + return ""; + } + if (SSL_is_signature_algorithm_rsa_pss(signature_algorithm)) { + if (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) || + !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1)) { + return ""; + } + } + + std::string output; + size_t output_size; + if (!EVP_DigestSign(md_ctx.get(), /*out_sig=*/nullptr, &output_size, + reinterpret_cast<const uint8_t*>(input.data()), + input.size())) { + return ""; + } + output.resize(output_size); + if (!EVP_DigestSign( + md_ctx.get(), reinterpret_cast<uint8_t*>(&output[0]), &output_size, + reinterpret_cast<const uint8_t*>(input.data()), input.size())) { + return ""; + } + output.resize(output_size); + return output; +} + +bool CertificatePrivateKey::MatchesPublicKey(const CertificateView& view) { + return EVP_PKEY_cmp(view.public_key(), private_key_.get()) == 1; +} + } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/crypto/certificate_view.h b/chromium/net/third_party/quiche/src/quic/core/crypto/certificate_view.h index 3569f4e0d87..286226d7e20 100644 --- a/chromium/net/third_party/quiche/src/quic/core/crypto/certificate_view.h +++ b/chromium/net/third_party/quiche/src/quic/core/crypto/certificate_view.h @@ -5,8 +5,11 @@ #ifndef QUICHE_QUIC_CORE_CRYPTO_CERTIFICATE_VIEW_H_ #define QUICHE_QUIC_CORE_CRYPTO_CERTIFICATE_VIEW_H_ +#include <istream> #include <memory> +#include <vector> +#include "third_party/boringssl/src/include/openssl/base.h" #include "third_party/boringssl/src/include/openssl/bytestring.h" #include "third_party/boringssl/src/include/openssl/evp.h" #include "net/third_party/quiche/src/quic/core/crypto/boring_utils.h" @@ -16,6 +19,18 @@ namespace quic { +struct QUIC_EXPORT_PRIVATE PemReadResult { + enum Status { kOk, kEof, kError }; + Status status; + std::string contents; + // The type of the PEM message (e.g., if the message starts with + // "-----BEGIN CERTIFICATE-----", the |type| would be "CERTIFICATE"). + std::string type; +}; + +// Reads |input| line-by-line and returns the next available PEM message. +QUIC_EXPORT_PRIVATE PemReadResult ReadNextPemMessage(std::istream* input); + // CertificateView represents a parsed version of a single X.509 certificate. As // the word "view" implies, it does not take ownership of the underlying strings // and consists primarily of pointers into the certificate that is passed into @@ -27,7 +42,11 @@ class QUIC_EXPORT_PRIVATE CertificateView { static std::unique_ptr<CertificateView> ParseSingleCertificate( quiche::QuicheStringPiece certificate); - EVP_PKEY* public_key() { return public_key_.get(); } + // Loads all PEM-encoded X.509 certificates found in the |input| stream + // without parsing them. Returns an empty vector if any parsing error occurs. + static std::vector<std::string> LoadPemFromStream(std::istream* input); + + const EVP_PKEY* public_key() const { return public_key_.get(); } const std::vector<quiche::QuicheStringPiece>& subject_alt_name_domains() const { @@ -37,6 +56,11 @@ class QUIC_EXPORT_PRIVATE CertificateView { return subject_alt_name_ips_; } + // |signature_algorithm| is a TLS signature algorithm ID. + bool VerifySignature(quiche::QuicheStringPiece data, + quiche::QuicheStringPiece signature, + uint16_t signature_algorithm) const; + private: CertificateView() = default; @@ -52,6 +76,33 @@ class QUIC_EXPORT_PRIVATE CertificateView { bool ValidatePublicKeyParameters(); }; +// CertificatePrivateKey represents a private key that can be used with an X.509 +// certificate. +class QUIC_EXPORT_PRIVATE CertificatePrivateKey { + public: + // Loads a DER-encoded PrivateKeyInfo structure (RFC 5958) as a private key. + static std::unique_ptr<CertificatePrivateKey> LoadFromDer( + quiche::QuicheStringPiece private_key); + + // Loads a private key from a PEM file formatted according to RFC 7468. Also + // supports legacy OpenSSL RSA key format ("BEGIN RSA PRIVATE KEY"). + static std::unique_ptr<CertificatePrivateKey> LoadPemFromStream( + std::istream* input); + + // |signature_algorithm| is a TLS signature algorithm ID. + std::string Sign(quiche::QuicheStringPiece input, + uint16_t signature_algorithm); + + // Verifies that the private key in question matches the public key of the + // certificate |view|. + bool MatchesPublicKey(const CertificateView& view); + + private: + CertificatePrivateKey() = default; + + bssl::UniquePtr<EVP_PKEY> private_key_; +}; + } // namespace quic #endif // QUICHE_QUIC_CORE_CRYPTO_CERTIFICATE_VIEW_H_ diff --git a/chromium/net/third_party/quiche/src/quic/core/crypto/certificate_view_der_fuzzer.cc b/chromium/net/third_party/quiche/src/quic/core/crypto/certificate_view_der_fuzzer.cc new file mode 100644 index 00000000000..e2de1ba7efe --- /dev/null +++ b/chromium/net/third_party/quiche/src/quic/core/crypto/certificate_view_der_fuzzer.cc @@ -0,0 +1,15 @@ +// Copyright 2020 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <string> + +#include "net/third_party/quiche/src/quic/core/crypto/certificate_view.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + std::string input(reinterpret_cast<const char*>(data), size); + + quic::CertificateView::ParseSingleCertificate(input); + quic::CertificatePrivateKey::LoadFromDer(input); + return 0; +} diff --git a/chromium/net/third_party/quiche/src/quic/core/crypto/certificate_view_pem_fuzzer.cc b/chromium/net/third_party/quiche/src/quic/core/crypto/certificate_view_pem_fuzzer.cc new file mode 100644 index 00000000000..e1efd988bb9 --- /dev/null +++ b/chromium/net/third_party/quiche/src/quic/core/crypto/certificate_view_pem_fuzzer.cc @@ -0,0 +1,18 @@ +// Copyright 2020 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <sstream> +#include <string> + +#include "net/third_party/quiche/src/quic/core/crypto/certificate_view.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + std::string input(reinterpret_cast<const char*>(data), size); + std::stringstream stream(input); + + quic::CertificateView::LoadPemFromStream(&stream); + stream.seekg(0); + quic::CertificatePrivateKey::LoadPemFromStream(&stream); + return 0; +} diff --git a/chromium/net/third_party/quiche/src/quic/core/crypto/certificate_view_test.cc b/chromium/net/third_party/quiche/src/quic/core/crypto/certificate_view_test.cc index 6be0e4ae7a6..b0b52f14f3b 100644 --- a/chromium/net/third_party/quiche/src/quic/core/crypto/certificate_view_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/crypto/certificate_view_test.cc @@ -4,131 +4,38 @@ #include "net/third_party/quiche/src/quic/core/crypto/certificate_view.h" +#include <memory> +#include <sstream> + #include "third_party/boringssl/src/include/openssl/base.h" #include "third_party/boringssl/src/include/openssl/evp.h" +#include "third_party/boringssl/src/include/openssl/ssl.h" #include "net/third_party/quiche/src/quic/platform/api/quic_ip_address.h" #include "net/third_party/quiche/src/quic/platform/api/quic_test.h" +#include "net/third_party/quiche/src/quic/test_tools/test_certificates.h" #include "net/third_party/quiche/src/common/platform/api/quiche_string_piece.h" namespace quic { +namespace test { namespace { using testing::ElementsAre; +using testing::HasSubstr; + +TEST(CertificateViewTest, PemParser) { + std::stringstream stream(kTestCertificatePem); + PemReadResult result = ReadNextPemMessage(&stream); + EXPECT_EQ(result.status, PemReadResult::kOk); + EXPECT_EQ(result.type, "CERTIFICATE"); + EXPECT_EQ(result.contents, kTestCertificate); -// A test certificate generated by //net/tools/quic/certs/generate-certs.sh. -constexpr char kTestCertificate[] = { - '\x30', '\x82', '\x03', '\xb4', '\x30', '\x82', '\x02', '\x9c', '\xa0', - '\x03', '\x02', '\x01', '\x02', '\x02', '\x01', '\x01', '\x30', '\x0d', - '\x06', '\x09', '\x2a', '\x86', '\x48', '\x86', '\xf7', '\x0d', '\x01', - '\x01', '\x0b', '\x05', '\x00', '\x30', '\x1e', '\x31', '\x1c', '\x30', - '\x1a', '\x06', '\x03', '\x55', '\x04', '\x03', '\x0c', '\x13', '\x51', - '\x55', '\x49', '\x43', '\x20', '\x53', '\x65', '\x72', '\x76', '\x65', - '\x72', '\x20', '\x52', '\x6f', '\x6f', '\x74', '\x20', '\x43', '\x41', - '\x30', '\x1e', '\x17', '\x0d', '\x32', '\x30', '\x30', '\x31', '\x33', - '\x30', '\x31', '\x38', '\x31', '\x33', '\x35', '\x39', '\x5a', '\x17', - '\x0d', '\x32', '\x30', '\x30', '\x32', '\x30', '\x32', '\x31', '\x38', - '\x31', '\x33', '\x35', '\x39', '\x5a', '\x30', '\x64', '\x31', '\x0b', - '\x30', '\x09', '\x06', '\x03', '\x55', '\x04', '\x06', '\x13', '\x02', - '\x55', '\x53', '\x31', '\x13', '\x30', '\x11', '\x06', '\x03', '\x55', - '\x04', '\x08', '\x0c', '\x0a', '\x43', '\x61', '\x6c', '\x69', '\x66', - '\x6f', '\x72', '\x6e', '\x69', '\x61', '\x31', '\x16', '\x30', '\x14', - '\x06', '\x03', '\x55', '\x04', '\x07', '\x0c', '\x0d', '\x4d', '\x6f', - '\x75', '\x6e', '\x74', '\x61', '\x69', '\x6e', '\x20', '\x56', '\x69', - '\x65', '\x77', '\x31', '\x14', '\x30', '\x12', '\x06', '\x03', '\x55', - '\x04', '\x0a', '\x0c', '\x0b', '\x51', '\x55', '\x49', '\x43', '\x20', - '\x53', '\x65', '\x72', '\x76', '\x65', '\x72', '\x31', '\x12', '\x30', - '\x10', '\x06', '\x03', '\x55', '\x04', '\x03', '\x0c', '\x09', '\x31', - '\x32', '\x37', '\x2e', '\x30', '\x2e', '\x30', '\x2e', '\x31', '\x30', - '\x82', '\x01', '\x22', '\x30', '\x0d', '\x06', '\x09', '\x2a', '\x86', - '\x48', '\x86', '\xf7', '\x0d', '\x01', '\x01', '\x01', '\x05', '\x00', - '\x03', '\x82', '\x01', '\x0f', '\x00', '\x30', '\x82', '\x01', '\x0a', - '\x02', '\x82', '\x01', '\x01', '\x00', '\xc5', '\xe2', '\x51', '\x6d', - '\x3f', '\xd6', '\x28', '\xf2', '\xad', '\x34', '\x73', '\x87', '\x64', - '\xca', '\x33', '\x19', '\x33', '\xb7', '\x75', '\x91', '\xab', '\x31', - '\x19', '\x2b', '\xe3', '\xa4', '\x26', '\x09', '\x29', '\x8b', '\x2d', - '\xf7', '\x52', '\x75', '\xa7', '\x55', '\x15', '\xf0', '\x11', '\xc7', - '\xc2', '\xc4', '\xed', '\x18', '\x1b', '\x33', '\x0b', '\x71', '\x32', - '\xe6', '\x35', '\x89', '\xcd', '\x2d', '\x5a', '\x05', '\x57', '\x4e', - '\xc2', '\x78', '\x75', '\x65', '\x72', '\x2d', '\x8a', '\x17', '\x83', - '\xd6', '\x32', '\x90', '\x85', '\xf8', '\x22', '\xe2', '\x65', '\xa9', - '\xe0', '\xa0', '\xfe', '\x19', '\xb2', '\x39', '\x2d', '\x14', '\x03', - '\x10', '\x2f', '\xcc', '\x8b', '\x5e', '\xaa', '\x25', '\x27', '\x0d', - '\xa3', '\x37', '\x10', '\x0c', '\x17', '\xec', '\xf0', '\x8b', '\xc5', - '\x6b', '\xed', '\x6b', '\x5e', '\xb2', '\xe2', '\x35', '\x3e', '\x46', - '\x3b', '\xf7', '\xf6', '\x59', '\xb1', '\xe0', '\x16', '\xa6', '\xfb', - '\x03', '\xbf', '\x84', '\x4f', '\xce', '\x64', '\x15', '\x0d', '\x59', - '\x99', '\xa6', '\xf0', '\x7f', '\x8a', '\x33', '\x4b', '\xbb', '\x0b', - '\xb8', '\xf2', '\xd1', '\x27', '\x90', '\x8f', '\x38', '\xf8', '\x5a', - '\x41', '\x82', '\x07', '\x9b', '\x0d', '\xd9', '\x52', '\xe0', '\x70', - '\xff', '\xde', '\xda', '\xd8', '\x25', '\x4e', '\x2f', '\x2d', '\x9f', - '\xaf', '\x92', '\x63', '\xc7', '\x42', '\xb4', '\xdc', '\x16', '\x95', - '\x23', '\x05', '\x02', '\x6b', '\xb0', '\xe8', '\xc5', '\xfe', '\x15', - '\x9a', '\xe8', '\x7d', '\x2f', '\xdc', '\x43', '\xf4', '\x70', '\x91', - '\x1a', '\x93', '\xbe', '\x71', '\xaf', '\x85', '\x84', '\xdb', '\xcf', - '\x6b', '\x5c', '\x80', '\xb2', '\xd3', '\xf3', '\x42', '\x6e', '\x24', - '\xec', '\x2a', '\x62', '\x99', '\xc6', '\x3c', '\xe5', '\x32', '\xe5', - '\x72', '\x37', '\x30', '\x9b', '\x0b', '\xe4', '\x06', '\xb4', '\x64', - '\x26', '\x95', '\x59', '\xba', '\xf1', '\x53', '\x83', '\x3d', '\x99', - '\x6d', '\xf0', '\x80', '\xe2', '\xdb', '\x6b', '\x34', '\x52', '\x06', - '\x77', '\x3c', '\x73', '\xbe', '\xc6', '\xe3', '\xce', '\xb2', '\x11', - '\x02', '\x03', '\x01', '\x00', '\x01', '\xa3', '\x81', '\xb6', '\x30', - '\x81', '\xb3', '\x30', '\x0c', '\x06', '\x03', '\x55', '\x1d', '\x13', - '\x01', '\x01', '\xff', '\x04', '\x02', '\x30', '\x00', '\x30', '\x1d', - '\x06', '\x03', '\x55', '\x1d', '\x0e', '\x04', '\x16', '\x04', '\x14', - '\xc8', '\x54', '\x28', '\xf6', '\xd2', '\xd5', '\x12', '\x35', '\x89', - '\x15', '\x75', '\xb8', '\xbf', '\xdd', '\xfb', '\x4a', '\xfc', '\x6c', - '\x89', '\xde', '\x30', '\x1f', '\x06', '\x03', '\x55', '\x1d', '\x23', - '\x04', '\x18', '\x30', '\x16', '\x80', '\x14', '\x50', '\xe4', '\x1d', - '\xc3', '\x1a', '\xfb', '\xfd', '\x38', '\xdd', '\xa2', '\x05', '\xfd', - '\xc8', '\xfa', '\x57', '\x0a', '\xc1', '\x06', '\x0f', '\xae', '\x30', - '\x1d', '\x06', '\x03', '\x55', '\x1d', '\x25', '\x04', '\x16', '\x30', - '\x14', '\x06', '\x08', '\x2b', '\x06', '\x01', '\x05', '\x05', '\x07', - '\x03', '\x01', '\x06', '\x08', '\x2b', '\x06', '\x01', '\x05', '\x05', - '\x07', '\x03', '\x02', '\x30', '\x44', '\x06', '\x03', '\x55', '\x1d', - '\x11', '\x04', '\x3d', '\x30', '\x3b', '\x82', '\x0f', '\x77', '\x77', - '\x77', '\x2e', '\x65', '\x78', '\x61', '\x6d', '\x70', '\x6c', '\x65', - '\x2e', '\x6f', '\x72', '\x67', '\x82', '\x10', '\x6d', '\x61', '\x69', - '\x6c', '\x2e', '\x65', '\x78', '\x61', '\x6d', '\x70', '\x6c', '\x65', - '\x2e', '\x6f', '\x72', '\x67', '\x82', '\x10', '\x6d', '\x61', '\x69', - '\x6c', '\x2e', '\x65', '\x78', '\x61', '\x6d', '\x70', '\x6c', '\x65', - '\x2e', '\x63', '\x6f', '\x6d', '\x87', '\x04', '\x7f', '\x00', '\x00', - '\x01', '\x30', '\x0d', '\x06', '\x09', '\x2a', '\x86', '\x48', '\x86', - '\xf7', '\x0d', '\x01', '\x01', '\x0b', '\x05', '\x00', '\x03', '\x82', - '\x01', '\x01', '\x00', '\x45', '\x41', '\x7a', '\x68', '\xe0', '\xa7', - '\x59', '\xa1', '\x62', '\x54', '\x73', '\x74', '\x14', '\x4f', '\xde', - '\x9c', '\x51', '\xac', '\x25', '\x97', '\x70', '\xf7', '\x09', '\x51', - '\x39', '\x72', '\x39', '\x3c', '\xd0', '\x31', '\xe1', '\xc3', '\x02', - '\x91', '\x14', '\x4d', '\x8f', '\x1d', '\x31', '\xab', '\x98', '\x7e', - '\xe6', '\xbb', '\xab', '\x6a', '\xd9', '\xc5', '\x86', '\xaa', '\x4e', - '\x6a', '\x48', '\xe9', '\xf8', '\xd7', '\xb3', '\x1d', '\xa0', '\xc5', - '\xe6', '\xbf', '\x4c', '\x5a', '\x9b', '\xb5', '\x78', '\x01', '\xa3', - '\x39', '\x7b', '\x5f', '\xbc', '\xb8', '\xa7', '\xc2', '\x71', '\xb0', - '\x7b', '\xdd', '\xa1', '\x87', '\xa6', '\x54', '\x9c', '\xf6', '\x59', - '\x81', '\xb1', '\x2c', '\xde', '\xc5', '\x8a', '\xa2', '\x06', '\x89', - '\xb5', '\xc1', '\x7a', '\xbe', '\x0c', '\x9f', '\x3d', '\xde', '\x81', - '\x48', '\x53', '\x71', '\x7b', '\x8d', '\xc7', '\xea', '\x87', '\xd7', - '\xd1', '\xda', '\x94', '\xb4', '\xc5', '\xac', '\x1e', '\x83', '\xa3', - '\x42', '\x7d', '\xe6', '\xab', '\x3f', '\xd6', '\x1c', '\xd6', '\x65', - '\xc3', '\x60', '\xe9', '\x76', '\x54', '\x79', '\x3f', '\xeb', '\x65', - '\x85', '\x4f', '\x60', '\x7d', '\xbb', '\x96', '\x03', '\x54', '\x2e', - '\xd0', '\x1b', '\xe2', '\x6c', '\x2d', '\x91', '\xae', '\x33', '\x9c', - '\x04', '\xc4', '\x44', '\x0a', '\x7d', '\x5f', '\xbb', '\x80', '\xa2', - '\x01', '\xbc', '\x90', '\x81', '\xa5', '\xdc', '\x4a', '\xc8', '\x77', - '\xc9', '\x8d', '\x34', '\x17', '\xe6', '\x2a', '\x7d', '\x02', '\x1e', - '\x32', '\x3f', '\x7d', '\xd7', '\x0c', '\x80', '\x5b', '\xc6', '\x94', - '\x6a', '\x42', '\x36', '\x05', '\x9f', '\x9e', '\xc5', '\x85', '\x9f', - '\x60', '\xe3', '\x72', '\x73', '\x34', '\x39', '\x44', '\x75', '\x55', - '\x60', '\x24', '\x7a', '\x8b', '\x09', '\x74', '\x84', '\x72', '\xfd', - '\x91', '\x68', '\x93', '\x57', '\x9e', '\x70', '\x46', '\x4d', '\xe4', - '\x30', '\x84', '\x5f', '\x20', '\x07', '\xad', '\xfd', '\x86', '\x32', - '\xd3', '\xfb', '\xba', '\xaf', '\xd9', '\x61', '\x14', '\x3c', '\xe0', - '\xa1', '\xa9', '\x51', '\x51', '\x0f', '\xad', '\x60'}; + result = ReadNextPemMessage(&stream); + EXPECT_EQ(result.status, PemReadResult::kEof); +} TEST(CertificateViewTest, Parse) { - quiche::QuicheStringPiece certificate(kTestCertificate, - sizeof(kTestCertificate)); std::unique_ptr<CertificateView> view = - CertificateView::ParseSingleCertificate(certificate); + CertificateView::ParseSingleCertificate(kTestCertificate); ASSERT_TRUE(view != nullptr); EXPECT_THAT(view->subject_alt_name_domains(), @@ -140,5 +47,68 @@ TEST(CertificateViewTest, Parse) { EXPECT_EQ(EVP_PKEY_id(view->public_key()), EVP_PKEY_RSA); } +TEST(CertificateViewTest, PemSingleCertificate) { + std::stringstream pem_stream(kTestCertificatePem); + std::vector<std::string> chain = + CertificateView::LoadPemFromStream(&pem_stream); + EXPECT_THAT(chain, ElementsAre(kTestCertificate)); +} + +TEST(CertificateViewTest, PemMultipleCertificates) { + std::stringstream pem_stream(kTestCertificateChainPem); + std::vector<std::string> chain = + CertificateView::LoadPemFromStream(&pem_stream); + EXPECT_THAT(chain, + ElementsAre(kTestCertificate, HasSubstr("QUIC Server Root CA"))); +} + +TEST(CertificateViewTest, PemNoCertificates) { + std::stringstream pem_stream("one\ntwo\nthree\n"); + std::vector<std::string> chain = + CertificateView::LoadPemFromStream(&pem_stream); + EXPECT_TRUE(chain.empty()); +} + +TEST(CertificateViewTest, SignAndVerify) { + std::unique_ptr<CertificatePrivateKey> key = + CertificatePrivateKey::LoadFromDer(kTestCertificatePrivateKey); + ASSERT_TRUE(key != nullptr); + + std::string data = "A really important message"; + std::string signature = key->Sign(data, SSL_SIGN_RSA_PSS_RSAE_SHA256); + ASSERT_FALSE(signature.empty()); + + std::unique_ptr<CertificateView> view = + CertificateView::ParseSingleCertificate(kTestCertificate); + ASSERT_TRUE(view != nullptr); + EXPECT_TRUE(key->MatchesPublicKey(*view)); + + EXPECT_TRUE( + view->VerifySignature(data, signature, SSL_SIGN_RSA_PSS_RSAE_SHA256)); + EXPECT_FALSE(view->VerifySignature("An unimportant message", signature, + SSL_SIGN_RSA_PSS_RSAE_SHA256)); + EXPECT_FALSE(view->VerifySignature(data, "Not a signature", + SSL_SIGN_RSA_PSS_RSAE_SHA256)); +} + +TEST(CertificateViewTest, PrivateKeyPem) { + std::unique_ptr<CertificateView> view = + CertificateView::ParseSingleCertificate(kTestCertificate); + ASSERT_TRUE(view != nullptr); + + std::stringstream pem_stream(kTestCertificatePrivateKeyPem); + std::unique_ptr<CertificatePrivateKey> pem_key = + CertificatePrivateKey::LoadPemFromStream(&pem_stream); + ASSERT_TRUE(pem_key != nullptr); + EXPECT_TRUE(pem_key->MatchesPublicKey(*view)); + + std::stringstream legacy_stream(kTestCertificatePrivateKeyLegacyPem); + std::unique_ptr<CertificatePrivateKey> legacy_key = + CertificatePrivateKey::LoadPemFromStream(&legacy_stream); + ASSERT_TRUE(legacy_key != nullptr); + EXPECT_TRUE(legacy_key->MatchesPublicKey(*view)); +} + } // namespace +} // namespace test } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/crypto/crypto_handshake_message.cc b/chromium/net/third_party/quiche/src/quic/core/crypto/crypto_handshake_message.cc index d5b4635d1d4..2c92923b35b 100644 --- a/chromium/net/third_party/quiche/src/quic/core/crypto/crypto_handshake_message.cc +++ b/chromium/net/third_party/quiche/src/quic/core/crypto/crypto_handshake_message.cc @@ -50,6 +50,17 @@ CryptoHandshakeMessage& CryptoHandshakeMessage::operator=( CryptoHandshakeMessage& CryptoHandshakeMessage::operator=( CryptoHandshakeMessage&& other) = default; +bool CryptoHandshakeMessage::operator==( + const CryptoHandshakeMessage& rhs) const { + return tag_ == rhs.tag_ && tag_value_map_ == rhs.tag_value_map_ && + minimum_size_ == rhs.minimum_size_; +} + +bool CryptoHandshakeMessage::operator!=( + const CryptoHandshakeMessage& rhs) const { + return !(*this == rhs); +} + void CryptoHandshakeMessage::Clear() { tag_ = 0; tag_value_map_.clear(); @@ -279,7 +290,6 @@ std::string CryptoHandshakeMessage::DebugStringInternal(size_t indent) const { case kIRTT: case kMIUS: case kMIBS: - case kSCLS: case kTCID: case kMAD: // uint32_t value diff --git a/chromium/net/third_party/quiche/src/quic/core/crypto/crypto_handshake_message.h b/chromium/net/third_party/quiche/src/quic/core/crypto/crypto_handshake_message.h index 409738a1f81..95390507a6a 100644 --- a/chromium/net/third_party/quiche/src/quic/core/crypto/crypto_handshake_message.h +++ b/chromium/net/third_party/quiche/src/quic/core/crypto/crypto_handshake_message.h @@ -30,6 +30,9 @@ class QUIC_EXPORT_PRIVATE CryptoHandshakeMessage { CryptoHandshakeMessage& operator=(const CryptoHandshakeMessage& other); CryptoHandshakeMessage& operator=(CryptoHandshakeMessage&& other); + bool operator==(const CryptoHandshakeMessage& rhs) const; + bool operator!=(const CryptoHandshakeMessage& rhs) const; + // Clears state. void Clear(); diff --git a/chromium/net/third_party/quiche/src/quic/core/crypto/crypto_protocol.h b/chromium/net/third_party/quiche/src/quic/core/crypto/crypto_protocol.h index 8af8a0429d1..172fd822d0b 100644 --- a/chromium/net/third_party/quiche/src/quic/core/crypto/crypto_protocol.h +++ b/chromium/net/third_party/quiche/src/quic/core/crypto/crypto_protocol.h @@ -27,7 +27,7 @@ namespace quic { typedef std::string ServerConfigID; // The following tags have been deprecated and should not be reused: -// "1CON", "BBQ4", "NCON", "RCID", "SREJ", "TBKP", "TB10" +// "1CON", "BBQ4", "NCON", "RCID", "SREJ", "TBKP", "TB10", "SCLS", "SMHL" // clang-format off const QuicTag kCHLO = TAG('C', 'H', 'L', 'O'); // Client hello @@ -121,6 +121,10 @@ const QuicTag kB2NA = TAG('B', '2', 'N', 'A'); // For BBRv2, do not add ack // height to queueing threshold const QuicTag kB2RP = TAG('B', '2', 'R', 'P'); // For BBRv2, run PROBE_RTT on // the regular schedule +const QuicTag kB2CL = TAG('B', '2', 'C', 'L'); // For BBRv2, allow PROBE_BW + // cwnd to be below BDP + ack + // height. +const QuicTag kB2LO = TAG('B', '2', 'L', 'O'); // Ignore inflight_lo in BBR2 const QuicTag kBSAO = TAG('B', 'S', 'A', 'O'); // Avoid Overestimation in // Bandwidth Sampler with ack // aggregation @@ -184,10 +188,6 @@ const QuicTag kILD4 = TAG('I', 'L', 'D', '4'); // IETF style loss detection // threshold const QuicTag kRUNT = TAG('R', 'U', 'N', 'T'); // No packet threshold loss // detection for "runt" packet. -// TODO(fayang): Remove this connection option when QUIC_VERSION_35, is removed -// Since MAX_HEADER_LIST_SIZE settings frame is supported instead. -const QuicTag kSMHL = TAG('S', 'M', 'H', 'L'); // Support MAX_HEADER_LIST_SIZE - // settings frame. const QuicTag kNSTP = TAG('N', 'S', 'T', 'P'); // No stop waiting frames. const QuicTag kNRTT = TAG('N', 'R', 'T', 'T'); // Ignore initial RTT @@ -226,6 +226,8 @@ const QuicTag kPLE2 = TAG('P', 'L', 'E', '2'); // Arm the 1st PTO with // and at least 1.5*srtt from // last sent packet. +const QuicTag kELDT = TAG('E', 'L', 'D', 'T'); // Enable Loss Detection Tuning + // Optional support of truncated Connection IDs. If sent by a peer, the value // is the minimum number of bytes allowed for the connection ID sent to the // peer. @@ -251,6 +253,17 @@ const QuicTag kBWS5 = TAG('B', 'W', 'S', '5'); // QUIC Initial CWND up and down const QuicTag kBWS6 = TAG('B', 'W', 'S', '6'); // QUIC Initial CWND - Enabled // with 0.5 * default // multiplier. +const QuicTag kBWP0 = TAG('B', 'W', 'P', '0'); // QUIC Initial CWND - SPDY + // priority 0. +const QuicTag kBWP1 = TAG('B', 'W', 'P', '1'); // QUIC Initial CWND - SPDY + // priorities 0 and 1. +const QuicTag kBWP2 = TAG('B', 'W', 'P', '2'); // QUIC Initial CWND - SPDY + // priorities 0, 1 and 2. +const QuicTag kBWP3 = TAG('B', 'W', 'P', '3'); // QUIC Initial CWND - SPDY + // priorities 0, 1, 2 and 3. +const QuicTag kBWP4 = TAG('B', 'W', 'P', '4'); // QUIC Initial CWND - SPDY + // priorities >= 0, 1, 2 , 3 and + // 4. const QuicTag kBWS7 = TAG('B', 'W', 'S', '7'); // QUIC Initial CWND - Enabled // with 0.75 * default // multiplier. @@ -294,7 +307,6 @@ const QuicTag kAEAD = TAG('A', 'E', 'A', 'D'); // Authenticated const QuicTag kCOPT = TAG('C', 'O', 'P', 'T'); // Connection options const QuicTag kCLOP = TAG('C', 'L', 'O', 'P'); // Client connection options const QuicTag kICSL = TAG('I', 'C', 'S', 'L'); // Idle network timeout -const QuicTag kSCLS = TAG('S', 'C', 'L', 'S'); // Silently close on timeout const QuicTag kMIBS = TAG('M', 'I', 'D', 'S'); // Max incoming bidi streams const QuicTag kMIUS = TAG('M', 'I', 'U', 'S'); // Max incoming unidi streams const QuicTag kADE = TAG('A', 'D', 'E', 0); // Ack Delay Exponent (IETF diff --git a/chromium/net/third_party/quiche/src/quic/core/crypto/crypto_server_test.cc b/chromium/net/third_party/quiche/src/quic/core/crypto/crypto_server_test.cc index 4cf618b8a6a..ee9dc53cf64 100644 --- a/chromium/net/third_party/quiche/src/quic/core/crypto/crypto_server_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/crypto/crypto_server_test.cc @@ -223,7 +223,7 @@ class CryptoServerTest : public QuicTestWithParam<TestParams> { bool called = false; QuicSocketAddress server_address(QuicIpAddress::Any4(), 5); config_.ValidateClientHello( - message, client_address_.host(), server_address, + message, client_address_, server_address, supported_versions_.front().transport_version, &clock_, signed_config_, std::make_unique<ValidateCallback>(this, true, "", &called)); EXPECT_TRUE(called); @@ -241,7 +241,7 @@ class CryptoServerTest : public QuicTestWithParam<TestParams> { bool* called) { QuicSocketAddress server_address(QuicIpAddress::Any4(), 5); config_.ValidateClientHello( - message, client_address_.host(), server_address, + message, client_address_, server_address, supported_versions_.front().transport_version, &clock_, signed_config_, std::make_unique<ValidateCallback>(this, false, error_substr, called)); } diff --git a/chromium/net/third_party/quiche/src/quic/core/crypto/curve25519_key_exchange.cc b/chromium/net/third_party/quiche/src/quic/core/crypto/curve25519_key_exchange.cc index f4cc7937d7b..2f19e9d486c 100644 --- a/chromium/net/third_party/quiche/src/quic/core/crypto/curve25519_key_exchange.cc +++ b/chromium/net/third_party/quiche/src/quic/core/crypto/curve25519_key_exchange.cc @@ -5,6 +5,7 @@ #include "net/third_party/quiche/src/quic/core/crypto/curve25519_key_exchange.h" #include <cstdint> +#include <cstring> #include <string> #include "third_party/boringssl/src/include/openssl/curve25519.h" diff --git a/chromium/net/third_party/quiche/src/quic/core/crypto/p256_key_exchange.cc b/chromium/net/third_party/quiche/src/quic/core/crypto/p256_key_exchange.cc index a1b45ba5f9c..01f345de824 100644 --- a/chromium/net/third_party/quiche/src/quic/core/crypto/p256_key_exchange.cc +++ b/chromium/net/third_party/quiche/src/quic/core/crypto/p256_key_exchange.cc @@ -5,6 +5,7 @@ #include "net/third_party/quiche/src/quic/core/crypto/p256_key_exchange.h" #include <cstdint> +#include <cstring> #include <memory> #include <string> #include <utility> diff --git a/chromium/net/third_party/quiche/src/quic/core/crypto/proof_source.h b/chromium/net/third_party/quiche/src/quic/core/crypto/proof_source.h index e208b94c26c..c4224f46607 100644 --- a/chromium/net/third_party/quiche/src/quic/core/crypto/proof_source.h +++ b/chromium/net/third_party/quiche/src/quic/core/crypto/proof_source.h @@ -119,6 +119,7 @@ class QUIC_EXPORT_PRIVATE ProofSource { // // Callers should expect that |callback| might be invoked synchronously. virtual void GetProof(const QuicSocketAddress& server_address, + const QuicSocketAddress& client_address, const std::string& hostname, const std::string& server_config, QuicTransportVersion transport_version, @@ -128,6 +129,7 @@ class QUIC_EXPORT_PRIVATE ProofSource { // Returns the certificate chain for |hostname| in leaf-first order. virtual QuicReferenceCountedPointer<Chain> GetCertChain( const QuicSocketAddress& server_address, + const QuicSocketAddress& client_address, const std::string& hostname) = 0; // Computes a signature using the private key of the certificate for @@ -140,10 +142,59 @@ class QUIC_EXPORT_PRIVATE ProofSource { // Callers should expect that |callback| might be invoked synchronously. virtual void ComputeTlsSignature( const QuicSocketAddress& server_address, + const QuicSocketAddress& client_address, const std::string& hostname, uint16_t signature_algorithm, quiche::QuicheStringPiece in, std::unique_ptr<SignatureCallback> callback) = 0; + + class QUIC_EXPORT_PRIVATE DecryptCallback { + public: + DecryptCallback() = default; + virtual ~DecryptCallback() = default; + + virtual void Run(std::vector<uint8_t> plaintext) = 0; + + private: + DecryptCallback(const Callback&) = delete; + DecryptCallback& operator=(const Callback&) = delete; + }; + + // TicketCrypter is an interface for managing encryption and decryption of TLS + // session tickets. A TicketCrypter gets used as an + // SSL_CTX_set_ticket_aead_method in BoringSSL, which has a synchronous + // Encrypt/Seal operation and a potentially asynchronous Decrypt/Open + // operation. This interface allows for ticket decryptions to be performed on + // a remote service. + class QUIC_EXPORT_PRIVATE TicketCrypter { + public: + TicketCrypter() = default; + virtual ~TicketCrypter() = default; + + // MaxOverhead returns the maximum number of bytes of overhead that may get + // added when encrypting the ticket. + virtual size_t MaxOverhead() = 0; + + // Encrypt takes a serialized TLS session ticket in |in|, encrypts it, and + // returns the encrypted ticket. The resulting value must not be larger than + // MaxOverhead bytes larger than |in|. If encryption fails, this method + // returns an empty vector. + virtual std::vector<uint8_t> Encrypt(quiche::QuicheStringPiece in) = 0; + + // Decrypt takes an encrypted ticket |in|, decrypts it, and calls + // |callback->Run| with the decrypted ticket, which must not be larger than + // |in|. If decryption fails, the callback is invoked with an empty + // vector. + virtual void Decrypt(quiche::QuicheStringPiece in, + std::unique_ptr<DecryptCallback> callback) = 0; + }; + + // Returns the TicketCrypter used for encrypting and decrypting TLS + // session tickets, or nullptr if that functionality is not supported. The + // TicketCrypter returned (if not nullptr) must be valid for the lifetime of + // the ProofSource, and the caller does not take ownership of said + // TicketCrypter. + virtual TicketCrypter* GetTicketCrypter() = 0; }; } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/crypto/proof_source_x509.cc b/chromium/net/third_party/quiche/src/quic/core/crypto/proof_source_x509.cc new file mode 100644 index 00000000000..6afc65f557a --- /dev/null +++ b/chromium/net/third_party/quiche/src/quic/core/crypto/proof_source_x509.cc @@ -0,0 +1,135 @@ +// Copyright 2020 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/third_party/quiche/src/quic/core/crypto/proof_source_x509.h" + +#include <memory> + +#include "third_party/boringssl/src/include/openssl/ssl.h" +#include "net/third_party/quiche/src/quic/core/crypto/certificate_view.h" +#include "net/third_party/quiche/src/quic/core/crypto/crypto_protocol.h" +#include "net/third_party/quiche/src/quic/core/quic_data_writer.h" +#include "net/third_party/quiche/src/quic/platform/api/quic_bug_tracker.h" +#include "net/third_party/quiche/src/common/platform/api/quiche_endian.h" +#include "net/third_party/quiche/src/common/platform/api/quiche_str_cat.h" +#include "net/third_party/quiche/src/common/platform/api/quiche_string_piece.h" + +namespace quic { + +std::unique_ptr<ProofSourceX509> ProofSourceX509::Create( + QuicReferenceCountedPointer<Chain> default_chain, + CertificatePrivateKey default_key) { + std::unique_ptr<ProofSourceX509> result(new ProofSourceX509()); + if (!result->AddCertificateChain(default_chain, std::move(default_key))) { + return nullptr; + } + result->default_certificate_ = &result->certificates_.front(); + return result; +} + +void ProofSourceX509::GetProof( + const QuicSocketAddress& /*server_address*/, + const QuicSocketAddress& /*client_address*/, + const std::string& hostname, + const std::string& server_config, + QuicTransportVersion /*transport_version*/, + quiche::QuicheStringPiece chlo_hash, + std::unique_ptr<ProofSource::Callback> callback) { + QuicCryptoProof proof; + + size_t payload_size = sizeof(kProofSignatureLabel) + sizeof(uint32_t) + + chlo_hash.size() + server_config.size(); + auto payload = std::make_unique<char[]>(payload_size); + QuicDataWriter payload_writer(payload_size, payload.get(), + quiche::Endianness::HOST_BYTE_ORDER); + bool success = payload_writer.WriteBytes(kProofSignatureLabel, + sizeof(kProofSignatureLabel)) && + payload_writer.WriteUInt32(chlo_hash.size()) && + payload_writer.WriteStringPiece(chlo_hash) && + payload_writer.WriteStringPiece(server_config); + if (!success) { + callback->Run(/*ok=*/false, nullptr, proof, nullptr); + return; + } + + Certificate* certificate = GetCertificate(hostname); + proof.signature = certificate->key.Sign( + quiche::QuicheStringPiece(payload.get(), payload_size), + SSL_SIGN_RSA_PSS_RSAE_SHA256); + callback->Run(/*ok=*/!proof.signature.empty(), certificate->chain, proof, + nullptr); +} + +QuicReferenceCountedPointer<ProofSource::Chain> ProofSourceX509::GetCertChain( + const QuicSocketAddress& /*server_address*/, + const QuicSocketAddress& /*client_address*/, + const std::string& hostname) { + return GetCertificate(hostname)->chain; +} + +void ProofSourceX509::ComputeTlsSignature( + const QuicSocketAddress& /*server_address*/, + const QuicSocketAddress& /*client_address*/, + const std::string& hostname, + uint16_t signature_algorithm, + quiche::QuicheStringPiece in, + std::unique_ptr<ProofSource::SignatureCallback> callback) { + std::string signature = + GetCertificate(hostname)->key.Sign(in, signature_algorithm); + callback->Run(/*ok=*/!signature.empty(), signature, nullptr); +} + +ProofSource::TicketCrypter* ProofSourceX509::GetTicketCrypter() { + return nullptr; +} + +bool ProofSourceX509::AddCertificateChain( + QuicReferenceCountedPointer<Chain> chain, + CertificatePrivateKey key) { + if (chain->certs.empty()) { + QUIC_BUG << "Empty certificate chain supplied."; + return false; + } + + std::unique_ptr<CertificateView> leaf = + CertificateView::ParseSingleCertificate(chain->certs[0]); + if (leaf == nullptr) { + QUIC_BUG << "Unable to parse X.509 leaf certificate in the supplied chain."; + return false; + } + if (!key.MatchesPublicKey(*leaf)) { + QUIC_BUG << "Private key does not match the leaf certificate."; + return false; + } + + certificates_.push_front(Certificate{ + .chain = chain, + .key = std::move(key), + }); + Certificate* certificate = &certificates_.front(); + + for (quiche::QuicheStringPiece host : leaf->subject_alt_name_domains()) { + certificate_map_[std::string(host)] = certificate; + } + return true; +} + +ProofSourceX509::Certificate* ProofSourceX509::GetCertificate( + const std::string& hostname) const { + auto it = certificate_map_.find(hostname); + if (it != certificate_map_.end()) { + return it->second; + } + auto dot_pos = hostname.find('.'); + if (dot_pos != std::string::npos) { + std::string wildcard = quiche::QuicheStrCat("*", hostname.substr(dot_pos)); + it = certificate_map_.find(wildcard); + if (it != certificate_map_.end()) { + return it->second; + } + } + return default_certificate_; +} + +} // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/crypto/proof_source_x509.h b/chromium/net/third_party/quiche/src/quic/core/crypto/proof_source_x509.h new file mode 100644 index 00000000000..8632d4bfe95 --- /dev/null +++ b/chromium/net/third_party/quiche/src/quic/core/crypto/proof_source_x509.h @@ -0,0 +1,76 @@ +// Copyright 2020 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef QUICHE_QUIC_CORE_CRYPTO_PROOF_SOURCE_X509_H_ +#define QUICHE_QUIC_CORE_CRYPTO_PROOF_SOURCE_X509_H_ + +#include <forward_list> +#include <memory> + +#include "net/third_party/quiche/src/quic/core/crypto/certificate_view.h" +#include "net/third_party/quiche/src/quic/core/crypto/proof_source.h" +#include "net/third_party/quiche/src/quic/platform/api/quic_containers.h" +#include "net/third_party/quiche/src/quic/platform/api/quic_macros.h" +#include "net/third_party/quiche/src/common/platform/api/quiche_string_piece.h" + +namespace quic { + +// ProofSourceX509 accepts X.509 certificates with private keys and picks a +// certificate internally based on its SubjectAltName value. +class QUIC_EXPORT_PRIVATE ProofSourceX509 : public ProofSource { + public: + // Creates a proof source that uses |default_chain| when no SubjectAltName + // value matches. Returns nullptr if |default_chain| is invalid. + static std::unique_ptr<ProofSourceX509> Create( + QuicReferenceCountedPointer<Chain> default_chain, + CertificatePrivateKey default_key); + + // ProofSource implementation. + void GetProof(const QuicSocketAddress& server_address, + const QuicSocketAddress& client_address, + const std::string& hostname, + const std::string& server_config, + QuicTransportVersion transport_version, + quiche::QuicheStringPiece chlo_hash, + std::unique_ptr<Callback> callback) override; + QuicReferenceCountedPointer<Chain> GetCertChain( + const QuicSocketAddress& server_address, + const QuicSocketAddress& client_address, + const std::string& hostname) override; + void ComputeTlsSignature( + const QuicSocketAddress& server_address, + const QuicSocketAddress& client_address, + const std::string& hostname, + uint16_t signature_algorithm, + quiche::QuicheStringPiece in, + std::unique_ptr<SignatureCallback> callback) override; + TicketCrypter* GetTicketCrypter() override; + + // Adds a certificate chain to the verifier. Returns false if the chain is + // not valid. Newer certificates will override older certificates with the + // same SubjectAltName value. + QUIC_MUST_USE_RESULT bool AddCertificateChain( + QuicReferenceCountedPointer<Chain> chain, + CertificatePrivateKey key); + + private: + ProofSourceX509() = default; + + struct QUIC_EXPORT_PRIVATE Certificate { + QuicReferenceCountedPointer<Chain> chain; + CertificatePrivateKey key; + }; + + // Looks up certficiate for hostname, returns the default if no certificate is + // found. + Certificate* GetCertificate(const std::string& hostname) const; + + std::forward_list<Certificate> certificates_; + Certificate* default_certificate_; + QuicUnorderedMap<std::string, Certificate*> certificate_map_; +}; + +} // namespace quic + +#endif // QUICHE_QUIC_CORE_CRYPTO_PROOF_SOURCE_X509_H_ diff --git a/chromium/net/third_party/quiche/src/quic/core/crypto/proof_source_x509_test.cc b/chromium/net/third_party/quiche/src/quic/core/crypto/proof_source_x509_test.cc new file mode 100644 index 00000000000..23311d08232 --- /dev/null +++ b/chromium/net/third_party/quiche/src/quic/core/crypto/proof_source_x509_test.cc @@ -0,0 +1,136 @@ +// Copyright 2020 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/third_party/quiche/src/quic/core/crypto/proof_source_x509.h" + +#include <memory> + +#include "third_party/boringssl/src/include/openssl/ssl.h" +#include "net/third_party/quiche/src/quic/core/crypto/certificate_view.h" +#include "net/third_party/quiche/src/quic/core/crypto/proof_source.h" +#include "net/third_party/quiche/src/quic/platform/api/quic_expect_bug.h" +#include "net/third_party/quiche/src/quic/platform/api/quic_ip_address.h" +#include "net/third_party/quiche/src/quic/platform/api/quic_reference_counted.h" +#include "net/third_party/quiche/src/quic/platform/api/quic_socket_address.h" +#include "net/third_party/quiche/src/quic/platform/api/quic_test.h" +#include "net/third_party/quiche/src/quic/test_tools/test_certificates.h" +#include "net/third_party/quiche/src/common/platform/api/quiche_string_piece.h" + +namespace quic { +namespace test { +namespace { + +QuicReferenceCountedPointer<ProofSource::Chain> MakeChain( + quiche::QuicheStringPiece cert) { + return QuicReferenceCountedPointer<ProofSource::Chain>( + new ProofSource::Chain(std::vector<std::string>{std::string(cert)})); +} + +class ProofSourceX509Test : public QuicTest { + public: + ProofSourceX509Test() + : test_chain_(MakeChain(kTestCertificate)), + wildcard_chain_(MakeChain(kWildcardCertificate)), + test_key_( + CertificatePrivateKey::LoadFromDer(kTestCertificatePrivateKey)), + wildcard_key_(CertificatePrivateKey::LoadFromDer( + kWildcardCertificatePrivateKey)) { + CHECK(test_key_ != nullptr); + CHECK(wildcard_key_ != nullptr); + } + + protected: + QuicReferenceCountedPointer<ProofSource::Chain> test_chain_, wildcard_chain_; + std::unique_ptr<CertificatePrivateKey> test_key_, wildcard_key_; +}; + +TEST_F(ProofSourceX509Test, AddCertificates) { + std::unique_ptr<ProofSourceX509> proof_source = + ProofSourceX509::Create(test_chain_, std::move(*test_key_)); + ASSERT_TRUE(proof_source != nullptr); + EXPECT_TRUE(proof_source->AddCertificateChain(wildcard_chain_, + std::move(*wildcard_key_))); +} + +TEST_F(ProofSourceX509Test, AddCertificateKeyMismatch) { + std::unique_ptr<ProofSourceX509> proof_source = + ProofSourceX509::Create(test_chain_, std::move(*test_key_)); + ASSERT_TRUE(proof_source != nullptr); + test_key_ = CertificatePrivateKey::LoadFromDer(kTestCertificatePrivateKey); + bool result; + EXPECT_QUIC_BUG(result = proof_source->AddCertificateChain( + wildcard_chain_, std::move(*test_key_)), + "Private key does not match"); +} + +TEST_F(ProofSourceX509Test, CertificateSelection) { + std::unique_ptr<ProofSourceX509> proof_source = + ProofSourceX509::Create(test_chain_, std::move(*test_key_)); + ASSERT_TRUE(proof_source != nullptr); + ASSERT_TRUE(proof_source->AddCertificateChain(wildcard_chain_, + std::move(*wildcard_key_))); + + // Default certificate. + EXPECT_EQ(proof_source + ->GetCertChain(QuicSocketAddress(), QuicSocketAddress(), + "unknown.test") + ->certs[0], + kTestCertificate); + // mail.example.org is explicitly a SubjectAltName in kTestCertificate. + EXPECT_EQ(proof_source + ->GetCertChain(QuicSocketAddress(), QuicSocketAddress(), + "mail.example.org") + ->certs[0], + kTestCertificate); + // www.foo.test is in kWildcardCertificate. + EXPECT_EQ(proof_source + ->GetCertChain(QuicSocketAddress(), QuicSocketAddress(), + "www.foo.test") + ->certs[0], + kWildcardCertificate); + // *.wildcard.test is in kWildcardCertificate. + EXPECT_EQ(proof_source + ->GetCertChain(QuicSocketAddress(), QuicSocketAddress(), + "www.wildcard.test") + ->certs[0], + kWildcardCertificate); + EXPECT_EQ(proof_source + ->GetCertChain(QuicSocketAddress(), QuicSocketAddress(), + "etc.wildcard.test") + ->certs[0], + kWildcardCertificate); + // wildcard.test itself is not in kWildcardCertificate. + EXPECT_EQ(proof_source + ->GetCertChain(QuicSocketAddress(), QuicSocketAddress(), + "wildcard.test") + ->certs[0], + kTestCertificate); +} + +TEST_F(ProofSourceX509Test, TlsSignature) { + class Callback : public ProofSource::SignatureCallback { + public: + void Run(bool ok, + std::string signature, + std::unique_ptr<ProofSource::Details> /*details*/) override { + ASSERT_TRUE(ok); + std::unique_ptr<CertificateView> view = + CertificateView::ParseSingleCertificate(kTestCertificate); + EXPECT_TRUE(view->VerifySignature("Test data", signature, + SSL_SIGN_RSA_PSS_RSAE_SHA256)); + } + }; + + std::unique_ptr<ProofSourceX509> proof_source = + ProofSourceX509::Create(test_chain_, std::move(*test_key_)); + ASSERT_TRUE(proof_source != nullptr); + + proof_source->ComputeTlsSignature(QuicSocketAddress(), QuicSocketAddress(), + "example.com", SSL_SIGN_RSA_PSS_RSAE_SHA256, + "Test data", std::make_unique<Callback>()); +} + +} // namespace +} // namespace test +} // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/crypto/proof_verifier.h b/chromium/net/third_party/quiche/src/quic/core/crypto/proof_verifier.h index 12036d69887..0380b8a87d8 100644 --- a/chromium/net/third_party/quiche/src/quic/core/crypto/proof_verifier.h +++ b/chromium/net/third_party/quiche/src/quic/core/crypto/proof_verifier.h @@ -102,6 +102,7 @@ class QUIC_EXPORT_PRIVATE ProofVerifier { // In this case, the ProofVerifier will take ownership of |callback|. virtual QuicAsyncStatus VerifyCertChain( const std::string& hostname, + const uint16_t port, const std::vector<std::string>& certs, const std::string& ocsp_response, const std::string& cert_sct, diff --git a/chromium/net/third_party/quiche/src/quic/core/crypto/quic_crypto_client_config.h b/chromium/net/third_party/quiche/src/quic/core/crypto/quic_crypto_client_config.h index e4f7061a82c..e3867c8e7b2 100644 --- a/chromium/net/third_party/quiche/src/quic/core/crypto/quic_crypto_client_config.h +++ b/chromium/net/third_party/quiche/src/quic/core/crypto/quic_crypto_client_config.h @@ -42,13 +42,13 @@ struct QUIC_EXPORT_PRIVATE QuicResumptionState { // client didn't receive a 0-RTT capable session ticket from the server, // |transport_params| will be null. Otherwise, it will contain the transport // parameters received from the server on the original connection. - std::unique_ptr<TransportParameters> transport_params; + TransportParameters* transport_params; // If |transport_params| is null, then |application_state| is ignored and // should be empty. |application_state| contains serialized state that the // client received from the server at the application layer that the client // needs to remember when performing a 0-RTT handshake. - std::vector<uint8_t> application_state; + ApplicationState* application_state; }; // SessionCache is an interface for managing storing and retrieving @@ -57,15 +57,16 @@ class QUIC_EXPORT_PRIVATE SessionCache { public: virtual ~SessionCache() {} - // Inserts |state| into the cache, keyed by |server_id|. Insert is called - // after a session ticket is received. If the session ticket is valid for - // 0-RTT, there may be a delay between its receipt and the call to Insert - // while waiting for application state for |state|. - // - // Insert may be called multiple times per connection. SessionCache - // implementations should support storing multiple entries per server ID. + // Inserts |session|, |params|, and |application_states| into the cache, keyed + // by |server_id|. Insert is first called after all three values are present. + // The ownership of |session| is transferred to the cache, while other two are + // copied. Multiple sessions might need to be inserted for a connection. + // SessionCache implementations should support storing + // multiple entries per server ID. virtual void Insert(const QuicServerId& server_id, - std::unique_ptr<QuicResumptionState> state) = 0; + bssl::UniquePtr<SSL_SESSION> session, + const TransportParameters& params, + const ApplicationState* application_state) = 0; // Lookup is called once at the beginning of each TLS handshake to potentially // provide the saved state both for the TLS handshake and for sending 0-RTT @@ -392,10 +393,14 @@ class QUIC_EXPORT_PRIVATE QuicCryptoClientConfig : public QuicCryptoConfig { // Saves the |alpn| that will be passed in QUIC's CHLO message. void set_alpn(const std::string& alpn) { alpn_ = alpn; } + // Saves the pre-shared key used during the handshake. void set_pre_shared_key(quiche::QuicheStringPiece psk) { pre_shared_key_ = std::string(psk); } + // Returns the pre-shared key used during the handshake. + const std::string& pre_shared_key() const { return pre_shared_key_; } + bool pad_inchoate_hello() const { return pad_inchoate_hello_; } void set_pad_inchoate_hello(bool new_value) { pad_inchoate_hello_ = new_value; diff --git a/chromium/net/third_party/quiche/src/quic/core/crypto/quic_crypto_server_config.cc b/chromium/net/third_party/quiche/src/quic/core/crypto/quic_crypto_server_config.cc index 4dc34ffd13f..9cb089bf0e8 100644 --- a/chromium/net/third_party/quiche/src/quic/core/crypto/quic_crypto_server_config.cc +++ b/chromium/net/third_party/quiche/src/quic/core/crypto/quic_crypto_server_config.cc @@ -46,6 +46,7 @@ #include "net/third_party/quiche/src/quic/platform/api/quic_hostname_utils.h" #include "net/third_party/quiche/src/quic/platform/api/quic_logging.h" #include "net/third_party/quiche/src/quic/platform/api/quic_reference_counted.h" +#include "net/third_party/quiche/src/quic/platform/api/quic_socket_address.h" #include "net/third_party/quiche/src/common/platform/api/quiche_string_piece.h" #include "net/third_party/quiche/src/common/platform/api/quiche_text_utils.h" @@ -242,7 +243,7 @@ QuicCryptoServerConfig::QuicCryptoServerConfig( proof_source_(std::move(proof_source)), client_cert_mode_(ClientCertMode::kNone), key_exchange_source_(std::move(key_exchange_source)), - ssl_ctx_(TlsServerConnection::CreateSslCtx()), + ssl_ctx_(TlsServerConnection::CreateSslCtx(proof_source_.get())), source_address_token_future_secs_(3600), source_address_token_lifetime_secs_(86400), enable_serving_sct_(false), @@ -524,7 +525,7 @@ void QuicCryptoServerConfig::GetConfigIds( void QuicCryptoServerConfig::ValidateClientHello( const CryptoHandshakeMessage& client_hello, - const QuicIpAddress& client_ip, + const QuicSocketAddress& client_address, const QuicSocketAddress& server_address, QuicTransportVersion version, const QuicClock* clock, @@ -533,8 +534,8 @@ void QuicCryptoServerConfig::ValidateClientHello( const QuicWallTime now(clock->WallNow()); QuicReferenceCountedPointer<ValidateClientHelloResultCallback::Result> result( - new ValidateClientHelloResultCallback::Result(client_hello, client_ip, - now)); + new ValidateClientHelloResultCallback::Result( + client_hello, client_address.host(), now)); quiche::QuicheStringPiece requested_scid; client_hello.GetStringPiece(kSCID, &requested_scid); @@ -551,8 +552,8 @@ void QuicCryptoServerConfig::ValidateClientHello( signed_config->chain = nullptr; signed_config->proof.signature = ""; signed_config->proof.leaf_cert_scts = ""; - EvaluateClientHello(server_address, version, configs, result, - std::move(done_cb)); + EvaluateClientHello(server_address, client_address, version, configs, + result, std::move(done_cb)); } else { done_cb->Run(result, /* details = */ nullptr); } @@ -717,8 +718,9 @@ void QuicCryptoServerConfig::ProcessClientHello( this, std::move(context), configs); DCHECK(proof_source_.get()); - proof_source_->GetProof(server_address, sni, configs.primary->serialized, - transport_version, chlo_hash, std::move(cb)); + proof_source_->GetProof(server_address, client_address, sni, + configs.primary->serialized, transport_version, + chlo_hash, std::move(cb)); return; } @@ -1016,10 +1018,12 @@ void QuicCryptoServerConfig::SendRejectWithFallbackConfig( const std::string sni(context->info().sni); const QuicTransportVersion transport_version = context->transport_version(); + const QuicSocketAddress& client_address = context->client_address(); auto cb = std::make_unique<SendRejectWithFallbackConfigCallback>( this, std::move(context), fallback_config); - proof_source_->GetProof(server_address, sni, fallback_config->serialized, - transport_version, chlo_hash, std::move(cb)); + proof_source_->GetProof(server_address, client_address, sni, + fallback_config->serialized, transport_version, + chlo_hash, std::move(cb)); } void QuicCryptoServerConfig::SendRejectWithFallbackConfigAfterGetProof( @@ -1196,6 +1200,7 @@ void QuicCryptoServerConfig::SelectNewPrimaryConfig( void QuicCryptoServerConfig::EvaluateClientHello( const QuicSocketAddress& server_address, + const QuicSocketAddress& client_address, QuicTransportVersion /*version*/, const Configs& configs, QuicReferenceCountedPointer<ValidateClientHelloResultCallback::Result> @@ -1270,7 +1275,8 @@ void QuicCryptoServerConfig::EvaluateClientHello( } QuicReferenceCountedPointer<ProofSource::Chain> chain = - proof_source_->GetCertChain(server_address, std::string(info->sni)); + proof_source_->GetCertChain(server_address, client_address, + std::string(info->sni)); if (!chain) { info->reject_reasons.push_back(SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE); } else if (!ValidateExpectedLeafCertificate(client_hello, chain->certs)) { @@ -1303,7 +1309,7 @@ void QuicCryptoServerConfig::BuildServerConfigUpdateMessage( quiche::QuicheStringPiece chlo_hash, const SourceAddressTokens& previous_source_address_tokens, const QuicSocketAddress& server_address, - const QuicIpAddress& client_ip, + const QuicSocketAddress& client_address, const QuicClock* clock, QuicRandom* rand, QuicCompressedCertsCache* compressed_certs_cache, @@ -1318,8 +1324,8 @@ void QuicCryptoServerConfig::BuildServerConfigUpdateMessage( serialized = primary_config_->serialized; common_cert_sets = primary_config_->common_cert_sets; source_address_token = NewSourceAddressToken( - *primary_config_, previous_source_address_tokens, client_ip, rand, - clock->WallNow(), cached_network_params); + *primary_config_, previous_source_address_tokens, client_address.host(), + rand, clock->WallNow(), cached_network_params); } CryptoHandshakeMessage message; @@ -1332,8 +1338,9 @@ void QuicCryptoServerConfig::BuildServerConfigUpdateMessage( this, compressed_certs_cache, common_cert_sets, params, std::move(message), std::move(cb)); - proof_source_->GetProof(server_address, params.sni, serialized, version, - chlo_hash, std::move(proof_source_cb)); + proof_source_->GetProof(server_address, client_address, params.sni, + serialized, version, chlo_hash, + std::move(proof_source_cb)); } QuicCryptoServerConfig::BuildServerConfigUpdateMessageProofSourceCallback:: diff --git a/chromium/net/third_party/quiche/src/quic/core/crypto/quic_crypto_server_config.h b/chromium/net/third_party/quiche/src/quic/core/crypto/quic_crypto_server_config.h index 4a8cb737c98..9f2db603416 100644 --- a/chromium/net/third_party/quiche/src/quic/core/crypto/quic_crypto_server_config.h +++ b/chromium/net/third_party/quiche/src/quic/core/crypto/quic_crypto_server_config.h @@ -294,7 +294,7 @@ class QUIC_EXPORT_PRIVATE QuicCryptoServerConfig { // completion of an asynchronous operation. void ValidateClientHello( const CryptoHandshakeMessage& client_hello, - const QuicIpAddress& client_ip, + const QuicSocketAddress& client_address, const QuicSocketAddress& server_address, QuicTransportVersion version, const QuicClock* clock, @@ -360,7 +360,7 @@ class QUIC_EXPORT_PRIVATE QuicCryptoServerConfig { quiche::QuicheStringPiece chlo_hash, const SourceAddressTokens& previous_source_address_tokens, const QuicSocketAddress& server_address, - const QuicIpAddress& client_ip, + const QuicSocketAddress& client_address, const QuicClock* clock, QuicRandom* rand, QuicCompressedCertsCache* compressed_certs_cache, @@ -432,6 +432,8 @@ class QUIC_EXPORT_PRIVATE QuicCryptoServerConfig { SSL_CTX* ssl_ctx() const; + // Pre-shared key used during the handshake. + const std::string& pre_shared_key() const { return pre_shared_key_; } void set_pre_shared_key(quiche::QuicheStringPiece psk) { pre_shared_key_ = std::string(psk); } @@ -551,6 +553,7 @@ class QUIC_EXPORT_PRIVATE QuicCryptoServerConfig { // are written to |client_hello_state->info|. void EvaluateClientHello( const QuicSocketAddress& server_address, + const QuicSocketAddress& client_address, QuicTransportVersion version, const Configs& configs, QuicReferenceCountedPointer<ValidateClientHelloResultCallback::Result> diff --git a/chromium/net/third_party/quiche/src/quic/core/crypto/quic_crypto_server_config_test.cc b/chromium/net/third_party/quiche/src/quic/core/crypto/quic_crypto_server_config_test.cc index 8dd1108b37f..6f0c047b95b 100644 --- a/chromium/net/third_party/quiche/src/quic/core/crypto/quic_crypto_server_config_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/crypto/quic_crypto_server_config_test.cc @@ -481,7 +481,7 @@ TEST_F(CryptoServerConfigsTest, AdvancePrimaryViaValidate) { test_peer_.SelectNewPrimaryConfig(1000); test_peer_.CheckConfigs({{"a", true}, {"b", false}}); CryptoHandshakeMessage client_hello; - QuicIpAddress client_ip; + QuicSocketAddress client_address; QuicSocketAddress server_address; QuicTransportVersion transport_version = QUIC_VERSION_UNSUPPORTED; for (const ParsedQuicVersion& version : AllSupportedVersions()) { @@ -497,7 +497,7 @@ TEST_F(CryptoServerConfigsTest, AdvancePrimaryViaValidate) { std::unique_ptr<ValidateClientHelloResultCallback> done_cb( new ValidateCallback); clock.AdvanceTime(QuicTime::Delta::FromSeconds(1100)); - config_.ValidateClientHello(client_hello, client_ip, server_address, + config_.ValidateClientHello(client_hello, client_address, server_address, transport_version, &clock, signed_config, std::move(done_cb)); test_peer_.CheckConfigs({{"a", false}, {"b", true}}); diff --git a/chromium/net/third_party/quiche/src/quic/core/crypto/tls_connection.cc b/chromium/net/third_party/quiche/src/quic/core/crypto/tls_connection.cc index b0d2147c286..75d28c55d60 100644 --- a/chromium/net/third_party/quiche/src/quic/core/crypto/tls_connection.cc +++ b/chromium/net/third_party/quiche/src/quic/core/crypto/tls_connection.cc @@ -108,18 +108,10 @@ TlsConnection* TlsConnection::ConnectionFromSsl(const SSL* ssl) { ssl, SslIndexSingleton::GetInstance()->ssl_ex_data_index_connection())); } -// TODO(nharper): Once -// https://boringssl-review.googlesource.com/c/boringssl/+/40127 lands and is -// rolled into google3, remove the BORINGSSL_API_VERSION check. const SSL_QUIC_METHOD TlsConnection::kSslQuicMethod{ -#if BORINGSSL_API_VERSION < 10 - TlsConnection::SetEncryptionSecretCallback, -#else - TlsConnection::SetReadSecretCallback, TlsConnection::SetWriteSecretCallback, -#endif - TlsConnection::WriteMessageCallback, TlsConnection::FlushFlightCallback, - TlsConnection::SendAlertCallback -}; + TlsConnection::SetReadSecretCallback, TlsConnection::SetWriteSecretCallback, + TlsConnection::WriteMessageCallback, TlsConnection::FlushFlightCallback, + TlsConnection::SendAlertCallback}; // static int TlsConnection::SetEncryptionSecretCallback( diff --git a/chromium/net/third_party/quiche/src/quic/core/crypto/tls_server_connection.cc b/chromium/net/third_party/quiche/src/quic/core/crypto/tls_server_connection.cc index bdc941ade7c..54db5455ca5 100644 --- a/chromium/net/third_party/quiche/src/quic/core/crypto/tls_server_connection.cc +++ b/chromium/net/third_party/quiche/src/quic/core/crypto/tls_server_connection.cc @@ -4,6 +4,9 @@ #include "net/third_party/quiche/src/quic/core/crypto/tls_server_connection.h" +#include "third_party/boringssl/src/include/openssl/ssl.h" +#include "net/third_party/quiche/src/quic/core/crypto/proof_source.h" +#include "net/third_party/quiche/src/quic/platform/api/quic_flags.h" #include "net/third_party/quiche/src/common/platform/api/quiche_string_piece.h" namespace quic { @@ -13,12 +16,24 @@ TlsServerConnection::TlsServerConnection(SSL_CTX* ssl_ctx, Delegate* delegate) delegate_(delegate) {} // static -bssl::UniquePtr<SSL_CTX> TlsServerConnection::CreateSslCtx() { +bssl::UniquePtr<SSL_CTX> TlsServerConnection::CreateSslCtx( + ProofSource* proof_source) { bssl::UniquePtr<SSL_CTX> ssl_ctx = TlsConnection::CreateSslCtx(); SSL_CTX_set_tlsext_servername_callback(ssl_ctx.get(), &SelectCertificateCallback); SSL_CTX_set_alpn_select_cb(ssl_ctx.get(), &SelectAlpnCallback, nullptr); - SSL_CTX_set_options(ssl_ctx.get(), SSL_OP_NO_TICKET); + // We don't actually need the TicketCrypter here, but we need to know + // whether it's set. + if (GetQuicReloadableFlag(quic_enable_tls_resumption) && + proof_source->GetTicketCrypter()) { + SSL_CTX_set_ticket_aead_method(ssl_ctx.get(), + &TlsServerConnection::kSessionTicketMethod); + if (GetQuicReloadableFlag(quic_enable_zero_rtt_for_tls)) { + SSL_CTX_set_early_data_enabled(ssl_ctx.get(), 1); + } + } else { + SSL_CTX_set_options(ssl_ctx.get(), SSL_OP_NO_TICKET); + } return ssl_ctx; } @@ -81,4 +96,41 @@ ssl_private_key_result_t TlsServerConnection::PrivateKeyComplete( max_out); } +// static +const SSL_TICKET_AEAD_METHOD TlsServerConnection::kSessionTicketMethod{ + TlsServerConnection::SessionTicketMaxOverhead, + TlsServerConnection::SessionTicketSeal, + TlsServerConnection::SessionTicketOpen, +}; + +// static +size_t TlsServerConnection::SessionTicketMaxOverhead(SSL* ssl) { + return ConnectionFromSsl(ssl)->delegate_->SessionTicketMaxOverhead(); +} + +// static +int TlsServerConnection::SessionTicketSeal(SSL* ssl, + uint8_t* out, + size_t* out_len, + size_t max_out_len, + const uint8_t* in, + size_t in_len) { + return ConnectionFromSsl(ssl)->delegate_->SessionTicketSeal( + out, out_len, max_out_len, + quiche::QuicheStringPiece(reinterpret_cast<const char*>(in), in_len)); +} + +// static +enum ssl_ticket_aead_result_t TlsServerConnection::SessionTicketOpen( + SSL* ssl, + uint8_t* out, + size_t* out_len, + size_t max_out_len, + const uint8_t* in, + size_t in_len) { + return ConnectionFromSsl(ssl)->delegate_->SessionTicketOpen( + out, out_len, max_out_len, + quiche::QuicheStringPiece(reinterpret_cast<const char*>(in), in_len)); +} + } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/crypto/tls_server_connection.h b/chromium/net/third_party/quiche/src/quic/core/crypto/tls_server_connection.h index 85ce7e79a81..6da81141335 100644 --- a/chromium/net/third_party/quiche/src/quic/core/crypto/tls_server_connection.h +++ b/chromium/net/third_party/quiche/src/quic/core/crypto/tls_server_connection.h @@ -5,6 +5,7 @@ #ifndef QUICHE_QUIC_CORE_CRYPTO_TLS_SERVER_CONNECTION_H_ #define QUICHE_QUIC_CORE_CRYPTO_TLS_SERVER_CONNECTION_H_ +#include "net/third_party/quiche/src/quic/core/crypto/proof_source.h" #include "net/third_party/quiche/src/quic/core/crypto/tls_connection.h" #include "net/third_party/quiche/src/common/platform/api/quiche_string_piece.h" @@ -59,6 +60,50 @@ class QUIC_EXPORT_PRIVATE TlsServerConnection : public TlsConnection { size_t* out_len, size_t max_out) = 0; + // The following functions are used to implement an SSL_TICKET_AEAD_METHOD. + // See + // https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#ssl_ticket_aead_result_t + // for details on the BoringSSL API. + + // SessionTicketMaxOverhead returns the maximum number of bytes of overhead + // that SessionTicketSeal may add when encrypting a session ticket. + virtual size_t SessionTicketMaxOverhead() = 0; + + // SessionTicketSeal encrypts the session ticket in |in|, putting the + // resulting encrypted ticket in |out|, writing the length of the bytes + // written to |*out_len|, which is no larger than |max_out_len|. It returns + // 1 on success and 0 on error. + virtual int SessionTicketSeal(uint8_t* out, + size_t* out_len, + size_t max_out_len, + quiche::QuicheStringPiece in) = 0; + + // SessionTicketOpen is called when BoringSSL has an encrypted session + // ticket |in| and wants the ticket decrypted. This decryption operation can + // happen synchronously or asynchronously. + // + // If the decrypted ticket is not available at the time of the function + // call, this function returns ssl_ticket_aead_retry. If this function + // returns ssl_ticket_aead_retry, then SSL_do_handshake will return + // SSL_ERROR_PENDING_TICKET. Once the pending ticket decryption has + // completed, SSL_do_handshake needs to be called again. + // + // When this function is called and the decrypted ticket is available + // (either the ticket was decrypted synchronously, or an asynchronous + // operation has completed and SSL_do_handshake has been called again), the + // decrypted ticket is put in |out|, and the length of that output is + // written to |*out_len|, not to exceed |max_out_len|, and + // ssl_ticket_aead_success is returned. If the ticket cannot be decrypted + // and should be ignored, this function returns + // ssl_ticket_aead_ignore_ticket and a full handshake will be performed + // instead. If a fatal error occurs, ssl_ticket_aead_error can be returned + // which will terminate the handshake. + virtual enum ssl_ticket_aead_result_t SessionTicketOpen( + uint8_t* out, + size_t* out_len, + size_t max_out_len, + quiche::QuicheStringPiece in) = 0; + // Provides the delegate for callbacks that are shared between client and // server. virtual TlsConnection::Delegate* ConnectionDelegate() = 0; @@ -69,7 +114,7 @@ class QUIC_EXPORT_PRIVATE TlsServerConnection : public TlsConnection { TlsServerConnection(SSL_CTX* ssl_ctx, Delegate* delegate); // Creates and configures an SSL_CTX that is appropriate for servers to use. - static bssl::UniquePtr<SSL_CTX> CreateSslCtx(); + static bssl::UniquePtr<SSL_CTX> CreateSslCtx(ProofSource* proof_source); void SetCertChain(const std::vector<CRYPTO_BUFFER*>& cert_chain); @@ -105,6 +150,25 @@ class QUIC_EXPORT_PRIVATE TlsServerConnection : public TlsConnection { size_t* out_len, size_t max_out); + // Implementation of SSL_TICKET_AEAD_METHOD which delegates to corresponding + // methods in TlsServerConnection::Delegate (a.k.a. TlsServerHandshaker). + static const SSL_TICKET_AEAD_METHOD kSessionTicketMethod; + + // The following functions make up the contents of |kSessionTicketMethod|. + static size_t SessionTicketMaxOverhead(SSL* ssl); + static int SessionTicketSeal(SSL* ssl, + uint8_t* out, + size_t* out_len, + size_t max_out_len, + const uint8_t* in, + size_t in_len); + static enum ssl_ticket_aead_result_t SessionTicketOpen(SSL* ssl, + uint8_t* out, + size_t* out_len, + size_t max_out_len, + const uint8_t* in, + size_t in_len); + Delegate* delegate_; }; diff --git a/chromium/net/third_party/quiche/src/quic/core/crypto/transport_parameters.cc b/chromium/net/third_party/quiche/src/quic/core/crypto/transport_parameters.cc index 4cefcddad22..3e286adc84b 100644 --- a/chromium/net/third_party/quiche/src/quic/core/crypto/transport_parameters.cc +++ b/chromium/net/third_party/quiche/src/quic/core/crypto/transport_parameters.cc @@ -7,9 +7,11 @@ #include <cstdint> #include <cstring> #include <forward_list> +#include <memory> #include <utility> #include "net/third_party/quiche/src/quic/core/crypto/crypto_framer.h" +#include "net/third_party/quiche/src/quic/core/crypto/crypto_handshake_message.h" #include "net/third_party/quiche/src/quic/core/quic_connection_id.h" #include "net/third_party/quiche/src/quic/core/quic_data_reader.h" #include "net/third_party/quiche/src/quic/core/quic_data_writer.h" @@ -47,6 +49,9 @@ enum TransportParameters::TransportParameterId : uint64_t { kMaxDatagramFrameSize = 0x20, + kInitialRoundTripTime = 0x3127, + kGoogleConnectionOptions = 0x3128, + kGoogleUserAgentId = 0x3129, kGoogleQuicParam = 18257, // Used for non-standard Google-specific params. kGoogleQuicVersion = 18258, // Used to transmit version and supported_versions. @@ -57,12 +62,14 @@ namespace { // The following constants define minimum and maximum allowed values for some of // the parameters. These come from the "Transport Parameter Definitions" // section of draft-ietf-quic-transport. -const uint64_t kMinMaxPacketSizeTransportParam = 1200; -const uint64_t kMaxAckDelayExponentTransportParam = 20; -const uint64_t kDefaultAckDelayExponentTransportParam = 3; -const uint64_t kMaxMaxAckDelayTransportParam = 16383; -const uint64_t kDefaultMaxAckDelayTransportParam = 25; -const size_t kStatelessResetTokenLength = 16; +constexpr uint64_t kMinMaxPacketSizeTransportParam = 1200; +constexpr uint64_t kMaxAckDelayExponentTransportParam = 20; +constexpr uint64_t kDefaultAckDelayExponentTransportParam = 3; +constexpr uint64_t kMaxMaxAckDelayTransportParam = 16383; +constexpr uint64_t kDefaultMaxAckDelayTransportParam = 25; +constexpr size_t kStatelessResetTokenLength = 16; +constexpr uint64_t kMinActiveConnectionIdLimitTransportParam = 2; +constexpr uint64_t kDefaultActiveConnectionIdLimitTransportParam = 2; std::string TransportParameterIdToString( TransportParameters::TransportParameterId param_id) { @@ -99,6 +106,12 @@ std::string TransportParameterIdToString( return "active_connection_id_limit"; case TransportParameters::kMaxDatagramFrameSize: return "max_datagram_frame_size"; + case TransportParameters::kInitialRoundTripTime: + return "initial_round_trip_time"; + case TransportParameters::kGoogleConnectionOptions: + return "google_connection_options"; + case TransportParameters::kGoogleUserAgentId: + return "user_agent_id"; case TransportParameters::kGoogleQuicParam: return "google"; case TransportParameters::kGoogleQuicVersion: @@ -107,6 +120,35 @@ std::string TransportParameterIdToString( return "Unknown(" + quiche::QuicheTextUtils::Uint64ToString(param_id) + ")"; } +bool TransportParameterIdIsKnown( + TransportParameters::TransportParameterId param_id) { + switch (param_id) { + case TransportParameters::kOriginalConnectionId: + case TransportParameters::kIdleTimeout: + case TransportParameters::kStatelessResetToken: + case TransportParameters::kMaxPacketSize: + case TransportParameters::kInitialMaxData: + case TransportParameters::kInitialMaxStreamDataBidiLocal: + case TransportParameters::kInitialMaxStreamDataBidiRemote: + case TransportParameters::kInitialMaxStreamDataUni: + case TransportParameters::kInitialMaxStreamsBidi: + case TransportParameters::kInitialMaxStreamsUni: + case TransportParameters::kAckDelayExponent: + case TransportParameters::kMaxAckDelay: + case TransportParameters::kDisableMigration: + case TransportParameters::kPreferredAddress: + case TransportParameters::kActiveConnectionIdLimit: + case TransportParameters::kMaxDatagramFrameSize: + case TransportParameters::kInitialRoundTripTime: + case TransportParameters::kGoogleConnectionOptions: + case TransportParameters::kGoogleUserAgentId: + case TransportParameters::kGoogleQuicParam: + case TransportParameters::kGoogleQuicVersion: + return true; + } + return false; +} + bool WriteTransportParameterId( QuicDataWriter* writer, TransportParameters::TransportParameterId param_id, @@ -310,6 +352,19 @@ TransportParameters::PreferredAddress::PreferredAddress() TransportParameters::PreferredAddress::~PreferredAddress() {} +bool TransportParameters::PreferredAddress::operator==( + const PreferredAddress& rhs) const { + return ipv4_socket_address == rhs.ipv4_socket_address && + ipv6_socket_address == rhs.ipv6_socket_address && + connection_id == rhs.connection_id && + stateless_reset_token == rhs.stateless_reset_token; +} + +bool TransportParameters::PreferredAddress::operator!=( + const PreferredAddress& rhs) const { + return !(*this == rhs); +} + std::ostream& operator<<( std::ostream& os, const TransportParameters::PreferredAddress& preferred_address) { @@ -346,9 +401,9 @@ std::string TransportParameters::ToString() const { rv += " supported_versions " + QuicVersionLabelVectorToString(supported_versions); } - if (!original_connection_id.IsEmpty()) { + if (original_connection_id.has_value()) { rv += " " + TransportParameterIdToString(kOriginalConnectionId) + " " + - original_connection_id.ToString(); + original_connection_id.value().ToString(); } rv += idle_timeout_milliseconds.ToString(/*for_use_in_list=*/true); if (!stateless_reset_token.empty()) { @@ -375,20 +430,36 @@ std::string TransportParameters::ToString() const { } rv += active_connection_id_limit.ToString(/*for_use_in_list=*/true); rv += max_datagram_frame_size.ToString(/*for_use_in_list=*/true); + rv += initial_round_trip_time_us.ToString(/*for_use_in_list=*/true); + if (google_connection_options.has_value()) { + rv += " " + TransportParameterIdToString(kGoogleConnectionOptions) + " "; + bool first = true; + for (const QuicTag& connection_option : google_connection_options.value()) { + if (first) { + first = false; + } else { + rv += ","; + } + rv += QuicTagToString(connection_option); + } + } + if (user_agent_id.has_value()) { + rv += " " + TransportParameterIdToString(kGoogleUserAgentId) + " \"" + + user_agent_id.value() + "\""; + } if (google_quic_params) { rv += " " + TransportParameterIdToString(kGoogleQuicParam); } - rv += "]"; for (const auto& kv : custom_parameters) { rv += " 0x" + quiche::QuicheTextUtils::Hex(static_cast<uint32_t>(kv.first)); rv += "=" + quiche::QuicheTextUtils::HexEncode(kv.second); } + rv += "]"; return rv; } TransportParameters::TransportParameters() : version(0), - original_connection_id(EmptyQuicConnectionId()), idle_timeout_milliseconds(kIdleTimeout), max_packet_size(kMaxPacketSize, kDefaultMaxPacketSizeTransportParam, @@ -409,13 +480,109 @@ TransportParameters::TransportParameters() 0, kMaxMaxAckDelayTransportParam), disable_migration(false), - active_connection_id_limit(kActiveConnectionIdLimit), - max_datagram_frame_size(kMaxDatagramFrameSize) + active_connection_id_limit(kActiveConnectionIdLimit, + kDefaultActiveConnectionIdLimitTransportParam, + kMinActiveConnectionIdLimitTransportParam, + kVarInt62MaxValue), + max_datagram_frame_size(kMaxDatagramFrameSize), + initial_round_trip_time_us(kInitialRoundTripTime) // Important note: any new transport parameters must be added // to TransportParameters::AreValid, SerializeTransportParameters and -// ParseTransportParameters. +// ParseTransportParameters, TransportParameters's custom copy constructor, the +// operator==, and TransportParametersTest.Comparator. {} +TransportParameters::TransportParameters(const TransportParameters& other) + : perspective(other.perspective), + version(other.version), + supported_versions(other.supported_versions), + original_connection_id(other.original_connection_id), + idle_timeout_milliseconds(other.idle_timeout_milliseconds), + stateless_reset_token(other.stateless_reset_token), + max_packet_size(other.max_packet_size), + initial_max_data(other.initial_max_data), + initial_max_stream_data_bidi_local( + other.initial_max_stream_data_bidi_local), + initial_max_stream_data_bidi_remote( + other.initial_max_stream_data_bidi_remote), + initial_max_stream_data_uni(other.initial_max_stream_data_uni), + initial_max_streams_bidi(other.initial_max_streams_bidi), + initial_max_streams_uni(other.initial_max_streams_uni), + ack_delay_exponent(other.ack_delay_exponent), + max_ack_delay(other.max_ack_delay), + disable_migration(other.disable_migration), + active_connection_id_limit(other.active_connection_id_limit), + max_datagram_frame_size(other.max_datagram_frame_size), + initial_round_trip_time_us(other.initial_round_trip_time_us), + google_connection_options(other.google_connection_options), + user_agent_id(other.user_agent_id), + custom_parameters(other.custom_parameters) { + if (other.preferred_address) { + preferred_address = std::make_unique<TransportParameters::PreferredAddress>( + *other.preferred_address); + } + if (other.google_quic_params) { + google_quic_params = + std::make_unique<CryptoHandshakeMessage>(*other.google_quic_params); + } +} + +bool TransportParameters::operator==(const TransportParameters& rhs) const { + if (!(perspective == rhs.perspective && version == rhs.version && + supported_versions == rhs.supported_versions && + original_connection_id == rhs.original_connection_id && + idle_timeout_milliseconds.value() == + rhs.idle_timeout_milliseconds.value() && + stateless_reset_token == rhs.stateless_reset_token && + max_packet_size.value() == rhs.max_packet_size.value() && + initial_max_data.value() == rhs.initial_max_data.value() && + initial_max_stream_data_bidi_local.value() == + rhs.initial_max_stream_data_bidi_local.value() && + initial_max_stream_data_bidi_remote.value() == + rhs.initial_max_stream_data_bidi_remote.value() && + initial_max_stream_data_uni.value() == + rhs.initial_max_stream_data_uni.value() && + initial_max_streams_bidi.value() == + rhs.initial_max_streams_bidi.value() && + initial_max_streams_uni.value() == + rhs.initial_max_streams_uni.value() && + ack_delay_exponent.value() == rhs.ack_delay_exponent.value() && + max_ack_delay.value() == rhs.max_ack_delay.value() && + disable_migration == rhs.disable_migration && + active_connection_id_limit.value() == + rhs.active_connection_id_limit.value() && + max_datagram_frame_size.value() == + rhs.max_datagram_frame_size.value() && + initial_round_trip_time_us.value() == + rhs.initial_round_trip_time_us.value() && + google_connection_options == rhs.google_connection_options && + user_agent_id == rhs.user_agent_id && + custom_parameters == rhs.custom_parameters)) { + return false; + } + + if ((!preferred_address && rhs.preferred_address) || + (preferred_address && !rhs.preferred_address) || + (!google_quic_params && rhs.google_quic_params) || + (google_quic_params && !rhs.google_quic_params)) { + return false; + } + bool address = true; + if (preferred_address && rhs.preferred_address) { + address = (*preferred_address == *rhs.preferred_address); + } + + bool google_quic = true; + if (google_quic_params && rhs.google_quic_params) { + google_quic = (*google_quic_params == *rhs.google_quic_params); + } + return address && google_quic; +} + +bool TransportParameters::operator!=(const TransportParameters& rhs) const { + return !(*this == rhs); +} + bool TransportParameters::AreValid(std::string* error_details) const { DCHECK(perspective == Perspective::IS_CLIENT || perspective == Perspective::IS_SERVER); @@ -424,7 +591,7 @@ bool TransportParameters::AreValid(std::string* error_details) const { return false; } if (perspective == Perspective::IS_CLIENT && - !original_connection_id.IsEmpty()) { + original_connection_id.has_value()) { *error_details = "Client cannot send original connection ID"; return false; } @@ -452,6 +619,23 @@ bool TransportParameters::AreValid(std::string* error_details) const { *error_details = "Internal preferred address family failure"; return false; } + for (const auto& kv : custom_parameters) { + if (TransportParameterIdIsKnown(kv.first)) { + *error_details = quiche::QuicheStrCat( + "Using custom_parameters with known ID ", + TransportParameterIdToString(kv.first), " is not allowed"); + return false; + } + } + if (perspective == Perspective::IS_SERVER && + initial_round_trip_time_us.value() > 0) { + *error_details = "Server cannot send initial round trip time"; + return false; + } + if (perspective == Perspective::IS_SERVER && user_agent_id.has_value()) { + *error_details = "Server cannot send user agent ID"; + return false; + } const bool ok = idle_timeout_milliseconds.IsValid() && max_packet_size.IsValid() && initial_max_data.IsValid() && @@ -460,7 +644,8 @@ bool TransportParameters::AreValid(std::string* error_details) const { initial_max_stream_data_uni.IsValid() && initial_max_streams_bidi.IsValid() && initial_max_streams_uni.IsValid() && ack_delay_exponent.IsValid() && max_ack_delay.IsValid() && - active_connection_id_limit.IsValid() && max_datagram_frame_size.IsValid(); + active_connection_id_limit.IsValid() && + max_datagram_frame_size.IsValid() && initial_round_trip_time_us.IsValid(); if (!ok) { *error_details = "Invalid transport parameters " + this->ToString(); } @@ -504,17 +689,18 @@ bool SerializeTransportParameters(ParsedQuicVersion version, } // original_connection_id - if (!in.original_connection_id.IsEmpty()) { + if (in.original_connection_id.has_value()) { DCHECK_EQ(Perspective::IS_SERVER, in.perspective); + QuicConnectionId original_connection_id = in.original_connection_id.value(); if (!WriteTransportParameterId( &writer, TransportParameters::kOriginalConnectionId, version) || !WriteTransportParameterStringPiece( &writer, - quiche::QuicheStringPiece(in.original_connection_id.data(), - in.original_connection_id.length()), + quiche::QuicheStringPiece(original_connection_id.data(), + original_connection_id.length()), version)) { QUIC_BUG << "Failed to write original_connection_id " - << in.original_connection_id << " for " << in; + << in.original_connection_id.value() << " for " << in; return false; } } @@ -552,7 +738,8 @@ bool SerializeTransportParameters(ParsedQuicVersion version, !in.ack_delay_exponent.Write(&writer, version) || !in.max_ack_delay.Write(&writer, version) || !in.active_connection_id_limit.Write(&writer, version) || - !in.max_datagram_frame_size.Write(&writer, version)) { + !in.max_datagram_frame_size.Write(&writer, version) || + !in.initial_round_trip_time_us.Write(&writer, version)) { QUIC_BUG << "Failed to write integers for " << in; return false; } @@ -604,6 +791,42 @@ bool SerializeTransportParameters(ParsedQuicVersion version, } } + // Google-specific connection options. + if (in.google_connection_options.has_value()) { + static_assert(sizeof(in.google_connection_options.value().front()) == 4, + "bad size"); + uint64_t connection_options_length = + in.google_connection_options.value().size() * 4; + if (!WriteTransportParameterId( + &writer, TransportParameters::kGoogleConnectionOptions, version) || + !WriteTransportParameterLength(&writer, connection_options_length, + version)) { + QUIC_BUG << "Failed to write google_connection_options of length " + << connection_options_length << " for " << in; + return false; + } + for (const QuicTag& connection_option : + in.google_connection_options.value()) { + if (!writer.WriteTag(connection_option)) { + QUIC_BUG << "Failed to write google_connection_option " + << QuicTagToString(connection_option) << " for " << in; + return false; + } + } + } + + // Google-specific user agent identifier. + if (in.user_agent_id.has_value()) { + if (!WriteTransportParameterId( + &writer, TransportParameters::kGoogleUserAgentId, version) || + !WriteTransportParameterStringPiece(&writer, in.user_agent_id.value(), + version)) { + QUIC_BUG << "Failed to write Google user agent ID \"" + << in.user_agent_id.value() << "\" for " << in; + return false; + } + } + // Google-specific non-standard parameter. if (in.google_quic_params) { const QuicData& serialized_google_quic_params = @@ -648,12 +871,56 @@ bool SerializeTransportParameters(ParsedQuicVersion version, } for (const auto& kv : in.custom_parameters) { - QUIC_BUG_IF(static_cast<uint64_t>(kv.first) < 0xff00) - << "custom_parameters should not be used " - "for non-private use parameters"; - if (!WriteTransportParameterId(&writer, kv.first, version) || + const TransportParameters::TransportParameterId param_id = kv.first; + if (param_id % 31 == 27) { + // See the "Reserved Transport Parameters" section of + // draft-ietf-quic-transport. + QUIC_BUG << "Serializing custom_parameters with GREASE ID " << param_id + << " is not allowed"; + return false; + } + if (!WriteTransportParameterId(&writer, param_id, version) || !WriteTransportParameterStringPiece(&writer, kv.second, version)) { - QUIC_BUG << "Failed to write custom parameter " << kv.first; + QUIC_BUG << "Failed to write custom parameter " << param_id; + return false; + } + } + + { + // Add a random GREASE transport parameter, as defined in the + // "Reserved Transport Parameters" section of draft-ietf-quic-transport. + // https://quicwg.org/base-drafts/draft-ietf-quic-transport.html + // This forces receivers to support unexpected input. + QuicRandom* random = QuicRandom::GetInstance(); + uint64_t grease_id64 = random->RandUint64(); + if (version.HasVarIntTransportParams()) { + // With these versions, identifiers are 62 bits long so we need to ensure + // that the output of the computation below fits in 62 bits. + grease_id64 %= ((1ULL << 62) - 31); + } else { + // Same with 16 bits. + grease_id64 %= ((1ULL << 16) - 31); + } + // Make sure grease_id % 31 == 27. Note that this is not uniformely + // distributed but is acceptable since no security depends on this + // randomness. + grease_id64 = (grease_id64 / 31) * 31 + 27; + DCHECK(version.HasVarIntTransportParams() || + grease_id64 <= std::numeric_limits<uint16_t>::max()) + << grease_id64 << " invalid for " << version; + TransportParameters::TransportParameterId grease_id = + static_cast<TransportParameters::TransportParameterId>(grease_id64); + const size_t kMaxGreaseLength = 16; + const size_t grease_length = random->RandUint64() % kMaxGreaseLength; + DCHECK_GE(kMaxGreaseLength, grease_length); + char grease_contents[kMaxGreaseLength]; + random->RandBytes(grease_contents, grease_length); + if (!WriteTransportParameterId(&writer, grease_id, version) || + !WriteTransportParameterStringPiece( + &writer, quiche::QuicheStringPiece(grease_contents, grease_length), + version)) { + QUIC_BUG << "Failed to write GREASE parameter " + << TransportParameterIdToString(grease_id); return false; } } @@ -679,6 +946,7 @@ bool SerializeTransportParameters(ParsedQuicVersion version, QUIC_DLOG(INFO) << "Serialized " << in << " as " << writer.length() << " bytes"; + return true; } @@ -722,7 +990,7 @@ bool ParseTransportParameters(ParsedQuicVersion version, bool parse_success = true; switch (param_id) { case TransportParameters::kOriginalConnectionId: { - if (!out->original_connection_id.IsEmpty()) { + if (out->original_connection_id.has_value()) { *error_details = "Received a second original connection ID"; return false; } @@ -734,11 +1002,13 @@ bool ParseTransportParameters(ParsedQuicVersion version, connection_id_length); return false; } - if (!value_reader.ReadConnectionId(&out->original_connection_id, + QuicConnectionId original_connection_id; + if (!value_reader.ReadConnectionId(&original_connection_id, connection_id_length)) { *error_details = "Failed to read original connection ID"; return false; } + out->original_connection_id = original_connection_id; } break; case TransportParameters::kIdleTimeout: parse_success = @@ -848,6 +1118,32 @@ bool ParseTransportParameters(ParsedQuicVersion version, parse_success = out->max_datagram_frame_size.Read(&value_reader, error_details); break; + case TransportParameters::kInitialRoundTripTime: + parse_success = + out->initial_round_trip_time_us.Read(&value_reader, error_details); + break; + case TransportParameters::kGoogleConnectionOptions: { + if (out->google_connection_options.has_value()) { + *error_details = "Received a second Google connection options"; + return false; + } + out->google_connection_options = QuicTagVector{}; + while (!value_reader.IsDoneReading()) { + QuicTag connection_option; + if (!value_reader.ReadTag(&connection_option)) { + *error_details = "Failed to read a Google connection option"; + return false; + } + out->google_connection_options.value().push_back(connection_option); + } + } break; + case TransportParameters::kGoogleUserAgentId: + if (out->user_agent_id.has_value()) { + *error_details = "Received a second user agent ID"; + return false; + } + out->user_agent_id = std::string(value_reader.ReadRemainingPayload()); + break; case TransportParameters::kGoogleQuicParam: { if (out->google_quic_params) { *error_details = "Received a second Google parameter"; diff --git a/chromium/net/third_party/quiche/src/quic/core/crypto/transport_parameters.h b/chromium/net/third_party/quiche/src/quic/core/crypto/transport_parameters.h index 831caecd1a9..9dec484a552 100644 --- a/chromium/net/third_party/quiche/src/quic/core/crypto/transport_parameters.h +++ b/chromium/net/third_party/quiche/src/quic/core/crypto/transport_parameters.h @@ -15,6 +15,7 @@ #include "net/third_party/quiche/src/quic/core/quic_types.h" #include "net/third_party/quiche/src/quic/core/quic_versions.h" #include "net/third_party/quiche/src/quic/platform/api/quic_containers.h" +#include "net/third_party/quiche/src/common/platform/api/quiche_optional.h" #include "net/third_party/quiche/src/common/platform/api/quiche_string_piece.h" namespace quic { @@ -35,7 +36,6 @@ struct QUIC_EXPORT_PRIVATE TransportParameters { public: // Forbid constructing and copying apart from TransportParameters. IntegerParameter() = delete; - IntegerParameter(const IntegerParameter&) = delete; IntegerParameter& operator=(const IntegerParameter&) = delete; // Sets the value of this transport parameter. void set_value(uint64_t value); @@ -67,6 +67,8 @@ struct QUIC_EXPORT_PRIVATE TransportParameters { uint64_t default_value, uint64_t min_value, uint64_t max_value); + IntegerParameter(const IntegerParameter& other) = default; + IntegerParameter(IntegerParameter&& other) = default; // Human-readable string representation. std::string ToString(bool for_use_in_list) const; @@ -88,7 +90,11 @@ struct QUIC_EXPORT_PRIVATE TransportParameters { // send to clients. struct QUIC_EXPORT_PRIVATE PreferredAddress { PreferredAddress(); + PreferredAddress(const PreferredAddress& other) = default; + PreferredAddress(PreferredAddress&& other) = default; ~PreferredAddress(); + bool operator==(const PreferredAddress& rhs) const; + bool operator!=(const PreferredAddress& rhs) const; QuicSocketAddress ipv4_socket_address; QuicSocketAddress ipv6_socket_address; @@ -103,7 +109,10 @@ struct QUIC_EXPORT_PRIVATE TransportParameters { }; TransportParameters(); + TransportParameters(const TransportParameters& other); ~TransportParameters(); + bool operator==(const TransportParameters& rhs) const; + bool operator!=(const TransportParameters& rhs) const; // Represents the sender of the transport parameters. When |perspective| is // Perspective::IS_CLIENT, this struct is being used in the client_hello @@ -123,7 +132,7 @@ struct QUIC_EXPORT_PRIVATE TransportParameters { // The value of the Destination Connection ID field from the first // Initial packet sent by the client. - QuicConnectionId original_connection_id; + quiche::QuicheOptional<QuicConnectionId> original_connection_id; // Idle timeout expressed in milliseconds. IntegerParameter idle_timeout_milliseconds; @@ -172,9 +181,19 @@ struct QUIC_EXPORT_PRIVATE TransportParameters { IntegerParameter active_connection_id_limit; // Indicates support for the DATAGRAM frame and the maximum frame size that - // the sender accepts. See draft-pauly-quic-datagram. + // the sender accepts. See draft-ietf-quic-datagram. IntegerParameter max_datagram_frame_size; + // Google-specific transport parameter that carries an estimate of the + // initial round-trip time in microseconds. + IntegerParameter initial_round_trip_time_us; + + // Google-specific connection options. + quiche::QuicheOptional<QuicTagVector> google_connection_options; + + // Google-specific user agent identifier. + quiche::QuicheOptional<std::string> user_agent_id; + // Transport parameters used by Google QUIC but not IETF QUIC. This is // serialized into a TransportParameter struct with a TransportParameterId of // kGoogleQuicParamId. @@ -209,7 +228,6 @@ QUIC_EXPORT_PRIVATE bool SerializeTransportParameters( // This method returns true if the input was successfully parsed. // On failure, this method will write a human-readable error message to // |error_details|. -// TODO(nharper): Write fuzz tests for this method. QUIC_EXPORT_PRIVATE bool ParseTransportParameters(ParsedQuicVersion version, Perspective perspective, const uint8_t* in, diff --git a/chromium/net/third_party/quiche/src/quic/core/crypto/transport_parameters_test.cc b/chromium/net/third_party/quiche/src/quic/core/crypto/transport_parameters_test.cc index bbcba74efb8..1fc1f5c5c93 100644 --- a/chromium/net/third_party/quiche/src/quic/core/crypto/transport_parameters_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/crypto/transport_parameters_test.cc @@ -7,6 +7,10 @@ #include <cstring> #include <utility> +#include "net/third_party/quiche/src/quic/core/crypto/crypto_protocol.h" +#include "net/third_party/quiche/src/quic/core/quic_connection_id.h" +#include "net/third_party/quiche/src/quic/core/quic_tag.h" +#include "net/third_party/quiche/src/quic/core/quic_types.h" #include "net/third_party/quiche/src/quic/core/quic_versions.h" #include "net/third_party/quiche/src/quic/platform/api/quic_expect_bug.h" #include "net/third_party/quiche/src/quic/platform/api/quic_ip_address.h" @@ -19,9 +23,6 @@ namespace quic { namespace test { namespace { -using testing::Pair; -using testing::UnorderedElementsAre; - const QuicVersionLabel kFakeVersionLabel = 0x01234567; const QuicVersionLabel kFakeVersionLabel2 = 0x89ABCDEF; const uint64_t kFakeIdleTimeoutMilliseconds = 12012; @@ -39,6 +40,7 @@ const uint64_t kFakeAckDelayExponent = 10; const uint64_t kFakeMaxAckDelay = 51; const bool kFakeDisableMigration = true; const uint64_t kFakeActiveConnectionIdLimit = 52; +const uint64_t kFakeInitialRoundTripTime = 53; const uint8_t kFakePreferredStatelessResetTokenData[16] = { 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8A, 0x8B, 0x8C, 0x8D, 0x8E, 0x8F}; @@ -101,14 +103,26 @@ CreateFakePreferredAddress() { preferred_address); } -std::vector<ParsedQuicVersion> AllSupportedTlsVersions() { - std::vector<ParsedQuicVersion> tls_versions; - for (const ParsedQuicVersion& version : AllSupportedVersions()) { - if (version.handshake_protocol == PROTOCOL_TLS1_3) { - tls_versions.push_back(version); +QuicTagVector CreateFakeGoogleConnectionOptions() { + return {kALPN, MakeQuicTag('E', 'F', 'G', 0x00), + MakeQuicTag('H', 'I', 'J', 0xff)}; +} + +std::string CreateFakeUserAgentId() { + return "FakeUAID"; +} + +void RemoveGreaseParameters(TransportParameters* params) { + std::vector<TransportParameters::TransportParameterId> grease_params; + for (const auto& kv : params->custom_parameters) { + if (kv.first % 31 == 27) { + grease_params.push_back(kv.first); } } - return tls_versions; + EXPECT_EQ(grease_params.size(), 1u); + for (TransportParameters::TransportParameterId param_id : grease_params) { + params->custom_parameters.erase(param_id); + } } } // namespace @@ -122,9 +136,129 @@ class TransportParametersTest : public QuicTestWithParam<ParsedQuicVersion> { INSTANTIATE_TEST_SUITE_P(TransportParametersTests, TransportParametersTest, - ::testing::ValuesIn(AllSupportedTlsVersions()), + ::testing::ValuesIn(AllSupportedVersionsWithTls()), ::testing::PrintToStringParamName()); +TEST_P(TransportParametersTest, Comparator) { + TransportParameters orig_params; + TransportParameters new_params; + // Test comparison on primitive members. + orig_params.perspective = Perspective::IS_CLIENT; + new_params.perspective = Perspective::IS_SERVER; + EXPECT_NE(orig_params, new_params); + EXPECT_FALSE(orig_params == new_params); + EXPECT_TRUE(orig_params != new_params); + new_params.perspective = Perspective::IS_CLIENT; + orig_params.version = kFakeVersionLabel; + new_params.version = kFakeVersionLabel; + orig_params.disable_migration = true; + new_params.disable_migration = true; + EXPECT_EQ(orig_params, new_params); + EXPECT_TRUE(orig_params == new_params); + EXPECT_FALSE(orig_params != new_params); + + // Test comparison on vectors. + orig_params.supported_versions.push_back(kFakeVersionLabel); + new_params.supported_versions.push_back(kFakeVersionLabel2); + EXPECT_NE(orig_params, new_params); + EXPECT_FALSE(orig_params == new_params); + EXPECT_TRUE(orig_params != new_params); + new_params.supported_versions.pop_back(); + new_params.supported_versions.push_back(kFakeVersionLabel); + orig_params.stateless_reset_token = CreateFakeStatelessResetToken(); + new_params.stateless_reset_token = CreateFakeStatelessResetToken(); + EXPECT_EQ(orig_params, new_params); + EXPECT_TRUE(orig_params == new_params); + EXPECT_FALSE(orig_params != new_params); + + // Test comparison on IntegerParameters. + orig_params.max_packet_size.set_value(kFakeMaxPacketSize); + new_params.max_packet_size.set_value(kFakeMaxPacketSize + 1); + EXPECT_NE(orig_params, new_params); + EXPECT_FALSE(orig_params == new_params); + EXPECT_TRUE(orig_params != new_params); + new_params.max_packet_size.set_value(kFakeMaxPacketSize); + EXPECT_EQ(orig_params, new_params); + EXPECT_TRUE(orig_params == new_params); + EXPECT_FALSE(orig_params != new_params); + + // Test comparison on PreferredAddress + orig_params.preferred_address = CreateFakePreferredAddress(); + EXPECT_NE(orig_params, new_params); + EXPECT_FALSE(orig_params == new_params); + EXPECT_TRUE(orig_params != new_params); + new_params.preferred_address = CreateFakePreferredAddress(); + EXPECT_EQ(orig_params, new_params); + EXPECT_TRUE(orig_params == new_params); + EXPECT_FALSE(orig_params != new_params); + + // Test comparison on CryptoHandshakeMessage. + orig_params.google_quic_params = std::make_unique<CryptoHandshakeMessage>(); + const std::string kTestString = "test string"; + orig_params.google_quic_params->SetStringPiece(42, kTestString); + const uint32_t kTestValue = 12; + orig_params.google_quic_params->SetValue(1337, kTestValue); + EXPECT_NE(orig_params, new_params); + EXPECT_FALSE(orig_params == new_params); + EXPECT_TRUE(orig_params != new_params); + + new_params.google_quic_params = std::make_unique<CryptoHandshakeMessage>(); + new_params.google_quic_params->SetStringPiece(42, kTestString); + new_params.google_quic_params->SetValue(1337, kTestValue + 1); + EXPECT_NE(orig_params, new_params); + EXPECT_FALSE(orig_params == new_params); + EXPECT_TRUE(orig_params != new_params); + new_params.google_quic_params->SetValue(1337, kTestValue); + EXPECT_EQ(orig_params, new_params); + EXPECT_TRUE(orig_params == new_params); + EXPECT_FALSE(orig_params != new_params); + + // Test comparison on CustomMap + orig_params.custom_parameters[kCustomParameter1] = kCustomParameter1Value; + orig_params.custom_parameters[kCustomParameter2] = kCustomParameter2Value; + + new_params.custom_parameters[kCustomParameter2] = kCustomParameter2Value; + new_params.custom_parameters[kCustomParameter1] = kCustomParameter1Value; + EXPECT_EQ(orig_params, new_params); + EXPECT_TRUE(orig_params == new_params); + EXPECT_FALSE(orig_params != new_params); +} + +TEST_P(TransportParametersTest, CopyConstructor) { + TransportParameters orig_params; + orig_params.perspective = Perspective::IS_CLIENT; + orig_params.version = kFakeVersionLabel; + orig_params.supported_versions.push_back(kFakeVersionLabel); + orig_params.supported_versions.push_back(kFakeVersionLabel2); + orig_params.original_connection_id = CreateFakeOriginalConnectionId(); + orig_params.idle_timeout_milliseconds.set_value(kFakeIdleTimeoutMilliseconds); + orig_params.stateless_reset_token = CreateFakeStatelessResetToken(); + orig_params.max_packet_size.set_value(kFakeMaxPacketSize); + orig_params.initial_max_data.set_value(kFakeInitialMaxData); + orig_params.initial_max_stream_data_bidi_local.set_value( + kFakeInitialMaxStreamDataBidiLocal); + orig_params.initial_max_stream_data_bidi_remote.set_value( + kFakeInitialMaxStreamDataBidiRemote); + orig_params.initial_max_stream_data_uni.set_value( + kFakeInitialMaxStreamDataUni); + orig_params.initial_max_streams_bidi.set_value(kFakeInitialMaxStreamsBidi); + orig_params.initial_max_streams_uni.set_value(kFakeInitialMaxStreamsUni); + orig_params.ack_delay_exponent.set_value(kFakeAckDelayExponent); + orig_params.max_ack_delay.set_value(kFakeMaxAckDelay); + orig_params.disable_migration = kFakeDisableMigration; + orig_params.preferred_address = CreateFakePreferredAddress(); + orig_params.active_connection_id_limit.set_value( + kFakeActiveConnectionIdLimit); + orig_params.initial_round_trip_time_us.set_value(kFakeInitialRoundTripTime); + orig_params.google_connection_options = CreateFakeGoogleConnectionOptions(); + orig_params.user_agent_id = CreateFakeUserAgentId(); + orig_params.custom_parameters[kCustomParameter1] = kCustomParameter1Value; + orig_params.custom_parameters[kCustomParameter2] = kCustomParameter2Value; + + TransportParameters new_params(orig_params); + EXPECT_EQ(new_params, orig_params); +} + TEST_P(TransportParametersTest, RoundTripClient) { TransportParameters orig_params; orig_params.perspective = Perspective::IS_CLIENT; @@ -145,6 +279,9 @@ TEST_P(TransportParametersTest, RoundTripClient) { orig_params.disable_migration = kFakeDisableMigration; orig_params.active_connection_id_limit.set_value( kFakeActiveConnectionIdLimit); + orig_params.initial_round_trip_time_us.set_value(kFakeInitialRoundTripTime); + orig_params.google_connection_options = CreateFakeGoogleConnectionOptions(); + orig_params.user_agent_id = CreateFakeUserAgentId(); orig_params.custom_parameters[kCustomParameter1] = kCustomParameter1Value; orig_params.custom_parameters[kCustomParameter2] = kCustomParameter2Value; @@ -158,34 +295,8 @@ TEST_P(TransportParametersTest, RoundTripClient) { &new_params, &error_details)) << error_details; EXPECT_TRUE(error_details.empty()); - EXPECT_EQ(Perspective::IS_CLIENT, new_params.perspective); - EXPECT_EQ(kFakeVersionLabel, new_params.version); - EXPECT_TRUE(new_params.supported_versions.empty()); - EXPECT_EQ(EmptyQuicConnectionId(), new_params.original_connection_id); - EXPECT_EQ(kFakeIdleTimeoutMilliseconds, - new_params.idle_timeout_milliseconds.value()); - EXPECT_TRUE(new_params.stateless_reset_token.empty()); - EXPECT_EQ(kFakeMaxPacketSize, new_params.max_packet_size.value()); - EXPECT_EQ(kFakeInitialMaxData, new_params.initial_max_data.value()); - EXPECT_EQ(kFakeInitialMaxStreamDataBidiLocal, - new_params.initial_max_stream_data_bidi_local.value()); - EXPECT_EQ(kFakeInitialMaxStreamDataBidiRemote, - new_params.initial_max_stream_data_bidi_remote.value()); - EXPECT_EQ(kFakeInitialMaxStreamDataUni, - new_params.initial_max_stream_data_uni.value()); - EXPECT_EQ(kFakeInitialMaxStreamsBidi, - new_params.initial_max_streams_bidi.value()); - EXPECT_EQ(kFakeInitialMaxStreamsUni, - new_params.initial_max_streams_uni.value()); - EXPECT_EQ(kFakeAckDelayExponent, new_params.ack_delay_exponent.value()); - EXPECT_EQ(kFakeMaxAckDelay, new_params.max_ack_delay.value()); - EXPECT_EQ(kFakeDisableMigration, new_params.disable_migration); - EXPECT_EQ(kFakeActiveConnectionIdLimit, - new_params.active_connection_id_limit.value()); - EXPECT_THAT( - new_params.custom_parameters, - UnorderedElementsAre(Pair(kCustomParameter1, kCustomParameter1Value), - Pair(kCustomParameter2, kCustomParameter2Value))); + RemoveGreaseParameters(&new_params); + EXPECT_EQ(new_params, orig_params); } TEST_P(TransportParametersTest, RoundTripServer) { @@ -213,6 +324,7 @@ TEST_P(TransportParametersTest, RoundTripServer) { orig_params.preferred_address = CreateFakePreferredAddress(); orig_params.active_connection_id_limit.set_value( kFakeActiveConnectionIdLimit); + orig_params.google_connection_options = CreateFakeGoogleConnectionOptions(); std::vector<uint8_t> serialized; ASSERT_TRUE(SerializeTransportParameters(version_, orig_params, &serialized)); @@ -224,43 +336,8 @@ TEST_P(TransportParametersTest, RoundTripServer) { &new_params, &error_details)) << error_details; EXPECT_TRUE(error_details.empty()); - EXPECT_EQ(Perspective::IS_SERVER, new_params.perspective); - EXPECT_EQ(kFakeVersionLabel, new_params.version); - EXPECT_EQ(2u, new_params.supported_versions.size()); - EXPECT_EQ(kFakeVersionLabel, new_params.supported_versions[0]); - EXPECT_EQ(kFakeVersionLabel2, new_params.supported_versions[1]); - EXPECT_EQ(CreateFakeOriginalConnectionId(), - new_params.original_connection_id); - EXPECT_EQ(kFakeIdleTimeoutMilliseconds, - new_params.idle_timeout_milliseconds.value()); - EXPECT_EQ(CreateFakeStatelessResetToken(), new_params.stateless_reset_token); - EXPECT_EQ(kFakeMaxPacketSize, new_params.max_packet_size.value()); - EXPECT_EQ(kFakeInitialMaxData, new_params.initial_max_data.value()); - EXPECT_EQ(kFakeInitialMaxStreamDataBidiLocal, - new_params.initial_max_stream_data_bidi_local.value()); - EXPECT_EQ(kFakeInitialMaxStreamDataBidiRemote, - new_params.initial_max_stream_data_bidi_remote.value()); - EXPECT_EQ(kFakeInitialMaxStreamDataUni, - new_params.initial_max_stream_data_uni.value()); - EXPECT_EQ(kFakeInitialMaxStreamsBidi, - new_params.initial_max_streams_bidi.value()); - EXPECT_EQ(kFakeInitialMaxStreamsUni, - new_params.initial_max_streams_uni.value()); - EXPECT_EQ(kFakeAckDelayExponent, new_params.ack_delay_exponent.value()); - EXPECT_EQ(kFakeMaxAckDelay, new_params.max_ack_delay.value()); - EXPECT_EQ(kFakeDisableMigration, new_params.disable_migration); - ASSERT_NE(nullptr, new_params.preferred_address.get()); - EXPECT_EQ(CreateFakeV4SocketAddress(), - new_params.preferred_address->ipv4_socket_address); - EXPECT_EQ(CreateFakeV6SocketAddress(), - new_params.preferred_address->ipv6_socket_address); - EXPECT_EQ(CreateFakePreferredConnectionId(), - new_params.preferred_address->connection_id); - EXPECT_EQ(CreateFakePreferredStatelessResetToken(), - new_params.preferred_address->stateless_reset_token); - EXPECT_EQ(kFakeActiveConnectionIdLimit, - new_params.active_connection_id_limit.value()); - EXPECT_EQ(0u, new_params.custom_parameters.size()); + RemoveGreaseParameters(&new_params); + EXPECT_EQ(new_params, orig_params); } TEST_P(TransportParametersTest, AreValid) { @@ -330,6 +407,29 @@ TEST_P(TransportParametersTest, AreValid) { "Invalid transport parameters [Client ack_delay_exponent 21 " "(Invalid)]"); } + { + TransportParameters params; + std::string error_details; + params.perspective = Perspective::IS_CLIENT; + EXPECT_TRUE(params.AreValid(&error_details)); + EXPECT_TRUE(error_details.empty()); + params.active_connection_id_limit.set_value(2); + EXPECT_TRUE(params.AreValid(&error_details)); + EXPECT_TRUE(error_details.empty()); + params.active_connection_id_limit.set_value(999999); + EXPECT_TRUE(params.AreValid(&error_details)); + EXPECT_TRUE(error_details.empty()); + params.active_connection_id_limit.set_value(1); + EXPECT_FALSE(params.AreValid(&error_details)); + EXPECT_EQ(error_details, + "Invalid transport parameters [Client active_connection_id_limit" + " 1 (Invalid)]"); + params.active_connection_id_limit.set_value(0); + EXPECT_FALSE(params.AreValid(&error_details)); + EXPECT_EQ(error_details, + "Invalid transport parameters [Client active_connection_id_limit" + " 0 (Invalid)]"); + } } TEST_P(TransportParametersTest, NoClientParamsWithStatelessResetToken) { @@ -352,7 +452,7 @@ TEST_P(TransportParametersTest, NoClientParamsWithStatelessResetToken) { TEST_P(TransportParametersTest, ParseClientParams) { // clang-format off const uint8_t kClientParamsOld[] = { - 0x00, 0x49, // length of the parameters array that follows + 0x00, 0x6a, // length of the parameters array that follows // idle_timeout 0x00, 0x01, // parameter id 0x00, 0x02, // length @@ -400,6 +500,20 @@ TEST_P(TransportParametersTest, ParseClientParams) { 0x00, 0x0e, // parameter id 0x00, 0x01, // length 0x34, // value + // initial_round_trip_time_us + 0x31, 0x27, // parameter id + 0x00, 0x01, // length + 0x35, // value + // google_connection_options + 0x31, 0x28, // parameter id + 0x00, 0x0c, // length + 'A', 'L', 'P', 'N', // value + 'E', 'F', 'G', 0x00, + 'H', 'I', 'J', 0xff, + // user_agent_id + 0x31, 0x29, // parameter id + 0x00, 0x08, // length + 'F', 'a', 'k', 'e', 'U', 'A', 'I', 'D', // value // Google version extension 0x47, 0x52, // parameter id 0x00, 0x04, // length @@ -453,6 +567,20 @@ TEST_P(TransportParametersTest, ParseClientParams) { 0x0e, // parameter id 0x01, // length 0x34, // value + // initial_round_trip_time_us + 0x71, 0x27, // parameter id + 0x01, // length + 0x35, // value + // google_connection_options + 0x71, 0x28, // parameter id + 0x0c, // length + 'A', 'L', 'P', 'N', // value + 'E', 'F', 'G', 0x00, + 'H', 'I', 'J', 0xff, + // user_agent_id + 0x71, 0x29, // parameter id + 0x08, // length + 'F', 'a', 'k', 'e', 'U', 'A', 'I', 'D', // value // Google version extension 0x80, 0x00, 0x47, 0x52, // parameter id 0x04, // length @@ -476,7 +604,7 @@ TEST_P(TransportParametersTest, ParseClientParams) { EXPECT_EQ(Perspective::IS_CLIENT, new_params.perspective); EXPECT_EQ(kFakeVersionLabel, new_params.version); EXPECT_TRUE(new_params.supported_versions.empty()); - EXPECT_EQ(EmptyQuicConnectionId(), new_params.original_connection_id); + EXPECT_FALSE(new_params.original_connection_id.has_value()); EXPECT_EQ(kFakeIdleTimeoutMilliseconds, new_params.idle_timeout_milliseconds.value()); EXPECT_TRUE(new_params.stateless_reset_token.empty()); @@ -497,6 +625,13 @@ TEST_P(TransportParametersTest, ParseClientParams) { EXPECT_EQ(kFakeDisableMigration, new_params.disable_migration); EXPECT_EQ(kFakeActiveConnectionIdLimit, new_params.active_connection_id_limit.value()); + EXPECT_EQ(kFakeInitialRoundTripTime, + new_params.initial_round_trip_time_us.value()); + ASSERT_TRUE(new_params.google_connection_options.has_value()); + EXPECT_EQ(CreateFakeGoogleConnectionOptions(), + new_params.google_connection_options.value()); + ASSERT_TRUE(new_params.user_agent_id.has_value()); + EXPECT_EQ(CreateFakeUserAgentId(), new_params.user_agent_id.value()); } TEST_P(TransportParametersTest, @@ -664,7 +799,7 @@ TEST_P(TransportParametersTest, ParseClientParametersRepeated) { TEST_P(TransportParametersTest, ParseServerParams) { // clang-format off const uint8_t kServerParamsOld[] = { - 0x00, 0xa7, // length of parameters array that follows + 0x00, 0xb7, // length of parameters array that follows // original_connection_id 0x00, 0x00, // parameter id 0x00, 0x08, // length @@ -733,6 +868,12 @@ TEST_P(TransportParametersTest, ParseServerParams) { 0x00, 0x0e, // parameter id 0x00, 0x01, // length 0x34, // value + // google_connection_options + 0x31, 0x28, // parameter id + 0x00, 0x0c, // length + 'A', 'L', 'P', 'N', // value + 'E', 'F', 'G', 0x00, + 'H', 'I', 'J', 0xff, // Google version extension 0x47, 0x52, // parameter id 0x00, 0x0d, // length @@ -810,6 +951,12 @@ TEST_P(TransportParametersTest, ParseServerParams) { 0x0e, // parameter id 0x01, // length 0x34, // value + // google_connection_options + 0x71, 0x28, // parameter id + 0x0c, // length + 'A', 'L', 'P', 'N', // value + 'E', 'F', 'G', 0x00, + 'H', 'I', 'J', 0xff, // Google version extension 0x80, 0x00, 0x47, 0x52, // parameter id 0x0d, // length @@ -838,8 +985,9 @@ TEST_P(TransportParametersTest, ParseServerParams) { EXPECT_EQ(2u, new_params.supported_versions.size()); EXPECT_EQ(kFakeVersionLabel, new_params.supported_versions[0]); EXPECT_EQ(kFakeVersionLabel2, new_params.supported_versions[1]); + ASSERT_TRUE(new_params.original_connection_id.has_value()); EXPECT_EQ(CreateFakeOriginalConnectionId(), - new_params.original_connection_id); + new_params.original_connection_id.value()); EXPECT_EQ(kFakeIdleTimeoutMilliseconds, new_params.idle_timeout_milliseconds.value()); EXPECT_EQ(CreateFakeStatelessResetToken(), new_params.stateless_reset_token); @@ -869,6 +1017,10 @@ TEST_P(TransportParametersTest, ParseServerParams) { new_params.preferred_address->stateless_reset_token); EXPECT_EQ(kFakeActiveConnectionIdLimit, new_params.active_connection_id_limit.value()); + ASSERT_TRUE(new_params.google_connection_options.has_value()); + EXPECT_EQ(CreateFakeGoogleConnectionOptions(), + new_params.google_connection_options.value()); + EXPECT_FALSE(new_params.user_agent_id.has_value()); } TEST_P(TransportParametersTest, ParseServerParametersRepeated) { @@ -928,6 +1080,59 @@ TEST_P(TransportParametersTest, ParseServerParametersRepeated) { EXPECT_EQ(error_details, "Received a second idle_timeout"); } +TEST_P(TransportParametersTest, + ParseServerParametersEmptyOriginalConnectionId) { + // clang-format off + const uint8_t kServerParamsEmptyOriginalConnectionIdOld[] = { + 0x00, 0x1e, // length of parameters array that follows + // original_connection_id + 0x00, 0x00, // parameter id + 0x00, 0x00, // length + // idle_timeout + 0x00, 0x01, // parameter id + 0x00, 0x02, // length + 0x6e, 0xec, // value + // stateless_reset_token + 0x00, 0x02, // parameter id + 0x00, 0x10, // length + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, + }; + const uint8_t kServerParamsEmptyOriginalConnectionId[] = { + // original_connection_id + 0x00, // parameter id + 0x00, // length + // idle_timeout + 0x01, // parameter id + 0x02, // length + 0x6e, 0xec, // value + // stateless_reset_token + 0x02, // parameter id + 0x10, // length + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, + }; + // clang-format on + const uint8_t* server_params = + reinterpret_cast<const uint8_t*>(kServerParamsEmptyOriginalConnectionId); + size_t server_params_length = + QUICHE_ARRAYSIZE(kServerParamsEmptyOriginalConnectionId); + if (!version_.HasVarIntTransportParams()) { + server_params = reinterpret_cast<const uint8_t*>( + kServerParamsEmptyOriginalConnectionIdOld); + server_params_length = + QUICHE_ARRAYSIZE(kServerParamsEmptyOriginalConnectionIdOld); + } + TransportParameters out_params; + std::string error_details; + ASSERT_TRUE(ParseTransportParameters(version_, Perspective::IS_SERVER, + server_params, server_params_length, + &out_params, &error_details)) + << error_details; + ASSERT_TRUE(out_params.original_connection_id.has_value()); + EXPECT_EQ(out_params.original_connection_id.value(), EmptyQuicConnectionId()); +} + TEST_P(TransportParametersTest, CryptoHandshakeMessageRoundtrip) { TransportParameters orig_params; orig_params.perspective = Perspective::IS_CLIENT; diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_ack_frame.cc b/chromium/net/third_party/quiche/src/quic/core/frames/quic_ack_frame.cc index 2946c01af8b..3fd3dea6120 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_ack_frame.cc +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_ack_frame.cc @@ -26,12 +26,7 @@ bool IsAwaitingPacket(const QuicAckFrame& ack_frame, !ack_frame.packets.Contains(packet_number); } -QuicAckFrame::QuicAckFrame() - : ack_delay_time(QuicTime::Delta::Infinite()), - ecn_counters_populated(false), - ect_0_count(0), - ect_1_count(0), - ecn_ce_count(0) {} +QuicAckFrame::QuicAckFrame() = default; QuicAckFrame::QuicAckFrame(const QuicAckFrame& other) = default; diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_ack_frame.h b/chromium/net/third_party/quiche/src/quic/core/frames/quic_ack_frame.h index 9003c76e3d3..69023404db3 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_ack_frame.h +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_ack_frame.h @@ -108,7 +108,7 @@ struct QUIC_EXPORT_PRIVATE QuicAckFrame { // Time elapsed since largest_observed() was received until this Ack frame was // sent. - QuicTime::Delta ack_delay_time; + QuicTime::Delta ack_delay_time = QuicTime::Delta::Infinite(); // Vector of <packet_number, time> for when packets arrived. PacketTimeVector received_packet_times; @@ -118,10 +118,10 @@ struct QUIC_EXPORT_PRIVATE QuicAckFrame { // ECN counters, used only in version 99's ACK frame and valid only when // |ecn_counters_populated| is true. - bool ecn_counters_populated; - QuicPacketCount ect_0_count; - QuicPacketCount ect_1_count; - QuicPacketCount ecn_ce_count; + bool ecn_counters_populated = false; + QuicPacketCount ect_0_count = 0; + QuicPacketCount ect_1_count = 0; + QuicPacketCount ecn_ce_count = 0; }; // The highest acked packet number we've observed from the peer. If no packets diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_blocked_frame.cc b/chromium/net/third_party/quiche/src/quic/core/frames/quic_blocked_frame.cc index 41ba1443ce9..1da520e03b0 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_blocked_frame.cc +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_blocked_frame.cc @@ -3,13 +3,9 @@ // found in the LICENSE file. #include "net/third_party/quiche/src/quic/core/frames/quic_blocked_frame.h" -#include "net/third_party/quiche/src/quic/core/quic_constants.h" namespace quic { -QuicBlockedFrame::QuicBlockedFrame() - : control_frame_id(kInvalidControlFrameId), stream_id(0), offset(0) {} - QuicBlockedFrame::QuicBlockedFrame(QuicControlFrameId control_frame_id, QuicStreamId stream_id) : control_frame_id(control_frame_id), stream_id(stream_id), offset(0) {} diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_blocked_frame.h b/chromium/net/third_party/quiche/src/quic/core/frames/quic_blocked_frame.h index 30dcdf4ca05..64f3aeed477 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_blocked_frame.h +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_blocked_frame.h @@ -7,6 +7,7 @@ #include <ostream> +#include "net/third_party/quiche/src/quic/core/quic_constants.h" #include "net/third_party/quiche/src/quic/core/quic_types.h" namespace quic { @@ -16,7 +17,7 @@ namespace quic { // send data. The BLOCKED frame is purely advisory and optional. // Based on SPDY's BLOCKED frame (undocumented as of 2014-01-28). struct QUIC_EXPORT_PRIVATE QuicBlockedFrame { - QuicBlockedFrame(); + QuicBlockedFrame() = default; QuicBlockedFrame(QuicControlFrameId control_frame_id, QuicStreamId stream_id); QuicBlockedFrame(QuicControlFrameId control_frame_id, QuicStreamId stream_id, @@ -28,7 +29,7 @@ struct QUIC_EXPORT_PRIVATE QuicBlockedFrame { // A unique identifier of this control frame. 0 when this frame is received, // and non-zero when sent. - QuicControlFrameId control_frame_id; + QuicControlFrameId control_frame_id = kInvalidControlFrameId; // 0 is a special case meaning the connection is blocked, rather than a // stream. So stream_id 0 corresponds to a BLOCKED frame and non-0 @@ -36,10 +37,10 @@ struct QUIC_EXPORT_PRIVATE QuicBlockedFrame { // TODO(fkastenholz): This should be converted to use // QuicUtils::GetInvalidStreamId to get the correct invalid stream id value // and not rely on 0. - QuicStreamId stream_id; + QuicStreamId stream_id = 0; // For Google QUIC, the offset is ignored. - QuicStreamOffset offset; + QuicStreamOffset offset = 0; }; } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_connection_close_frame.cc b/chromium/net/third_party/quiche/src/quic/core/frames/quic_connection_close_frame.cc index 35aedf4a292..e1b9302ceb4 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_connection_close_frame.cc +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_connection_close_frame.cc @@ -7,60 +7,55 @@ #include <memory> #include "net/third_party/quiche/src/quic/core/quic_constants.h" +#include "net/third_party/quiche/src/quic/core/quic_types.h" namespace quic { -QuicConnectionCloseFrame::QuicConnectionCloseFrame() - // Default close type ensures that existing, pre-V99 code works as expected. - : close_type(GOOGLE_QUIC_CONNECTION_CLOSE), - quic_error_code(QUIC_NO_ERROR), - extracted_error_code(QUIC_NO_ERROR), - transport_close_frame_type(0) {} QuicConnectionCloseFrame::QuicConnectionCloseFrame( QuicTransportVersion transport_version, QuicErrorCode error_code, std::string error_phrase, uint64_t frame_type) - : extracted_error_code(error_code), error_details(error_phrase) { + : quic_error_code(error_code), error_details(error_phrase) { if (!VersionHasIetfQuicFrames(transport_version)) { close_type = GOOGLE_QUIC_CONNECTION_CLOSE; - quic_error_code = error_code; + wire_error_code = error_code; transport_close_frame_type = 0; return; } QuicErrorCodeToIetfMapping mapping = QuicErrorCodeToTransportErrorCode(error_code); - if (mapping.is_transport_close_) { + wire_error_code = mapping.error_code; + if (mapping.is_transport_close) { // Maps to a transport close close_type = IETF_QUIC_TRANSPORT_CONNECTION_CLOSE; - transport_error_code = mapping.transport_error_code_; transport_close_frame_type = frame_type; return; } // Maps to an application close. close_type = IETF_QUIC_APPLICATION_CONNECTION_CLOSE; - application_error_code = mapping.application_error_code_; transport_close_frame_type = 0; } std::ostream& operator<<( std::ostream& os, const QuicConnectionCloseFrame& connection_close_frame) { - os << "{ Close type: " << connection_close_frame.close_type - << ", error_code: "; + os << "{ Close type: " << connection_close_frame.close_type; switch (connection_close_frame.close_type) { case IETF_QUIC_TRANSPORT_CONNECTION_CLOSE: - os << connection_close_frame.transport_error_code; + os << ", wire_error_code: " + << static_cast<QuicIetfTransportErrorCodes>( + connection_close_frame.wire_error_code); break; case IETF_QUIC_APPLICATION_CONNECTION_CLOSE: - os << connection_close_frame.application_error_code; + os << ", wire_error_code: " << connection_close_frame.wire_error_code; break; case GOOGLE_QUIC_CONNECTION_CLOSE: - os << connection_close_frame.quic_error_code; + // Do not log, value same as |quic_error_code|. break; } - os << ", extracted_error_code: " - << QuicErrorCodeToString(connection_close_frame.extracted_error_code) + os << ", quic_error_code: " + << QuicErrorCodeToString(connection_close_frame.quic_error_code) << ", error_details: '" << connection_close_frame.error_details << "'"; if (connection_close_frame.close_type == IETF_QUIC_TRANSPORT_CONNECTION_CLOSE) { diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_connection_close_frame.h b/chromium/net/third_party/quiche/src/quic/core/frames/quic_connection_close_frame.h index 4ee41b97fd9..de40dadc860 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_connection_close_frame.h +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_connection_close_frame.h @@ -16,7 +16,7 @@ namespace quic { struct QUIC_EXPORT_PRIVATE QuicConnectionCloseFrame { - QuicConnectionCloseFrame(); + QuicConnectionCloseFrame() = default; // Builds a connection close frame based on the transport version // and the mapping of error_code. THIS IS THE PREFERRED C'TOR @@ -31,33 +31,25 @@ struct QUIC_EXPORT_PRIVATE QuicConnectionCloseFrame { std::ostream& os, const QuicConnectionCloseFrame& c); - // Indicates whether the received CONNECTION_CLOSE frame is a Google QUIC - // CONNECTION_CLOSE, IETF QUIC CONNECTION_CLOSE. - QuicConnectionCloseType close_type; + // Indicates whether the the frame is a Google QUIC CONNECTION_CLOSE frame, + // an IETF QUIC CONNECTION_CLOSE frame with transport error code, + // or an IETF QUIC CONNECTION_CLOSE frame with application error code. + QuicConnectionCloseType close_type = GOOGLE_QUIC_CONNECTION_CLOSE; - // This is the error field in the frame. - // The CONNECTION_CLOSE frame reports an error code: - // - The transport error code as reported in a CONNECTION_CLOSE/Transport - // frame (serialized as a VarInt), - // - An opaque 64-bit code as reported in CONNECTION_CLOSE/Application frames - // (serialized as a VarInt),, - // - A 16 bit QuicErrorCode, which is used in Google QUIC. - union { - QuicIetfTransportErrorCodes transport_error_code; - uint64_t application_error_code; - QuicErrorCode quic_error_code; - }; + // The error code on the wire. For Google QUIC frames, this has the same + // value as |quic_error_code|. + uint64_t wire_error_code = QUIC_NO_ERROR; - // For IETF QUIC frames, this is the error code is extracted from, or added - // to, the error details text. For received Google QUIC frames, the Google - // QUIC error code from the frame's error code field is copied here (as well - // as in quic_error_code, above). - QuicErrorCode extracted_error_code; + // The underlying error. For Google QUIC frames, this has the same value as + // |wire_error_code|. For sent IETF QUIC frames, this is the error that + // triggered the closure of the connection. For received IETF QUIC frames, + // this is parsed from the Reason Phrase field of the CONNECTION_CLOSE frame, + // or QUIC_IETF_GQUIC_ERROR_MISSING. + QuicErrorCode quic_error_code = QUIC_NO_ERROR; - // String with additional error details. "QuicErrorCode: 123" will be appended - // to the error details when sending IETF QUIC Connection Close and - // Application Close frames and parsed into extracted_error_code upon receipt, - // when present. + // String with additional error details. |quic_error_code| and a colon will be + // prepended to the error details when sending IETF QUIC frames, and parsed + // into |quic_error_code| upon receipt, when present. std::string error_details; // The frame type present in the IETF transport connection close frame. @@ -65,7 +57,7 @@ struct QUIC_EXPORT_PRIVATE QuicConnectionCloseFrame { // Contains the type of frame that triggered the connection close. Made a // uint64, as opposed to the QuicIetfFrameType, to support possible // extensions as well as reporting invalid frame types received from the peer. - uint64_t transport_close_frame_type; + uint64_t transport_close_frame_type = 0; }; } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_crypto_frame.cc b/chromium/net/third_party/quiche/src/quic/core/frames/quic_crypto_frame.cc index d750da76939..81b3e18a6b2 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_crypto_frame.cc +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_crypto_frame.cc @@ -9,9 +9,6 @@ namespace quic { -QuicCryptoFrame::QuicCryptoFrame() - : QuicCryptoFrame(ENCRYPTION_INITIAL, 0, nullptr, 0) {} - QuicCryptoFrame::QuicCryptoFrame(EncryptionLevel level, QuicStreamOffset offset, QuicPacketLength data_length) @@ -35,7 +32,7 @@ QuicCryptoFrame::~QuicCryptoFrame() {} std::ostream& operator<<(std::ostream& os, const QuicCryptoFrame& stream_frame) { - os << "{ level: " << static_cast<int>(stream_frame.level) + os << "{ level: " << EncryptionLevelToString(stream_frame.level) << ", offset: " << stream_frame.offset << ", length: " << stream_frame.data_length << " }\n"; return os; diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_crypto_frame.h b/chromium/net/third_party/quiche/src/quic/core/frames/quic_crypto_frame.h index 28434cb6362..2bb7a08d68a 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_crypto_frame.h +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_crypto_frame.h @@ -16,7 +16,7 @@ namespace quic { struct QUIC_EXPORT_PRIVATE QuicCryptoFrame { - QuicCryptoFrame(); + QuicCryptoFrame() = default; QuicCryptoFrame(EncryptionLevel level, QuicStreamOffset offset, QuicPacketLength data_length); @@ -31,12 +31,12 @@ struct QUIC_EXPORT_PRIVATE QuicCryptoFrame { // When writing a crypto frame to a packet, the packet must be encrypted at // |level|. When a crypto frame is read, the encryption level of the packet it // was received in is put in |level|. - EncryptionLevel level; - QuicPacketLength data_length; + EncryptionLevel level = ENCRYPTION_INITIAL; + QuicPacketLength data_length = 0; // When reading, |data_buffer| points to the data that was received in the // frame. |data_buffer| is not used when writing. - const char* data_buffer; - QuicStreamOffset offset; // Location of this data in the stream. + const char* data_buffer = nullptr; + QuicStreamOffset offset = 0; // Location of this data in the stream. QuicCryptoFrame(EncryptionLevel level, QuicStreamOffset offset, diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_frames_test.cc b/chromium/net/third_party/quiche/src/quic/core/frames/quic_frames_test.cc index 7450adb5d2c..22322ed8ee2 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_frames_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_frames_test.cc @@ -147,11 +147,9 @@ TEST_F(QuicFramesTest, ConnectionCloseFrameToString) { // indicating that, in fact, no extended error code was available from the // underlying frame. EXPECT_EQ( - "{ Close type: GOOGLE_QUIC_CONNECTION_CLOSE, error_code: 25, " - "extracted_error_code: QUIC_NO_ERROR, " - "error_details: 'No recent " - "network activity.'" - "}\n", + "{ Close type: GOOGLE_QUIC_CONNECTION_CLOSE, " + "quic_error_code: QUIC_NETWORK_IDLE_TIMEOUT, " + "error_details: 'No recent network activity.'}\n", stream.str()); QuicFrame quic_frame(&frame); EXPECT_FALSE(IsControlFrame(quic_frame.type)); @@ -160,16 +158,16 @@ TEST_F(QuicFramesTest, ConnectionCloseFrameToString) { TEST_F(QuicFramesTest, TransportConnectionCloseFrameToString) { QuicConnectionCloseFrame frame; frame.close_type = IETF_QUIC_TRANSPORT_CONNECTION_CLOSE; - frame.transport_error_code = FINAL_SIZE_ERROR; - frame.extracted_error_code = QUIC_NETWORK_IDLE_TIMEOUT; + frame.wire_error_code = FINAL_SIZE_ERROR; + frame.quic_error_code = QUIC_NETWORK_IDLE_TIMEOUT; frame.error_details = "No recent network activity."; frame.transport_close_frame_type = IETF_STREAM; std::ostringstream stream; stream << frame; EXPECT_EQ( - "{ Close type: IETF_QUIC_TRANSPORT_CONNECTION_CLOSE, error_code: " - "FINAL_SIZE_ERROR, " - "extracted_error_code: QUIC_NETWORK_IDLE_TIMEOUT, " + "{ Close type: IETF_QUIC_TRANSPORT_CONNECTION_CLOSE, " + "wire_error_code: FINAL_SIZE_ERROR, " + "quic_error_code: QUIC_NETWORK_IDLE_TIMEOUT, " "error_details: 'No recent " "network activity.', " "frame_type: IETF_STREAM" diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_goaway_frame.cc b/chromium/net/third_party/quiche/src/quic/core/frames/quic_goaway_frame.cc index 3842f92690e..4c8848d1738 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_goaway_frame.cc +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_goaway_frame.cc @@ -5,15 +5,9 @@ #include <string> #include "net/third_party/quiche/src/quic/core/frames/quic_goaway_frame.h" -#include "net/third_party/quiche/src/quic/core/quic_constants.h" namespace quic { -QuicGoAwayFrame::QuicGoAwayFrame() - : control_frame_id(kInvalidControlFrameId), - error_code(QUIC_NO_ERROR), - last_good_stream_id(0) {} - QuicGoAwayFrame::QuicGoAwayFrame(QuicControlFrameId control_frame_id, QuicErrorCode error_code, QuicStreamId last_good_stream_id, diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_goaway_frame.h b/chromium/net/third_party/quiche/src/quic/core/frames/quic_goaway_frame.h index ecceee6fc0e..b642cfa0372 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_goaway_frame.h +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_goaway_frame.h @@ -8,13 +8,14 @@ #include <ostream> #include <string> +#include "net/third_party/quiche/src/quic/core/quic_constants.h" #include "net/third_party/quiche/src/quic/core/quic_error_codes.h" #include "net/third_party/quiche/src/quic/core/quic_types.h" namespace quic { struct QUIC_EXPORT_PRIVATE QuicGoAwayFrame { - QuicGoAwayFrame(); + QuicGoAwayFrame() = default; QuicGoAwayFrame(QuicControlFrameId control_frame_id, QuicErrorCode error_code, QuicStreamId last_good_stream_id, @@ -25,9 +26,9 @@ struct QUIC_EXPORT_PRIVATE QuicGoAwayFrame { // A unique identifier of this control frame. 0 when this frame is received, // and non-zero when sent. - QuicControlFrameId control_frame_id; - QuicErrorCode error_code; - QuicStreamId last_good_stream_id; + QuicControlFrameId control_frame_id = kInvalidControlFrameId; + QuicErrorCode error_code = QUIC_NO_ERROR; + QuicStreamId last_good_stream_id = 0; std::string reason_phrase; }; diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_handshake_done_frame.cc b/chromium/net/third_party/quiche/src/quic/core/frames/quic_handshake_done_frame.cc index 6f411a50188..f4a97c1d2e6 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_handshake_done_frame.cc +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_handshake_done_frame.cc @@ -7,8 +7,7 @@ namespace quic { QuicHandshakeDoneFrame::QuicHandshakeDoneFrame() - : QuicInlinedFrame(HANDSHAKE_DONE_FRAME), - control_frame_id(kInvalidControlFrameId) {} + : QuicInlinedFrame(HANDSHAKE_DONE_FRAME) {} QuicHandshakeDoneFrame::QuicHandshakeDoneFrame( QuicControlFrameId control_frame_id) diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_handshake_done_frame.h b/chromium/net/third_party/quiche/src/quic/core/frames/quic_handshake_done_frame.h index 48aa3c774a3..c16c169f6a5 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_handshake_done_frame.h +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_handshake_done_frame.h @@ -25,7 +25,7 @@ struct QUIC_EXPORT_PRIVATE QuicHandshakeDoneFrame // A unique identifier of this control frame. 0 when this frame is received, // and non-zero when sent. - QuicControlFrameId control_frame_id; + QuicControlFrameId control_frame_id = kInvalidControlFrameId; }; } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_max_streams_frame.cc b/chromium/net/third_party/quiche/src/quic/core/frames/quic_max_streams_frame.cc index 6301e72c28f..1726080e2e1 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_max_streams_frame.cc +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_max_streams_frame.cc @@ -7,10 +7,7 @@ namespace quic { QuicMaxStreamsFrame::QuicMaxStreamsFrame() - : QuicInlinedFrame(MAX_STREAMS_FRAME), - control_frame_id(kInvalidControlFrameId), - stream_count(0), - unidirectional(false) {} + : QuicInlinedFrame(MAX_STREAMS_FRAME) {} QuicMaxStreamsFrame::QuicMaxStreamsFrame(QuicControlFrameId control_frame_id, QuicStreamCount stream_count, diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_max_streams_frame.h b/chromium/net/third_party/quiche/src/quic/core/frames/quic_max_streams_frame.h index f8c78f9afd4..e1595c046b0 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_max_streams_frame.h +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_max_streams_frame.h @@ -30,12 +30,12 @@ struct QUIC_EXPORT_PRIVATE QuicMaxStreamsFrame // A unique identifier of this control frame. 0 when this frame is received, // and non-zero when sent. - QuicControlFrameId control_frame_id; + QuicControlFrameId control_frame_id = kInvalidControlFrameId; // The number of streams that may be opened. - QuicStreamCount stream_count; + QuicStreamCount stream_count = 0; // Whether uni- or bi-directional streams - bool unidirectional; + bool unidirectional = false; }; } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_message_frame.cc b/chromium/net/third_party/quiche/src/quic/core/frames/quic_message_frame.cc index 196f6e90f95..45748ad0180 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_message_frame.cc +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_message_frame.cc @@ -10,9 +10,6 @@ namespace quic { -QuicMessageFrame::QuicMessageFrame() - : message_id(0), data(nullptr), message_length(0) {} - QuicMessageFrame::QuicMessageFrame(QuicMessageId message_id) : message_id(message_id), data(nullptr), message_length(0) {} diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_message_frame.h b/chromium/net/third_party/quiche/src/quic/core/frames/quic_message_frame.h index 5f285135e10..7f0179c95a9 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_message_frame.h +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_message_frame.h @@ -16,7 +16,7 @@ namespace quic { typedef QuicInlinedVector<QuicMemSlice, 1> QuicMessageData; struct QUIC_EXPORT_PRIVATE QuicMessageFrame { - QuicMessageFrame(); + QuicMessageFrame() = default; explicit QuicMessageFrame(QuicMessageId message_id); QuicMessageFrame(QuicMessageId message_id, QuicMemSliceSpan span); QuicMessageFrame(const char* data, QuicPacketLength length); @@ -35,11 +35,11 @@ struct QUIC_EXPORT_PRIVATE QuicMessageFrame { // message_id is only used on the sender side and does not get serialized on // wire. - QuicMessageId message_id; + QuicMessageId message_id = 0; // Not owned, only used on read path. - const char* data; + const char* data = nullptr; // Total length of message_data, must be fit into one packet. - QuicPacketLength message_length; + QuicPacketLength message_length = 0; // The actual message data which is reference counted, used on write path. QuicMessageData message_data; diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_new_connection_id_frame.cc b/chromium/net/third_party/quiche/src/quic/core/frames/quic_new_connection_id_frame.cc index f6c86617a67..d2e8cea2ad2 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_new_connection_id_frame.cc +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_new_connection_id_frame.cc @@ -3,15 +3,9 @@ // found in the LICENSE file. #include "net/third_party/quiche/src/quic/core/frames/quic_new_connection_id_frame.h" -#include "net/third_party/quiche/src/quic/core/quic_constants.h" namespace quic { -QuicNewConnectionIdFrame::QuicNewConnectionIdFrame() - : control_frame_id(kInvalidControlFrameId), - connection_id(EmptyQuicConnectionId()), - sequence_number(0) {} - QuicNewConnectionIdFrame::QuicNewConnectionIdFrame( QuicControlFrameId control_frame_id, QuicConnectionId connection_id, diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_new_connection_id_frame.h b/chromium/net/third_party/quiche/src/quic/core/frames/quic_new_connection_id_frame.h index 441ca1aaf4d..7bd45865f47 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_new_connection_id_frame.h +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_new_connection_id_frame.h @@ -7,6 +7,8 @@ #include <ostream> +#include "net/third_party/quiche/src/quic/core/quic_connection_id.h" +#include "net/third_party/quiche/src/quic/core/quic_constants.h" #include "net/third_party/quiche/src/quic/core/quic_error_codes.h" #include "net/third_party/quiche/src/quic/core/quic_types.h" #include "net/third_party/quiche/src/quic/platform/api/quic_uint128.h" @@ -14,7 +16,7 @@ namespace quic { struct QUIC_EXPORT_PRIVATE QuicNewConnectionIdFrame { - QuicNewConnectionIdFrame(); + QuicNewConnectionIdFrame() = default; QuicNewConnectionIdFrame(QuicControlFrameId control_frame_id, QuicConnectionId connection_id, QuicConnectionIdSequenceNumber sequence_number, @@ -27,9 +29,9 @@ struct QUIC_EXPORT_PRIVATE QuicNewConnectionIdFrame { // A unique identifier of this control frame. 0 when this frame is received, // and non-zero when sent. - QuicControlFrameId control_frame_id; - QuicConnectionId connection_id; - QuicConnectionIdSequenceNumber sequence_number; + QuicControlFrameId control_frame_id = kInvalidControlFrameId; + QuicConnectionId connection_id = EmptyQuicConnectionId(); + QuicConnectionIdSequenceNumber sequence_number = 0; QuicUint128 stateless_reset_token; uint64_t retire_prior_to; }; diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_new_token_frame.cc b/chromium/net/third_party/quiche/src/quic/core/frames/quic_new_token_frame.cc index 2dfb97f9017..0178422526c 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_new_token_frame.cc +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_new_token_frame.cc @@ -4,15 +4,11 @@ #include "net/third_party/quiche/src/quic/core/frames/quic_new_token_frame.h" -#include "net/third_party/quiche/src/quic/core/quic_constants.h" #include "net/third_party/quiche/src/quic/platform/api/quic_logging.h" #include "net/third_party/quiche/src/common/platform/api/quiche_text_utils.h" namespace quic { -QuicNewTokenFrame::QuicNewTokenFrame() - : control_frame_id(kInvalidControlFrameId) {} - QuicNewTokenFrame::QuicNewTokenFrame(QuicControlFrameId control_frame_id, std::string token) : control_frame_id(control_frame_id), token(token) {} diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_new_token_frame.h b/chromium/net/third_party/quiche/src/quic/core/frames/quic_new_token_frame.h index 0491477a2dd..abb0eecb2fb 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_new_token_frame.h +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_new_token_frame.h @@ -9,13 +9,14 @@ #include <ostream> #include "net/third_party/quiche/src/quic/core/quic_buffer_allocator.h" +#include "net/third_party/quiche/src/quic/core/quic_constants.h" #include "net/third_party/quiche/src/quic/core/quic_types.h" #include "net/third_party/quiche/src/quic/platform/api/quic_export.h" namespace quic { struct QUIC_EXPORT_PRIVATE QuicNewTokenFrame { - QuicNewTokenFrame(); + QuicNewTokenFrame() = default; QuicNewTokenFrame(QuicControlFrameId control_frame_id, std::string token); friend QUIC_EXPORT_PRIVATE std::ostream& operator<<( @@ -24,7 +25,7 @@ struct QUIC_EXPORT_PRIVATE QuicNewTokenFrame { // A unique identifier of this control frame. 0 when this frame is received, // and non-zero when sent. - QuicControlFrameId control_frame_id; + QuicControlFrameId control_frame_id = kInvalidControlFrameId; std::string token; }; diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_padding_frame.h b/chromium/net/third_party/quiche/src/quic/core/frames/quic_padding_frame.h index 03e0a4041fe..0918f0f2463 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_padding_frame.h +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_padding_frame.h @@ -17,17 +17,17 @@ namespace quic { // A padding frame contains no payload. struct QUIC_EXPORT_PRIVATE QuicPaddingFrame : public QuicInlinedFrame<QuicPaddingFrame> { - QuicPaddingFrame() : QuicInlinedFrame(PADDING_FRAME), num_padding_bytes(-1) {} + QuicPaddingFrame() : QuicInlinedFrame(PADDING_FRAME) {} explicit QuicPaddingFrame(int num_padding_bytes) : QuicInlinedFrame(PADDING_FRAME), num_padding_bytes(num_padding_bytes) {} friend QUIC_EXPORT_PRIVATE std::ostream& operator<<( std::ostream& os, - const QuicPaddingFrame& s); + const QuicPaddingFrame& padding_frame); // -1: full padding to the end of a max-sized packet // otherwise: only pad up to num_padding_bytes bytes - int num_padding_bytes; + int num_padding_bytes = -1; }; } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_path_challenge_frame.cc b/chromium/net/third_party/quiche/src/quic/core/frames/quic_path_challenge_frame.cc index 998ae483c07..4a8d1207b73 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_path_challenge_frame.cc +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_path_challenge_frame.cc @@ -4,15 +4,11 @@ #include "net/third_party/quiche/src/quic/core/frames/quic_path_challenge_frame.h" -#include "net/third_party/quiche/src/quic/core/quic_constants.h" #include "net/third_party/quiche/src/quic/platform/api/quic_bug_tracker.h" #include "net/third_party/quiche/src/common/platform/api/quiche_text_utils.h" namespace quic { -QuicPathChallengeFrame::QuicPathChallengeFrame() - : control_frame_id(kInvalidControlFrameId) {} - QuicPathChallengeFrame::QuicPathChallengeFrame( QuicControlFrameId control_frame_id, const QuicPathFrameBuffer& data_buff) diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_path_challenge_frame.h b/chromium/net/third_party/quiche/src/quic/core/frames/quic_path_challenge_frame.h index 46a010ae92b..e173117b581 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_path_challenge_frame.h +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_path_challenge_frame.h @@ -8,15 +8,13 @@ #include <memory> #include <ostream> +#include "net/third_party/quiche/src/quic/core/quic_constants.h" #include "net/third_party/quiche/src/quic/core/quic_types.h" namespace quic { -// Size of the entire IETF Quic Path Challenge frame. -const size_t kQuicPathChallengeFrameSize = kQuicPathFrameBufferSize; - struct QUIC_EXPORT_PRIVATE QuicPathChallengeFrame { - QuicPathChallengeFrame(); + QuicPathChallengeFrame() = default; QuicPathChallengeFrame(QuicControlFrameId control_frame_id, const QuicPathFrameBuffer& data_buff); ~QuicPathChallengeFrame(); @@ -27,7 +25,7 @@ struct QUIC_EXPORT_PRIVATE QuicPathChallengeFrame { // A unique identifier of this control frame. 0 when this frame is received, // and non-zero when sent. - QuicControlFrameId control_frame_id; + QuicControlFrameId control_frame_id = kInvalidControlFrameId; QuicPathFrameBuffer data_buffer; }; diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_path_response_frame.cc b/chromium/net/third_party/quiche/src/quic/core/frames/quic_path_response_frame.cc index e652698ab03..4779c6ad25f 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_path_response_frame.cc +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_path_response_frame.cc @@ -4,15 +4,11 @@ #include "net/third_party/quiche/src/quic/core/frames/quic_path_response_frame.h" -#include "net/third_party/quiche/src/quic/core/quic_constants.h" #include "net/third_party/quiche/src/quic/platform/api/quic_bug_tracker.h" #include "net/third_party/quiche/src/common/platform/api/quiche_text_utils.h" namespace quic { -QuicPathResponseFrame::QuicPathResponseFrame() - : control_frame_id(kInvalidControlFrameId) {} - QuicPathResponseFrame::QuicPathResponseFrame( QuicControlFrameId control_frame_id, const QuicPathFrameBuffer& data_buff) diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_path_response_frame.h b/chromium/net/third_party/quiche/src/quic/core/frames/quic_path_response_frame.h index e953ad8aa52..cdb0ba89e7c 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_path_response_frame.h +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_path_response_frame.h @@ -8,15 +8,13 @@ #include <memory> #include <ostream> +#include "net/third_party/quiche/src/quic/core/quic_constants.h" #include "net/third_party/quiche/src/quic/core/quic_types.h" namespace quic { -// Size of the entire IETF Quic Path Response frame. -const size_t kQuicPathResponseFrameSize = kQuicPathFrameBufferSize; - struct QUIC_EXPORT_PRIVATE QuicPathResponseFrame { - QuicPathResponseFrame(); + QuicPathResponseFrame() = default; QuicPathResponseFrame(QuicControlFrameId control_frame_id, const QuicPathFrameBuffer& data_buff); ~QuicPathResponseFrame(); @@ -27,7 +25,7 @@ struct QUIC_EXPORT_PRIVATE QuicPathResponseFrame { // A unique identifier of this control frame. 0 when this frame is received, // and non-zero when sent. - QuicControlFrameId control_frame_id; + QuicControlFrameId control_frame_id = kInvalidControlFrameId; QuicPathFrameBuffer data_buffer; }; diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_ping_frame.cc b/chromium/net/third_party/quiche/src/quic/core/frames/quic_ping_frame.cc index d31efb0aae9..064d9170303 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_ping_frame.cc +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_ping_frame.cc @@ -6,8 +6,7 @@ namespace quic { -QuicPingFrame::QuicPingFrame() - : QuicInlinedFrame(PING_FRAME), control_frame_id(kInvalidControlFrameId) {} +QuicPingFrame::QuicPingFrame() : QuicInlinedFrame(PING_FRAME) {} QuicPingFrame::QuicPingFrame(QuicControlFrameId control_frame_id) : QuicInlinedFrame(PING_FRAME), control_frame_id(control_frame_id) {} diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_ping_frame.h b/chromium/net/third_party/quiche/src/quic/core/frames/quic_ping_frame.h index 352d079951c..5cefdf9c805 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_ping_frame.h +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_ping_frame.h @@ -25,7 +25,7 @@ struct QUIC_EXPORT_PRIVATE QuicPingFrame // A unique identifier of this control frame. 0 when this frame is received, // and non-zero when sent. - QuicControlFrameId control_frame_id; + QuicControlFrameId control_frame_id = kInvalidControlFrameId; }; } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_retire_connection_id_frame.cc b/chromium/net/third_party/quiche/src/quic/core/frames/quic_retire_connection_id_frame.cc index 6828ce41227..0da9e0cfc02 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_retire_connection_id_frame.cc +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_retire_connection_id_frame.cc @@ -3,13 +3,9 @@ // found in the LICENSE file. #include "net/third_party/quiche/src/quic/core/frames/quic_retire_connection_id_frame.h" -#include "net/third_party/quiche/src/quic/core/quic_constants.h" namespace quic { -QuicRetireConnectionIdFrame::QuicRetireConnectionIdFrame() - : control_frame_id(kInvalidControlFrameId), sequence_number(0) {} - QuicRetireConnectionIdFrame::QuicRetireConnectionIdFrame( QuicControlFrameId control_frame_id, QuicConnectionIdSequenceNumber sequence_number) diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_retire_connection_id_frame.h b/chromium/net/third_party/quiche/src/quic/core/frames/quic_retire_connection_id_frame.h index 79521f647a0..4451d319546 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_retire_connection_id_frame.h +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_retire_connection_id_frame.h @@ -7,6 +7,7 @@ #include <ostream> +#include "net/third_party/quiche/src/quic/core/quic_constants.h" #include "net/third_party/quiche/src/quic/core/quic_error_codes.h" #include "net/third_party/quiche/src/quic/core/quic_types.h" #include "net/third_party/quiche/src/quic/platform/api/quic_uint128.h" @@ -14,7 +15,7 @@ namespace quic { struct QUIC_EXPORT_PRIVATE QuicRetireConnectionIdFrame { - QuicRetireConnectionIdFrame(); + QuicRetireConnectionIdFrame() = default; QuicRetireConnectionIdFrame(QuicControlFrameId control_frame_id, QuicConnectionIdSequenceNumber sequence_number); @@ -24,8 +25,8 @@ struct QUIC_EXPORT_PRIVATE QuicRetireConnectionIdFrame { // A unique identifier of this control frame. 0 when this frame is received, // and non-zero when sent. - QuicControlFrameId control_frame_id; - QuicConnectionIdSequenceNumber sequence_number; + QuicControlFrameId control_frame_id = kInvalidControlFrameId; + QuicConnectionIdSequenceNumber sequence_number = 0; }; } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_rst_stream_frame.cc b/chromium/net/third_party/quiche/src/quic/core/frames/quic_rst_stream_frame.cc index 63cf6eaf6a3..41a1fd391fe 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_rst_stream_frame.cc +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_rst_stream_frame.cc @@ -3,16 +3,9 @@ // found in the LICENSE file. #include "net/third_party/quiche/src/quic/core/frames/quic_rst_stream_frame.h" -#include "net/third_party/quiche/src/quic/core/quic_constants.h" namespace quic { -QuicRstStreamFrame::QuicRstStreamFrame() - : control_frame_id(kInvalidControlFrameId), - stream_id(0), - error_code(QUIC_STREAM_NO_ERROR), - byte_offset(0) {} - QuicRstStreamFrame::QuicRstStreamFrame(QuicControlFrameId control_frame_id, QuicStreamId stream_id, QuicRstStreamErrorCode error_code, @@ -20,15 +13,7 @@ QuicRstStreamFrame::QuicRstStreamFrame(QuicControlFrameId control_frame_id, : control_frame_id(control_frame_id), stream_id(stream_id), error_code(error_code), - byte_offset(bytes_written) {} - -QuicRstStreamFrame::QuicRstStreamFrame(QuicControlFrameId control_frame_id, - QuicStreamId stream_id, - uint16_t ietf_error_code, - QuicStreamOffset bytes_written) - : control_frame_id(control_frame_id), - stream_id(stream_id), - ietf_error_code(ietf_error_code), + ietf_error_code(RstStreamErrorCodeToIetfResetStreamErrorCode(error_code)), byte_offset(bytes_written) {} std::ostream& operator<<(std::ostream& os, diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_rst_stream_frame.h b/chromium/net/third_party/quiche/src/quic/core/frames/quic_rst_stream_frame.h index 9a9ed56abb0..691a868cbee 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_rst_stream_frame.h +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_rst_stream_frame.h @@ -7,21 +7,18 @@ #include <ostream> +#include "net/third_party/quiche/src/quic/core/quic_constants.h" #include "net/third_party/quiche/src/quic/core/quic_error_codes.h" #include "net/third_party/quiche/src/quic/core/quic_types.h" namespace quic { struct QUIC_EXPORT_PRIVATE QuicRstStreamFrame { - QuicRstStreamFrame(); + QuicRstStreamFrame() = default; QuicRstStreamFrame(QuicControlFrameId control_frame_id, QuicStreamId stream_id, QuicRstStreamErrorCode error_code, QuicStreamOffset bytes_written); - QuicRstStreamFrame(QuicControlFrameId control_frame_id, - QuicStreamId stream_id, - uint16_t ietf_error_code, - QuicStreamOffset bytes_written); friend QUIC_EXPORT_PRIVATE std::ostream& operator<<( std::ostream& os, @@ -29,25 +26,25 @@ struct QUIC_EXPORT_PRIVATE QuicRstStreamFrame { // A unique identifier of this control frame. 0 when this frame is received, // and non-zero when sent. - QuicControlFrameId control_frame_id; + QuicControlFrameId control_frame_id = kInvalidControlFrameId; + + QuicStreamId stream_id = 0; - QuicStreamId stream_id; + // When using Google QUIC: the RST_STREAM error code on the wire. + // When using IETF QUIC: for an outgoing RESET_STREAM frame, the error code + // generated by the application that determines |ietf_error_code| to be sent + // on the wire; for an incoming RESET_STREAM frame, the error code inferred + // from the |ietf_error_code| received on the wire. + QuicRstStreamErrorCode error_code = QUIC_STREAM_NO_ERROR; - // Caller must know whether IETF- or Google- QUIC is in use and - // set the appropriate error code. - union { - QuicRstStreamErrorCode error_code; - // In IETF QUIC the code is up to the app on top of quic, so is - // more general than QuicRstStreamErrorCode allows. - // TODO(fkastenholz): Upgrade to uint64_t - uint16_t ietf_error_code; - }; + // Application error code of RESET_STREAM frame. Used for IETF QUIC only. + uint64_t ietf_error_code = 0; // Used to update flow control windows. On termination of a stream, both // endpoints must inform the peer of the number of bytes they have sent on // that stream. This can be done through normal termination (data packet with // FIN) or through a RST. - QuicStreamOffset byte_offset; + QuicStreamOffset byte_offset = 0; }; } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_stop_sending_frame.cc b/chromium/net/third_party/quiche/src/quic/core/frames/quic_stop_sending_frame.cc index 1afd512150a..c4d732ed44d 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_stop_sending_frame.cc +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_stop_sending_frame.cc @@ -3,15 +3,9 @@ // found in the LICENSE file. #include "net/third_party/quiche/src/quic/core/frames/quic_stop_sending_frame.h" -#include "net/third_party/quiche/src/quic/core/quic_constants.h" namespace quic { -QuicStopSendingFrame::QuicStopSendingFrame() - : control_frame_id(kInvalidControlFrameId), - stream_id(0), - application_error_code(0) {} - QuicStopSendingFrame::QuicStopSendingFrame( QuicControlFrameId control_frame_id, QuicStreamId stream_id, diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_stop_sending_frame.h b/chromium/net/third_party/quiche/src/quic/core/frames/quic_stop_sending_frame.h index 7ca639d2eb3..8222067d276 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_stop_sending_frame.h +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_stop_sending_frame.h @@ -7,13 +7,14 @@ #include <ostream> +#include "net/third_party/quiche/src/quic/core/quic_constants.h" #include "net/third_party/quiche/src/quic/core/quic_error_codes.h" #include "net/third_party/quiche/src/quic/core/quic_types.h" namespace quic { struct QUIC_EXPORT_PRIVATE QuicStopSendingFrame { - QuicStopSendingFrame(); + QuicStopSendingFrame() = default; QuicStopSendingFrame(QuicControlFrameId control_frame_id, QuicStreamId stream_id, QuicApplicationErrorCode application_error_code); @@ -24,9 +25,9 @@ struct QUIC_EXPORT_PRIVATE QuicStopSendingFrame { // A unique identifier of this control frame. 0 when this frame is received, // and non-zero when sent. - QuicControlFrameId control_frame_id; - QuicStreamId stream_id; - QuicApplicationErrorCode application_error_code; + QuicControlFrameId control_frame_id = kInvalidControlFrameId; + QuicStreamId stream_id = 0; + QuicApplicationErrorCode application_error_code = 0; }; } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_stream_frame.cc b/chromium/net/third_party/quiche/src/quic/core/frames/quic_stream_frame.cc index 54a5252bb7d..db199998860 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_stream_frame.cc +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_stream_frame.cc @@ -9,8 +9,7 @@ namespace quic { -QuicStreamFrame::QuicStreamFrame() - : QuicStreamFrame(-1, false, 0, nullptr, 0) {} +QuicStreamFrame::QuicStreamFrame() : QuicInlinedFrame(STREAM_FRAME) {} QuicStreamFrame::QuicStreamFrame(QuicStreamId stream_id, bool fin, diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_stream_frame.h b/chromium/net/third_party/quiche/src/quic/core/frames/quic_stream_frame.h index fc78ff9df7f..f807ee1e4c9 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_stream_frame.h +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_stream_frame.h @@ -35,11 +35,13 @@ struct QUIC_EXPORT_PRIVATE QuicStreamFrame bool operator!=(const QuicStreamFrame& rhs) const; - bool fin; - QuicPacketLength data_length; - QuicStreamId stream_id; - const char* data_buffer; // Not owned. - QuicStreamOffset offset; // Location of this data in the stream. + bool fin = false; + QuicPacketLength data_length = 0; + // TODO(wub): Change to a QuicUtils::GetInvalidStreamId when it is not version + // dependent. + QuicStreamId stream_id = -1; + const char* data_buffer = nullptr; // Not owned. + QuicStreamOffset offset = 0; // Location of this data in the stream. QuicStreamFrame(QuicStreamId stream_id, bool fin, diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_streams_blocked_frame.cc b/chromium/net/third_party/quiche/src/quic/core/frames/quic_streams_blocked_frame.cc index f0579c55b68..9300ce32e51 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_streams_blocked_frame.cc +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_streams_blocked_frame.cc @@ -7,9 +7,7 @@ namespace quic { QuicStreamsBlockedFrame::QuicStreamsBlockedFrame() - : QuicInlinedFrame(STREAMS_BLOCKED_FRAME), - control_frame_id(kInvalidControlFrameId), - unidirectional(false) {} + : QuicInlinedFrame(STREAMS_BLOCKED_FRAME) {} QuicStreamsBlockedFrame::QuicStreamsBlockedFrame( QuicControlFrameId control_frame_id, diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_streams_blocked_frame.h b/chromium/net/third_party/quiche/src/quic/core/frames/quic_streams_blocked_frame.h index ff7c7f44621..91c7ac91a84 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_streams_blocked_frame.h +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_streams_blocked_frame.h @@ -30,13 +30,13 @@ struct QUIC_EXPORT_PRIVATE QuicStreamsBlockedFrame // A unique identifier of this control frame. 0 when this frame is received, // and non-zero when sent. - QuicControlFrameId control_frame_id; + QuicControlFrameId control_frame_id = kInvalidControlFrameId; // The number of streams that the sender wishes to exceed QuicStreamCount stream_count; // Whether uni- or bi-directional streams - bool unidirectional; + bool unidirectional = false; }; } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_window_update_frame.cc b/chromium/net/third_party/quiche/src/quic/core/frames/quic_window_update_frame.cc index 81ca125b64c..a4f3ec32c01 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_window_update_frame.cc +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_window_update_frame.cc @@ -3,13 +3,9 @@ // found in the LICENSE file. #include "net/third_party/quiche/src/quic/core/frames/quic_window_update_frame.h" -#include "net/third_party/quiche/src/quic/core/quic_constants.h" namespace quic { -QuicWindowUpdateFrame::QuicWindowUpdateFrame() - : control_frame_id(kInvalidControlFrameId) {} - QuicWindowUpdateFrame::QuicWindowUpdateFrame( QuicControlFrameId control_frame_id, QuicStreamId stream_id, diff --git a/chromium/net/third_party/quiche/src/quic/core/frames/quic_window_update_frame.h b/chromium/net/third_party/quiche/src/quic/core/frames/quic_window_update_frame.h index ff4478528dd..74181f5f1d2 100644 --- a/chromium/net/third_party/quiche/src/quic/core/frames/quic_window_update_frame.h +++ b/chromium/net/third_party/quiche/src/quic/core/frames/quic_window_update_frame.h @@ -7,6 +7,7 @@ #include <ostream> +#include "net/third_party/quiche/src/quic/core/quic_constants.h" #include "net/third_party/quiche/src/quic/core/quic_types.h" namespace quic { @@ -15,7 +16,7 @@ namespace quic { // Based on SPDY's WINDOW_UPDATE frame, but uses an absolute max data bytes // rather than a window delta. struct QUIC_EXPORT_PRIVATE QuicWindowUpdateFrame { - QuicWindowUpdateFrame(); + QuicWindowUpdateFrame() = default; QuicWindowUpdateFrame(QuicControlFrameId control_frame_id, QuicStreamId stream_id, QuicByteCount max_data); @@ -26,7 +27,7 @@ struct QUIC_EXPORT_PRIVATE QuicWindowUpdateFrame { // A unique identifier of this control frame. 0 when this frame is received, // and non-zero when sent. - QuicControlFrameId control_frame_id; + QuicControlFrameId control_frame_id = kInvalidControlFrameId; // The stream this frame applies to. 0 is a special case meaning the overall // connection rather than a specific stream. diff --git a/chromium/net/third_party/quiche/src/quic/core/http/end_to_end_test.cc b/chromium/net/third_party/quiche/src/quic/core/http/end_to_end_test.cc index cec0ceb9fff..782394427f4 100644 --- a/chromium/net/third_party/quiche/src/quic/core/http/end_to_end_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/http/end_to_end_test.cc @@ -81,108 +81,40 @@ const float kSessionToStreamRatio = 1.5; // Run all tests with the cross products of all versions. struct TestParams { - TestParams(const ParsedQuicVersionVector& client_supported_versions, - const ParsedQuicVersionVector& server_supported_versions, - ParsedQuicVersion negotiated_version, - QuicTag congestion_control_tag) - : client_supported_versions(client_supported_versions), - server_supported_versions(server_supported_versions), - negotiated_version(negotiated_version), - congestion_control_tag(congestion_control_tag) {} + TestParams(const ParsedQuicVersion& version, QuicTag congestion_control_tag) + : version(version), congestion_control_tag(congestion_control_tag) {} friend std::ostream& operator<<(std::ostream& os, const TestParams& p) { - os << "{ server_supported_versions: " - << ParsedQuicVersionVectorToString(p.server_supported_versions); - os << " client_supported_versions: " - << ParsedQuicVersionVectorToString(p.client_supported_versions); - os << " negotiated_version: " - << ParsedQuicVersionToString(p.negotiated_version); + os << "{ version: " << ParsedQuicVersionToString(p.version); os << " congestion_control_tag: " << QuicTagToString(p.congestion_control_tag) << " }"; return os; } - ParsedQuicVersionVector client_supported_versions; - ParsedQuicVersionVector server_supported_versions; - ParsedQuicVersion negotiated_version; + ParsedQuicVersion version; QuicTag congestion_control_tag; }; // Used by ::testing::PrintToStringParamName(). std::string PrintToString(const TestParams& p) { - std::string rv = quiche::QuicheStrCat( - ParsedQuicVersionToString(p.negotiated_version), "_Server_", - ParsedQuicVersionVectorToString(p.server_supported_versions), "_Client_", - ParsedQuicVersionVectorToString(p.client_supported_versions), "_", - QuicTagToString(p.congestion_control_tag)); + std::string rv = + quiche::QuicheStrCat(ParsedQuicVersionToString(p.version), "_", + QuicTagToString(p.congestion_control_tag)); std::replace(rv.begin(), rv.end(), ',', '_'); std::replace(rv.begin(), rv.end(), ' ', '_'); return rv; } // Constructs various test permutations. -std::vector<TestParams> GetTestParams(bool use_tls_handshake) { - // Divide the versions into buckets in which the intra-frame format - // is compatible. When clients encounter QUIC version negotiation - // they simply retransmit all packets using the new version's - // QUIC framing. However, they are unable to change the intra-frame - // layout (for example to change HTTP/2 headers to SPDY/3, or a change in the - // handshake protocol). So these tests need to ensure that clients are never - // attempting to do 0-RTT across incompatible versions. Chromium only - // supports a single version at a time anyway. :) - ParsedQuicVersionVector all_supported_versions = - FilterSupportedVersions(AllSupportedVersions()); - - // Buckets are separated by versions: versions without crypto frames use - // STREAM frames for the handshake, and only have QUIC crypto as the handshake - // protocol. Versions that use CRYPTO frames for the handshake must also be - // split based on the handshake protocol. If the handshake protocol (QUIC - // crypto or TLS) changes, the ClientHello/CHLO must be reconstructed for the - // correct protocol. - ParsedQuicVersionVector version_buckets[3]; - - for (const ParsedQuicVersion& version : all_supported_versions) { - if (!use_tls_handshake && version.handshake_protocol == PROTOCOL_TLS1_3) { - continue; - } - if (!QuicVersionUsesCryptoFrames(version.transport_version)) { - version_buckets[0].push_back(version); - } else if (version.handshake_protocol == PROTOCOL_QUIC_CRYPTO) { - version_buckets[1].push_back(version); - } else { - version_buckets[2].push_back(version); - } - } - +std::vector<TestParams> GetTestParams() { std::vector<TestParams> params; for (const QuicTag congestion_control_tag : {kRENO, kTBBR, kQBIC, kB2ON}) { if (!GetQuicReloadableFlag(quic_allow_client_enabled_bbr_v2) && congestion_control_tag == kB2ON) { continue; } - for (const ParsedQuicVersionVector& client_versions : version_buckets) { - if (FilterSupportedVersions(client_versions).empty()) { - continue; - } - // Add an entry for server and client supporting all versions. - params.push_back(TestParams(client_versions, all_supported_versions, - client_versions.front(), - congestion_control_tag)); - // Test client supporting all versions and server supporting - // 1 version. Simulate an old server and exercise version - // downgrade in the client. Protocol negotiation should - // occur. Skip the i = 0 case because it is essentially the - // same as the default case. - for (size_t i = 1; i < client_versions.size(); ++i) { - ParsedQuicVersionVector server_supported_versions; - server_supported_versions.push_back(client_versions[i]); - if (FilterSupportedVersions(server_supported_versions).empty()) { - continue; - } - params.push_back(TestParams(client_versions, server_supported_versions, - server_supported_versions.front(), - congestion_control_tag)); - } // End of inner version loop. + for (const ParsedQuicVersion& version : CurrentSupportedVersions()) { + params.push_back(TestParams(version, congestion_control_tag)); } // End of outer version loop. } // End of congestion_control_tag loop. @@ -231,14 +163,12 @@ class EndToEndTest : public QuicTestWithParam<TestParams> { server_hostname_("test.example.com"), client_writer_(nullptr), server_writer_(nullptr), - negotiated_version_(UnsupportedQuicVersion()), + version_(GetParam().version), + client_supported_versions_({version_}), + server_supported_versions_(CurrentSupportedVersions()), chlo_multiplier_(0), stream_factory_(nullptr), expected_server_connection_id_length_(kQuicDefaultConnectionIdLength) { - client_supported_versions_ = GetParam().client_supported_versions; - server_supported_versions_ = GetParam().server_supported_versions; - negotiated_version_ = GetParam().negotiated_version; - QUIC_LOG(INFO) << "Using Configuration: " << GetParam(); // Use different flow control windows for client/server. @@ -377,7 +307,7 @@ class EndToEndTest : public QuicTestWithParam<TestParams> { // client as well according to the test parameter. copt.push_back(GetParam().congestion_control_tag); copt.push_back(k2PTO); - if (VersionHasIetfQuicFrames(negotiated_version_.transport_version)) { + if (VersionHasIetfQuicFrames(version_.transport_version)) { copt.push_back(kILD0); } copt.push_back(kPLE1); @@ -496,12 +426,12 @@ class EndToEndTest : public QuicTestWithParam<TestParams> { if (!ServerSendsVersionNegotiation()) { EXPECT_EQ(0u, client_stats.packets_dropped); } - if (!ClientSupportsIetfQuicNotSupportedByServer()) { - // In this case, if client sends 0-RTT POST with v99, receives IETF - // version negotiation packet and speaks a GQUIC version. Server processes - // this connection in time wait list and keeps sending IETF version - // negotiation packet for incoming packets. But these version negotiation - // packets cannot be processed by the client speaking GQUIC. + if (!version_.UsesTls()) { + // Only enforce this for QUIC crypto because accounting of number of + // packets received, processed gets complicated with packets coalescing + // and key dropping. For example, a received undecryptable coalesced + // packet can be processed later and each sub-packet increases + // packets_processed. EXPECT_EQ(client_stats.packets_received, client_stats.packets_processed); } @@ -517,19 +447,10 @@ class EndToEndTest : public QuicTestWithParam<TestParams> { server_thread_->Resume(); } - // Client supports IETF QUIC, while it is not supported by server. - bool ClientSupportsIetfQuicNotSupportedByServer() { - return VersionHasIetfInvariantHeader( - client_supported_versions_[0].transport_version) && - !VersionHasIetfInvariantHeader( - FilterSupportedVersions(GetParam().server_supported_versions)[0] - .transport_version); - } - // Returns true when client starts with an unsupported version, and client // closes connection when version negotiation is received. bool ServerSendsVersionNegotiation() { - return client_supported_versions_[0] != GetParam().negotiated_version; + return client_supported_versions_[0] != version_; } bool SupportsIetfQuicWithTls(ParsedQuicVersion version) { @@ -587,10 +508,10 @@ class EndToEndTest : public QuicTestWithParam<TestParams> { PacketDroppingTestWriter* server_writer_; QuicConfig client_config_; QuicConfig server_config_; + ParsedQuicVersion version_; ParsedQuicVersionVector client_supported_versions_; ParsedQuicVersionVector server_supported_versions_; QuicTagVector client_extra_copts_; - ParsedQuicVersion negotiated_version_; size_t chlo_multiplier_; QuicTestServer::StreamFactory* stream_factory_; std::string pre_shared_key_client_; @@ -603,27 +524,13 @@ class EndToEndTest : public QuicTestWithParam<TestParams> { // Run all end to end tests with all supported versions. INSTANTIATE_TEST_SUITE_P(EndToEndTests, EndToEndTest, - ::testing::ValuesIn(GetTestParams(false)), + ::testing::ValuesIn(GetTestParams()), ::testing::PrintToStringParamName()); -class EndToEndTestWithTls : public EndToEndTest {}; - -INSTANTIATE_TEST_SUITE_P(EndToEndTestsWithTls, - EndToEndTestWithTls, - ::testing::ValuesIn(GetTestParams(true)), - ::testing::PrintToStringParamName()); - -TEST_P(EndToEndTestWithTls, HandshakeSuccessful) { +TEST_P(EndToEndTest, HandshakeSuccessful) { ASSERT_TRUE(Initialize()); EXPECT_TRUE(client_->client()->WaitForCryptoHandshakeConfirmed()); server_thread_->WaitForCryptoHandshakeConfirmed(); - // There have been occasions where it seemed that negotiated_version_ and the - // version in the connection are not in sync. If it is happening, it has not - // been recreatable; this assert is here just to check and raise a flag if it - // happens. - ASSERT_EQ(GetClientConnection()->transport_version(), - negotiated_version_.transport_version); - QuicCryptoStream* crypto_stream = QuicSessionPeer::GetMutableCryptoStream(GetClientSession()); QuicStreamSequencer* sequencer = QuicStreamPeer::sequencer(crypto_stream); @@ -632,6 +539,14 @@ TEST_P(EndToEndTestWithTls, HandshakeSuccessful) { crypto_stream = QuicSessionPeer::GetMutableCryptoStream(GetServerSession()); sequencer = QuicStreamPeer::sequencer(crypto_stream); EXPECT_FALSE(QuicStreamSequencerPeer::IsUnderlyingBufferAllocated(sequencer)); + + // We've had bugs in the past where the connections could end up on the wrong + // version. This was never diagnosed but could have been due to in-connection + // version negotiation back when that existed. At this point in time, our test + // setup ensures that connections here always use |version_|, but we add this + // sanity check out of paranoia to catch a regression of this type. + EXPECT_EQ(GetClientConnection()->version(), version_); + EXPECT_EQ(GetServerConnection()->version(), version_); } TEST_P(EndToEndTest, SimpleRequestResponse) { @@ -651,15 +566,9 @@ TEST_P(EndToEndTest, SimpleRequestResponse) { } } -TEST_P(EndToEndTestWithTls, SimpleRequestResponse) { - ASSERT_TRUE(Initialize()); - EXPECT_EQ(kFooResponseBody, client_->SendSynchronousRequest("/foo")); - EXPECT_EQ("200", client_->response_headers()->find(":status")->second); -} - -TEST_P(EndToEndTestWithTls, HandshakeConfirmed) { +TEST_P(EndToEndTest, HandshakeConfirmed) { ASSERT_TRUE(Initialize()); - if (!GetParam().negotiated_version.HasHandshakeDone()) { + if (!version_.HasHandshakeDone()) { return; } EXPECT_EQ(kFooResponseBody, client_->SendSynchronousRequest("/foo")); @@ -672,7 +581,7 @@ TEST_P(EndToEndTestWithTls, HandshakeConfirmed) { client_->Disconnect(); } -TEST_P(EndToEndTestWithTls, SendAndReceiveCoalescedPackets) { +TEST_P(EndToEndTest, SendAndReceiveCoalescedPackets) { ASSERT_TRUE(Initialize()); if (!GetClientConnection()->version().CanSendCoalescedPackets()) { return; @@ -690,6 +599,11 @@ TEST_P(EndToEndTestWithTls, SendAndReceiveCoalescedPackets) { // Simple transaction, but set a non-default ack delay at the client // and ensure it gets to the server. TEST_P(EndToEndTest, SimpleRequestResponseWithAckDelayChange) { + if (version_.UsesTls()) { + // TODO(b/155316241): Enable this test for TLS. + Initialize(); + return; + } // Force the ACK delay to be something other than the default. // Note that it is sent only if doing IETF QUIC. client_config_.SetMaxAckDelayToSendMs(kDefaultDelayedAckTimeMs + 100u); @@ -715,6 +629,11 @@ TEST_P(EndToEndTest, SimpleRequestResponseWithAckDelayChange) { // Simple transaction, but set a non-default ack exponent at the client // and ensure it gets to the server. TEST_P(EndToEndTest, SimpleRequestResponseWithAckExponentChange) { + if (version_.UsesTls()) { + // TODO(b/155316241): Enable this test for TLS. + Initialize(); + return; + } const uint32_t kClientAckDelayExponent = kDefaultAckDelayExponent + 100u; // Force the ACK exponent to be something other than the default. // Note that it is sent only if doing IETF QUIC. @@ -726,8 +645,7 @@ TEST_P(EndToEndTest, SimpleRequestResponseWithAckExponentChange) { EXPECT_FALSE(client_->client()->EarlyDataAccepted()); EXPECT_FALSE(client_->client()->ReceivedInchoateReject()); - if (VersionHasIetfQuicFrames( - GetParam().negotiated_version.transport_version)) { + if (VersionHasIetfQuicFrames(version_.transport_version)) { // Should be only for IETF QUIC. EXPECT_EQ(kClientAckDelayExponent, GetServerConnection()->framer().peer_ack_delay_exponent()); @@ -757,7 +675,7 @@ TEST_P(EndToEndTest, SimpleRequestResponseForcedVersionNegotiation) { EXPECT_FALSE(client_->client()->ReceivedInchoateReject()); } -TEST_P(EndToEndTestWithTls, ForcedVersionNegotiation) { +TEST_P(EndToEndTest, ForcedVersionNegotiation) { client_supported_versions_.insert(client_supported_versions_.begin(), QuicVersionReservedForNegotiation()); ASSERT_TRUE(Initialize()); @@ -768,7 +686,7 @@ TEST_P(EndToEndTestWithTls, ForcedVersionNegotiation) { } TEST_P(EndToEndTest, SimpleRequestResponseZeroConnectionID) { - if (!GetParam().negotiated_version.AllowsVariableLengthConnectionIds()) { + if (!version_.AllowsVariableLengthConnectionIds()) { ASSERT_TRUE(Initialize()); return; } @@ -781,12 +699,11 @@ TEST_P(EndToEndTest, SimpleRequestResponseZeroConnectionID) { EXPECT_FALSE(client_->client()->EarlyDataAccepted()); EXPECT_FALSE(client_->client()->ReceivedInchoateReject()); EXPECT_EQ(GetClientConnection()->connection_id(), - QuicUtils::CreateZeroConnectionId( - GetParam().negotiated_version.transport_version)); + QuicUtils::CreateZeroConnectionId(version_.transport_version)); } -TEST_P(EndToEndTestWithTls, ZeroConnectionID) { - if (!GetParam().negotiated_version.AllowsVariableLengthConnectionIds()) { +TEST_P(EndToEndTest, ZeroConnectionID) { + if (!version_.AllowsVariableLengthConnectionIds()) { ASSERT_TRUE(Initialize()); return; } @@ -797,12 +714,11 @@ TEST_P(EndToEndTestWithTls, ZeroConnectionID) { EXPECT_EQ(kFooResponseBody, client_->SendSynchronousRequest("/foo")); EXPECT_EQ("200", client_->response_headers()->find(":status")->second); EXPECT_EQ(GetClientConnection()->connection_id(), - QuicUtils::CreateZeroConnectionId( - GetParam().negotiated_version.transport_version)); + QuicUtils::CreateZeroConnectionId(version_.transport_version)); } -TEST_P(EndToEndTestWithTls, BadConnectionIdLength) { - if (!GetParam().negotiated_version.AllowsVariableLengthConnectionIds()) { +TEST_P(EndToEndTest, BadConnectionIdLength) { + if (!version_.AllowsVariableLengthConnectionIds()) { ASSERT_TRUE(Initialize()); return; } @@ -819,8 +735,8 @@ TEST_P(EndToEndTestWithTls, BadConnectionIdLength) { // Tests a very long (16-byte) initial destination connection ID to make // sure the dispatcher properly replaces it with an 8-byte one. -TEST_P(EndToEndTestWithTls, LongBadConnectionIdLength) { - if (!GetParam().negotiated_version.AllowsVariableLengthConnectionIds()) { +TEST_P(EndToEndTest, LongBadConnectionIdLength) { + if (!version_.AllowsVariableLengthConnectionIds()) { ASSERT_TRUE(Initialize()); return; } @@ -835,8 +751,8 @@ TEST_P(EndToEndTestWithTls, LongBadConnectionIdLength) { .length()); } -TEST_P(EndToEndTestWithTls, ClientConnectionId) { - if (!GetParam().negotiated_version.SupportsClientConnectionIds()) { +TEST_P(EndToEndTest, ClientConnectionId) { + if (!version_.SupportsClientConnectionIds()) { ASSERT_TRUE(Initialize()); return; } @@ -851,8 +767,8 @@ TEST_P(EndToEndTestWithTls, ClientConnectionId) { .length()); } -TEST_P(EndToEndTestWithTls, ForcedVersionNegotiationAndClientConnectionId) { - if (!GetParam().negotiated_version.SupportsClientConnectionIds()) { +TEST_P(EndToEndTest, ForcedVersionNegotiationAndClientConnectionId) { + if (!version_.SupportsClientConnectionIds()) { ASSERT_TRUE(Initialize()); return; } @@ -870,8 +786,8 @@ TEST_P(EndToEndTestWithTls, ForcedVersionNegotiationAndClientConnectionId) { .length()); } -TEST_P(EndToEndTestWithTls, ForcedVersionNegotiationAndBadConnectionIdLength) { - if (!GetParam().negotiated_version.AllowsVariableLengthConnectionIds()) { +TEST_P(EndToEndTest, ForcedVersionNegotiationAndBadConnectionIdLength) { + if (!version_.AllowsVariableLengthConnectionIds()) { ASSERT_TRUE(Initialize()); return; } @@ -891,9 +807,9 @@ TEST_P(EndToEndTestWithTls, ForcedVersionNegotiationAndBadConnectionIdLength) { // Forced Version Negotiation with a client connection ID and a long // connection ID. -TEST_P(EndToEndTestWithTls, ForcedVersNegoAndClientCIDAndLongCID) { - if (!GetParam().negotiated_version.SupportsClientConnectionIds() || - !GetParam().negotiated_version.AllowsVariableLengthConnectionIds()) { +TEST_P(EndToEndTest, ForcedVersNegoAndClientCIDAndLongCID) { + if (!version_.SupportsClientConnectionIds() || + !version_.AllowsVariableLengthConnectionIds()) { ASSERT_TRUE(Initialize()); return; } @@ -918,7 +834,7 @@ TEST_P(EndToEndTestWithTls, ForcedVersNegoAndClientCIDAndLongCID) { } TEST_P(EndToEndTest, MixGoodAndBadConnectionIdLengths) { - if (!GetParam().negotiated_version.AllowsVariableLengthConnectionIds()) { + if (!version_.AllowsVariableLengthConnectionIds()) { ASSERT_TRUE(Initialize()); return; } @@ -957,8 +873,8 @@ TEST_P(EndToEndTest, MixGoodAndBadConnectionIdLengths) { .length()); } -TEST_P(EndToEndTestWithTls, SimpleRequestResponseWithIetfDraftSupport) { - if (!GetParam().negotiated_version.HasIetfQuicFrames()) { +TEST_P(EndToEndTest, SimpleRequestResponseWithIetfDraftSupport) { + if (!version_.HasIetfQuicFrames()) { ASSERT_TRUE(Initialize()); return; } @@ -976,10 +892,15 @@ TEST_P(EndToEndTest, SimpleRequestResponseWithLargeReject) { EXPECT_EQ(kFooResponseBody, client_->SendSynchronousRequest("/foo")); EXPECT_EQ("200", client_->response_headers()->find(":status")->second); EXPECT_FALSE(client_->client()->EarlyDataAccepted()); - EXPECT_TRUE(client_->client()->ReceivedInchoateReject()); + if (version_.UsesTls()) { + // REJ messages are a QUIC crypto feature, so TLS always returns false. + EXPECT_FALSE(client_->client()->ReceivedInchoateReject()); + } else { + EXPECT_TRUE(client_->client()->ReceivedInchoateReject()); + } } -TEST_P(EndToEndTestWithTls, SimpleRequestResponsev6) { +TEST_P(EndToEndTest, SimpleRequestResponsev6) { server_address_ = QuicSocketAddress(QuicIpAddress::Loopback6(), server_address_.port()); ASSERT_TRUE(Initialize()); @@ -988,7 +909,7 @@ TEST_P(EndToEndTestWithTls, SimpleRequestResponsev6) { EXPECT_EQ("200", client_->response_headers()->find(":status")->second); } -TEST_P(EndToEndTestWithTls, +TEST_P(EndToEndTest, ClientDoesNotAllowServerDataOnServerInitiatedBidirectionalStreams) { set_client_initial_max_stream_data_incoming_bidirectional(0); ASSERT_TRUE(Initialize()); @@ -996,7 +917,7 @@ TEST_P(EndToEndTestWithTls, EXPECT_EQ("200", client_->response_headers()->find(":status")->second); } -TEST_P(EndToEndTestWithTls, +TEST_P(EndToEndTest, ServerDoesNotAllowClientDataOnServerInitiatedBidirectionalStreams) { set_server_initial_max_stream_data_outgoing_bidirectional(0); ASSERT_TRUE(Initialize()); @@ -1004,7 +925,7 @@ TEST_P(EndToEndTestWithTls, EXPECT_EQ("200", client_->response_headers()->find(":status")->second); } -TEST_P(EndToEndTestWithTls, +TEST_P(EndToEndTest, BothEndpointsDisallowDataOnServerInitiatedBidirectionalStreams) { set_client_initial_max_stream_data_incoming_bidirectional(0); set_server_initial_max_stream_data_outgoing_bidirectional(0); @@ -1017,7 +938,7 @@ TEST_P(EndToEndTestWithTls, // initial packet. Undecryptable packets can be seen after the handshake // is complete due to dropping the initial keys at that point, so we only test // for undecryptable packets before then. -TEST_P(EndToEndTestWithTls, NoUndecryptablePacketsBeforeHandshakeComplete) { +TEST_P(EndToEndTest, NoUndecryptablePacketsBeforeHandshakeComplete) { ASSERT_TRUE(Initialize()); EXPECT_EQ(kFooResponseBody, client_->SendSynchronousRequest("/foo")); @@ -1036,7 +957,7 @@ TEST_P(EndToEndTestWithTls, NoUndecryptablePacketsBeforeHandshakeComplete) { server_thread_->Resume(); } -TEST_P(EndToEndTestWithTls, SeparateFinPacket) { +TEST_P(EndToEndTest, SeparateFinPacket) { ASSERT_TRUE(Initialize()); // Send a request in two parts: the request and then an empty packet with FIN. @@ -1060,7 +981,7 @@ TEST_P(EndToEndTestWithTls, SeparateFinPacket) { EXPECT_EQ("200", client_->response_headers()->find(":status")->second); } -TEST_P(EndToEndTestWithTls, MultipleRequestResponse) { +TEST_P(EndToEndTest, MultipleRequestResponse) { ASSERT_TRUE(Initialize()); EXPECT_EQ(kFooResponseBody, client_->SendSynchronousRequest("/foo")); @@ -1070,7 +991,7 @@ TEST_P(EndToEndTestWithTls, MultipleRequestResponse) { } TEST_P(EndToEndTest, MultipleRequestResponseZeroConnectionID) { - if (!GetParam().negotiated_version.AllowsVariableLengthConnectionIds()) { + if (!version_.AllowsVariableLengthConnectionIds()) { ASSERT_TRUE(Initialize()); return; } @@ -1084,7 +1005,7 @@ TEST_P(EndToEndTest, MultipleRequestResponseZeroConnectionID) { EXPECT_EQ("200", client_->response_headers()->find(":status")->second); } -TEST_P(EndToEndTestWithTls, MultipleStreams) { +TEST_P(EndToEndTest, MultipleStreams) { // Verifies quic_test_client can track responses of all active streams. ASSERT_TRUE(Initialize()); @@ -1109,7 +1030,7 @@ TEST_P(EndToEndTestWithTls, MultipleStreams) { } } -TEST_P(EndToEndTestWithTls, MultipleClients) { +TEST_P(EndToEndTest, MultipleClients) { ASSERT_TRUE(Initialize()); std::unique_ptr<QuicTestClient> client2(CreateQuicClient(nullptr)); @@ -1134,7 +1055,7 @@ TEST_P(EndToEndTestWithTls, MultipleClients) { EXPECT_EQ("200", client2->response_headers()->find(":status")->second); } -TEST_P(EndToEndTestWithTls, RequestOverMultiplePackets) { +TEST_P(EndToEndTest, RequestOverMultiplePackets) { // Send a large enough request to guarantee fragmentation. std::string huge_request = "/some/path?query=" + std::string(kMaxOutgoingPacketSize, '.'); @@ -1146,7 +1067,7 @@ TEST_P(EndToEndTestWithTls, RequestOverMultiplePackets) { EXPECT_EQ("200", client_->response_headers()->find(":status")->second); } -TEST_P(EndToEndTestWithTls, MultiplePacketsRandomOrder) { +TEST_P(EndToEndTest, MultiplePacketsRandomOrder) { // Send a large enough request to guarantee fragmentation. std::string huge_request = "/some/path?query=" + std::string(kMaxOutgoingPacketSize, '.'); @@ -1160,7 +1081,7 @@ TEST_P(EndToEndTestWithTls, MultiplePacketsRandomOrder) { EXPECT_EQ("200", client_->response_headers()->find(":status")->second); } -TEST_P(EndToEndTestWithTls, PostMissingBytes) { +TEST_P(EndToEndTest, PostMissingBytes) { ASSERT_TRUE(Initialize()); // Add a content length header with no body. @@ -1317,6 +1238,11 @@ TEST_P(EndToEndTest, LargePostNoPacketLossWithDelayAndReordering) { } TEST_P(EndToEndTest, LargePostZeroRTTFailure) { + if (version_.UsesTls()) { + // TODO(b/152551499): Re-enable this test when TLS supports 0-RTT. + Initialize(); + return; + } // Send a request and then disconnect. This prepares the client to attempt // a 0-RTT handshake for the next request. ASSERT_TRUE(Initialize()); @@ -1368,6 +1294,11 @@ TEST_P(EndToEndTest, LargePostZeroRTTFailure) { } TEST_P(EndToEndTest, SynchronousRequestZeroRTTFailure) { + if (version_.UsesTls()) { + // TODO(b/152551499): Re-enable this test when TLS supports 0-RTT. + Initialize(); + return; + } // Send a request and then disconnect. This prepares the client to attempt // a 0-RTT handshake for the next request. ASSERT_TRUE(Initialize()); @@ -1429,6 +1360,10 @@ TEST_P(EndToEndTest, LargePostSynchronousRequest) { EXPECT_FALSE(client_->client()->ReceivedInchoateReject()); client_->Disconnect(); + if (version_.UsesTls()) { + // TODO(b/152551499): remove this when TLS supports 0-RTT. + return; + } // The 0-RTT handshake should succeed. client_->Connect(); @@ -1520,7 +1455,7 @@ TEST_P(EndToEndTest, LargePostSmallBandwidthLargeBuffer) { VerifyCleanConnection(true); } -TEST_P(EndToEndTestWithTls, DoNotSetSendAlarmIfConnectionFlowControlBlocked) { +TEST_P(EndToEndTest, DoNotSetSendAlarmIfConnectionFlowControlBlocked) { // Regression test for b/14677858. // Test that the resume write alarm is not set in QuicConnection::OnCanWrite // if currently connection level flow control blocked. If set, this results in @@ -1561,8 +1496,6 @@ TEST_P(EndToEndTestWithTls, DoNotSetSendAlarmIfConnectionFlowControlBlocked) { EXPECT_FALSE(send_alarm->IsSet()); } -// TODO(nharper): Needs to get turned back to EndToEndTestWithTls -// when we figure out why the test doesn't work on chrome. TEST_P(EndToEndTest, InvalidStream) { ASSERT_TRUE(Initialize()); EXPECT_TRUE(client_->client()->WaitForCryptoHandshakeConfirmed()); @@ -1586,8 +1519,8 @@ TEST_P(EndToEndTest, InvalidStream) { EXPECT_THAT(client_->connection_error(), IsError(QUIC_INVALID_STREAM_ID)); } -// Test that if the server will close the connection if the client attempts -// to send a request with overly large headers. +// Test that the server resets the stream if the client sends a request +// with overly large headers. TEST_P(EndToEndTest, LargeHeaders) { ASSERT_TRUE(Initialize()); EXPECT_TRUE(client_->client()->WaitForCryptoHandshakeConfirmed()); @@ -1604,16 +1537,17 @@ TEST_P(EndToEndTest, LargeHeaders) { client_->SendCustomSynchronousRequest(headers, body); - if (VersionUsesHttp3(client_->client() - ->client_session() - ->connection() - ->transport_version())) { - EXPECT_THAT(client_->connection_error(), - IsError(QUIC_HEADERS_STREAM_DATA_DECOMPRESS_FAILURE)); + if (VersionUsesHttp3(GetClientConnection()->transport_version())) { + // QuicSpdyStream::OnHeadersTooLarge() resets the stream with + // QUIC_HEADERS_TOO_LARGE. This is sent as H3_EXCESSIVE_LOAD, the closest + // HTTP/3 error code, and translated back to QUIC_STREAM_EXCESSIVE_LOAD on + // the receiving side. + EXPECT_THAT(client_->stream_error(), + IsStreamError(QUIC_STREAM_EXCESSIVE_LOAD)); } else { EXPECT_THAT(client_->stream_error(), IsStreamError(QUIC_HEADERS_TOO_LARGE)); - EXPECT_THAT(client_->connection_error(), IsQuicNoError()); } + EXPECT_THAT(client_->connection_error(), IsQuicNoError()); } TEST_P(EndToEndTest, EarlyResponseWithQuicStreamNoError) { @@ -1638,7 +1572,7 @@ TEST_P(EndToEndTest, EarlyResponseWithQuicStreamNoError) { } // TODO(rch): this test seems to cause net_unittests timeouts :| -TEST_P(EndToEndTestWithTls, QUIC_TEST_DISABLED_IN_CHROME(MultipleTermination)) { +TEST_P(EndToEndTest, QUIC_TEST_DISABLED_IN_CHROME(MultipleTermination)) { ASSERT_TRUE(Initialize()); // Set the offset so we won't frame. Otherwise when we pick up termination @@ -1658,11 +1592,8 @@ TEST_P(EndToEndTestWithTls, QUIC_TEST_DISABLED_IN_CHROME(MultipleTermination)) { EXPECT_QUIC_BUG(client_->SendData("eep", true), "Fin already buffered"); } -// TODO(nharper): Needs to get turned back to EndToEndTestWithTls -// when we figure out why the test doesn't work on chrome. TEST_P(EndToEndTest, Timeout) { - client_config_.SetIdleNetworkTimeout(QuicTime::Delta::FromMicroseconds(500), - QuicTime::Delta::FromMicroseconds(500)); + client_config_.SetIdleNetworkTimeout(QuicTime::Delta::FromMicroseconds(500)); // Note: we do NOT ASSERT_TRUE: we may time out during initial handshake: // that's enough to validate timeout in this case. Initialize(); @@ -1671,14 +1602,13 @@ TEST_P(EndToEndTest, Timeout) { } } -TEST_P(EndToEndTestWithTls, MaxDynamicStreamsLimitRespected) { +TEST_P(EndToEndTest, MaxDynamicStreamsLimitRespected) { // Set a limit on maximum number of incoming dynamic streams. // Make sure the limit is respected by the peer. const uint32_t kServerMaxDynamicStreams = 1; server_config_.SetMaxBidirectionalStreamsToSend(kServerMaxDynamicStreams); ASSERT_TRUE(Initialize()); - if (VersionHasIetfQuicFrames( - GetParam().negotiated_version.transport_version)) { + if (VersionHasIetfQuicFrames(version_.transport_version)) { // Do not run this test for /IETF QUIC. This test relies on the fact that // Google QUIC allows a small number of additional streams beyond the // negotiated limit, which is not supported in IETF QUIC. Note that the test @@ -1746,7 +1676,7 @@ TEST_P(EndToEndTest, SetIndependentMaxDynamicStreamsLimits) { client_session->connection()->transport_version()) ? QuicSessionPeer::v99_streamid_manager(client_session) ->max_outgoing_unidirectional_streams() - - client_session->num_expected_unidirectional_static_streams() + kHttp3StaticUnidirectionalStreamCount : QuicSessionPeer::GetStreamIdManager(client_session) ->max_open_outgoing_streams(); EXPECT_EQ(kServerMaxDynamicStreams, @@ -1767,7 +1697,7 @@ TEST_P(EndToEndTest, SetIndependentMaxDynamicStreamsLimits) { server_session->connection()->transport_version()) ? QuicSessionPeer::v99_streamid_manager(server_session) ->max_outgoing_unidirectional_streams() - - server_session->num_expected_unidirectional_static_streams() + kHttp3StaticUnidirectionalStreamCount : QuicSessionPeer::GetStreamIdManager(server_session) ->max_open_outgoing_streams(); EXPECT_EQ(kClientMaxDynamicStreams, @@ -1921,8 +1851,7 @@ TEST_P(EndToEndTest, MinInitialRTT) { } TEST_P(EndToEndTest, 0ByteConnectionId) { - if (VersionHasIetfInvariantHeader( - GetParam().negotiated_version.transport_version)) { + if (VersionHasIetfInvariantHeader(version_.transport_version)) { // SetBytesForConnectionIdToSend only applies to Google QUIC encoding. ASSERT_TRUE(Initialize()); return; @@ -1938,9 +1867,8 @@ TEST_P(EndToEndTest, 0ByteConnectionId) { EXPECT_EQ(CONNECTION_ID_ABSENT, header->source_connection_id_included); } -TEST_P(EndToEndTestWithTls, 8ByteConnectionId) { - if (VersionHasIetfInvariantHeader( - GetParam().negotiated_version.transport_version)) { +TEST_P(EndToEndTest, 8ByteConnectionId) { + if (VersionHasIetfInvariantHeader(version_.transport_version)) { // SetBytesForConnectionIdToSend only applies to Google QUIC encoding. ASSERT_TRUE(Initialize()); return; @@ -1956,9 +1884,8 @@ TEST_P(EndToEndTestWithTls, 8ByteConnectionId) { EXPECT_EQ(CONNECTION_ID_PRESENT, header->destination_connection_id_included); } -TEST_P(EndToEndTestWithTls, 15ByteConnectionId) { - if (VersionHasIetfInvariantHeader( - GetParam().negotiated_version.transport_version)) { +TEST_P(EndToEndTest, 15ByteConnectionId) { + if (VersionHasIetfInvariantHeader(version_.transport_version)) { // SetBytesForConnectionIdToSend only applies to Google QUIC encoding. ASSERT_TRUE(Initialize()); return; @@ -1975,7 +1902,7 @@ TEST_P(EndToEndTestWithTls, 15ByteConnectionId) { EXPECT_EQ(CONNECTION_ID_PRESENT, header->destination_connection_id_included); } -TEST_P(EndToEndTestWithTls, ResetConnection) { +TEST_P(EndToEndTest, ResetConnection) { ASSERT_TRUE(Initialize()); EXPECT_EQ(kFooResponseBody, client_->SendSynchronousRequest("/foo")); @@ -1986,8 +1913,6 @@ TEST_P(EndToEndTestWithTls, ResetConnection) { EXPECT_EQ("200", client_->response_headers()->find(":status")->second); } -// TODO(nharper): Needs to get turned back to EndToEndTestWithTls -// when we figure out why the test doesn't work on chrome. TEST_P(EndToEndTest, MaxStreamsUberTest) { // Connect with lower fake packet loss than we'd like to test. Until // b/10126687 is fixed, losing handshake packets is pretty brutal. @@ -2011,7 +1936,7 @@ TEST_P(EndToEndTest, MaxStreamsUberTest) { } } -TEST_P(EndToEndTestWithTls, StreamCancelErrorTest) { +TEST_P(EndToEndTest, StreamCancelErrorTest) { ASSERT_TRUE(Initialize()); std::string small_body(256, 'a'); @@ -2027,7 +1952,11 @@ TEST_P(EndToEndTestWithTls, StreamCancelErrorTest) { // Transmit the cancel, and ensure the connection is torn down properly. SetPacketLossPercentage(0); QuicStreamId stream_id = GetNthClientInitiatedBidirectionalId(0); - session->SendRstStream(stream_id, QUIC_STREAM_CANCELLED, 0); + if (session->break_close_loop()) { + session->ResetStream(stream_id, QUIC_STREAM_CANCELLED, 0); + } else { + session->SendRstStream(stream_id, QUIC_STREAM_CANCELLED, 0); + } // WaitForEvents waits 50ms and returns true if there are outstanding // requests. @@ -2131,6 +2060,11 @@ TEST_P(EndToEndTest, NegotiatedInitialCongestionWindow) { } TEST_P(EndToEndTest, DifferentFlowControlWindows) { + if (version_.UsesTls()) { + // TODO(b/155316241): Enable this test for TLS. + Initialize(); + return; + } // Client and server can set different initial flow control receive windows. // These are sent in CHLO/SHLO. Tests that these values are exchanged properly // in the crypto handshake. @@ -2185,6 +2119,11 @@ TEST_P(EndToEndTest, DifferentFlowControlWindows) { // Test negotiation of IFWA connection option. TEST_P(EndToEndTest, NegotiatedServerInitialFlowControlWindow) { + if (version_.UsesTls()) { + // TODO(b/155316241): Enable this test for TLS. + Initialize(); + return; + } const uint32_t kClientStreamIFCW = 123456; const uint32_t kClientSessionIFCW = 234567; set_client_initial_stream_flow_control_receive_window(kClientStreamIFCW); @@ -2395,7 +2334,7 @@ TEST_P(EndToEndTest, FlowControlsSynced) { server_thread_->Resume(); } -TEST_P(EndToEndTestWithTls, RequestWithNoBodyWillNeverSendStreamFrameWithFIN) { +TEST_P(EndToEndTest, RequestWithNoBodyWillNeverSendStreamFrameWithFIN) { // A stream created on receipt of a simple request with no body will never get // a stream frame with a FIN. Verify that we don't keep track of the stream in // the locally closed streams map: it will never be removed if so. @@ -2414,8 +2353,8 @@ TEST_P(EndToEndTestWithTls, RequestWithNoBodyWillNeverSendStreamFrameWithFIN) { server_thread_->Resume(); } -// A TestAckListener verifies that its OnAckNotification method has been -// called exactly once on destruction. +// A TestAckListener verifies that exactly |bytes_to_ack| bytes are acked during +// its lifetime. class TestAckListener : public QuicAckListenerInterface { public: explicit TestAckListener(int bytes_to_ack) : bytes_to_ack_(bytes_to_ack) {} @@ -2449,12 +2388,14 @@ class TestResponseListener : public QuicSpdyClientBase::ResponseListener { } }; -TEST_P(EndToEndTest, AckNotifierWithPacketLossAndBlockedSocket) { +// TODO(dschinazi) Fix this test's flakiness in Chrome. +TEST_P( + EndToEndTest, + QUIC_TEST_DISABLED_IN_CHROME(AckNotifierWithPacketLossAndBlockedSocket)) { // Verify that even in the presence of packet loss and occasionally blocked // socket, an AckNotifierDelegate will get informed that the data it is // interested in has been ACKed. This tests end-to-end ACK notification, and // demonstrates that retransmissions do not break this functionality. - SetPacketLossPercentage(5); ASSERT_TRUE(Initialize()); @@ -2485,6 +2426,12 @@ TEST_P(EndToEndTest, AckNotifierWithPacketLossAndBlockedSocket) { QpackEncoder qpack_encoder(&decoder_stream_error_delegate); qpack_encoder.set_qpack_stream_sender_delegate( &encoder_stream_sender_delegate); + + qpack_encoder.SetMaximumDynamicTableCapacity( + kDefaultQpackMaxDynamicTableCapacity); + qpack_encoder.SetDynamicTableCapacity(kDefaultQpackMaxDynamicTableCapacity); + qpack_encoder.SetMaximumBlockedStreams(kDefaultMaximumBlockedStreams); + std::string encoded_headers = qpack_encoder.EncodeHeaderList(/* stream_id = */ 0, headers, nullptr); header_size = encoded_headers.size(); @@ -2516,7 +2463,7 @@ TEST_P(EndToEndTest, AckNotifierWithPacketLossAndBlockedSocket) { } // Send a public reset from the server. -TEST_P(EndToEndTestWithTls, ServerSendPublicReset) { +TEST_P(EndToEndTest, ServerSendPublicReset) { ASSERT_TRUE(Initialize()); EXPECT_TRUE(client_->client()->WaitForCryptoHandshakeConfirmed()); @@ -2554,7 +2501,7 @@ TEST_P(EndToEndTestWithTls, ServerSendPublicReset) { // Send a public reset from the server for a different connection ID. // It should be ignored. -TEST_P(EndToEndTestWithTls, ServerSendPublicResetWithDifferentConnectionId) { +TEST_P(EndToEndTest, ServerSendPublicResetWithDifferentConnectionId) { ASSERT_TRUE(Initialize()); EXPECT_TRUE(client_->client()->WaitForCryptoHandshakeConfirmed()); @@ -2607,7 +2554,7 @@ TEST_P(EndToEndTestWithTls, ServerSendPublicResetWithDifferentConnectionId) { // Send a public reset from the client for a different connection ID. // It should be ignored. -TEST_P(EndToEndTestWithTls, ClientSendPublicResetWithDifferentConnectionId) { +TEST_P(EndToEndTest, ClientSendPublicResetWithDifferentConnectionId) { ASSERT_TRUE(Initialize()); // Send the public reset. @@ -2631,8 +2578,7 @@ TEST_P(EndToEndTestWithTls, ClientSendPublicResetWithDifferentConnectionId) { // Send a version negotiation packet from the server for a different // connection ID. It should be ignored. -TEST_P(EndToEndTestWithTls, - ServerSendVersionNegotiationWithDifferentConnectionId) { +TEST_P(EndToEndTest, ServerSendVersionNegotiationWithDifferentConnectionId) { ASSERT_TRUE(Initialize()); EXPECT_TRUE(client_->client()->WaitForCryptoHandshakeConfirmed()); @@ -2668,7 +2614,7 @@ TEST_P(EndToEndTestWithTls, // A bad header shouldn't tear down the connection, because the receiver can't // tell the connection ID. -TEST_P(EndToEndTestWithTls, BadPacketHeaderTruncated) { +TEST_P(EndToEndTest, BadPacketHeaderTruncated) { ASSERT_TRUE(Initialize()); // Start the connection. @@ -2699,7 +2645,7 @@ TEST_P(EndToEndTestWithTls, BadPacketHeaderTruncated) { // A bad header shouldn't tear down the connection, because the receiver can't // tell the connection ID. -TEST_P(EndToEndTestWithTls, BadPacketHeaderFlags) { +TEST_P(EndToEndTest, BadPacketHeaderFlags) { ASSERT_TRUE(Initialize()); // Start the connection. @@ -2749,7 +2695,7 @@ TEST_P(EndToEndTestWithTls, BadPacketHeaderFlags) { // Send a packet from the client with bad encrypted data. The server should not // tear down the connection. -TEST_P(EndToEndTestWithTls, BadEncryptedData) { +TEST_P(EndToEndTest, BadEncryptedData) { ASSERT_TRUE(Initialize()); // Start the connection. @@ -2785,7 +2731,7 @@ TEST_P(EndToEndTestWithTls, BadEncryptedData) { EXPECT_EQ("200", client_->response_headers()->find(":status")->second); } -TEST_P(EndToEndTestWithTls, CanceledStreamDoesNotBecomeZombie) { +TEST_P(EndToEndTest, CanceledStreamDoesNotBecomeZombie) { ASSERT_TRUE(Initialize()); EXPECT_TRUE(client_->client()->WaitForCryptoHandshakeConfirmed()); // Lose the request. @@ -3033,7 +2979,7 @@ TEST_P(EndToEndTest, EarlyResponseFinRecording) { server_thread_->Resume(); } -TEST_P(EndToEndTestWithTls, Trailers) { +TEST_P(EndToEndTest, Trailers) { // Test sending and receiving HTTP/2 Trailers (trailing HEADERS frames). ASSERT_TRUE(Initialize()); EXPECT_TRUE(client_->client()->WaitForCryptoHandshakeConfirmed()); @@ -3117,7 +3063,7 @@ class EndToEndTestServerPush : public EndToEndTest { // Run all server push end to end tests with all supported versions. INSTANTIATE_TEST_SUITE_P(EndToEndTestsServerPush, EndToEndTestServerPush, - ::testing::ValuesIn(GetTestParams(false)), + ::testing::ValuesIn(GetTestParams()), ::testing::PrintToStringParamName()); TEST_P(EndToEndTestServerPush, ServerPush) { @@ -3177,6 +3123,11 @@ TEST_P(EndToEndTestServerPush, ServerPush) { } TEST_P(EndToEndTestServerPush, ServerPushUnderLimit) { + if (version_.UsesTls()) { + // TODO(b/155316241): Enable this test for TLS. + Initialize(); + return; + } // Tests that sending a request which has 4 push resources will trigger server // to push those 4 resources and client can handle pushed resources and match // them with requests later. @@ -3226,6 +3177,11 @@ TEST_P(EndToEndTestServerPush, ServerPushUnderLimit) { } TEST_P(EndToEndTestServerPush, ServerPushOverLimitNonBlocking) { + if (version_.UsesTls()) { + // TODO(b/155316241): Enable this test for TLS. + Initialize(); + return; + } // Tests that when streams are not blocked by flow control or congestion // control, pushing even more resources than max number of open outgoing // streams should still work because all response streams get closed @@ -3284,6 +3240,11 @@ TEST_P(EndToEndTestServerPush, ServerPushOverLimitNonBlocking) { } TEST_P(EndToEndTestServerPush, ServerPushOverLimitWithBlocking) { + if (version_.UsesTls()) { + // TODO(b/155316241): Enable this test for TLS. + Initialize(); + return; + } // Tests that when server tries to send more large resources(large enough to // be blocked by flow control window or congestion control window) than max // open outgoing streams , server can open upto max number of outgoing @@ -3495,16 +3456,17 @@ TEST_P(EndToEndTest, WayTooLongRequestHeaders) { headers[":path"] = "/foo"; headers[":scheme"] = "https"; headers[":authority"] = server_hostname_; - headers["key"] = std::string(64 * 1024, 'a'); + headers["key"] = std::string(64 * 1024 * 1024, 'a'); client_->SendMessage(headers, ""); client_->WaitForResponse(); - - QuicErrorCode expected_error = - GetQuicReloadableFlag(spdy_enable_granular_decompress_errors) - ? QUIC_HPACK_INDEX_VARINT_ERROR - : QUIC_HEADERS_STREAM_DATA_DECOMPRESS_FAILURE; - EXPECT_THAT(client_->connection_error(), IsError(expected_error)); + if (VersionUsesHttp3(version_.transport_version)) { + EXPECT_THAT(client_->connection_error(), + IsError(QUIC_QPACK_DECOMPRESSION_FAILED)); + } else { + EXPECT_THAT(client_->connection_error(), + IsError(QUIC_HPACK_INDEX_VARINT_ERROR)); + } } class WindowUpdateObserver : public QuicConnectionDebugVisitor { @@ -3550,7 +3512,7 @@ TEST_P(EndToEndTest, WindowUpdateInAck) { EXPECT_EQ(0u, observer.num_ping_frames()); } -TEST_P(EndToEndTestWithTls, SendStatelessResetTokenInShlo) { +TEST_P(EndToEndTest, SendStatelessResetTokenInShlo) { ASSERT_TRUE(Initialize()); EXPECT_TRUE(client_->client()->WaitForCryptoHandshakeConfirmed()); QuicConfig* config = client_->client()->session()->config(); @@ -3564,6 +3526,10 @@ TEST_P(EndToEndTestWithTls, SendStatelessResetTokenInShlo) { // Regression test for b/116200989. TEST_P(EndToEndTest, SendStatelessResetIfServerConnectionClosedLocallyDuringHandshake) { + if (!GetQuicReloadableFlag(quic_notify_handshaker_on_connection_close)) { + ASSERT_TRUE(Initialize()); + return; + } connect_to_server_on_initialize_ = false; ASSERT_TRUE(Initialize()); @@ -3668,6 +3634,16 @@ TEST_P(EndToEndTest, PreSharedKey) { QuicTime::Delta::FromSeconds(5)); pre_shared_key_client_ = "foobar"; pre_shared_key_server_ = "foobar"; + + if (version_.UsesTls()) { + // TODO(b/154162689) add PSK support to QUIC+TLS. + bool ok; + EXPECT_QUIC_BUG(ok = Initialize(), + "QUIC client pre-shared keys not yet supported with TLS"); + EXPECT_FALSE(ok); + return; + } + ASSERT_TRUE(Initialize()); ASSERT_EQ(kFooResponseBody, client_->SendSynchronousRequest("/foo")); @@ -3682,6 +3658,16 @@ TEST_P(EndToEndTest, QUIC_TEST_DISABLED_IN_CHROME(PreSharedKeyMismatch)) { QuicTime::Delta::FromSeconds(1)); pre_shared_key_client_ = "foo"; pre_shared_key_server_ = "bar"; + + if (version_.UsesTls()) { + // TODO(b/154162689) add PSK support to QUIC+TLS. + bool ok; + EXPECT_QUIC_BUG(ok = Initialize(), + "QUIC client pre-shared keys not yet supported with TLS"); + EXPECT_FALSE(ok); + return; + } + // One of two things happens when Initialize() returns: // 1. Crypto handshake has completed, and it is unsuccessful. Initialize() // returns false. @@ -3700,6 +3686,16 @@ TEST_P(EndToEndTest, QUIC_TEST_DISABLED_IN_CHROME(PreSharedKeyNoClient)) { client_config_.set_max_idle_time_before_crypto_handshake( QuicTime::Delta::FromSeconds(1)); pre_shared_key_server_ = "foobar"; + + if (version_.UsesTls()) { + // TODO(b/154162689) add PSK support to QUIC+TLS. + bool ok; + EXPECT_QUIC_BUG(ok = Initialize(), + "QUIC server pre-shared keys not yet supported with TLS"); + EXPECT_FALSE(ok); + return; + } + ASSERT_FALSE(Initialize() && client_->client()->WaitForCryptoHandshakeConfirmed()); EXPECT_THAT(client_->connection_error(), IsError(QUIC_HANDSHAKE_TIMEOUT)); @@ -3712,6 +3708,16 @@ TEST_P(EndToEndTest, QUIC_TEST_DISABLED_IN_CHROME(PreSharedKeyNoServer)) { client_config_.set_max_idle_time_before_crypto_handshake( QuicTime::Delta::FromSeconds(1)); pre_shared_key_client_ = "foobar"; + + if (version_.UsesTls()) { + // TODO(b/154162689) add PSK support to QUIC+TLS. + bool ok; + EXPECT_QUIC_BUG(ok = Initialize(), + "QUIC client pre-shared keys not yet supported with TLS"); + EXPECT_FALSE(ok); + return; + } + ASSERT_FALSE(Initialize() && client_->client()->WaitForCryptoHandshakeConfirmed()); EXPECT_THAT(client_->connection_error(), IsError(QUIC_HANDSHAKE_TIMEOUT)); @@ -3770,13 +3776,14 @@ TEST_P(EndToEndTest, ResetStreamOnTtlExpires) { } TEST_P(EndToEndTest, SendMessages) { + if (!VersionSupportsMessageFrames(version_.transport_version)) { + Initialize(); + return; + } ASSERT_TRUE(Initialize()); EXPECT_TRUE(client_->client()->WaitForCryptoHandshakeConfirmed()); QuicSession* client_session = GetClientSession(); QuicConnection* client_connection = client_session->connection(); - if (!VersionSupportsMessageFrames(client_connection->transport_version())) { - return; - } SetPacketLossPercentage(30); ASSERT_GT(kMaxOutgoingPacketSize, @@ -3806,7 +3813,7 @@ TEST_P(EndToEndTest, SendMessages) { for (size_t i = 2; i <= kTestMaxNumberOfMessages; ++i) { size_t message_length = random->RandUint64() % - client_session->GetCurrentLargestMessagePayload() + + client_session->GetGuaranteedLargestMessagePayload() + 1; MessageResult result = client_session->SendMessage(MakeSpan( client_session->connection() @@ -3856,11 +3863,16 @@ class EndToEndPacketReorderingTest : public EndToEndTest { INSTANTIATE_TEST_SUITE_P(EndToEndPacketReorderingTests, EndToEndPacketReorderingTest, - ::testing::ValuesIn(GetTestParams(false)), + ::testing::ValuesIn(GetTestParams()), ::testing::PrintToStringParamName()); TEST_P(EndToEndPacketReorderingTest, ReorderedConnectivityProbing) { ASSERT_TRUE(Initialize()); + if (version_.HasIetfQuicFrames()) { + // TODO(b/143909619): Reenable this test when supporting IETF connection + // migration. + return; + } // Finish one request to make sure handshake established. EXPECT_EQ(kFooResponseBody, client_->SendSynchronousRequest("/foo")); @@ -3904,6 +3916,11 @@ TEST_P(EndToEndPacketReorderingTest, ReorderedConnectivityProbing) { } TEST_P(EndToEndPacketReorderingTest, Buffer0RttRequest) { + if (version_.UsesTls()) { + // TODO(b/152551499): Re-enable this test when TLS supports 0-RTT. + Initialize(); + return; + } ASSERT_TRUE(Initialize()); // Finish one request to make sure handshake established. client_->SendSynchronousRequest("/foo"); @@ -3930,22 +3947,59 @@ TEST_P(EndToEndPacketReorderingTest, Buffer0RttRequest) { client_->WaitForResponse(); EXPECT_EQ(kBarResponseBody, client_->response_body()); QuicConnectionStats client_stats = GetClientConnection()->GetStats(); - EXPECT_EQ(0u, client_stats.packets_lost); + if (GetQuicReloadableFlag(quic_advance_ack_timeout_update)) { + // Client sends CHLO in packet 1 and retransmitted in packet 2. Because of + // the delay, server processes packet 2 and later drops packet 1. ACK is + // bundled with SHLO, such that 1 can be detected loss by time threshold. + EXPECT_LE(0u, client_stats.packets_lost); + } else { + EXPECT_EQ(0u, client_stats.packets_lost); + } EXPECT_TRUE(client_->client()->EarlyDataAccepted()); } +// This observer is used to check whether stream write side is closed when +// receiving STOP_SENDING (which ends up as noop). +class StopSendingObserver : public QuicConnectionDebugVisitor { + public: + explicit StopSendingObserver(QuicTestClient* client) + : num_stop_sending_frames_(0), + client_(client), + stream_write_side_closed_before_receiving_stop_sending_(false) {} + + void OnStopSendingFrame(const QuicStopSendingFrame& /*frame*/) override { + ++num_stop_sending_frames_; + stream_write_side_closed_before_receiving_stop_sending_ = + static_cast<QuicSimpleClientStream*>(client_->latest_created_stream()) + ->write_side_closed(); + } + + size_t num_stop_sending_frames() const { return num_stop_sending_frames_; } + + bool stream_write_side_closed_before_receiving_stop_sending() const { + return stream_write_side_closed_before_receiving_stop_sending_; + } + + private: + size_t num_stop_sending_frames_; + QuicTestClient* client_; + bool stream_write_side_closed_before_receiving_stop_sending_; +}; + // Test that STOP_SENDING makes it to the peer. Create a stream and send a // STOP_SENDING. The receiver should get a call to QuicStream::OnStopSending. TEST_P(EndToEndTest, SimpleStopSendingTest) { const uint16_t kStopSendingTestCode = 123; ASSERT_TRUE(Initialize()); - if (!VersionHasIetfQuicFrames(negotiated_version_.transport_version)) { + if (!VersionHasIetfQuicFrames(version_.transport_version)) { return; } QuicSession* client_session = GetClientSession(); ASSERT_NE(nullptr, client_session); + StopSendingObserver observer(client_.get()); QuicConnection* client_connection = client_session->connection(); ASSERT_NE(nullptr, client_connection); + client_connection->set_debug_visitor(&observer); std::string response_body(1305, 'a'); SpdyHeaderBlock response_headers; @@ -3960,16 +4014,9 @@ TEST_P(EndToEndTest, SimpleStopSendingTest) { client_->WaitForDelayedAcks(); QuicSession* session = GetClientSession(); - const QuicPacketCount packets_sent_before = - session->connection()->GetStats().packets_sent; QuicStreamId stream_id = session->next_outgoing_bidirectional_stream_id(); client_->SendRequest("/test_url"); - - // Expect exactly one packet is sent from the block above. - ASSERT_EQ(packets_sent_before + 1, - session->connection()->GetStats().packets_sent); - // Wait for the connection to become idle. client_->WaitForDelayedAcks(); @@ -3980,8 +4027,12 @@ TEST_P(EndToEndTest, SimpleStopSendingTest) { // Ensure the stream has been write closed upon receiving STOP_SENDING. EXPECT_EQ(stream_id, client_stream->id()); EXPECT_TRUE(client_stream->write_side_closed()); - EXPECT_EQ(kStopSendingTestCode, - static_cast<uint16_t>(client_stream->stream_error())); + client_->WaitUntil( + -1, [&observer]() { return observer.num_stop_sending_frames() > 0; }); + if (!observer.stream_write_side_closed_before_receiving_stop_sending()) { + EXPECT_EQ(kStopSendingTestCode, + static_cast<uint16_t>(client_stream->stream_error())); + } } TEST_P(EndToEndTest, SimpleStopSendingRstStreamTest) { @@ -4036,15 +4087,18 @@ class BadShloPacketWriter : public QuicPacketWriterWrapper { }; TEST_P(EndToEndTest, ZeroRttProtectedConnectionClose) { + if (version_.UsesTls() || + !VersionHasIetfInvariantHeader(version_.transport_version)) { + // TODO(b/152551499): Re-enable this test when TLS supports 0-RTT. + // Only runs for IETF QUIC header. + Initialize(); + return; + } // This test ensures ZERO_RTT_PROTECTED connection close could close a client // which has switched to forward secure. connect_to_server_on_initialize_ = - !VersionHasIetfInvariantHeader(negotiated_version_.transport_version); + !VersionHasIetfInvariantHeader(version_.transport_version); ASSERT_TRUE(Initialize()); - if (!VersionHasIetfInvariantHeader(negotiated_version_.transport_version)) { - // Only runs for IETF QUIC header. - return; - } server_thread_->Pause(); QuicDispatcher* dispatcher = QuicServerPeer::GetDispatcher(server_thread_->server()); @@ -4100,9 +4154,9 @@ TEST_P(EndToEndTest, ForwardSecureConnectionClose) { // This test ensures ZERO_RTT_PROTECTED connection close is sent to a client // which has ZERO_RTT_PROTECTED encryption level. connect_to_server_on_initialize_ = - !VersionHasIetfInvariantHeader(negotiated_version_.transport_version); + !VersionHasIetfInvariantHeader(version_.transport_version); ASSERT_TRUE(Initialize()); - if (!VersionHasIetfInvariantHeader(negotiated_version_.transport_version)) { + if (!VersionHasIetfInvariantHeader(version_.transport_version)) { // Only runs for IETF QUIC header. return; } @@ -4130,7 +4184,7 @@ TEST_P(EndToEndTest, ForwardSecureConnectionClose) { TEST_P(EndToEndTest, TooBigStreamIdClosesConnection) { // Has to be before version test, see EndToEndTest::TearDown() ASSERT_TRUE(Initialize()); - if (!VersionHasIetfQuicFrames(negotiated_version_.transport_version)) { + if (!VersionHasIetfQuicFrames(version_.transport_version)) { // Only runs for IETF QUIC. return; } @@ -4162,12 +4216,15 @@ TEST_P(EndToEndTest, TooBigStreamIdClosesConnection) { } TEST_P(EndToEndTest, TestMaxPushId) { - // Has to be before version test, see EndToEndTest::TearDown() - ASSERT_TRUE(Initialize()); - if (!VersionHasIetfQuicFrames(negotiated_version_.transport_version)) { + if (version_.UsesTls() || + !VersionHasIetfQuicFrames(version_.transport_version)) { + // TODO(b/155316241): Enable this test for TLS. // Only runs for IETF QUIC. + Initialize(); return; } + // Has to be before version test, see EndToEndTest::TearDown() + ASSERT_TRUE(Initialize()); EXPECT_TRUE(client_->client()->WaitForCryptoHandshakeConfirmed()); static_cast<QuicSpdySession*>(client_->client()->session()) @@ -4182,12 +4239,8 @@ TEST_P(EndToEndTest, TestMaxPushId) { ->CanCreatePushStreamWithId(kMaxQuicStreamId)); } -TEST_P(EndToEndTest, CustomTransportParameters) { - if (GetParam().negotiated_version.handshake_protocol != PROTOCOL_TLS1_3) { - Initialize(); - return; - } - +TEST_P(EndToEndTest, DISABLED_CustomTransportParameters) { + // TODO(b/155316241): Enable this test. constexpr auto kCustomParameter = static_cast<TransportParameters::TransportParameterId>(0xff34); client_config_.custom_transport_parameters_to_send()[kCustomParameter] = diff --git a/chromium/net/third_party/quiche/src/quic/core/http/http_constants.h b/chromium/net/third_party/quiche/src/quic/core/http/http_constants.h index fbf30696de7..17afe1bea19 100644 --- a/chromium/net/third_party/quiche/src/quic/core/http/http_constants.h +++ b/chromium/net/third_party/quiche/src/quic/core/http/http_constants.h @@ -20,6 +20,9 @@ const uint64_t kServerPushStream = 0x01; const uint64_t kQpackEncoderStream = 0x02; const uint64_t kQpackDecoderStream = 0x03; +// This includes control stream, QPACK encoder stream, and QPACK decoder stream. +const QuicStreamCount kHttp3StaticUnidirectionalStreamCount = 3; + // HTTP/3 and QPACK settings identifiers. // https://quicwg.org/base-drafts/draft-ietf-quic-http.html#settings-parameters // https://quicwg.org/base-drafts/draft-ietf-quic-qpack.html#configuration diff --git a/chromium/net/third_party/quiche/src/quic/core/http/http_decoder.cc b/chromium/net/third_party/quiche/src/quic/core/http/http_decoder.cc index 87f9919d296..d6c97ee7add 100644 --- a/chromium/net/third_party/quiche/src/quic/core/http/http_decoder.cc +++ b/chromium/net/third_party/quiche/src/quic/core/http/http_decoder.cc @@ -11,6 +11,7 @@ #include "net/third_party/quiche/src/quic/core/quic_types.h" #include "net/third_party/quiche/src/quic/platform/api/quic_bug_tracker.h" #include "net/third_party/quiche/src/quic/platform/api/quic_fallthrough.h" +#include "net/third_party/quiche/src/quic/platform/api/quic_logging.h" #include "net/third_party/quiche/src/common/platform/api/quiche_string_piece.h" namespace quic { @@ -34,6 +35,50 @@ HttpDecoder::HttpDecoder(Visitor* visitor) HttpDecoder::~HttpDecoder() {} +// static +bool HttpDecoder::DecodeSettings(const char* data, + QuicByteCount len, + SettingsFrame* frame) { + QuicDataReader reader(data, len); + uint64_t frame_type; + if (!reader.ReadVarInt62(&frame_type)) { + QUIC_DLOG(ERROR) << "Unable to read frame type."; + return false; + } + + if (frame_type != static_cast<uint64_t>(HttpFrameType::SETTINGS)) { + QUIC_DLOG(ERROR) << "Invalid frame type " << frame_type; + return false; + } + + quiche::QuicheStringPiece frame_contents; + if (!reader.ReadStringPieceVarInt62(&frame_contents)) { + QUIC_DLOG(ERROR) << "Failed to read SETTINGS frame contents"; + return false; + } + + QuicDataReader frame_reader(frame_contents); + + while (!frame_reader.IsDoneReading()) { + uint64_t id; + if (!frame_reader.ReadVarInt62(&id)) { + QUIC_DLOG(ERROR) << "Unable to read setting identifier."; + return false; + } + uint64_t content; + if (!frame_reader.ReadVarInt62(&content)) { + QUIC_DLOG(ERROR) << "Unable to read setting value."; + return false; + } + auto result = frame->values.insert({id, content}); + if (!result.second) { + QUIC_DLOG(ERROR) << "Duplicate setting identifier."; + return false; + } + } + return true; +} + QuicByteCount HttpDecoder::ProcessInput(const char* data, QuicByteCount len) { DCHECK_EQ(QUIC_NO_ERROR, error_); DCHECK_NE(STATE_ERROR, state_); diff --git a/chromium/net/third_party/quiche/src/quic/core/http/http_decoder.h b/chromium/net/third_party/quiche/src/quic/core/http/http_decoder.h index 3650bef572e..1551aa7d275 100644 --- a/chromium/net/third_party/quiche/src/quic/core/http/http_decoder.h +++ b/chromium/net/third_party/quiche/src/quic/core/http/http_decoder.h @@ -131,6 +131,13 @@ class QUIC_EXPORT_PRIVATE HttpDecoder { // occurred. QuicByteCount ProcessInput(const char* data, QuicByteCount len); + // Decode settings frame from |data|. + // Upon successful decoding, |frame| will be populated, and returns true. + // This method is not used for regular processing of incoming data. + static bool DecodeSettings(const char* data, + QuicByteCount len, + SettingsFrame* frame); + // Returns an error code other than QUIC_NO_ERROR if and only if // Visitor::OnError() has been called. QuicErrorCode error() const { return error_; } diff --git a/chromium/net/third_party/quiche/src/quic/core/http/http_decoder_test.cc b/chromium/net/third_party/quiche/src/quic/core/http/http_decoder_test.cc index 2e8885c9dd7..86a1b6932ec 100644 --- a/chromium/net/third_party/quiche/src/quic/core/http/http_decoder_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/http/http_decoder_test.cc @@ -39,42 +39,79 @@ class MockVisitor : public HttpDecoder::Visitor { ~MockVisitor() override = default; // Called if an error is detected. - MOCK_METHOD1(OnError, void(HttpDecoder* decoder)); - - MOCK_METHOD1(OnCancelPushFrame, bool(const CancelPushFrame& frame)); - MOCK_METHOD1(OnMaxPushIdFrame, bool(const MaxPushIdFrame& frame)); - MOCK_METHOD1(OnGoAwayFrame, bool(const GoAwayFrame& frame)); - MOCK_METHOD1(OnSettingsFrameStart, bool(QuicByteCount header_length)); - MOCK_METHOD1(OnSettingsFrame, bool(const SettingsFrame& frame)); - - MOCK_METHOD2(OnDataFrameStart, - bool(QuicByteCount header_length, QuicByteCount payload_length)); - MOCK_METHOD1(OnDataFramePayload, bool(quiche::QuicheStringPiece payload)); - MOCK_METHOD0(OnDataFrameEnd, bool()); - - MOCK_METHOD2(OnHeadersFrameStart, - bool(QuicByteCount header_length, QuicByteCount payload_length)); - MOCK_METHOD1(OnHeadersFramePayload, bool(quiche::QuicheStringPiece payload)); - MOCK_METHOD0(OnHeadersFrameEnd, bool()); - - MOCK_METHOD1(OnPushPromiseFrameStart, bool(QuicByteCount header_length)); - MOCK_METHOD3(OnPushPromiseFramePushId, - bool(PushId push_id, - QuicByteCount push_id_length, - QuicByteCount header_block_length)); - MOCK_METHOD1(OnPushPromiseFramePayload, - bool(quiche::QuicheStringPiece payload)); - MOCK_METHOD0(OnPushPromiseFrameEnd, bool()); - - MOCK_METHOD1(OnPriorityUpdateFrameStart, bool(QuicByteCount header_length)); - MOCK_METHOD1(OnPriorityUpdateFrame, bool(const PriorityUpdateFrame& frame)); - - MOCK_METHOD3(OnUnknownFrameStart, - bool(uint64_t frame_type, - QuicByteCount header_length, - QuicByteCount payload_length)); - MOCK_METHOD1(OnUnknownFramePayload, bool(quiche::QuicheStringPiece payload)); - MOCK_METHOD0(OnUnknownFrameEnd, bool()); + MOCK_METHOD(void, OnError, (HttpDecoder*), (override)); + + MOCK_METHOD(bool, + OnCancelPushFrame, + (const CancelPushFrame& frame), + (override)); + MOCK_METHOD(bool, + OnMaxPushIdFrame, + (const MaxPushIdFrame& frame), + (override)); + MOCK_METHOD(bool, OnGoAwayFrame, (const GoAwayFrame& frame), (override)); + MOCK_METHOD(bool, + OnSettingsFrameStart, + (QuicByteCount header_length), + (override)); + MOCK_METHOD(bool, OnSettingsFrame, (const SettingsFrame& frame), (override)); + + MOCK_METHOD(bool, + OnDataFrameStart, + (QuicByteCount header_length, QuicByteCount payload_length), + (override)); + MOCK_METHOD(bool, + OnDataFramePayload, + (quiche::QuicheStringPiece payload), + (override)); + MOCK_METHOD(bool, OnDataFrameEnd, (), (override)); + + MOCK_METHOD(bool, + OnHeadersFrameStart, + (QuicByteCount header_length, QuicByteCount payload_length), + (override)); + MOCK_METHOD(bool, + OnHeadersFramePayload, + (quiche::QuicheStringPiece payload), + (override)); + MOCK_METHOD(bool, OnHeadersFrameEnd, (), (override)); + + MOCK_METHOD(bool, + OnPushPromiseFrameStart, + (QuicByteCount header_length), + (override)); + MOCK_METHOD(bool, + OnPushPromiseFramePushId, + (PushId push_id, + QuicByteCount push_id_length, + QuicByteCount header_block_length), + (override)); + MOCK_METHOD(bool, + OnPushPromiseFramePayload, + (quiche::QuicheStringPiece payload), + (override)); + MOCK_METHOD(bool, OnPushPromiseFrameEnd, (), (override)); + + MOCK_METHOD(bool, + OnPriorityUpdateFrameStart, + (QuicByteCount header_length), + (override)); + MOCK_METHOD(bool, + OnPriorityUpdateFrame, + (const PriorityUpdateFrame& frame), + (override)); + + MOCK_METHOD(bool, + OnUnknownFrameStart, + (uint64_t frame_type, + QuicByteCount header_length, + QuicByteCount payload_length), + (override)); + MOCK_METHOD(bool, + OnUnknownFramePayload, + (quiche::QuicheStringPiece payload), + (override)); + MOCK_METHOD(bool, OnUnknownFrameEnd, (), (override)); }; class HttpDecoderTest : public QuicTest { @@ -1035,6 +1072,43 @@ TEST_F(HttpDecoderTest, CorruptPriorityUpdateFrame) { } } +TEST_F(HttpDecoderTest, DecodeSettings) { + std::string input = quiche::QuicheTextUtils::HexDecode( + "04" // type (SETTINGS) + "07" // length + "01" // identifier (SETTINGS_QPACK_MAX_TABLE_CAPACITY) + "02" // content + "06" // identifier (SETTINGS_MAX_HEADER_LIST_SIZE) + "05" // content + "4100" // identifier, encoded on 2 bytes (0x40), value is 256 (0x100) + "04"); // content + + SettingsFrame frame; + frame.values[1] = 2; + frame.values[6] = 5; + frame.values[256] = 4; + + SettingsFrame out; + EXPECT_TRUE(HttpDecoder::DecodeSettings(input.data(), input.size(), &out)); + EXPECT_EQ(frame, out); + + // non-settings frame. + input = quiche::QuicheTextUtils::HexDecode( + "0D" // type (MAX_PUSH_ID) + "01" // length + "01"); // Push Id + + EXPECT_FALSE(HttpDecoder::DecodeSettings(input.data(), input.size(), &out)); + + // Corrupt SETTINGS. + input = quiche::QuicheTextUtils::HexDecode( + "04" // type (SETTINGS) + "01" // length + "42"); // First byte of setting identifier, indicating a 2-byte varint62. + + EXPECT_FALSE(HttpDecoder::DecodeSettings(input.data(), input.size(), &out)); +} + } // namespace test } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/http/quic_client_promised_info_test.cc b/chromium/net/third_party/quiche/src/quic/core/http/quic_client_promised_info_test.cc index 27d9fe89630..a5996260d23 100644 --- a/chromium/net/third_party/quiche/src/quic/core/http/quic_client_promised_info_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/http/quic_client_promised_info_test.cc @@ -52,7 +52,7 @@ class MockQuicSpdyClientSession : public QuicSpdyClientSession { void set_authorized(bool authorized) { authorized_ = authorized; } - MOCK_METHOD1(CloseStream, void(QuicStreamId stream_id)); + MOCK_METHOD(void, CloseStream, (QuicStreamId stream_id), (override)); private: QuicCryptoClientConfig crypto_config_; @@ -227,7 +227,9 @@ TEST_F(QuicClientPromisedInfoTest, PushPromiseMismatch) { EXPECT_CALL(*connection_, SendControlFrame(_)); EXPECT_CALL(*connection_, OnStreamReset(promise_id_, QUIC_PROMISE_VARY_MISMATCH)); - EXPECT_CALL(session_, CloseStream(promise_id_)); + if (!session_.break_close_loop()) { + EXPECT_CALL(session_, CloseStream(promise_id_)); + } promised->HandleClientRequest(client_request_, &delegate); } @@ -303,7 +305,9 @@ TEST_F(QuicClientPromisedInfoTest, PushPromiseWaitCancels) { session_.GetOrCreateStream(promise_id_); // Cancel the promised stream. - EXPECT_CALL(session_, CloseStream(promise_id_)); + if (!session_.break_close_loop()) { + EXPECT_CALL(session_, CloseStream(promise_id_)); + } EXPECT_CALL(*connection_, SendControlFrame(_)); EXPECT_CALL(*connection_, OnStreamReset(promise_id_, QUIC_STREAM_CANCELLED)); promised->Cancel(); @@ -327,11 +331,17 @@ TEST_F(QuicClientPromisedInfoTest, PushPromiseDataClosed) { promise_stream->OnStreamHeaderList(false, headers.uncompressed_header_bytes(), headers); - EXPECT_CALL(session_, CloseStream(promise_id_)); + if (!session_.break_close_loop()) { + EXPECT_CALL(session_, CloseStream(promise_id_)); + } EXPECT_CALL(*connection_, SendControlFrame(_)); EXPECT_CALL(*connection_, OnStreamReset(promise_id_, QUIC_STREAM_PEER_GOING_AWAY)); - session_.SendRstStream(promise_id_, QUIC_STREAM_PEER_GOING_AWAY, 0); + if (session_.break_close_loop()) { + session_.ResetStream(promise_id_, QUIC_STREAM_PEER_GOING_AWAY, 0); + } else { + session_.SendRstStream(promise_id_, QUIC_STREAM_PEER_GOING_AWAY, 0); + } // Now initiate rendezvous. TestPushPromiseDelegate delegate(/*match=*/true); diff --git a/chromium/net/third_party/quiche/src/quic/core/http/quic_client_push_promise_index_test.cc b/chromium/net/third_party/quiche/src/quic/core/http/quic_client_push_promise_index_test.cc index 3ca377eb729..0fc903a7283 100644 --- a/chromium/net/third_party/quiche/src/quic/core/http/quic_client_push_promise_index_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/http/quic_client_push_promise_index_test.cc @@ -40,7 +40,7 @@ class MockQuicSpdyClientSession : public QuicSpdyClientSession { delete; ~MockQuicSpdyClientSession() override {} - MOCK_METHOD1(CloseStream, void(QuicStreamId stream_id)); + MOCK_METHOD(void, CloseStream, (QuicStreamId stream_id), (override)); private: QuicCryptoClientConfig crypto_config_; diff --git a/chromium/net/third_party/quiche/src/quic/core/http/quic_header_list.cc b/chromium/net/third_party/quiche/src/quic/core/http/quic_header_list.cc index cbf60ceb252..cbfc2e9f73b 100644 --- a/chromium/net/third_party/quiche/src/quic/core/http/quic_header_list.cc +++ b/chromium/net/third_party/quiche/src/quic/core/http/quic_header_list.cc @@ -7,10 +7,10 @@ #include <limits> #include <string> +#include "net/third_party/quiche/src/quic/core/qpack/qpack_header_table.h" #include "net/third_party/quiche/src/quic/core/quic_packets.h" #include "net/third_party/quiche/src/quic/platform/api/quic_flags.h" #include "net/third_party/quiche/src/common/platform/api/quiche_string_piece.h" -#include "net/third_party/quiche/src/spdy/core/spdy_protocol.h" namespace quic { @@ -43,7 +43,7 @@ void QuicHeaderList::OnHeader(quiche::QuicheStringPiece name, if (current_header_list_size_ < max_header_list_size_) { current_header_list_size_ += name.size(); current_header_list_size_ += value.size(); - current_header_list_size_ += spdy::kPerHeaderOverhead; + current_header_list_size_ += QpackEntry::kSizeOverhead; header_list_.emplace_back(std::string(name), std::string(value)); } } diff --git a/chromium/net/third_party/quiche/src/quic/core/http/quic_headers_stream_test.cc b/chromium/net/third_party/quiche/src/quic/core/http/quic_headers_stream_test.cc index 9395a708225..d9e1c8e8107 100644 --- a/chromium/net/third_party/quiche/src/quic/core/http/quic_headers_stream_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/http/quic_headers_stream_test.cc @@ -78,66 +78,90 @@ class MockQuicHpackDebugVisitor : public QuicHpackDebugVisitor { MockQuicHpackDebugVisitor& operator=(const MockQuicHpackDebugVisitor&) = delete; - MOCK_METHOD1(OnUseEntry, void(QuicTime::Delta elapsed)); + MOCK_METHOD(void, OnUseEntry, (QuicTime::Delta elapsed), (override)); }; namespace { class MockVisitor : public SpdyFramerVisitorInterface { public: - MOCK_METHOD1(OnError, - void(http2::Http2DecoderAdapter::SpdyFramerError error)); - MOCK_METHOD3(OnDataFrameHeader, - void(SpdyStreamId stream_id, size_t length, bool fin)); - MOCK_METHOD3(OnStreamFrameData, - void(SpdyStreamId stream_id, const char* data, size_t len)); - MOCK_METHOD1(OnStreamEnd, void(SpdyStreamId stream_id)); - MOCK_METHOD2(OnStreamPadding, void(SpdyStreamId stream_id, size_t len)); - MOCK_METHOD1(OnHeaderFrameStart, - SpdyHeadersHandlerInterface*(SpdyStreamId stream_id)); - MOCK_METHOD1(OnHeaderFrameEnd, void(SpdyStreamId stream_id)); - MOCK_METHOD3(OnControlFrameHeaderData, - bool(SpdyStreamId stream_id, - const char* header_data, - size_t len)); - MOCK_METHOD2(OnRstStream, - void(SpdyStreamId stream_id, SpdyErrorCode error_code)); - MOCK_METHOD0(OnSettings, void()); - MOCK_METHOD2(OnSetting, void(SpdySettingsId id, uint32_t value)); - MOCK_METHOD0(OnSettingsAck, void()); - MOCK_METHOD0(OnSettingsEnd, void()); - MOCK_METHOD2(OnPing, void(SpdyPingId unique_id, bool is_ack)); - MOCK_METHOD2(OnGoAway, - void(SpdyStreamId last_accepted_stream_id, - SpdyErrorCode error_code)); - MOCK_METHOD7(OnHeaders, - void(SpdyStreamId stream_id, - bool has_priority, - int weight, - SpdyStreamId parent_stream_id, - bool exclusive, - bool fin, - bool end)); - MOCK_METHOD2(OnWindowUpdate, - void(SpdyStreamId stream_id, int delta_window_size)); - MOCK_METHOD1(OnBlocked, void(SpdyStreamId stream_id)); - MOCK_METHOD3(OnPushPromise, - void(SpdyStreamId stream_id, - SpdyStreamId promised_stream_id, - bool end)); - MOCK_METHOD2(OnContinuation, void(SpdyStreamId stream_id, bool end)); - MOCK_METHOD3(OnAltSvc, - void(SpdyStreamId stream_id, - quiche::QuicheStringPiece origin, - const SpdyAltSvcWireFormat::AlternativeServiceVector& - altsvc_vector)); - MOCK_METHOD4(OnPriority, - void(SpdyStreamId stream_id, - SpdyStreamId parent_stream_id, - int weight, - bool exclusive)); - MOCK_METHOD2(OnUnknownFrame, - bool(SpdyStreamId stream_id, uint8_t frame_type)); + MOCK_METHOD(void, + OnError, + (http2::Http2DecoderAdapter::SpdyFramerError error), + (override)); + MOCK_METHOD(void, + OnDataFrameHeader, + (SpdyStreamId stream_id, size_t length, bool fin), + (override)); + MOCK_METHOD(void, + OnStreamFrameData, + (SpdyStreamId stream_id, const char*, size_t len), + (override)); + MOCK_METHOD(void, OnStreamEnd, (SpdyStreamId stream_id), (override)); + MOCK_METHOD(void, + OnStreamPadding, + (SpdyStreamId stream_id, size_t len), + (override)); + MOCK_METHOD(SpdyHeadersHandlerInterface*, + OnHeaderFrameStart, + (SpdyStreamId stream_id), + (override)); + MOCK_METHOD(void, OnHeaderFrameEnd, (SpdyStreamId stream_id), (override)); + MOCK_METHOD(void, + OnRstStream, + (SpdyStreamId stream_id, SpdyErrorCode error_code), + (override)); + MOCK_METHOD(void, OnSettings, (), (override)); + MOCK_METHOD(void, OnSetting, (SpdySettingsId id, uint32_t value), (override)); + MOCK_METHOD(void, OnSettingsAck, (), (override)); + MOCK_METHOD(void, OnSettingsEnd, (), (override)); + MOCK_METHOD(void, OnPing, (SpdyPingId unique_id, bool is_ack), (override)); + MOCK_METHOD(void, + OnGoAway, + (SpdyStreamId last_accepted_stream_id, SpdyErrorCode error_code), + (override)); + MOCK_METHOD(void, + OnHeaders, + (SpdyStreamId stream_id, + bool has_priority, + int weight, + SpdyStreamId parent_stream_id, + bool exclusive, + bool fin, + bool end), + (override)); + MOCK_METHOD(void, + OnWindowUpdate, + (SpdyStreamId stream_id, int delta_window_size), + (override)); + MOCK_METHOD(void, + OnPushPromise, + (SpdyStreamId stream_id, + SpdyStreamId promised_stream_id, + bool end), + (override)); + MOCK_METHOD(void, + OnContinuation, + (SpdyStreamId stream_id, bool end), + (override)); + MOCK_METHOD( + void, + OnAltSvc, + (SpdyStreamId stream_id, + quiche::QuicheStringPiece origin, + const SpdyAltSvcWireFormat::AlternativeServiceVector& altsvc_vector), + (override)); + MOCK_METHOD(void, + OnPriority, + (SpdyStreamId stream_id, + SpdyStreamId parent_stream_id, + int weight, + bool exclusive), + (override)); + MOCK_METHOD(bool, + OnUnknownFrame, + (SpdyStreamId stream_id, uint8_t frame_type), + (override)); }; struct TestParams { @@ -350,8 +374,8 @@ class QuicHeadersStreamTest : public QuicTestWithParam<TestParams> { return next_promised_stream_id_ += next_stream_id_; } - static const bool kFrameComplete = true; - static const bool kHasPriority = true; + static constexpr bool kFrameComplete = true; + static constexpr bool kHasPriority = true; MockQuicConnectionHelper helper_; MockAlarmFactory alarm_factory_; diff --git a/chromium/net/third_party/quiche/src/quic/core/http/quic_receive_control_stream.cc b/chromium/net/third_party/quiche/src/quic/core/http/quic_receive_control_stream.cc index 17c6ecc55cc..d24e3ddaa88 100644 --- a/chromium/net/third_party/quiche/src/quic/core/http/quic_receive_control_stream.cc +++ b/chromium/net/third_party/quiche/src/quic/core/http/quic_receive_control_stream.cc @@ -91,10 +91,7 @@ bool QuicReceiveControlStream::OnMaxPushIdFrame(const MaxPushIdFrame& frame) { return false; } - // TODO(b/124216424): Signal error if received push ID is smaller than a - // previously received value. - spdy_session()->OnMaxPushIdFrame(frame.push_id); - return true; + return spdy_session()->OnMaxPushIdFrame(frame.push_id); } bool QuicReceiveControlStream::OnGoAwayFrame(const GoAwayFrame& frame) { @@ -134,12 +131,7 @@ bool QuicReceiveControlStream::OnSettingsFrameStart( bool QuicReceiveControlStream::OnSettingsFrame(const SettingsFrame& frame) { QUIC_DVLOG(1) << "Control Stream " << id() << " received settings frame: " << frame; - if (spdy_session_->debug_visitor() != nullptr) { - spdy_session_->debug_visitor()->OnSettingsFrameReceived(frame); - } - for (const auto& setting : frame.values) { - spdy_session_->OnSetting(setting.first, setting.second); - } + spdy_session_->OnSettingsFrame(frame); return true; } diff --git a/chromium/net/third_party/quiche/src/quic/core/http/quic_server_session_base.cc b/chromium/net/third_party/quiche/src/quic/core/http/quic_server_session_base.cc index 759c5a55a89..27db719fccd 100644 --- a/chromium/net/third_party/quiche/src/quic/core/http/quic_server_session_base.cc +++ b/chromium/net/third_party/quiche/src/quic/core/http/quic_server_session_base.cc @@ -201,15 +201,10 @@ bool QuicServerSessionBase::ShouldCreateIncomingStream(QuicStreamId id) { return false; } - if (GetQuicReloadableFlag(quic_create_incoming_stream_bug)) { - if (QuicUtils::IsServerInitiatedStreamId(transport_version(), id)) { - QUIC_RELOADABLE_FLAG_COUNT_N(quic_create_incoming_stream_bug, 1, 2); - QUIC_BUG << "ShouldCreateIncomingStream called with server initiated " - "stream ID."; - return false; - } else { - QUIC_RELOADABLE_FLAG_COUNT_N(quic_create_incoming_stream_bug, 2, 2); - } + if (QuicUtils::IsServerInitiatedStreamId(transport_version(), id)) { + QUIC_BUG << "ShouldCreateIncomingStream called with server initiated " + "stream ID."; + return false; } if (QuicUtils::IsServerInitiatedStreamId(transport_version(), id)) { diff --git a/chromium/net/third_party/quiche/src/quic/core/http/quic_server_session_base_test.cc b/chromium/net/third_party/quiche/src/quic/core/http/quic_server_session_base_test.cc index 98cdf4927fc..c482856b61b 100644 --- a/chromium/net/third_party/quiche/src/quic/core/http/quic_server_session_base_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/http/quic_server_session_base_test.cc @@ -236,7 +236,7 @@ TEST_P(QuicServerSessionBaseTest, CloseStreamDueToReset) { QuicStreamFrame data1(GetNthClientInitiatedBidirectionalId(0), false, 0, quiche::QuicheStringPiece("HT")); session_->OnStreamFrame(data1); - EXPECT_EQ(1u, session_->GetNumOpenIncomingStreams()); + EXPECT_EQ(1u, QuicSessionPeer::GetNumOpenDynamicStreams(session_.get())); // Send a reset (and expect the peer to send a RST in response). QuicRstStreamFrame rst1(kInvalidControlFrameId, @@ -258,13 +258,12 @@ TEST_P(QuicServerSessionBaseTest, CloseStreamDueToReset) { InjectStopSendingFrame(GetNthClientInitiatedBidirectionalId(0), QUIC_ERROR_PROCESSING_STREAM); - EXPECT_EQ(0u, session_->GetNumOpenIncomingStreams()); - + EXPECT_EQ(0u, QuicSessionPeer::GetNumOpenDynamicStreams(session_.get())); // Send the same two bytes of payload in a new packet. session_->OnStreamFrame(data1); // The stream should not be re-opened. - EXPECT_EQ(0u, session_->GetNumOpenIncomingStreams()); + EXPECT_EQ(0u, QuicSessionPeer::GetNumOpenDynamicStreams(session_.get())); EXPECT_TRUE(connection_->connected()); } @@ -289,15 +288,14 @@ TEST_P(QuicServerSessionBaseTest, NeverOpenStreamDueToReset) { InjectStopSendingFrame(GetNthClientInitiatedBidirectionalId(0), QUIC_ERROR_PROCESSING_STREAM); - EXPECT_EQ(0u, session_->GetNumOpenIncomingStreams()); - + EXPECT_EQ(0u, QuicSessionPeer::GetNumOpenDynamicStreams(session_.get())); // Send two bytes of payload. QuicStreamFrame data1(GetNthClientInitiatedBidirectionalId(0), false, 0, quiche::QuicheStringPiece("HT")); session_->OnStreamFrame(data1); // The stream should never be opened, now that the reset is received. - EXPECT_EQ(0u, session_->GetNumOpenIncomingStreams()); + EXPECT_EQ(0u, QuicSessionPeer::GetNumOpenDynamicStreams(session_.get())); EXPECT_TRUE(connection_->connected()); } @@ -309,7 +307,7 @@ TEST_P(QuicServerSessionBaseTest, AcceptClosedStream) { quiche::QuicheStringPiece("\2\0\0\0\0\0\0\0HT")); session_->OnStreamFrame(frame1); session_->OnStreamFrame(frame2); - EXPECT_EQ(2u, session_->GetNumOpenIncomingStreams()); + EXPECT_EQ(2u, QuicSessionPeer::GetNumOpenDynamicStreams(session_.get())); // Send a reset (and expect the peer to send a RST in response). QuicRstStreamFrame rst(kInvalidControlFrameId, @@ -341,7 +339,7 @@ TEST_P(QuicServerSessionBaseTest, AcceptClosedStream) { session_->OnStreamFrame(frame3); session_->OnStreamFrame(frame4); // The stream should never be opened, now that the reset is received. - EXPECT_EQ(1u, session_->GetNumOpenIncomingStreams()); + EXPECT_EQ(1u, QuicSessionPeer::GetNumOpenDynamicStreams(session_.get())); EXPECT_TRUE(connection_->connected()); } @@ -361,7 +359,7 @@ TEST_P(QuicServerSessionBaseTest, MaxOpenStreams) { EXPECT_EQ(kMaxStreamsForTest + kMaxStreamsMinimumIncrement, session_->max_open_incoming_bidirectional_streams()); } - EXPECT_EQ(0u, session_->GetNumOpenIncomingStreams()); + EXPECT_EQ(0u, QuicSessionPeer::GetNumOpenDynamicStreams(session_.get())); QuicStreamId stream_id = GetNthClientInitiatedBidirectionalId(0); // Open the max configured number of streams, should be no problem. for (size_t i = 0; i < kMaxStreamsForTest; ++i) { @@ -407,7 +405,7 @@ TEST_P(QuicServerSessionBaseTest, MaxAvailableBidirectionalStreams) { const size_t kAvailableStreamLimit = session_->MaxAvailableBidirectionalStreams(); - EXPECT_EQ(0u, session_->GetNumOpenIncomingStreams()); + EXPECT_EQ(0u, QuicSessionPeer::GetNumOpenDynamicStreams(session_.get())); EXPECT_TRUE(QuicServerSessionBasePeer::GetOrCreateStream( session_.get(), GetNthClientInitiatedBidirectionalId(0))); @@ -477,22 +475,25 @@ class MockQuicCryptoServerStream : public QuicCryptoServerStream { delete; ~MockQuicCryptoServerStream() override {} - MOCK_METHOD1(SendServerConfigUpdate, - void(const CachedNetworkParameters* cached_network_parameters)); + MOCK_METHOD(void, + SendServerConfigUpdate, + (const CachedNetworkParameters*), + (override)); }; class MockTlsServerHandshaker : public TlsServerHandshaker { public: explicit MockTlsServerHandshaker(QuicServerSessionBase* session, - SSL_CTX* ssl_ctx, - ProofSource* proof_source) - : TlsServerHandshaker(session, ssl_ctx, proof_source) {} + const QuicCryptoServerConfig& crypto_config) + : TlsServerHandshaker(session, crypto_config) {} MockTlsServerHandshaker(const MockTlsServerHandshaker&) = delete; MockTlsServerHandshaker& operator=(const MockTlsServerHandshaker&) = delete; ~MockTlsServerHandshaker() override {} - MOCK_METHOD1(SendServerConfigUpdate, - void(const CachedNetworkParameters* cached_network_parameters)); + MOCK_METHOD(void, + SendServerConfigUpdate, + (const CachedNetworkParameters*), + (override)); }; TEST_P(QuicServerSessionBaseTest, BandwidthEstimates) { @@ -532,8 +533,7 @@ TEST_P(QuicServerSessionBaseTest, BandwidthEstimates) { quic_crypto_stream); } else { tls_server_stream = - new MockTlsServerHandshaker(session_.get(), crypto_config_.ssl_ctx(), - crypto_config_.proof_source()); + new MockTlsServerHandshaker(session_.get(), crypto_config_); QuicServerSessionBasePeer::SetCryptoStream(session_.get(), tls_server_stream); } diff --git a/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_client_session.cc b/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_client_session.cc index 07b9c7aac84..6127e1b682e 100644 --- a/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_client_session.cc +++ b/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_client_session.cc @@ -136,15 +136,10 @@ bool QuicSpdyClientSession::ShouldCreateIncomingStream(QuicStreamId id) { return false; } - if (GetQuicReloadableFlag(quic_create_incoming_stream_bug)) { - if (QuicUtils::IsClientInitiatedStreamId(transport_version(), id)) { - QUIC_RELOADABLE_FLAG_COUNT_N(quic_create_incoming_stream_bug, 1, 2); - QUIC_BUG << "ShouldCreateIncomingStream called with client initiated " - "stream ID."; - return false; - } else { - QUIC_RELOADABLE_FLAG_COUNT_N(quic_create_incoming_stream_bug, 2, 2); - } + if (QuicUtils::IsClientInitiatedStreamId(transport_version(), id)) { + QUIC_BUG << "ShouldCreateIncomingStream called with client initiated " + "stream ID."; + return false; } if (QuicUtils::IsClientInitiatedStreamId(transport_version(), id)) { @@ -191,7 +186,7 @@ QuicSpdyClientSession::CreateQuicCryptoStream() { return std::make_unique<QuicCryptoClientStream>( server_id_, this, crypto_config_->proof_verifier()->CreateDefaultContext(), crypto_config_, - this); + this, /*has_application_state = */ true); } bool QuicSpdyClientSession::IsAuthorized(const std::string& /*authority*/) { diff --git a/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_client_session_base.cc b/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_client_session_base.cc index b8dae4903b2..63de57c31bc 100644 --- a/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_client_session_base.cc +++ b/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_client_session_base.cc @@ -105,6 +105,8 @@ void QuicSpdyClientSessionBase::OnPromiseHeaderList( bool QuicSpdyClientSessionBase::HandlePromised(QuicStreamId /* associated_id */, QuicStreamId promised_id, const SpdyHeaderBlock& headers) { + // TODO(b/136295430): Do not treat |promised_id| as a stream ID when using + // IETF QUIC. // Due to pathalogical packet re-ordering, it is possible that // frames for the promised stream have already arrived, and the // promised stream could be active or closed. @@ -202,7 +204,11 @@ void QuicSpdyClientSessionBase::ResetPromised( QuicStreamId id, QuicRstStreamErrorCode error_code) { DCHECK(QuicUtils::IsServerInitiatedStreamId(transport_version(), id)); - SendRstStream(id, error_code, 0); + if (break_close_loop()) { + ResetStream(id, error_code, 0); + } else { + SendRstStream(id, error_code, 0); + } if (!IsOpenStream(id) && !IsClosedStream(id)) { MaybeIncreaseLargestPeerStreamId(id); } @@ -216,8 +222,27 @@ void QuicSpdyClientSessionBase::CloseStreamInner(QuicStreamId stream_id, } } +void QuicSpdyClientSessionBase::OnStreamClosed(QuicStreamId stream_id) { + DCHECK(break_close_loop()); + QuicSpdySession::OnStreamClosed(stream_id); + if (!VersionUsesHttp3(transport_version())) { + headers_stream()->MaybeReleaseSequencerBuffer(); + } +} + bool QuicSpdyClientSessionBase::ShouldReleaseHeadersStreamSequencerBuffer() { return !HasActiveRequestStreams() && promised_by_id_.empty(); } +void QuicSpdyClientSessionBase::OnSettingsFrame(const SettingsFrame& frame) { + QuicSpdySession::OnSettingsFrame(frame); + std::unique_ptr<char[]> buffer; + QuicByteCount frame_length = + HttpEncoder::SerializeSettingsFrame(frame, &buffer); + auto serialized_data = std::make_unique<ApplicationState>( + buffer.get(), buffer.get() + frame_length); + static_cast<QuicCryptoClientStreamBase*>(GetMutableCryptoStream()) + ->OnApplicationState(std::move(serialized_data)); +} + } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_client_session_base.h b/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_client_session_base.h index 7d4ba01141a..a109d185a46 100644 --- a/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_client_session_base.h +++ b/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_client_session_base.h @@ -24,8 +24,7 @@ class QuicSpdyClientStream; // to authority constraints). Clients should use this map to enforce // session affinity for requests corresponding to cross-origin push // promised streams. -using QuicPromisedByUrlMap = - QuicUnorderedMap<std::string, QuicClientPromisedInfo*>; +using QuicPromisedByUrlMap = QuicHashMap<std::string, QuicClientPromisedInfo*>; // The maximum time a promises stream can be reserved without being // claimed by a client request. @@ -105,6 +104,9 @@ class QUIC_EXPORT_PRIVATE QuicSpdyClientSessionBase // Release headers stream's sequencer buffer if it's empty. void CloseStreamInner(QuicStreamId stream_id, bool rst_sent) override; + // Release headers stream's sequencer buffer if it's empty. + void OnStreamClosed(QuicStreamId stream_id) override; + // Returns true if there are no active requests and no promised streams. bool ShouldReleaseHeadersStreamSequencerBuffer() override; @@ -117,11 +119,14 @@ class QUIC_EXPORT_PRIVATE QuicSpdyClientSessionBase return push_promise_index_; } + // Override to serialize the settings and pass it down to the handshaker. + void OnSettingsFrame(const SettingsFrame& frame) override; + private: // For QuicSpdyClientStream to detect that a response corresponds to a // promise. using QuicPromisedByIdMap = - QuicUnorderedMap<QuicStreamId, std::unique_ptr<QuicClientPromisedInfo>>; + QuicHashMap<QuicStreamId, std::unique_ptr<QuicClientPromisedInfo>>; // As per rfc7540, section 10.5: track promise streams in "reserved // (remote)". The primary key is URL from the promise request diff --git a/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_client_session_test.cc b/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_client_session_test.cc index da05a15f6d6..7d4ae810115 100644 --- a/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_client_session_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_client_session_test.cc @@ -11,9 +11,14 @@ #include "net/third_party/quiche/src/quic/core/crypto/null_decrypter.h" #include "net/third_party/quiche/src/quic/core/crypto/null_encrypter.h" +#include "net/third_party/quiche/src/quic/core/http/http_constants.h" +#include "net/third_party/quiche/src/quic/core/http/http_frames.h" #include "net/third_party/quiche/src/quic/core/http/quic_spdy_client_stream.h" #include "net/third_party/quiche/src/quic/core/http/spdy_server_push_utils.h" +#include "net/third_party/quiche/src/quic/core/quic_constants.h" #include "net/third_party/quiche/src/quic/core/quic_utils.h" +#include "net/third_party/quiche/src/quic/core/quic_versions.h" +#include "net/third_party/quiche/src/quic/core/tls_client_handshaker.h" #include "net/third_party/quiche/src/quic/platform/api/quic_expect_bug.h" #include "net/third_party/quiche/src/quic/platform/api/quic_ptr_util.h" #include "net/third_party/quiche/src/quic/platform/api/quic_socket_address.h" @@ -27,6 +32,7 @@ #include "net/third_party/quiche/src/quic/test_tools/quic_session_peer.h" #include "net/third_party/quiche/src/quic/test_tools/quic_spdy_session_peer.h" #include "net/third_party/quiche/src/quic/test_tools/quic_test_utils.h" +#include "net/third_party/quiche/src/quic/test_tools/simple_session_cache.h" #include "net/third_party/quiche/src/common/platform/api/quiche_arraysize.h" #include "net/third_party/quiche/src/common/platform/api/quiche_str_cat.h" #include "net/third_party/quiche/src/common/platform/api/quiche_string_piece.h" @@ -81,11 +87,14 @@ class TestQuicSpdyClientSession : public QuicSpdyClientSession { class QuicSpdyClientSessionTest : public QuicTestWithParam<ParsedQuicVersion> { protected: QuicSpdyClientSessionTest() - : crypto_config_(crypto_test_utils::ProofVerifierForTesting()), - promised_stream_id_( + : promised_stream_id_( QuicUtils::GetInvalidStreamId(GetParam().transport_version)), associated_stream_id_( QuicUtils::GetInvalidStreamId(GetParam().transport_version)) { + auto client_cache = std::make_unique<test::SimpleSessionCache>(); + client_session_cache_ = client_cache.get(); + crypto_config_ = std::make_unique<QuicCryptoClientConfig>( + crypto_test_utils::ProofVerifierForTesting(), std::move(client_cache)); Initialize(); // Advance the time, because timers do not like uninitialized times. connection_->AdvanceTime(QuicTime::Delta::FromSeconds(1)); @@ -103,7 +112,7 @@ class QuicSpdyClientSessionTest : public QuicTestWithParam<ParsedQuicVersion> { SupportedVersions(GetParam())); session_ = std::make_unique<TestQuicSpdyClientSession>( DefaultQuicConfig(), SupportedVersions(GetParam()), connection_, - QuicServerId(kServerHostname, kPort, false), &crypto_config_, + QuicServerId(kServerHostname, kPort, false), crypto_config_.get(), &push_promise_index_); session_->Initialize(); push_promise_[":path"] = "/bar"; @@ -157,13 +166,13 @@ class QuicSpdyClientSessionTest : public QuicTestWithParam<ParsedQuicVersion> { session_->GetMutableCryptoStream()); QuicConfig config = DefaultQuicConfig(); if (VersionHasIetfQuicFrames(connection_->transport_version())) { - config.SetMaxUnidirectionalStreamsToSend( - server_max_incoming_streams + - session_->num_expected_unidirectional_static_streams()); + config.SetMaxUnidirectionalStreamsToSend(server_max_incoming_streams); config.SetMaxBidirectionalStreamsToSend(server_max_incoming_streams); } else { config.SetMaxBidirectionalStreamsToSend(server_max_incoming_streams); } + SetQuicReloadableFlag(quic_enable_tls_resumption, true); + SetQuicReloadableFlag(quic_enable_zero_rtt_for_tls, true); std::unique_ptr<QuicCryptoServerConfig> crypto_config = crypto_test_utils::CryptoServerConfigForTesting(); crypto_test_utils::HandshakeWithFakeServer( @@ -171,7 +180,20 @@ class QuicSpdyClientSessionTest : public QuicTestWithParam<ParsedQuicVersion> { stream, AlpnForVersion(connection_->version())); } - QuicCryptoClientConfig crypto_config_; + void CreateConnection() { + connection_ = new PacketSavingConnection(&helper_, &alarm_factory_, + Perspective::IS_CLIENT, + SupportedVersions(GetParam())); + // Advance the time, because timers do not like uninitialized times. + connection_->AdvanceTime(QuicTime::Delta::FromSeconds(1)); + session_ = std::make_unique<TestQuicSpdyClientSession>( + DefaultQuicConfig(), SupportedVersions(GetParam()), connection_, + QuicServerId(kServerHostname, kPort, false), crypto_config_.get(), + &push_promise_index_); + session_->Initialize(); + } + + std::unique_ptr<QuicCryptoClientConfig> crypto_config_; MockQuicConnectionHelper helper_; MockAlarmFactory alarm_factory_; PacketSavingConnection* connection_; @@ -181,6 +203,7 @@ class QuicSpdyClientSessionTest : public QuicTestWithParam<ParsedQuicVersion> { std::string promise_url_; QuicStreamId promised_stream_id_; QuicStreamId associated_stream_id_; + test::SimpleSessionCache* client_session_cache_; }; INSTANTIATE_TEST_SUITE_P(Tests, @@ -239,13 +262,6 @@ TEST_P(QuicSpdyClientSessionTest, NoEncryptionAfterInitialEncryption) { } TEST_P(QuicSpdyClientSessionTest, MaxNumStreamsWithNoFinOrRst) { - if (GetParam().handshake_protocol == PROTOCOL_TLS1_3) { - // This test relies on the MIDS transport parameter, which is not yet - // supported in TLS 1.3. - // TODO(nharper): Add support for Transport Parameters in the TLS handshake. - return; - } - uint32_t kServerMaxIncomingStreams = 1; CompleteCryptoHandshake(kServerMaxIncomingStreams); @@ -256,26 +272,13 @@ TEST_P(QuicSpdyClientSessionTest, MaxNumStreamsWithNoFinOrRst) { // Close the stream, but without having received a FIN or a RST_STREAM // or MAX_STREAMS (V99) and check that a new one can not be created. session_->CloseStream(stream->id()); - EXPECT_EQ(1u, session_->GetNumOpenOutgoingStreams()); + EXPECT_EQ(1u, QuicSessionPeer::GetNumOpenDynamicStreams(session_.get())); stream = session_->CreateOutgoingBidirectionalStream(); EXPECT_FALSE(stream); - - if (VersionHasIetfQuicFrames(GetParam().transport_version)) { - EXPECT_EQ(1u, - QuicSessionPeer::v99_bidirectional_stream_id_manager(&*session_) - ->outgoing_stream_count()); - } } TEST_P(QuicSpdyClientSessionTest, MaxNumStreamsWithRst) { - if (GetParam().handshake_protocol == PROTOCOL_TLS1_3) { - // This test relies on the MIDS transport parameter, which is not yet - // supported in TLS 1.3. - // TODO(nharper): Add support for Transport Parameters in the TLS handshake. - return; - } - uint32_t kServerMaxIncomingStreams = 1; CompleteCryptoHandshake(kServerMaxIncomingStreams); @@ -288,7 +291,7 @@ TEST_P(QuicSpdyClientSessionTest, MaxNumStreamsWithRst) { session_->OnRstStream(QuicRstStreamFrame(kInvalidControlFrameId, stream->id(), QUIC_RST_ACKNOWLEDGEMENT, 0)); // Check that a new one can be created. - EXPECT_EQ(0u, session_->GetNumOpenOutgoingStreams()); + EXPECT_EQ(0u, QuicSessionPeer::GetNumOpenDynamicStreams(session_.get())); if (VersionHasIetfQuicFrames(GetParam().transport_version)) { // In V99 the stream limit increases only if we get a MAX_STREAMS // frame; pretend we got one. @@ -309,12 +312,6 @@ TEST_P(QuicSpdyClientSessionTest, MaxNumStreamsWithRst) { } TEST_P(QuicSpdyClientSessionTest, ResetAndTrailers) { - if (GetParam().handshake_protocol == PROTOCOL_TLS1_3) { - // This test relies on the MIDS transport parameter, which is not yet - // supported in TLS 1.3. - // TODO(nharper): Add support for Transport Parameters in the TLS handshake. - return; - } // Tests the situation in which the client sends a RST at the same time that // the server sends trailing headers (trailers). Receipt of the trailers by // the client should result in all outstanding stream state being tidied up @@ -346,11 +343,15 @@ TEST_P(QuicSpdyClientSessionTest, ResetAndTrailers) { .Times(AtLeast(1)) .WillRepeatedly(Invoke(&ClearControlFrame)); EXPECT_CALL(*connection_, OnStreamReset(_, _)).Times(1); - session_->SendRstStream(stream_id, QUIC_STREAM_PEER_GOING_AWAY, 0); + if (session_->break_close_loop()) { + session_->ResetStream(stream_id, QUIC_STREAM_PEER_GOING_AWAY, 0); + } else { + session_->SendRstStream(stream_id, QUIC_STREAM_PEER_GOING_AWAY, 0); + } // A new stream cannot be created as the reset stream still counts as an open // outgoing stream until closed by the server. - EXPECT_EQ(1u, session_->GetNumOpenOutgoingStreams()); + EXPECT_EQ(1u, QuicSessionPeer::GetNumOpenDynamicStreams(session_.get())); stream = session_->CreateOutgoingBidirectionalStream(); EXPECT_EQ(nullptr, stream); @@ -365,7 +366,7 @@ TEST_P(QuicSpdyClientSessionTest, ResetAndTrailers) { // The stream is now complete from the client's perspective, and it should // be able to create a new outgoing stream. - EXPECT_EQ(0u, session_->GetNumOpenOutgoingStreams()); + EXPECT_EQ(0u, QuicSessionPeer::GetNumOpenDynamicStreams(session_.get())); if (VersionHasIetfQuicFrames(GetParam().transport_version)) { QuicMaxStreamsFrame frame(0, 2, /*unidirectional=*/false); @@ -398,7 +399,11 @@ TEST_P(QuicSpdyClientSessionTest, ReceivedMalformedTrailersAfterSendingRst) { .Times(AtLeast(1)) .WillRepeatedly(Invoke(&ClearControlFrame)); EXPECT_CALL(*connection_, OnStreamReset(_, _)).Times(1); - session_->SendRstStream(stream_id, QUIC_STREAM_PEER_GOING_AWAY, 0); + if (session_->break_close_loop()) { + session_->ResetStream(stream_id, QUIC_STREAM_PEER_GOING_AWAY, 0); + } else { + session_->SendRstStream(stream_id, QUIC_STREAM_PEER_GOING_AWAY, 0); + } // The stream receives trailers with final byte offset, but the header value // is non-numeric and should be treated as malformed. @@ -534,11 +539,6 @@ TEST_P(QuicSpdyClientSessionTest, InvalidPacketReceived) { // A packet with invalid framing should cause a connection to be closed. TEST_P(QuicSpdyClientSessionTest, InvalidFramedPacketReceived) { const ParsedQuicVersion version = GetParam(); - if (version.handshake_protocol == PROTOCOL_TLS1_3) { - // TODO(nharper, b/112643533): Figure out why this test fails when TLS is - // enabled and fix it. - return; - } QuicSocketAddress server_address(TestPeerIPAddress(), kTestPort); QuicSocketAddress client_address(TestPeerIPAddress(), kTestPort); if (version.KnowsWhichDecrypterToUse()) { @@ -584,8 +584,7 @@ TEST_P(QuicSpdyClientSessionTest, PushPromiseOnPromiseHeaders) { CompleteCryptoHandshake(); if (VersionHasIetfQuicFrames(connection_->transport_version())) { - session_->SetMaxPushId(GetNthServerInitiatedUnidirectionalStreamId( - connection_->transport_version(), 10)); + session_->SetMaxPushId(10); } MockQuicSpdyClientStream* stream = static_cast<MockQuicSpdyClientStream*>( @@ -605,25 +604,28 @@ TEST_P(QuicSpdyClientSessionTest, PushPromiseStreamIdTooHigh) { session_.get(), std::make_unique<QuicSpdyClientStream>( stream_id, session_.get(), BIDIRECTIONAL)); + QuicHeaderList headers; + headers.OnHeaderBlockStart(); + headers.OnHeader(":path", "/bar"); + headers.OnHeader(":authority", "www.google.com"); + headers.OnHeader(":method", "GET"); + headers.OnHeader(":scheme", "https"); + headers.OnHeaderBlockEnd(0, 0); + if (VersionHasIetfQuicFrames(connection_->transport_version())) { - session_->SetMaxPushId(GetNthServerInitiatedUnidirectionalStreamId( - connection_->transport_version(), 10)); + session_->SetMaxPushId(10); // TODO(b/136295430) Use PushId to represent Push IDs instead of // QuicStreamId. EXPECT_CALL( *connection_, CloseConnection(QUIC_INVALID_STREAM_ID, "Received push stream id higher than MAX_PUSH_ID.", _)); + const PushId promise_id = 11; + session_->OnPromiseHeaderList(stream_id, promise_id, 0, headers); + return; } - auto promise_id = GetNthServerInitiatedUnidirectionalStreamId( + const QuicStreamId promise_id = GetNthServerInitiatedUnidirectionalStreamId( connection_->transport_version(), 11); - auto headers = QuicHeaderList(); - headers.OnHeaderBlockStart(); - headers.OnHeader(":path", "/bar"); - headers.OnHeader(":authority", "www.google.com"); - headers.OnHeader(":method", "GET"); - headers.OnHeader(":scheme", "https"); - headers.OnHeaderBlockEnd(0, 0); session_->OnPromiseHeaderList(stream_id, promise_id, 0, headers); } @@ -647,8 +649,7 @@ TEST_P(QuicSpdyClientSessionTest, PushPromiseOutOfOrder) { CompleteCryptoHandshake(); if (VersionHasIetfQuicFrames(connection_->transport_version())) { - session_->SetMaxPushId(GetNthServerInitiatedUnidirectionalStreamId( - connection_->transport_version(), 10)); + session_->SetMaxPushId(10); } MockQuicSpdyClientStream* stream = static_cast<MockQuicSpdyClientStream*>( @@ -852,7 +853,12 @@ TEST_P(QuicSpdyClientSessionTest, ResetPromised) { EXPECT_CALL(*connection_, SendControlFrame(_)); EXPECT_CALL(*connection_, OnStreamReset(promised_stream_id_, QUIC_STREAM_PEER_GOING_AWAY)); - session_->SendRstStream(promised_stream_id_, QUIC_STREAM_PEER_GOING_AWAY, 0); + if (session_->break_close_loop()) { + session_->ResetStream(promised_stream_id_, QUIC_STREAM_PEER_GOING_AWAY, 0); + } else { + session_->SendRstStream(promised_stream_id_, QUIC_STREAM_PEER_GOING_AWAY, + 0); + } QuicClientPromisedInfo* promised = session_->GetPromisedById(promised_stream_id_); EXPECT_NE(promised, nullptr); @@ -939,6 +945,108 @@ TEST_P(QuicSpdyClientSessionTest, TooManyPushPromises) { } } +// Test that upon receiving HTTP/3 SETTINGS, the settings are serialized and +// stored into client session cache. +TEST_P(QuicSpdyClientSessionTest, OnSettingsFrame) { + // This feature is HTTP/3 only + if (!VersionUsesHttp3(session_->transport_version())) { + return; + } + CompleteCryptoHandshake(); + SettingsFrame settings; + settings.values[SETTINGS_QPACK_MAX_TABLE_CAPACITY] = 2; + settings.values[SETTINGS_MAX_HEADER_LIST_SIZE] = 5; + settings.values[256] = 4; // unknown setting + char application_state[] = {// type (SETTINGS) + 0x04, + // length + 0x07, + // identifier (SETTINGS_QPACK_MAX_TABLE_CAPACITY) + 0x01, + // content + 0x02, + // identifier (SETTINGS_MAX_HEADER_LIST_SIZE) + 0x06, + // content + 0x05, + // identifier (256 in variable length integer) + 0x40 + 0x01, 0x00, + // content + 0x04}; + ApplicationState expected(std::begin(application_state), + std::end(application_state)); + session_->OnSettingsFrame(settings); + EXPECT_EQ(expected, + *client_session_cache_ + ->Lookup(QuicServerId(kServerHostname, kPort, false), nullptr) + ->application_state); +} + +TEST_P(QuicSpdyClientSessionTest, IetfZeroRttSetup) { + // This feature is HTTP/3 only + if (!VersionUsesHttp3(session_->transport_version())) { + return; + } + CompleteCryptoHandshake(); + EXPECT_FALSE(session_->GetCryptoStream()->IsResumption()); + SettingsFrame settings; + settings.values[SETTINGS_QPACK_MAX_TABLE_CAPACITY] = 2; + settings.values[SETTINGS_MAX_HEADER_LIST_SIZE] = 5; + settings.values[256] = 4; // unknown setting + session_->OnSettingsFrame(settings); + + CreateConnection(); + // Session configs should be in initial state. + EXPECT_EQ(0u, session_->flow_controller()->send_window_offset()); + EXPECT_EQ(std::numeric_limits<size_t>::max(), + session_->max_outbound_header_list_size()); + session_->CryptoConnect(); + + // The client session should have a basic setup ready before the handshake + // succeeds. + EXPECT_EQ(kInitialSessionFlowControlWindowForTest, + session_->flow_controller()->send_window_offset()); + auto* id_manager = QuicSessionPeer::v99_streamid_manager(session_.get()); + EXPECT_EQ(kDefaultMaxStreamsPerConnection, + id_manager->max_outgoing_bidirectional_streams()); + EXPECT_EQ( + kDefaultMaxStreamsPerConnection + kHttp3StaticUnidirectionalStreamCount, + id_manager->max_outgoing_unidirectional_streams()); + auto* control_stream = + QuicSpdySessionPeer::GetSendControlStream(session_.get()); + EXPECT_EQ(kInitialStreamFlowControlWindowForTest, + control_stream->flow_controller()->send_window_offset()); + EXPECT_EQ(5u, session_->max_outbound_header_list_size()); + + // Complete the handshake with a different config. + QuicCryptoClientStream* stream = + static_cast<QuicCryptoClientStream*>(session_->GetMutableCryptoStream()); + QuicConfig config = DefaultQuicConfig(); + config.SetInitialMaxStreamDataBytesUnidirectionalToSend( + kInitialStreamFlowControlWindowForTest + 1); + config.SetInitialSessionFlowControlWindowToSend( + kInitialSessionFlowControlWindowForTest + 1); + config.SetMaxBidirectionalStreamsToSend(kDefaultMaxStreamsPerConnection + 1); + config.SetMaxUnidirectionalStreamsToSend(kDefaultMaxStreamsPerConnection + 1); + SetQuicReloadableFlag(quic_enable_tls_resumption, true); + std::unique_ptr<QuicCryptoServerConfig> crypto_config = + crypto_test_utils::CryptoServerConfigForTesting(); + crypto_test_utils::HandshakeWithFakeServer( + &config, crypto_config.get(), &helper_, &alarm_factory_, connection_, + stream, AlpnForVersion(connection_->version())); + + EXPECT_TRUE(session_->GetCryptoStream()->IsResumption()); + EXPECT_EQ(kInitialSessionFlowControlWindowForTest + 1, + session_->flow_controller()->send_window_offset()); + EXPECT_EQ(kDefaultMaxStreamsPerConnection + 1, + id_manager->max_outgoing_bidirectional_streams()); + EXPECT_EQ(kDefaultMaxStreamsPerConnection + + kHttp3StaticUnidirectionalStreamCount + 1, + id_manager->max_outgoing_unidirectional_streams()); + EXPECT_EQ(kInitialStreamFlowControlWindowForTest + 1, + control_stream->flow_controller()->send_window_offset()); +} + } // namespace } // namespace test } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_client_stream_test.cc b/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_client_stream_test.cc index 50224cbde29..fdc0e298371 100644 --- a/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_client_stream_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_client_stream_test.cc @@ -46,7 +46,7 @@ class MockQuicSpdyClientSession : public QuicSpdyClientSession { delete; ~MockQuicSpdyClientSession() override = default; - MOCK_METHOD1(CloseStream, void(QuicStreamId stream_id)); + MOCK_METHOD(void, CloseStream, (QuicStreamId stream_id), (override)); private: QuicCryptoClientConfig crypto_config_; diff --git a/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_server_stream_base_test.cc b/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_server_stream_base_test.cc index 1a8eef2935f..b3cc147b59f 100644 --- a/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_server_stream_base_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_server_stream_base_test.cc @@ -7,6 +7,7 @@ #include "net/third_party/quiche/src/quic/platform/api/quic_ptr_util.h" #include "net/third_party/quiche/src/quic/platform/api/quic_test.h" #include "net/third_party/quiche/src/quic/test_tools/quic_spdy_session_peer.h" +#include "net/third_party/quiche/src/quic/test_tools/quic_stream_peer.h" #include "net/third_party/quiche/src/quic/test_tools/quic_test_utils.h" using testing::_; @@ -50,7 +51,7 @@ TEST_F(QuicSpdyServerStreamBaseTest, SendQuicRstStreamNoErrorWithEarlyResponse) { stream_->StopReading(); EXPECT_CALL(session_, SendRstStream(_, QUIC_STREAM_NO_ERROR, _)).Times(1); - stream_->set_fin_sent(true); + QuicStreamPeer::SetFinSent(stream_); stream_->CloseWriteSide(); } diff --git a/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_session.cc b/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_session.cc index 11351438f3c..27643c87294 100644 --- a/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_session.cc +++ b/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_session.cc @@ -376,7 +376,9 @@ QuicSpdySession::QuicSpdySession( config, supported_versions, /*num_expected_unidirectional_static_streams = */ - VersionUsesHttp3(connection->transport_version()) ? 3 : 0), + VersionUsesHttp3(connection->transport_version()) + ? kHttp3StaticUnidirectionalStreamCount + : 0), send_control_stream_(nullptr), receive_control_stream_(nullptr), qpack_encoder_receive_stream_(nullptr), @@ -397,7 +399,8 @@ QuicSpdySession::QuicSpdySession( spdy_framer_(SpdyFramer::ENABLE_COMPRESSION), spdy_framer_visitor_(new SpdyFramerVisitor(this)), server_push_enabled_(true), - ietf_server_push_enabled_(false), + ietf_server_push_enabled_( + GetQuicFlag(FLAGS_quic_enable_http3_server_push)), destruction_indicator_(123456789), debug_visitor_(nullptr), http3_goaway_received_(false), @@ -447,8 +450,6 @@ void QuicSpdySession::Initialize() { headers_stream_ = headers_stream.get(); ActivateStream(std::move(headers_stream)); } else { - ConfigureMaxDynamicStreamsToSend( - config()->GetMaxUnidirectionalStreamsToSend()); qpack_encoder_ = std::make_unique<QpackEncoder>(this); qpack_decoder_ = std::make_unique<QpackDecoder>(qpack_maximum_dynamic_table_capacity_, @@ -739,8 +740,6 @@ void QuicSpdySession::SendInitialData() { SendMaxPushId(); http3_max_push_id_sent_ = true; } - qpack_decoder_send_stream_->MaybeSendStreamType(); - qpack_encoder_send_stream_->MaybeSendStreamType(); } QpackEncoder* QuicSpdySession::qpack_encoder() { @@ -785,24 +784,8 @@ void QuicSpdySession::OnNewEncryptionKeyAvailable( EncryptionLevel level, std::unique_ptr<QuicEncrypter> encrypter) { QuicSession::OnNewEncryptionKeyAvailable(level, std::move(encrypter)); - if (GetQuicRestartFlag(quic_send_settings_on_write_key_available) && - IsEncryptionEstablished()) { + if (IsEncryptionEstablished()) { // Send H3 SETTINGs once encryption is established. - QUIC_RESTART_FLAG_COUNT_N(quic_send_settings_on_write_key_available, 2, 2); - SendInitialData(); - } -} - -void QuicSpdySession::SetDefaultEncryptionLevel(quic::EncryptionLevel level) { - QuicSession::SetDefaultEncryptionLevel(level); - if (!GetQuicRestartFlag(quic_send_settings_on_write_key_available)) { - SendInitialData(); - } -} - -void QuicSpdySession::OnOneRttKeysAvailable() { - QuicSession::OnOneRttKeysAvailable(); - if (!GetQuicRestartFlag(quic_send_settings_on_write_key_available)) { SendInitialData(); } } @@ -873,6 +856,34 @@ void QuicSpdySession::OnPromiseHeaderList( ConnectionCloseBehavior::SILENT_CLOSE); } +bool QuicSpdySession::SetApplicationState(ApplicationState* cached_state) { + DCHECK_EQ(perspective(), Perspective::IS_CLIENT); + DCHECK(VersionUsesHttp3(transport_version())); + + SettingsFrame out; + if (!HttpDecoder::DecodeSettings( + reinterpret_cast<char*>(cached_state->data()), cached_state->size(), + &out)) { + return false; + } + + // TODO(b/153726130): Add OnSettingsFrameResumed() in debug visitor. + for (const auto& setting : out.values) { + OnSetting(setting.first, setting.second); + } + return true; +} + +void QuicSpdySession::OnSettingsFrame(const SettingsFrame& frame) { + DCHECK(VersionUsesHttp3(transport_version())); + if (debug_visitor_ != nullptr) { + debug_visitor_->OnSettingsFrameReceived(frame); + } + for (const auto& setting : frame.values) { + OnSetting(setting.first, setting.second); + } +} + void QuicSpdySession::OnSetting(uint64_t id, uint64_t value) { if (VersionUsesHttp3(transport_version())) { // SETTINGS frame received on the control stream. @@ -1153,10 +1164,9 @@ bool QuicSpdySession::ProcessPendingStream(PendingStream* pending) { return true; } default: - SendStopSending( - static_cast<QuicApplicationErrorCode>( - QuicHttp3ErrorCode::IETF_QUIC_HTTP3_STREAM_CREATION_ERROR), - pending->id()); + SendStopSending(static_cast<QuicApplicationErrorCode>( + QuicHttp3ErrorCode::STREAM_CREATION_ERROR), + pending->id()); pending->StopReading(); } return false; @@ -1211,7 +1221,7 @@ void QuicSpdySession::OnCanCreateNewOutgoingStream(bool unidirectional) { } } -void QuicSpdySession::SetMaxPushId(QuicStreamId max_push_id) { +void QuicSpdySession::SetMaxPushId(PushId max_push_id) { DCHECK(VersionUsesHttp3(transport_version())); DCHECK_EQ(Perspective::IS_CLIENT, perspective()); if (max_push_id_.has_value()) { @@ -1234,7 +1244,7 @@ void QuicSpdySession::SetMaxPushId(QuicStreamId max_push_id) { } } -bool QuicSpdySession::OnMaxPushIdFrame(QuicStreamId max_push_id) { +bool QuicSpdySession::OnMaxPushIdFrame(PushId max_push_id) { DCHECK(VersionUsesHttp3(transport_version())); DCHECK_EQ(Perspective::IS_SERVER, perspective()); @@ -1245,17 +1255,26 @@ bool QuicSpdySession::OnMaxPushIdFrame(QuicStreamId max_push_id) { QUIC_DVLOG(1) << "Setting max_push_id to: " << max_push_id << " from unset"; } - quiche::QuicheOptional<QuicStreamId> old_max_push_id = max_push_id_; + quiche::QuicheOptional<PushId> old_max_push_id = max_push_id_; max_push_id_ = max_push_id; - if (!old_max_push_id.has_value() || - max_push_id_.value() > old_max_push_id.value()) { + if (!old_max_push_id.has_value() || max_push_id > old_max_push_id.value()) { OnCanCreateNewOutgoingStream(true); return true; } // Equal value is not considered an error. - return max_push_id_.value() >= old_max_push_id.value(); + if (max_push_id < old_max_push_id.value()) { + CloseConnectionWithDetails( + QUIC_HTTP_INVALID_MAX_PUSH_ID, + quiche::QuicheStrCat( + "MAX_PUSH_ID received with value ", max_push_id, + " which is smaller that previously received value ", + old_max_push_id.value())); + return false; + } + + return true; } void QuicSpdySession::SendMaxPushId() { @@ -1274,7 +1293,7 @@ void QuicSpdySession::EnableServerPush() { ietf_server_push_enabled_ = true; } -bool QuicSpdySession::CanCreatePushStreamWithId(QuicStreamId push_id) { +bool QuicSpdySession::CanCreatePushStreamWithId(PushId push_id) { DCHECK(VersionUsesHttp3(transport_version())); return ietf_server_push_enabled_ && max_push_id_.has_value() && diff --git a/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_session.h b/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_session.h index 93fa09d9762..703dffaf41e 100644 --- a/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_session.h +++ b/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_session.h @@ -246,6 +246,9 @@ class QUIC_EXPORT_PRIVATE QuicSpdySession // client. bool server_push_enabled() const; + // Called when the control stream receives HTTP/3 SETTINGS. + virtual void OnSettingsFrame(const SettingsFrame& frame); + // Called when a setting is parsed from an incoming SETTINGS frame. void OnSetting(uint64_t id, uint64_t value); @@ -308,14 +311,14 @@ class QUIC_EXPORT_PRIVATE QuicSpdySession // This method must only be called if protocol is IETF QUIC and perspective is // client. |max_push_id| must be greater than or equal to current // |max_push_id_|. - void SetMaxPushId(QuicStreamId max_push_id); + void SetMaxPushId(PushId max_push_id); // Sets |max_push_id_|. // This method must only be called if protocol is IETF QUIC and perspective is // server. It must only be called if a MAX_PUSH_ID frame is received. // Returns whether |max_push_id| is greater than or equal to current // |max_push_id_|. - bool OnMaxPushIdFrame(QuicStreamId max_push_id); + bool OnMaxPushIdFrame(PushId max_push_id); // Enables server push. // Must only be called when using IETF QUIC, for which server push is disabled @@ -332,8 +335,7 @@ class QUIC_EXPORT_PRIVATE QuicSpdySession // For a client this means that SetMaxPushId() has been called with // |max_push_id| greater than or equal to |push_id|. // Must only be called when using IETF QUIC. - // TODO(b/136295430): Use sequential PUSH IDs instead of stream IDs. - bool CanCreatePushStreamWithId(QuicStreamId push_id); + bool CanCreatePushStreamWithId(PushId push_id); int32_t destruction_indicator() const { return destruction_indicator_; } @@ -375,6 +377,9 @@ class QUIC_EXPORT_PRIVATE QuicSpdySession void OnStreamCreated(QuicSpdyStream* stream); + // Decode SETTINGS from |cached_state| and apply it to the session. + bool SetApplicationState(ApplicationState* cached_state) override; + protected: // Override CreateIncomingStream(), CreateOutgoingBidirectionalStream() and // CreateOutgoingUnidirectionalStream() with QuicSpdyStream return type to @@ -418,9 +423,6 @@ class QUIC_EXPORT_PRIVATE QuicSpdySession EncryptionLevel level, std::unique_ptr<QuicEncrypter> encrypter) override; - void SetDefaultEncryptionLevel(quic::EncryptionLevel level) override; - void OnOneRttKeysAvailable() override; - // Optional, enables instrumentation related to go/quic-hpack. void SetHpackEncoderDebugVisitor( std::unique_ptr<QuicHpackDebugVisitor> visitor); @@ -444,9 +446,6 @@ class QUIC_EXPORT_PRIVATE QuicSpdySession // Initializes HTTP/3 unidirectional streams if not yet initialzed. virtual void MaybeInitializeHttp3UnidirectionalStreams(); - void set_max_uncompressed_header_bytes( - size_t set_max_uncompressed_header_bytes); - void SendMaxPushId(); private: @@ -540,7 +539,7 @@ class QUIC_EXPORT_PRIVATE QuicSpdySession // initial MAX_PUSH_ID frame. // For a client after 1-RTT keys are available, the push ID in the most // recently sent MAX_PUSH_ID frame. - quiche::QuicheOptional<QuicStreamId> max_push_id_; + quiche::QuicheOptional<PushId> max_push_id_; // An integer used for live check. The indicator is assigned a value in // constructor. As long as it is not the assigned value, that would indicate diff --git a/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_session_test.cc b/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_session_test.cc index 20078062e94..8b78d7f0883 100644 --- a/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_session_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_session_test.cc @@ -97,7 +97,8 @@ class TestCryptoStream : public QuicCryptoStream, public QuicCryptoHandshaker { EXPECT_TRUE( session()->config()->FillTransportParameters(&transport_parameters)); error = session()->config()->ProcessTransportParameters( - transport_parameters, CLIENT, &error_details); + transport_parameters, CLIENT, /* is_resumption = */ false, + &error_details); } else { CryptoHandshakeMessage msg; session()->config()->ToHandshakeMessage(&msg, transport_version()); @@ -137,13 +138,14 @@ class TestCryptoStream : public QuicCryptoStream, public QuicCryptoHandshaker { } void OnPacketDecrypted(EncryptionLevel /*level*/) override {} void OnOneRttPacketAcknowledged() override {} + void OnHandshakePacketSent() override {} void OnHandshakeDoneReceived() override {} - MOCK_METHOD0(OnCanWrite, void()); + MOCK_METHOD(void, OnCanWrite, (), (override)); bool HasPendingCryptoRetransmission() const override { return false; } - MOCK_CONST_METHOD0(HasPendingRetransmission, bool()); + MOCK_METHOD(bool, HasPendingRetransmission, (), (const, override)); private: using QuicCryptoStream::session; @@ -158,7 +160,7 @@ class TestHeadersStream : public QuicHeadersStream { explicit TestHeadersStream(QuicSpdySession* session) : QuicHeadersStream(session) {} - MOCK_METHOD0(OnCanWrite, void()); + MOCK_METHOD(void, OnCanWrite, (), (override)); }; class TestStream : public QuicSpdyStream { @@ -173,11 +175,13 @@ class TestStream : public QuicSpdyStream { void OnBodyAvailable() override {} - MOCK_METHOD0(OnCanWrite, void()); - MOCK_METHOD4(RetransmitStreamData, - bool(QuicStreamOffset, QuicByteCount, bool, TransmissionType)); + MOCK_METHOD(void, OnCanWrite, (), (override)); + MOCK_METHOD(bool, + RetransmitStreamData, + (QuicStreamOffset, QuicByteCount, bool, TransmissionType), + (override)); - MOCK_CONST_METHOD0(HasPendingRetransmission, bool()); + MOCK_METHOD(bool, HasPendingRetransmission, (), (const, override)); }; class TestSession : public QuicSpdySession { @@ -221,9 +225,9 @@ class TestSession : public QuicSpdySession { TestStream* CreateIncomingStream(QuicStreamId id) override { // Enforce the limit on the number of open streams. - if (GetNumOpenIncomingStreams() + 1 > - max_open_incoming_bidirectional_streams() && - !VersionHasIetfQuicFrames(connection()->transport_version())) { + if (!VersionHasIetfQuicFrames(connection()->transport_version()) && + GetNumOpenIncomingStreams() + 1 > + max_open_incoming_bidirectional_streams()) { connection()->CloseConnection( QUIC_TOO_MANY_OPEN_STREAMS, "Too many streams!", ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET); @@ -343,8 +347,7 @@ class QuicSpdySessionTestBase : public QuicTestWithParam<ParsedQuicVersion> { kInitialSessionFlowControlWindowForTest); if (VersionUsesHttp3(transport_version())) { QuicConfigPeer::SetReceivedMaxUnidirectionalStreams( - session_.config(), - session_.num_expected_unidirectional_static_streams()); + session_.config(), kHttp3StaticUnidirectionalStreamCount); } QuicConfigPeer::SetReceivedInitialSessionFlowControlWindow( session_.config(), kMinimumFlowControlSendWindow); @@ -424,6 +427,15 @@ class QuicSpdySessionTestBase : public QuicTestWithParam<ParsedQuicVersion> { return std::string(priority_buffer.get(), priority_frame_length); } + std::string SerializeMaxPushIdFrame(PushId push_id) { + MaxPushIdFrame max_push_id_frame; + max_push_id_frame.push_id = push_id; + std::unique_ptr<char[]> buffer; + QuicByteCount frame_length = + HttpEncoder::SerializeMaxPushIdFrame(max_push_id_frame, &buffer); + return std::string(buffer.get(), frame_length); + } + QuicStreamId StreamCountToId(QuicStreamCount stream_count, Perspective perspective, bool bidirectional) { @@ -1115,7 +1127,7 @@ TEST_P(QuicSpdySessionTestServer, RstStreamBeforeHeadersDecompressed) { QuicStreamFrame data1(GetNthClientInitiatedBidirectionalId(0), false, 0, quiche::QuicheStringPiece("HT")); session_.OnStreamFrame(data1); - EXPECT_EQ(1u, session_.GetNumOpenIncomingStreams()); + EXPECT_EQ(1u, QuicSessionPeer::GetNumOpenDynamicStreams(&session_)); if (!VersionHasIetfQuicFrames(transport_version())) { // For version99, OnStreamReset gets called because of the STOP_SENDING, @@ -1152,7 +1164,7 @@ TEST_P(QuicSpdySessionTestServer, RstStreamBeforeHeadersDecompressed) { session_.OnStopSendingFrame(stop_sending); } - EXPECT_EQ(0u, session_.GetNumOpenIncomingStreams()); + EXPECT_EQ(0u, QuicSessionPeer::GetNumOpenDynamicStreams(&session_)); // Connection should remain alive. EXPECT_TRUE(connection_->connected()); } @@ -1590,7 +1602,8 @@ TEST_P(QuicSpdySessionTestServer, TooLowUnidirectionalStreamLimitHttp3) { EXPECT_CALL( *connection_, - CloseConnection(_, "New unidirectional stream limit is too low.", _)); + CloseConnection( + _, "new unidirectional limit 2 decreases the current limit: 3", _)); session_.OnConfigNegotiated(); } @@ -1764,10 +1777,59 @@ TEST_P(QuicSpdySessionTestServer, DrainingStreamsDoNotCountAsOpened) { for (QuicStreamId i = kFirstStreamId; i < kFinalStreamId; i += IdDelta()) { QuicStreamFrame data1(i, true, 0, quiche::QuicheStringPiece("HT")); session_.OnStreamFrame(data1); - EXPECT_EQ(1u, session_.GetNumOpenIncomingStreams()); - session_.StreamDraining(i); - EXPECT_EQ(0u, session_.GetNumOpenIncomingStreams()); + EXPECT_EQ(1u, QuicSessionPeer::GetNumOpenDynamicStreams(&session_)); + session_.StreamDraining(i, /*unidirectional=*/false); + EXPECT_EQ(0u, QuicSessionPeer::GetNumOpenDynamicStreams(&session_)); + } +} + +TEST_P(QuicSpdySessionTestServer, ReduceMaxPushId) { + if (!VersionUsesHttp3(transport_version())) { + return; } + + StrictMock<MockHttp3DebugVisitor> debug_visitor; + session_.set_debug_visitor(&debug_visitor); + + // Use an arbitrary stream id for incoming control stream. + QuicStreamId stream_id = + GetNthClientInitiatedUnidirectionalStreamId(transport_version(), 3); + char type[] = {kControlStream}; + quiche::QuicheStringPiece stream_type(type, 1); + + QuicStreamOffset offset = 0; + QuicStreamFrame data1(stream_id, false, offset, stream_type); + offset += stream_type.length(); + EXPECT_CALL(debug_visitor, OnPeerControlStreamCreated(stream_id)); + session_.OnStreamFrame(data1); + EXPECT_EQ(stream_id, + QuicSpdySessionPeer::GetReceiveControlStream(&session_)->id()); + + SettingsFrame settings; + std::string settings_frame = EncodeSettings(settings); + QuicStreamFrame data2(stream_id, false, offset, settings_frame); + offset += settings_frame.length(); + + EXPECT_CALL(debug_visitor, OnSettingsFrameReceived(settings)); + session_.OnStreamFrame(data2); + + std::string max_push_id_frame1 = SerializeMaxPushIdFrame(/* push_id = */ 3); + QuicStreamFrame data3(stream_id, false, offset, max_push_id_frame1); + offset += max_push_id_frame1.length(); + + EXPECT_CALL(debug_visitor, OnMaxPushIdFrameReceived(_)); + session_.OnStreamFrame(data3); + + std::string max_push_id_frame2 = SerializeMaxPushIdFrame(/* push_id = */ 1); + QuicStreamFrame data4(stream_id, false, offset, max_push_id_frame2); + + EXPECT_CALL(debug_visitor, OnMaxPushIdFrameReceived(_)); + EXPECT_CALL(*connection_, + CloseConnection(QUIC_HTTP_INVALID_MAX_PUSH_ID, + "MAX_PUSH_ID received with value 1 which is " + "smaller that previously received value 3", + _)); + session_.OnStreamFrame(data4); } class QuicSpdySessionTestClient : public QuicSpdySessionTestBase { @@ -1794,7 +1856,7 @@ TEST_P(QuicSpdySessionTestClient, BadStreamFramePendingStream) { return; } - EXPECT_EQ(0u, session_.GetNumOpenIncomingStreams()); + EXPECT_EQ(0u, QuicSessionPeer::GetNumOpenDynamicStreams(&session_)); QuicStreamId stream_id1 = GetNthServerInitiatedUnidirectionalStreamId(transport_version(), 0); // A bad stream frame with no data and no fin. @@ -1941,7 +2003,7 @@ TEST_P(QuicSpdySessionTestClient, Http3ServerPush) { return; } - EXPECT_EQ(0u, session_.GetNumOpenIncomingStreams()); + EXPECT_EQ(0u, QuicSessionPeer::GetNumOpenDynamicStreams(&session_)); // Push unidirectional stream is type 0x01. std::string frame_type1 = quiche::QuicheTextUtils::HexDecode("01"); @@ -1950,7 +2012,7 @@ TEST_P(QuicSpdySessionTestClient, Http3ServerPush) { session_.OnStreamFrame(QuicStreamFrame(stream_id1, /* fin = */ false, /* offset = */ 0, frame_type1)); - EXPECT_EQ(1u, session_.GetNumOpenIncomingStreams()); + EXPECT_EQ(1u, QuicSessionPeer::GetNumOpenDynamicStreams(&session_)); QuicStream* stream = session_.GetOrCreateStream(stream_id1); EXPECT_EQ(1u, stream->flow_controller()->bytes_consumed()); EXPECT_EQ(1u, session_.flow_controller()->bytes_consumed()); @@ -1962,7 +2024,7 @@ TEST_P(QuicSpdySessionTestClient, Http3ServerPush) { session_.OnStreamFrame(QuicStreamFrame(stream_id2, /* fin = */ false, /* offset = */ 0, frame_type2)); - EXPECT_EQ(2u, session_.GetNumOpenIncomingStreams()); + EXPECT_EQ(2u, QuicSessionPeer::GetNumOpenDynamicStreams(&session_)); stream = session_.GetOrCreateStream(stream_id2); EXPECT_EQ(4u, stream->flow_controller()->bytes_consumed()); EXPECT_EQ(5u, session_.flow_controller()->bytes_consumed()); @@ -1973,7 +2035,7 @@ TEST_P(QuicSpdySessionTestClient, Http3ServerPushOutofOrderFrame) { return; } - EXPECT_EQ(0u, session_.GetNumOpenIncomingStreams()); + EXPECT_EQ(0u, QuicSessionPeer::GetNumOpenDynamicStreams(&session_)); // Push unidirectional stream is type 0x01. std::string frame_type = quiche::QuicheTextUtils::HexDecode("01"); @@ -1991,10 +2053,10 @@ TEST_P(QuicSpdySessionTestClient, Http3ServerPushOutofOrderFrame) { // Receiving some stream data without stream type does not open the stream. session_.OnStreamFrame(data2); - EXPECT_EQ(0u, session_.GetNumOpenIncomingStreams()); + EXPECT_EQ(0u, QuicSessionPeer::GetNumOpenDynamicStreams(&session_)); session_.OnStreamFrame(data1); - EXPECT_EQ(1u, session_.GetNumOpenIncomingStreams()); + EXPECT_EQ(1u, QuicSessionPeer::GetNumOpenDynamicStreams(&session_)); QuicStream* stream = session_.GetOrCreateStream(stream_id); EXPECT_EQ(3u, stream->flow_controller()->highest_received_byte_offset()); } @@ -2273,7 +2335,7 @@ TEST_P(QuicSpdySessionTestServer, SimplePendingStreamType) { QuicStopSendingFrame* stop_sending = frame.stop_sending_frame; EXPECT_EQ(stream_id, stop_sending->stream_id); - EXPECT_EQ(QuicHttp3ErrorCode::IETF_QUIC_HTTP3_STREAM_CREATION_ERROR, + EXPECT_EQ(QuicHttp3ErrorCode::STREAM_CREATION_ERROR, static_cast<QuicHttp3ErrorCode>( stop_sending->application_error_code)); @@ -2418,8 +2480,6 @@ TEST_P(QuicSpdySessionTestServer, ReceiveControlStream) { EXPECT_NE(5u, session_.max_outbound_header_list_size()); EXPECT_NE(42u, QpackEncoderPeer::maximum_blocked_streams(qpack_encoder)); - EXPECT_CALL(*writer_, WritePacket(_, _, _, _, _)) - .WillOnce(Return(WriteResult(WRITE_STATUS_OK, 0))); EXPECT_CALL(debug_visitor, OnSettingsFrameReceived(settings)); session_.OnStreamFrame(frame); @@ -2542,7 +2602,7 @@ TEST_P(QuicSpdySessionTestClient, ResetAfterInvalidIncomingStreamType) { session_.OnStreamFrame(frame); // There are no active streams. - EXPECT_EQ(0u, session_.GetNumOpenIncomingStreams()); + EXPECT_EQ(0u, QuicSessionPeer::GetNumOpenDynamicStreams(&session_)); // The pending stream is still around, because it did not receive a FIN. PendingStream* pending = @@ -2869,9 +2929,6 @@ TEST_P(QuicSpdySessionTestServer, FineGrainedHpackErrorCodes) { return; } - QuicFlagSaver flag_saver; - SetQuicReloadableFlag(spdy_enable_granular_decompress_errors, true); - QuicStreamId request_stream_id = 5; session_.CreateIncomingStream(request_stream_id); @@ -3025,7 +3082,7 @@ TEST_P(QuicSpdySessionTestClient, SendInitialMaxPushIdIfSet) { StrictMock<MockHttp3DebugVisitor> debug_visitor; session_.set_debug_visitor(&debug_visitor); - const QuicStreamId max_push_id = 5; + const PushId max_push_id = 5; session_.SetMaxPushId(max_push_id); InSequence s; diff --git a/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_stream.cc b/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_stream.cc index c376d010c8f..51f7c5c9525 100644 --- a/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_stream.cc +++ b/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_stream.cc @@ -192,7 +192,6 @@ QuicSpdyStream::QuicSpdyStream(QuicStreamId id, headers_decompressed_(false), header_list_size_limit_exceeded_(false), headers_payload_length_(0), - trailers_payload_length_(0), trailers_decompressed_(false), trailers_consumed_(false), http_decoder_visitor_(std::make_unique<HttpDecoderVisitor>(this)), @@ -229,7 +228,6 @@ QuicSpdyStream::QuicSpdyStream(PendingStream* pending, headers_decompressed_(false), header_list_size_limit_exceeded_(false), headers_payload_length_(0), - trailers_payload_length_(0), trailers_decompressed_(false), trailers_consumed_(false), http_decoder_visitor_(std::make_unique<HttpDecoderVisitor>(this)), @@ -285,7 +283,7 @@ size_t QuicSpdyStream::WriteHeaders( // set and write side needs to be closed without actually sending a FIN on // this stream. // TODO(rch): Add test to ensure fin_sent_ is set whenever a fin is sent. - set_fin_sent(true); + SetFinSent(); CloseWriteSide(); } return bytes_written; @@ -352,7 +350,7 @@ size_t QuicSpdyStream::WriteTrailers( // If trailers are sent on the headers stream, then |fin_sent_| needs to be // set without actually sending a FIN on this stream. if (!VersionUsesHttp3(transport_version())) { - set_fin_sent(kFin); + SetFinSent(); // Also, write side of this stream needs to be closed. However, only do // this if there is no more buffered data, otherwise it will never be sent. @@ -569,10 +567,7 @@ void QuicSpdyStream::OnHeadersDecoded(QuicHeaderList headers, debug_visitor->OnHeadersDecoded(id(), headers); } - const QuicByteCount frame_length = headers_decompressed_ - ? trailers_payload_length_ - : headers_payload_length_; - OnStreamHeaderList(/* fin = */ false, frame_length, headers); + OnStreamHeaderList(/* fin = */ false, headers_payload_length_, headers); } else { if (debug_visitor) { debug_visitor->OnPushPromiseDecoded(id(), promised_stream_id, headers); @@ -620,16 +615,7 @@ void QuicSpdyStream::MaybeSendPriorityUpdateFrame() { } void QuicSpdyStream::OnHeadersTooLarge() { - if (VersionUsesHttp3(transport_version())) { - // TODO(b/124216424): Reset stream with H3_REQUEST_CANCELLED (if client) - // or with H3_REQUEST_REJECTED (if server). - std::string error_message = - quiche::QuicheStrCat("Too large headers received on stream ", id()); - OnUnrecoverableError(QUIC_HEADERS_STREAM_DATA_DECOMPRESS_FAILURE, - error_message); - } else { - Reset(QUIC_HEADERS_TOO_LARGE); - } + Reset(QUIC_HEADERS_TOO_LARGE); } void QuicSpdyStream::OnInitialHeadersComplete( @@ -962,6 +948,8 @@ bool QuicSpdyStream::OnHeadersFrameStart(QuicByteCount header_length, payload_length); } + headers_payload_length_ = payload_length; + if (trailers_decompressed_) { stream_delegate()->OnStreamError( QUIC_HTTP_INVALID_FRAME_SEQUENCE_ON_SPDY_STREAM, @@ -983,15 +971,6 @@ bool QuicSpdyStream::OnHeadersFramePayload(quiche::QuicheStringPiece payload) { DCHECK(VersionUsesHttp3(transport_version())); DCHECK(qpack_decoded_headers_accumulator_); - // TODO(b/152518220): Save |payload_length| argument of OnHeadersFrameStart() - // instead of accumulating payload length in |headers_payload_length_| or - // |trailers_payload_length_|. - if (headers_decompressed_) { - trailers_payload_length_ += payload.length(); - } else { - headers_payload_length_ += payload.length(); - } - qpack_decoded_headers_accumulator_->Decode(payload); // |qpack_decoded_headers_accumulator_| is reset if an error is detected. @@ -1040,7 +1019,7 @@ bool QuicSpdyStream::OnPushPromiseFramePushId( id(), push_id, header_block_length); } - // TODO(renjietang): Check max push id and handle errors. + // TODO(b/151749109): Check max push id and handle errors. spdy_session_->OnPushPromise(id(), push_id); sequencer()->MarkConsumed(body_manager_.OnNonBody(push_id_length)); @@ -1139,7 +1118,7 @@ size_t QuicSpdyStream::WriteHeadersImpl( encoded_headers.size() + encoder_stream_sent_byte_count, header_block.TotalBytesUsed()); - return encoded_headers.size() + encoder_stream_sent_byte_count; + return encoded_headers.size(); } #undef ENDPOINT // undef for jumbo builds diff --git a/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_stream.h b/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_stream.h index abf3ef4b78e..61bc1fb35c9 100644 --- a/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_stream.h +++ b/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_stream.h @@ -300,10 +300,8 @@ class QUIC_EXPORT_PRIVATE QuicSpdyStream // Contains a copy of the decompressed header (name, value) pairs until they // are consumed via Readv. QuicHeaderList header_list_; - // Length of HEADERS frame payload. + // Length of most recently received HEADERS frame payload. QuicByteCount headers_payload_length_; - // Length of TRAILERS frame payload. - QuicByteCount trailers_payload_length_; // True if the trailers have been completely decompressed. bool trailers_decompressed_; diff --git a/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_stream_test.cc b/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_stream_test.cc index fab6d86a415..bafb0f282f0 100644 --- a/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_stream_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/http/quic_spdy_stream_test.cc @@ -39,6 +39,7 @@ using spdy::kV3LowestPriority; using spdy::SpdyHeaderBlock; using spdy::SpdyPriority; using testing::_; +using testing::AnyNumber; using testing::AtLeast; using testing::ElementsAre; using testing::Invoke; @@ -46,6 +47,7 @@ using testing::InvokeWithoutArgs; using testing::MatchesRegex; using testing::Pair; using testing::Return; +using testing::SaveArg; using testing::StrictMock; namespace quic { @@ -82,7 +84,8 @@ class TestCryptoStream : public QuicCryptoStream, public QuicCryptoHandshaker { EXPECT_TRUE( session()->config()->FillTransportParameters(&transport_parameters)); error = session()->config()->ProcessTransportParameters( - transport_parameters, CLIENT, &error_details); + transport_parameters, CLIENT, /* is_resumption = */ false, + &error_details); } else { CryptoHandshakeMessage msg; session()->config()->ToHandshakeMessage(&msg, transport_version()); @@ -122,13 +125,16 @@ class TestCryptoStream : public QuicCryptoStream, public QuicCryptoHandshaker { } void OnPacketDecrypted(EncryptionLevel /*level*/) override {} void OnOneRttPacketAcknowledged() override {} + void OnHandshakePacketSent() override {} + void OnConnectionClosed(QuicErrorCode /*error*/, + ConnectionCloseSource /*source*/) override {} void OnHandshakeDoneReceived() override {} - MOCK_METHOD0(OnCanWrite, void()); + MOCK_METHOD(void, OnCanWrite, (), (override)); bool HasPendingCryptoRetransmission() const override { return false; } - MOCK_CONST_METHOD0(HasPendingRetransmission, bool()); + MOCK_METHOD(bool, HasPendingRetransmission, (), (const, override)); private: using QuicCryptoStream::session; @@ -144,7 +150,8 @@ class TestStream : public QuicSpdyStream { QuicSpdySession* session, bool should_process_data) : QuicSpdyStream(id, session, BIDIRECTIONAL), - should_process_data_(should_process_data) {} + should_process_data_(should_process_data), + headers_payload_length_(0) {} ~TestStream() override = default; using QuicSpdyStream::set_ack_listener; @@ -163,7 +170,7 @@ class TestStream : public QuicSpdyStream { data_ += std::string(buffer, bytes_read); } - MOCK_METHOD1(WriteHeadersMock, void(bool fin)); + MOCK_METHOD(void, WriteHeadersMock, (bool fin), ()); size_t WriteHeadersImpl(spdy::SpdyHeaderBlock header_block, bool fin, @@ -174,7 +181,8 @@ class TestStream : public QuicSpdyStream { if (VersionUsesHttp3(transport_version())) { // In this case, call QuicSpdyStream::WriteHeadersImpl() that does the // actual work of closing the stream. - QuicSpdyStream::WriteHeadersImpl(saved_headers_.Clone(), fin, nullptr); + return QuicSpdyStream::WriteHeadersImpl(saved_headers_.Clone(), fin, + nullptr); } return 0; } @@ -187,10 +195,20 @@ class TestStream : public QuicSpdyStream { return QuicStream::sequencer(); } + void OnStreamHeaderList(bool fin, + size_t frame_len, + const QuicHeaderList& header_list) override { + headers_payload_length_ = frame_len; + QuicSpdyStream::OnStreamHeaderList(fin, frame_len, header_list); + } + + size_t headers_payload_length() const { return headers_payload_length_; } + private: bool should_process_data_; spdy::SpdyHeaderBlock saved_headers_; std::string data_; + size_t headers_payload_length_; }; class TestSession : public MockQuicSpdySession { @@ -306,6 +324,7 @@ class QuicSpdyStreamTest : public QuicTestWithParam<ParsedQuicVersion> { &helper_, &alarm_factory_, perspective, SupportedVersions(GetParam())); session_ = std::make_unique<StrictMock<TestSession>>(connection_); session_->Initialize(); + connection_->AdvanceTime(QuicTime::Delta::FromSeconds(1)); ON_CALL(*session_, WritevData(_, _, _, _, _, _)) .WillByDefault( Invoke(session_.get(), &MockQuicSpdySession::ConsumeData)); @@ -337,18 +356,9 @@ class QuicSpdyStreamTest : public QuicTestWithParam<ParsedQuicVersion> { EXPECT_CALL(*session_, WritevData(send_control_stream->id(), _, _, _, _, _)) .Times(num_control_stream_writes); - auto qpack_decoder_stream = - QuicSpdySessionPeer::GetQpackDecoderSendStream(session_.get()); - EXPECT_CALL(*session_, - WritevData(qpack_decoder_stream->id(), 1, 0, _, _, _)); - auto qpack_encoder_stream = - QuicSpdySessionPeer::GetQpackEncoderSendStream(session_.get()); - EXPECT_CALL(*session_, - WritevData(qpack_encoder_stream->id(), 1, 0, _, _, _)); } TestCryptoStream* crypto_stream = session_->GetMutableCryptoStream(); - EXPECT_CALL(*crypto_stream, HasPendingRetransmission()) - .Times(testing::AnyNumber()); + EXPECT_CALL(*crypto_stream, HasPendingRetransmission()).Times(AnyNumber()); if (connection_->version().HasHandshakeDone() && session_->perspective() == Perspective::IS_SERVER) { @@ -399,6 +409,21 @@ class QuicSpdyStreamTest : public QuicTestWithParam<ParsedQuicVersion> { return quiche::QuicheStrCat(headers_frame_header, payload); } + // Construct PUSH_PROMISE frame with given payload. + std::string SerializePushPromiseFrame(PushId push_id, + quiche::QuicheStringPiece payload) { + PushPromiseFrame frame; + frame.push_id = push_id; + frame.headers = payload; + std::unique_ptr<char[]> push_promise_buffer; + QuicByteCount push_promise_frame_header_length = + HttpEncoder::SerializePushPromiseFrameWithOnlyPushId( + frame, &push_promise_buffer); + quiche::QuicheStringPiece push_promise_frame_header( + push_promise_buffer.get(), push_promise_frame_header_length); + return quiche::QuicheStrCat(push_promise_frame_header, payload); + } + std::string DataFrame(quiche::QuicheStringPiece payload) { std::unique_ptr<char[]> data_buffer; QuicByteCount data_frame_header_length = @@ -479,15 +504,18 @@ TEST_P(QuicSpdyStreamTest, ProcessTooLargeHeaderList) { QuicStreamFrame frame(stream_->id(), false, 0, headers); - EXPECT_CALL( - *connection_, - CloseConnection(QUIC_HEADERS_STREAM_DATA_DECOMPRESS_FAILURE, - MatchesRegex("Too large headers received on stream \\d+"), - _)); + EXPECT_CALL(*session_, + SendRstStream(stream_->id(), QUIC_HEADERS_TOO_LARGE, 0)); - stream_->OnStreamFrame(frame); + auto qpack_decoder_stream = + QuicSpdySessionPeer::GetQpackDecoderSendStream(session_.get()); + // Stream type and stream cancellation. + EXPECT_CALL(*session_, + WritevData(qpack_decoder_stream->id(), _, _, NO_FIN, _, _)) + .Times(2); - EXPECT_TRUE(stream_->header_list().empty()); + stream_->OnStreamFrame(frame); + EXPECT_THAT(stream_->stream_error(), IsStreamError(QUIC_HEADERS_TOO_LARGE)); } TEST_P(QuicSpdyStreamTest, ProcessHeaderListWithFin) { @@ -880,6 +908,7 @@ TEST_P(QuicSpdyStreamTest, StreamFlowControlBlocked) { } EXPECT_CALL(*session_, WritevData(_, _, _, _, _, _)) .WillOnce(Return(QuicConsumedData(kWindow - kHeaderLength, true))); + EXPECT_CALL(*session_, SendBlocked(_)); EXPECT_CALL(*connection_, SendControlFrame(_)); stream_->WriteOrBufferBody(body, false); @@ -899,7 +928,7 @@ TEST_P(QuicSpdyStreamTest, StreamFlowControlNoWindowUpdateIfNotConsumed) { Initialize(!kShouldProcessData); // Expect no WINDOW_UPDATE frames to be sent. - EXPECT_CALL(*connection_, SendWindowUpdate(_, _)).Times(0); + EXPECT_CALL(*session_, SendWindowUpdate(_, _)).Times(0); // Set a small flow control receive window. const uint64_t kWindow = 36; @@ -993,6 +1022,7 @@ TEST_P(QuicSpdyStreamTest, StreamFlowControlWindowUpdate) { QuicStreamFrame frame2(GetNthClientInitiatedBidirectionalId(0), false, kWindow / 3 + header_length, quiche::QuicheStringPiece(data)); + EXPECT_CALL(*session_, SendWindowUpdate(_, _)); EXPECT_CALL(*connection_, SendControlFrame(_)); stream_->OnStreamFrame(frame2); EXPECT_EQ(kWindow, QuicFlowControllerPeer::ReceiveWindowSize( @@ -1065,6 +1095,7 @@ TEST_P(QuicSpdyStreamTest, ConnectionFlowControlWindowUpdate) { // Now receive a further single byte on one stream - again this does not // trigger a stream WINDOW_UPDATE, but now the connection flow control window // is over half full and thus a connection WINDOW_UPDATE is sent. + EXPECT_CALL(*session_, SendWindowUpdate(_, _)); EXPECT_CALL(*connection_, SendControlFrame(_)); QuicStreamFrame frame3(GetNthClientInitiatedBidirectionalId(0), false, body.length() + header_length, @@ -1151,8 +1182,7 @@ TEST_P(QuicSpdyStreamTest, StreamFlowControlFinNotBlocked) { std::string body = ""; bool fin = true; - EXPECT_CALL(*connection_, - SendBlocked(GetNthClientInitiatedBidirectionalId(0))) + EXPECT_CALL(*session_, SendBlocked(GetNthClientInitiatedBidirectionalId(0))) .Times(0); EXPECT_CALL(*session_, WritevData(_, 0, _, FIN, _, _)); @@ -2148,8 +2178,14 @@ TEST_P(QuicSpdyStreamTest, ImmediateHeaderDecodingWithDynamicTableEntries) { std::string headers = HeadersFrame(encoded_headers); EXPECT_CALL(debug_visitor, OnHeadersFrameReceived(stream_->id(), encoded_headers.length())); - // Decoder stream type and header acknowledgement. - EXPECT_CALL(*session_, WritevData(decoder_send_stream->id(), _, _, _, _, _)); + // Decoder stream type. + EXPECT_CALL(*session_, + WritevData(decoder_send_stream->id(), /* write_length = */ 1, + /* offset = */ 0, _, _, _)); + // Header acknowledgement. + EXPECT_CALL(*session_, + WritevData(decoder_send_stream->id(), /* write_length = */ 1, + /* offset = */ 1, _, _, _)); EXPECT_CALL(debug_visitor, OnHeadersDecoded(stream_->id(), _)); stream_->OnStreamFrame(QuicStreamFrame(stream_->id(), false, 0, headers)); @@ -2216,8 +2252,14 @@ TEST_P(QuicSpdyStreamTest, BlockedHeaderDecoding) { auto decoder_send_stream = QuicSpdySessionPeer::GetQpackDecoderSendStream(session_.get()); - // Decoder stream type and header acknowledgement. - EXPECT_CALL(*session_, WritevData(decoder_send_stream->id(), _, _, _, _, _)); + // Decoder stream type. + EXPECT_CALL(*session_, + WritevData(decoder_send_stream->id(), /* write_length = */ 1, + /* offset = */ 0, _, _, _)); + // Header acknowledgement. + EXPECT_CALL(*session_, + WritevData(decoder_send_stream->id(), /* write_length = */ 1, + /* offset = */ 1, _, _, _)); EXPECT_CALL(debug_visitor, OnHeadersDecoded(stream_->id(), _)); // Deliver dynamic table entry to decoder. session_->qpack_decoder()->OnInsertWithoutNameReference("foo", "bar"); @@ -2247,6 +2289,7 @@ TEST_P(QuicSpdyStreamTest, BlockedHeaderDecoding) { // Decoding is blocked because dynamic table entry has not been received yet. EXPECT_FALSE(stream_->trailers_decompressed()); + // Header acknowledgement. EXPECT_CALL(*session_, WritevData(decoder_send_stream->id(), _, _, _, _, _)); EXPECT_CALL(debug_visitor, OnHeadersDecoded(stream_->id(), _)); // Deliver second dynamic table entry to decoder. @@ -2341,8 +2384,14 @@ TEST_P(QuicSpdyStreamTest, AsyncErrorDecodingTrailers) { auto decoder_send_stream = QuicSpdySessionPeer::GetQpackDecoderSendStream(session_.get()); - // The stream byte will be written in the first byte. - EXPECT_CALL(*session_, WritevData(decoder_send_stream->id(), _, _, _, _, _)); + // Decoder stream type. + EXPECT_CALL(*session_, + WritevData(decoder_send_stream->id(), /* write_length = */ 1, + /* offset = */ 0, _, _, _)); + // Header acknowledgement. + EXPECT_CALL(*session_, + WritevData(decoder_send_stream->id(), /* write_length = */ 1, + /* offset = */ 1, _, _, _)); // Deliver dynamic table entry to decoder. session_->qpack_decoder()->OnInsertWithoutNameReference("foo", "bar"); EXPECT_TRUE(stream_->headers_decompressed()); @@ -2607,13 +2656,7 @@ TEST_P(QuicSpdyStreamTest, PushPromiseOnDataStream) { std::string headers = EncodeQpackHeaders(pushed_headers); const QuicStreamId push_id = 1; - PushPromiseFrame push_promise; - push_promise.push_id = push_id; - push_promise.headers = headers; - std::unique_ptr<char[]> buffer; - uint64_t length = HttpEncoder::SerializePushPromiseFrameWithOnlyPushId( - push_promise, &buffer); - std::string data = std::string(buffer.get(), length) + headers; + std::string data = SerializePushPromiseFrame(push_id, headers); QuicStreamFrame frame(stream_->id(), false, 0, data); EXPECT_CALL(debug_visitor, OnPushPromiseFrameReceived(stream_->id(), push_id, @@ -2622,11 +2665,40 @@ TEST_P(QuicSpdyStreamTest, PushPromiseOnDataStream) { OnPushPromiseDecoded(stream_->id(), push_id, AsHeaderList(pushed_headers))); EXPECT_CALL(*session_, - OnPromiseHeaderList(stream_->id(), push_promise.push_id, - headers.length(), _)); + OnPromiseHeaderList(stream_->id(), push_id, headers.length(), _)); stream_->OnStreamFrame(frame); } +// Regression test for b/152518220. +TEST_P(QuicSpdyStreamTest, + OnStreamHeaderBlockArgumentDoesNotIncludePushedHeaderBlock) { + Initialize(kShouldProcessData); + if (!UsesHttp3()) { + return; + } + + std::string pushed_headers = EncodeQpackHeaders({{"foo", "bar"}}); + const QuicStreamId push_id = 1; + std::string push_promise_frame = + SerializePushPromiseFrame(push_id, pushed_headers); + QuicStreamOffset offset = 0; + QuicStreamFrame frame1(stream_->id(), /* fin = */ false, offset, + push_promise_frame); + offset += push_promise_frame.length(); + + EXPECT_CALL(*session_, OnPromiseHeaderList(stream_->id(), push_id, + pushed_headers.length(), _)); + stream_->OnStreamFrame(frame1); + + std::string headers = + EncodeQpackHeaders({{":method", "GET"}, {":path", "/"}}); + std::string headers_frame = HeadersFrame(headers); + QuicStreamFrame frame2(stream_->id(), /* fin = */ false, offset, + headers_frame); + stream_->OnStreamFrame(frame2); + EXPECT_EQ(headers.length(), stream_->headers_payload_length()); +} + // Close connection if a DATA frame is received before a HEADERS frame. TEST_P(QuicSpdyStreamTest, DataBeforeHeaders) { if (!UsesHttp3()) { @@ -2794,7 +2866,14 @@ TEST_P(QuicSpdyStreamTest, StreamCancellationWhenStreamReset) { auto qpack_decoder_stream = QuicSpdySessionPeer::GetQpackDecoderSendStream(session_.get()); - EXPECT_CALL(*session_, WritevData(qpack_decoder_stream->id(), 1, 1, _, _, _)); + // Stream type. + EXPECT_CALL(*session_, + WritevData(qpack_decoder_stream->id(), /* write_length = */ 1, + /* offset = */ 0, _, _, _)); + // Stream cancellation. + EXPECT_CALL(*session_, + WritevData(qpack_decoder_stream->id(), /* write_length = */ 1, + /* offset = */ 1, _, _, _)); EXPECT_CALL(*session_, SendRstStream(stream_->id(), QUIC_STREAM_CANCELLED, 0)); @@ -2812,12 +2891,57 @@ TEST_P(QuicSpdyStreamTest, StreamCancellationOnResetReceived) { auto qpack_decoder_stream = QuicSpdySessionPeer::GetQpackDecoderSendStream(session_.get()); - EXPECT_CALL(*session_, WritevData(qpack_decoder_stream->id(), 1, 1, _, _, _)); + // Stream type. + EXPECT_CALL(*session_, + WritevData(qpack_decoder_stream->id(), /* write_length = */ 1, + /* offset = */ 0, _, _, _)); + // Stream cancellation. + EXPECT_CALL(*session_, + WritevData(qpack_decoder_stream->id(), /* write_length = */ 1, + /* offset = */ 1, _, _, _)); stream_->OnStreamReset(QuicRstStreamFrame( kInvalidControlFrameId, stream_->id(), QUIC_STREAM_CANCELLED, 0)); } +TEST_P(QuicSpdyStreamTest, WriteHeadersReturnValue) { + if (!UsesHttp3()) { + return; + } + + Initialize(kShouldProcessData); + testing::InSequence s; + + // Enable QPACK dynamic table. + session_->OnSetting(SETTINGS_QPACK_MAX_TABLE_CAPACITY, 1024); + session_->OnSetting(SETTINGS_QPACK_BLOCKED_STREAMS, 1); + + EXPECT_CALL(*stream_, WriteHeadersMock(true)); + + QpackSendStream* encoder_stream = + QuicSpdySessionPeer::GetQpackEncoderSendStream(session_.get()); + EXPECT_CALL(*session_, WritevData(encoder_stream->id(), _, _, _, _, _)) + .Times(AnyNumber()); + + // HEADERS frame header. + EXPECT_CALL(*session_, + WritevData(stream_->id(), _, /* offset = */ 0, _, _, _)); + // HEADERS frame payload. + size_t headers_frame_payload_length = 0; + EXPECT_CALL(*session_, WritevData(stream_->id(), _, _, _, _, _)) + .WillOnce( + DoAll(SaveArg<1>(&headers_frame_payload_length), + Invoke(session_.get(), &MockQuicSpdySession::ConsumeData))); + + SpdyHeaderBlock request_headers; + request_headers["foo"] = "bar"; + size_t write_headers_return_value = + stream_->WriteHeaders(std::move(request_headers), /*fin=*/true, nullptr); + EXPECT_TRUE(stream_->fin_sent()); + + EXPECT_EQ(headers_frame_payload_length, write_headers_return_value); +} + } // namespace } // namespace test } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/legacy_quic_stream_id_manager.cc b/chromium/net/third_party/quiche/src/quic/core/legacy_quic_stream_id_manager.cc index 6e8f13a10d6..6120f850bbc 100644 --- a/chromium/net/third_party/quiche/src/quic/core/legacy_quic_stream_id_manager.cc +++ b/chromium/net/third_party/quiche/src/quic/core/legacy_quic_stream_id_manager.cc @@ -29,12 +29,27 @@ LegacyQuicStreamIdManager::LegacyQuicStreamIdManager( ? (QuicVersionUsesCryptoFrames(transport_version_) ? QuicUtils::GetInvalidStreamId(transport_version_) : QuicUtils::GetCryptoStreamId(transport_version_)) - : QuicUtils::GetInvalidStreamId(transport_version_)) {} + : QuicUtils::GetInvalidStreamId(transport_version_)), + num_open_incoming_streams_(0), + num_open_outgoing_streams_(0), + handles_accounting_( + GetQuicReloadableFlag(quic_stream_id_manager_handles_accounting)) { + if (handles_accounting_) { + QUIC_RELOADABLE_FLAG_COUNT(quic_stream_id_manager_handles_accounting); + } +} LegacyQuicStreamIdManager::~LegacyQuicStreamIdManager() {} bool LegacyQuicStreamIdManager::CanOpenNextOutgoingStream( size_t current_num_open_outgoing_streams) const { + if (handles_accounting_) { + DCHECK_LE(num_open_outgoing_streams_, max_open_outgoing_streams_); + QUIC_DLOG_IF(INFO, num_open_outgoing_streams_ == max_open_outgoing_streams_) + << "Failed to create a new outgoing stream. " + << "Already " << num_open_outgoing_streams_ << " open."; + return num_open_outgoing_streams_ < max_open_outgoing_streams_; + } if (current_num_open_outgoing_streams >= max_open_outgoing_streams_) { QUIC_DLOG(INFO) << "Failed to create a new outgoing stream. " << "Already " << current_num_open_outgoing_streams @@ -46,6 +61,9 @@ bool LegacyQuicStreamIdManager::CanOpenNextOutgoingStream( bool LegacyQuicStreamIdManager::CanOpenIncomingStream( size_t current_num_open_incoming_streams) const { + if (handles_accounting_) { + return num_open_incoming_streams_ < max_open_incoming_streams_; + } // Check if the new number of open streams would cause the number of // open streams to exceed the limit. return current_num_open_incoming_streams < max_open_incoming_streams_; @@ -102,6 +120,26 @@ QuicStreamId LegacyQuicStreamIdManager::GetNextOutgoingStreamId() { return id; } +void LegacyQuicStreamIdManager::ActivateStream(bool is_incoming) { + DCHECK(handles_accounting_); + if (is_incoming) { + ++num_open_incoming_streams_; + return; + } + ++num_open_outgoing_streams_; +} + +void LegacyQuicStreamIdManager::OnStreamClosed(bool is_incoming) { + DCHECK(handles_accounting_); + if (is_incoming) { + QUIC_BUG_IF(num_open_incoming_streams_ == 0); + --num_open_incoming_streams_; + return; + } + QUIC_BUG_IF(num_open_outgoing_streams_ == 0); + --num_open_outgoing_streams_; +} + bool LegacyQuicStreamIdManager::IsAvailableStream(QuicStreamId id) const { if (!IsIncomingStream(id)) { // Stream IDs under next_ougoing_stream_id_ are either open or previously diff --git a/chromium/net/third_party/quiche/src/quic/core/legacy_quic_stream_id_manager.h b/chromium/net/third_party/quiche/src/quic/core/legacy_quic_stream_id_manager.h index 1a94905e41a..6c1309ebbc9 100644 --- a/chromium/net/third_party/quiche/src/quic/core/legacy_quic_stream_id_manager.h +++ b/chromium/net/third_party/quiche/src/quic/core/legacy_quic_stream_id_manager.h @@ -46,6 +46,12 @@ class QUIC_EXPORT_PRIVATE LegacyQuicStreamIdManager { // underlying counter. QuicStreamId GetNextOutgoingStreamId(); + // Called when a new stream is open. + void ActivateStream(bool is_incoming); + + // Called when a stream ID is closed. + void OnStreamClosed(bool is_incoming); + // Return true if |id| is peer initiated. bool IsIncomingStream(QuicStreamId id) const; @@ -82,6 +88,15 @@ class QUIC_EXPORT_PRIVATE LegacyQuicStreamIdManager { size_t GetNumAvailableStreams() const; + size_t num_open_incoming_streams() const { + return num_open_incoming_streams_; + } + size_t num_open_outgoing_streams() const { + return num_open_outgoing_streams_; + } + + bool handles_accounting() const { return handles_accounting_; } + private: friend class test::QuicSessionPeer; @@ -99,9 +114,20 @@ class QUIC_EXPORT_PRIVATE LegacyQuicStreamIdManager { // Set of stream ids that are less than the largest stream id that has been // received, but are nonetheless available to be created. - QuicUnorderedSet<QuicStreamId> available_streams_; + QuicHashSet<QuicStreamId> available_streams_; QuicStreamId largest_peer_created_stream_id_; + + // A counter for peer initiated open streams. Used when handles_accounting_ is + // true. + size_t num_open_incoming_streams_; + + // A counter for self initiated open streams. Used when handles_accounting_ is + // true. + size_t num_open_outgoing_streams_; + + // Latched value of quic_stream_id_manager_handles_accounting. + const bool handles_accounting_; }; } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/legacy_quic_stream_id_manager_test.cc b/chromium/net/third_party/quiche/src/quic/core/legacy_quic_stream_id_manager_test.cc index bd37ffe338e..00654b48c45 100644 --- a/chromium/net/third_party/quiche/src/quic/core/legacy_quic_stream_id_manager_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/legacy_quic_stream_id_manager_test.cc @@ -78,15 +78,31 @@ INSTANTIATE_TEST_SUITE_P(Tests, ::testing::PrintToStringParamName()); TEST_P(LegacyQuicStreamIdManagerTest, CanOpenNextOutgoingStream) { + if (GetQuicReloadableFlag(quic_stream_id_manager_handles_accounting)) { + for (size_t i = 0; i < manager_.max_open_outgoing_streams() - 1; ++i) { + manager_.ActivateStream(/*is_incoming=*/false); + } + } EXPECT_TRUE(manager_.CanOpenNextOutgoingStream( manager_.max_open_outgoing_streams() - 1)); + if (GetQuicReloadableFlag(quic_stream_id_manager_handles_accounting)) { + manager_.ActivateStream(/*is_incoming=*/false); + } EXPECT_FALSE( manager_.CanOpenNextOutgoingStream(manager_.max_open_outgoing_streams())); } TEST_P(LegacyQuicStreamIdManagerTest, CanOpenIncomingStream) { + if (GetQuicReloadableFlag(quic_stream_id_manager_handles_accounting)) { + for (size_t i = 0; i < manager_.max_open_incoming_streams() - 1; ++i) { + manager_.ActivateStream(/*is_incoming=*/true); + } + } EXPECT_TRUE( manager_.CanOpenIncomingStream(manager_.max_open_incoming_streams() - 1)); + if (GetQuicReloadableFlag(quic_stream_id_manager_handles_accounting)) { + manager_.ActivateStream(/*is_incoming=*/true); + } EXPECT_FALSE( manager_.CanOpenIncomingStream(manager_.max_open_incoming_streams())); } diff --git a/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_decoded_headers_accumulator.cc b/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_decoded_headers_accumulator.cc index 7aa0f1125d2..6469dd266b5 100644 --- a/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_decoded_headers_accumulator.cc +++ b/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_decoded_headers_accumulator.cc @@ -5,16 +5,11 @@ #include "net/third_party/quiche/src/quic/core/qpack/qpack_decoded_headers_accumulator.h" #include "net/third_party/quiche/src/quic/core/qpack/qpack_decoder.h" +#include "net/third_party/quiche/src/quic/core/qpack/qpack_header_table.h" #include "net/third_party/quiche/src/common/platform/api/quiche_string_piece.h" namespace quic { -namespace { - -size_t kHeaderFieldSizeOverhead = 32; - -} - QpackDecodedHeadersAccumulator::QpackDecodedHeadersAccumulator( QuicStreamId id, QpackDecoder* qpack_decoder, @@ -44,7 +39,7 @@ void QpackDecodedHeadersAccumulator::OnHeaderDecoded( } uncompressed_header_bytes_including_overhead_ += - name.size() + value.size() + kHeaderFieldSizeOverhead; + name.size() + value.size() + QpackEntry::kSizeOverhead; if (uncompressed_header_bytes_including_overhead_ > max_header_list_size_) { header_list_size_limit_exceeded_ = true; diff --git a/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_decoded_headers_accumulator_test.cc b/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_decoded_headers_accumulator_test.cc index c98f8543ffa..93e2561f367 100644 --- a/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_decoded_headers_accumulator_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_decoded_headers_accumulator_test.cc @@ -42,11 +42,14 @@ const char* const kHeaderAcknowledgement = "\x81"; class MockVisitor : public QpackDecodedHeadersAccumulator::Visitor { public: ~MockVisitor() override = default; - MOCK_METHOD2(OnHeadersDecoded, - void(QuicHeaderList headers, - bool header_list_size_limit_exceeded)); - MOCK_METHOD1(OnHeaderDecodingError, - void(quiche::QuicheStringPiece error_message)); + MOCK_METHOD(void, + OnHeadersDecoded, + (QuicHeaderList headers, bool header_list_size_limit_exceeded), + (override)); + MOCK_METHOD(void, + OnHeaderDecodingError, + (quiche::QuicheStringPiece error_message), + (override)); }; } // anonymous namespace diff --git a/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_decoder_stream_receiver_test.cc b/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_decoder_stream_receiver_test.cc index 44a2286a244..70d2450662a 100644 --- a/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_decoder_stream_receiver_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_decoder_stream_receiver_test.cc @@ -19,10 +19,16 @@ class MockDelegate : public QpackDecoderStreamReceiver::Delegate { public: ~MockDelegate() override = default; - MOCK_METHOD1(OnInsertCountIncrement, void(uint64_t increment)); - MOCK_METHOD1(OnHeaderAcknowledgement, void(QuicStreamId stream_id)); - MOCK_METHOD1(OnStreamCancellation, void(QuicStreamId stream_id)); - MOCK_METHOD1(OnErrorDetected, void(quiche::QuicheStringPiece error_message)); + MOCK_METHOD(void, OnInsertCountIncrement, (uint64_t increment), (override)); + MOCK_METHOD(void, + OnHeaderAcknowledgement, + (QuicStreamId stream_id), + (override)); + MOCK_METHOD(void, OnStreamCancellation, (QuicStreamId stream_id), (override)); + MOCK_METHOD(void, + OnErrorDetected, + (quiche::QuicheStringPiece error_message), + (override)); }; class QpackDecoderStreamReceiverTest : public QuicTest { diff --git a/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_encoder.cc b/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_encoder.cc index 2b30e982ea7..db7ec794268 100644 --- a/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_encoder.cc +++ b/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_encoder.cc @@ -80,6 +80,11 @@ QpackEncoder::Instructions QpackEncoder::FirstPassEncode( const spdy::SpdyHeaderBlock& header_list, QpackBlockingManager::IndexSet* referred_indices, QuicByteCount* encoder_stream_sent_byte_count) { + // If previous instructions are buffered in |encoder_stream_sender_|, + // do not count them towards the current header block. + const QuicByteCount initial_encoder_stream_buffered_byte_count = + encoder_stream_sender_.BufferedByteCount(); + Instructions instructions; instructions.reserve(header_list.size()); @@ -266,10 +271,16 @@ QpackEncoder::Instructions QpackEncoder::FirstPassEncode( } } - const QuicByteCount sent_byte_count = encoder_stream_sender_.Flush(); + const QuicByteCount encoder_stream_buffered_byte_count = + encoder_stream_sender_.BufferedByteCount(); + DCHECK_GE(encoder_stream_buffered_byte_count, + initial_encoder_stream_buffered_byte_count); if (encoder_stream_sent_byte_count) { - *encoder_stream_sent_byte_count = sent_byte_count; + *encoder_stream_sent_byte_count = + encoder_stream_buffered_byte_count - + initial_encoder_stream_buffered_byte_count; } + encoder_stream_sender_.Flush(); ++header_list_count_; @@ -374,7 +385,8 @@ void QpackEncoder::SetMaximumDynamicTableCapacity( void QpackEncoder::SetDynamicTableCapacity(uint64_t dynamic_table_capacity) { encoder_stream_sender_.SendSetDynamicTableCapacity(dynamic_table_capacity); - encoder_stream_sender_.Flush(); + // Do not flush encoder stream. This write can safely be delayed until more + // instructions are written. bool success = header_table_.SetDynamicTableCapacity(dynamic_table_capacity); DCHECK(success); diff --git a/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_encoder_stream_receiver_test.cc b/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_encoder_stream_receiver_test.cc index b5edd5f1472..71b6d3438e4 100644 --- a/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_encoder_stream_receiver_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_encoder_stream_receiver_test.cc @@ -19,16 +19,22 @@ class MockDelegate : public QpackEncoderStreamReceiver::Delegate { public: ~MockDelegate() override = default; - MOCK_METHOD3(OnInsertWithNameReference, - void(bool is_static, - uint64_t name_index, - quiche::QuicheStringPiece value)); - MOCK_METHOD2(OnInsertWithoutNameReference, - void(quiche::QuicheStringPiece name, - quiche::QuicheStringPiece value)); - MOCK_METHOD1(OnDuplicate, void(uint64_t index)); - MOCK_METHOD1(OnSetDynamicTableCapacity, void(uint64_t capacity)); - MOCK_METHOD1(OnErrorDetected, void(quiche::QuicheStringPiece error_message)); + MOCK_METHOD(void, + OnInsertWithNameReference, + (bool is_static, + uint64_t name_index, + quiche::QuicheStringPiece value), + (override)); + MOCK_METHOD(void, + OnInsertWithoutNameReference, + (quiche::QuicheStringPiece name, quiche::QuicheStringPiece value), + (override)); + MOCK_METHOD(void, OnDuplicate, (uint64_t index), (override)); + MOCK_METHOD(void, OnSetDynamicTableCapacity, (uint64_t capacity), (override)); + MOCK_METHOD(void, + OnErrorDetected, + (quiche::QuicheStringPiece error_message), + (override)); }; class QpackEncoderStreamReceiverTest : public QuicTest { diff --git a/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_encoder_stream_sender.cc b/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_encoder_stream_sender.cc index 19311b6aeb9..0ae1aae7ff1 100644 --- a/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_encoder_stream_sender.cc +++ b/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_encoder_stream_sender.cc @@ -44,15 +44,13 @@ void QpackEncoderStreamSender::SendSetDynamicTableCapacity(uint64_t capacity) { QpackInstructionWithValues::SetDynamicTableCapacity(capacity), &buffer_); } -QuicByteCount QpackEncoderStreamSender::Flush() { +void QpackEncoderStreamSender::Flush() { if (buffer_.empty()) { - return 0; + return; } delegate_->WriteStreamData(buffer_); - const QuicByteCount bytes_written = buffer_.size(); buffer_.clear(); - return bytes_written; } } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_encoder_stream_sender.h b/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_encoder_stream_sender.h index 5701db54ffe..dee23c50d5b 100644 --- a/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_encoder_stream_sender.h +++ b/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_encoder_stream_sender.h @@ -38,9 +38,11 @@ class QUIC_EXPORT_PRIVATE QpackEncoderStreamSender { // 5.2.4. Set Dynamic Table Capacity void SendSetDynamicTableCapacity(uint64_t capacity); + // Returns number of buffered bytes. + QuicByteCount BufferedByteCount() const { return buffer_.size(); } + // Writes all buffered instructions on the encoder stream. - // Returns the number of bytes written. - QuicByteCount Flush(); + void Flush(); // delegate must be set if dynamic table capacity is not zero. void set_qpack_stream_sender_delegate(QpackStreamSenderDelegate* delegate) { diff --git a/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_encoder_stream_sender_test.cc b/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_encoder_stream_sender_test.cc index b3fd5f9de6a..ea45acc1abd 100644 --- a/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_encoder_stream_sender_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_encoder_stream_sender_test.cc @@ -27,24 +27,29 @@ class QpackEncoderStreamSenderTest : public QuicTest { }; TEST_F(QpackEncoderStreamSenderTest, InsertWithNameReference) { + EXPECT_EQ(0u, stream_.BufferedByteCount()); + // Static, index fits in prefix, empty value. std::string expected_encoded_data = quiche::QuicheTextUtils::HexDecode("c500"); EXPECT_CALL(delegate_, WriteStreamData(Eq(expected_encoded_data))); stream_.SendInsertWithNameReference(true, 5, ""); - EXPECT_EQ(expected_encoded_data.size(), stream_.Flush()); + EXPECT_EQ(expected_encoded_data.size(), stream_.BufferedByteCount()); + stream_.Flush(); // Static, index fits in prefix, Huffman encoded value. expected_encoded_data = quiche::QuicheTextUtils::HexDecode("c28294e7"); EXPECT_CALL(delegate_, WriteStreamData(Eq(expected_encoded_data))); stream_.SendInsertWithNameReference(true, 2, "foo"); - EXPECT_EQ(expected_encoded_data.size(), stream_.Flush()); + EXPECT_EQ(expected_encoded_data.size(), stream_.BufferedByteCount()); + stream_.Flush(); // Not static, index does not fit in prefix, not Huffman encoded value. expected_encoded_data = quiche::QuicheTextUtils::HexDecode("bf4a03626172"); EXPECT_CALL(delegate_, WriteStreamData(Eq(expected_encoded_data))); stream_.SendInsertWithNameReference(false, 137, "bar"); - EXPECT_EQ(expected_encoded_data.size(), stream_.Flush()); + EXPECT_EQ(expected_encoded_data.size(), stream_.BufferedByteCount()); + stream_.Flush(); // Value length does not fit in prefix. // 'Z' would be Huffman encoded to 8 bits, so no Huffman encoding is used. @@ -55,29 +60,35 @@ TEST_F(QpackEncoderStreamSenderTest, InsertWithNameReference) { "5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a"); EXPECT_CALL(delegate_, WriteStreamData(Eq(expected_encoded_data))); stream_.SendInsertWithNameReference(false, 42, std::string(127, 'Z')); - EXPECT_EQ(expected_encoded_data.size(), stream_.Flush()); + EXPECT_EQ(expected_encoded_data.size(), stream_.BufferedByteCount()); + stream_.Flush(); } TEST_F(QpackEncoderStreamSenderTest, InsertWithoutNameReference) { + EXPECT_EQ(0u, stream_.BufferedByteCount()); + // Empty name and value. std::string expected_encoded_data = quiche::QuicheTextUtils::HexDecode("4000"); EXPECT_CALL(delegate_, WriteStreamData(Eq(expected_encoded_data))); stream_.SendInsertWithoutNameReference("", ""); - EXPECT_EQ(expected_encoded_data.size(), stream_.Flush()); + EXPECT_EQ(expected_encoded_data.size(), stream_.BufferedByteCount()); + stream_.Flush(); // Huffman encoded short strings. expected_encoded_data = quiche::QuicheTextUtils::HexDecode("6294e78294e7"); EXPECT_CALL(delegate_, WriteStreamData(Eq(expected_encoded_data))); stream_.SendInsertWithoutNameReference("foo", "foo"); - EXPECT_EQ(expected_encoded_data.size(), stream_.Flush()); + EXPECT_EQ(expected_encoded_data.size(), stream_.BufferedByteCount()); + stream_.Flush(); // Not Huffman encoded short strings. expected_encoded_data = quiche::QuicheTextUtils::HexDecode("4362617203626172"); EXPECT_CALL(delegate_, WriteStreamData(Eq(expected_encoded_data))); stream_.SendInsertWithoutNameReference("bar", "bar"); - EXPECT_EQ(expected_encoded_data.size(), stream_.Flush()); + EXPECT_EQ(expected_encoded_data.size(), stream_.BufferedByteCount()); + stream_.Flush(); // Not Huffman encoded long strings; length does not fit on prefix. // 'Z' would be Huffman encoded to 8 bits, so no Huffman encoding is used. @@ -90,35 +101,46 @@ TEST_F(QpackEncoderStreamSenderTest, InsertWithoutNameReference) { EXPECT_CALL(delegate_, WriteStreamData(Eq(expected_encoded_data))); stream_.SendInsertWithoutNameReference(std::string(31, 'Z'), std::string(127, 'Z')); - EXPECT_EQ(expected_encoded_data.size(), stream_.Flush()); + EXPECT_EQ(expected_encoded_data.size(), stream_.BufferedByteCount()); + stream_.Flush(); } TEST_F(QpackEncoderStreamSenderTest, Duplicate) { + EXPECT_EQ(0u, stream_.BufferedByteCount()); + // Small index fits in prefix. std::string expected_encoded_data = quiche::QuicheTextUtils::HexDecode("11"); EXPECT_CALL(delegate_, WriteStreamData(Eq(expected_encoded_data))); stream_.SendDuplicate(17); - EXPECT_EQ(expected_encoded_data.size(), stream_.Flush()); + EXPECT_EQ(expected_encoded_data.size(), stream_.BufferedByteCount()); + stream_.Flush(); // Large index requires two extension bytes. expected_encoded_data = quiche::QuicheTextUtils::HexDecode("1fd503"); EXPECT_CALL(delegate_, WriteStreamData(Eq(expected_encoded_data))); stream_.SendDuplicate(500); - EXPECT_EQ(expected_encoded_data.size(), stream_.Flush()); + EXPECT_EQ(expected_encoded_data.size(), stream_.BufferedByteCount()); + stream_.Flush(); } TEST_F(QpackEncoderStreamSenderTest, SetDynamicTableCapacity) { + EXPECT_EQ(0u, stream_.BufferedByteCount()); + // Small capacity fits in prefix. std::string expected_encoded_data = quiche::QuicheTextUtils::HexDecode("31"); EXPECT_CALL(delegate_, WriteStreamData(Eq(expected_encoded_data))); stream_.SendSetDynamicTableCapacity(17); - EXPECT_EQ(expected_encoded_data.size(), stream_.Flush()); + EXPECT_EQ(expected_encoded_data.size(), stream_.BufferedByteCount()); + stream_.Flush(); + EXPECT_EQ(0u, stream_.BufferedByteCount()); // Large capacity requires two extension bytes. expected_encoded_data = quiche::QuicheTextUtils::HexDecode("3fd503"); EXPECT_CALL(delegate_, WriteStreamData(Eq(expected_encoded_data))); stream_.SendSetDynamicTableCapacity(500); - EXPECT_EQ(expected_encoded_data.size(), stream_.Flush()); + EXPECT_EQ(expected_encoded_data.size(), stream_.BufferedByteCount()); + stream_.Flush(); + EXPECT_EQ(0u, stream_.BufferedByteCount()); } // No writes should happen until Flush is called. @@ -142,13 +164,17 @@ TEST_F(QpackEncoderStreamSenderTest, Coalesce) { "11"); // Duplicate entry. EXPECT_CALL(delegate_, WriteStreamData(Eq(expected_encoded_data))); - EXPECT_EQ(expected_encoded_data.size(), stream_.Flush()); + EXPECT_EQ(expected_encoded_data.size(), stream_.BufferedByteCount()); + stream_.Flush(); + EXPECT_EQ(0u, stream_.BufferedByteCount()); } // No writes should happen if QpackEncoderStreamSender::Flush() is called // when the buffer is empty. TEST_F(QpackEncoderStreamSenderTest, FlushEmpty) { - EXPECT_EQ(0u, stream_.Flush()); + EXPECT_EQ(0u, stream_.BufferedByteCount()); + stream_.Flush(); + EXPECT_EQ(0u, stream_.BufferedByteCount()); } } // namespace diff --git a/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_encoder_test.cc b/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_encoder_test.cc index 212257cedb6..e0d21c53269 100644 --- a/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_encoder_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_encoder_test.cc @@ -12,6 +12,7 @@ #include "net/third_party/quiche/src/quic/test_tools/qpack/qpack_encoder_test_utils.h" #include "net/third_party/quiche/src/quic/test_tools/qpack/qpack_header_table_peer.h" #include "net/third_party/quiche/src/quic/test_tools/qpack/qpack_test_utils.h" +#include "net/third_party/quiche/src/common/platform/api/quiche_str_cat.h" #include "net/third_party/quiche/src/common/platform/api/quiche_string_piece.h" #include "net/third_party/quiche/src/common/platform/api/quiche_text_utils.h" @@ -213,11 +214,6 @@ TEST_F(QpackEncoderTest, InvalidHeaderAcknowledgement) { TEST_F(QpackEncoderTest, DynamicTable) { encoder_.SetMaximumBlockedStreams(1); encoder_.SetMaximumDynamicTableCapacity(4096); - - // Set Dynamic Table Capacity instruction. - EXPECT_CALL( - encoder_stream_sender_delegate_, - WriteStreamData(Eq(quiche::QuicheTextUtils::HexDecode("3fe11f")))); encoder_.SetDynamicTableCapacity(4096); spdy::SpdyHeaderBlock header_list; @@ -226,6 +222,9 @@ TEST_F(QpackEncoderTest, DynamicTable) { "baz"); // name matches dynamic entry header_list["cookie"] = "baz"; // name matches static entry + // Set Dynamic Table Capacity instruction. + std::string set_dyanamic_table_capacity = + quiche::QuicheTextUtils::HexDecode("3fe11f"); // Insert three entries into the dynamic table. std::string insert_entries = quiche::QuicheTextUtils::HexDecode( "62" // insert without name reference @@ -236,7 +235,8 @@ TEST_F(QpackEncoderTest, DynamicTable) { "c5" // insert with name reference, static index 5 "0362617a"); // value "baz" EXPECT_CALL(encoder_stream_sender_delegate_, - WriteStreamData(Eq(insert_entries))); + WriteStreamData(Eq(quiche::QuicheStrCat( + set_dyanamic_table_capacity, insert_entries)))); EXPECT_EQ(quiche::QuicheTextUtils::HexDecode( "0400" // prefix @@ -250,10 +250,6 @@ TEST_F(QpackEncoderTest, DynamicTable) { TEST_F(QpackEncoderTest, SmallDynamicTable) { encoder_.SetMaximumBlockedStreams(1); encoder_.SetMaximumDynamicTableCapacity(QpackEntry::Size("foo", "bar")); - - // Set Dynamic Table Capacity instruction. - EXPECT_CALL(encoder_stream_sender_delegate_, - WriteStreamData(Eq(quiche::QuicheTextUtils::HexDecode("3f07")))); encoder_.SetDynamicTableCapacity(QpackEntry::Size("foo", "bar")); spdy::SpdyHeaderBlock header_list; @@ -263,13 +259,17 @@ TEST_F(QpackEncoderTest, SmallDynamicTable) { header_list["cookie"] = "baz"; // name matches static entry header_list["bar"] = "baz"; // no match + // Set Dynamic Table Capacity instruction. + std::string set_dyanamic_table_capacity = + quiche::QuicheTextUtils::HexDecode("3f07"); // Insert one entry into the dynamic table. std::string insert_entry = quiche::QuicheTextUtils::HexDecode( "62" // insert without name reference "94e7" // Huffman-encoded name "foo" "03626172"); // value "bar" EXPECT_CALL(encoder_stream_sender_delegate_, - WriteStreamData(Eq(insert_entry))); + WriteStreamData(Eq(quiche::QuicheStrCat( + set_dyanamic_table_capacity, insert_entry)))); EXPECT_EQ(quiche::QuicheTextUtils::HexDecode( "0200" // prefix @@ -288,23 +288,22 @@ TEST_F(QpackEncoderTest, SmallDynamicTable) { TEST_F(QpackEncoderTest, BlockedStream) { encoder_.SetMaximumBlockedStreams(1); encoder_.SetMaximumDynamicTableCapacity(4096); - - // Set Dynamic Table Capacity instruction. - EXPECT_CALL( - encoder_stream_sender_delegate_, - WriteStreamData(Eq(quiche::QuicheTextUtils::HexDecode("3fe11f")))); encoder_.SetDynamicTableCapacity(4096); spdy::SpdyHeaderBlock header_list1; header_list1["foo"] = "bar"; + // Set Dynamic Table Capacity instruction. + std::string set_dyanamic_table_capacity = + quiche::QuicheTextUtils::HexDecode("3fe11f"); // Insert one entry into the dynamic table. std::string insert_entry1 = quiche::QuicheTextUtils::HexDecode( "62" // insert without name reference "94e7" // Huffman-encoded name "foo" "03626172"); // value "bar" EXPECT_CALL(encoder_stream_sender_delegate_, - WriteStreamData(Eq(insert_entry1))); + WriteStreamData(Eq(quiche::QuicheStrCat( + set_dyanamic_table_capacity, insert_entry1)))); EXPECT_EQ(quiche::QuicheTextUtils::HexDecode("0200" // prefix "80"), // dynamic entry 0 @@ -420,12 +419,10 @@ TEST_F(QpackEncoderTest, Draining) { } maximum_dynamic_table_capacity += QpackEntry::Size("one", "foo"); encoder_.SetMaximumDynamicTableCapacity(maximum_dynamic_table_capacity); - - // Set Dynamic Table Capacity instruction. - EXPECT_CALL(encoder_stream_sender_delegate_, WriteStreamData(_)); encoder_.SetDynamicTableCapacity(maximum_dynamic_table_capacity); - // Insert ten entries into the dynamic table. + // Set Dynamic Table Capacity instruction and insert ten entries into the + // dynamic table. EXPECT_CALL(encoder_stream_sender_delegate_, WriteStreamData(_)); EXPECT_EQ(quiche::QuicheTextUtils::HexDecode( @@ -466,10 +463,6 @@ TEST_F(QpackEncoderTest, Draining) { TEST_F(QpackEncoderTest, DynamicTableCapacityLessThanMaximum) { encoder_.SetMaximumDynamicTableCapacity(1024); - - // Set Dynamic Table Capacity instruction. - EXPECT_CALL(encoder_stream_sender_delegate_, - WriteStreamData(Eq(quiche::QuicheTextUtils::HexDecode("3e")))); encoder_.SetDynamicTableCapacity(30); QpackHeaderTable* header_table = QpackEncoderPeer::header_table(&encoder_); diff --git a/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_header_table_test.cc b/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_header_table_test.cc index 5cf392023af..a96159be486 100644 --- a/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_header_table_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_header_table_test.cc @@ -25,8 +25,8 @@ class MockObserver : public QpackHeaderTable::Observer { public: ~MockObserver() override = default; - MOCK_METHOD0(OnInsertCountReachedThreshold, void()); - MOCK_METHOD0(Cancel, void()); + MOCK_METHOD(void, OnInsertCountReachedThreshold, (), (override)); + MOCK_METHOD(void, Cancel, (), (override)); }; class QpackHeaderTableTest : public QuicTest { diff --git a/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_instruction_decoder_test.cc b/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_instruction_decoder_test.cc index 99cda08dd28..a4bbc91aaf5 100644 --- a/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_instruction_decoder_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/qpack/qpack_instruction_decoder_test.cc @@ -61,8 +61,14 @@ class MockDelegate : public QpackInstructionDecoder::Delegate { MockDelegate& operator=(const MockDelegate&) = delete; ~MockDelegate() override = default; - MOCK_METHOD1(OnInstructionDecoded, bool(const QpackInstruction* instruction)); - MOCK_METHOD1(OnError, void(quiche::QuicheStringPiece error_message)); + MOCK_METHOD(bool, + OnInstructionDecoded, + (const QpackInstruction*), + (override)); + MOCK_METHOD(void, + OnError, + (quiche::QuicheStringPiece error_message), + (override)); }; class QpackInstructionDecoderTest : public QuicTestWithParam<FragmentMode> { diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_alarm_test.cc b/chromium/net/third_party/quiche/src/quic/core/quic_alarm_test.cc index b2f4690f9a5..87cbd699dff 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_alarm_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_alarm_test.cc @@ -14,7 +14,7 @@ namespace { class MockDelegate : public QuicAlarm::Delegate { public: - MOCK_METHOD0(OnAlarm, void()); + MOCK_METHOD(void, OnAlarm, (), (override)); }; class DestructiveDelegate : public QuicAlarm::Delegate { diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_arena_scoped_ptr_test.cc b/chromium/net/third_party/quiche/src/quic/core/quic_arena_scoped_ptr_test.cc index cd0780fe508..5b7548a5c53 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_arena_scoped_ptr_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_arena_scoped_ptr_test.cc @@ -13,7 +13,7 @@ namespace { enum class TestParam { kFromHeap, kFromArena }; struct TestObject { - explicit TestObject(uintptr_t value) : value(value) { buffer.resize(1200); } + explicit TestObject(uintptr_t value) : value(value) { buffer.resize(1024); } uintptr_t value; // Ensure that we have a non-trivial destructor that will leak memory if it's @@ -51,7 +51,7 @@ class QuicArenaScopedPtrParamTest : public QuicTestWithParam<TestParam> { } private: - QuicOneBlockArena<1200> arena_; + QuicOneBlockArena<1024> arena_; }; INSTANTIATE_TEST_SUITE_P(QuicArenaScopedPtrParamTest, @@ -69,7 +69,7 @@ TEST_P(QuicArenaScopedPtrParamTest, NullObjects) { } TEST_P(QuicArenaScopedPtrParamTest, FromArena) { - QuicOneBlockArena<1200> arena_; + QuicOneBlockArena<1024> arena_; EXPECT_TRUE(arena_.New<TestObject>(0).is_from_arena()); EXPECT_FALSE( QuicArenaScopedPtr<TestObject>(new TestObject(0)).is_from_arena()); diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_buffered_packet_store.cc b/chromium/net/third_party/quiche/src/quic/core/quic_buffered_packet_store.cc index e363461cf8c..cafe871f38b 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_buffered_packet_store.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_buffered_packet_store.cc @@ -86,23 +86,25 @@ EnqueuePacketResult QuicBufferedPacketStore::EnqueuePacket( QuicSocketAddress self_address, QuicSocketAddress peer_address, bool is_chlo, - const std::string& alpn, + const std::vector<std::string>& alpns, const ParsedQuicVersion& version) { QUIC_BUG_IF(!GetQuicFlag(FLAGS_quic_allow_chlo_buffering)) << "Shouldn't buffer packets if disabled via flag."; QUIC_BUG_IF(is_chlo && QuicContainsKey(connections_with_chlo_, connection_id)) << "Shouldn't buffer duplicated CHLO on connection " << connection_id; - QUIC_BUG_IF(!is_chlo && !alpn.empty()) + QUIC_BUG_IF(!is_chlo && !alpns.empty()) << "Shouldn't have an ALPN defined for a non-CHLO packet."; QUIC_BUG_IF(is_chlo && version.transport_version == QUIC_VERSION_UNSUPPORTED) << "Should have version for CHLO packet."; - if (!QuicContainsKey(undecryptable_packets_, connection_id) && - ShouldBufferPacket(is_chlo)) { - // Drop the packet if the upper limit of undecryptable packets has been - // reached or the whole capacity of the store has been reached. - return TOO_MANY_CONNECTIONS; - } else if (!QuicContainsKey(undecryptable_packets_, connection_id)) { + const bool is_first_packet = + !QuicContainsKey(undecryptable_packets_, connection_id); + if (is_first_packet) { + if (ShouldBufferPacket(is_chlo)) { + // Drop the packet if the upper limit of undecryptable packets has been + // reached or the whole capacity of the store has been reached. + return TOO_MANY_CONNECTIONS; + } undecryptable_packets_.emplace( std::make_pair(connection_id, BufferedPacketList())); undecryptable_packets_.back().second.ietf_quic = ietf_quic; @@ -138,14 +140,25 @@ EnqueuePacketResult QuicBufferedPacketStore::EnqueuePacket( // Add CHLO to the beginning of buffered packets so that it can be delivered // first later. queue.buffered_packets.push_front(std::move(new_entry)); - queue.alpn = alpn; + queue.alpns = alpns; connections_with_chlo_[connection_id] = false; // Dummy value. // Set the version of buffered packets of this connection on CHLO. queue.version = version; } else { // Buffer non-CHLO packets in arrival order. queue.buffered_packets.push_back(std::move(new_entry)); + + // Attempt to parse multi-packet TLS CHLOs. + if (is_first_packet) { + queue.tls_chlo_extractor.IngestPacket(version, packet); + // Since this is the first packet and it's not a CHLO, the + // TlsChloExtractor should not have the entire CHLO. + QUIC_BUG_IF(queue.tls_chlo_extractor.HasParsedFullChlo()) + << "First packet in list should not contain full CHLO"; + } + // TODO(b/154857081) Reorder CHLO packets ahead of other ones. } + MaybeSetExpirationAlarm(); return SUCCESS; } @@ -240,4 +253,25 @@ bool QuicBufferedPacketStore::HasChloForConnection( return QuicContainsKey(connections_with_chlo_, connection_id); } +bool QuicBufferedPacketStore::IngestPacketForTlsChloExtraction( + const QuicConnectionId& connection_id, + const ParsedQuicVersion& version, + const QuicReceivedPacket& packet, + std::vector<std::string>* out_alpns) { + DCHECK_NE(out_alpns, nullptr); + DCHECK_EQ(version.handshake_protocol, PROTOCOL_TLS1_3); + auto it = undecryptable_packets_.find(connection_id); + if (it == undecryptable_packets_.end()) { + QUIC_BUG << "Cannot ingest packet for unknown connection ID " + << connection_id; + return false; + } + it->second.tls_chlo_extractor.IngestPacket(version, packet); + if (!it->second.tls_chlo_extractor.HasParsedFullChlo()) { + return false; + } + *out_alpns = it->second.tls_chlo_extractor.alpns(); + return true; +} + } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_buffered_packet_store.h b/chromium/net/third_party/quiche/src/quic/core/quic_buffered_packet_store.h index 52d957e1a43..b862b42ee4f 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_buffered_packet_store.h +++ b/chromium/net/third_party/quiche/src/quic/core/quic_buffered_packet_store.h @@ -13,6 +13,7 @@ #include "net/third_party/quiche/src/quic/core/quic_clock.h" #include "net/third_party/quiche/src/quic/core/quic_packets.h" #include "net/third_party/quiche/src/quic/core/quic_time.h" +#include "net/third_party/quiche/src/quic/core/tls_chlo_extractor.h" #include "net/third_party/quiche/src/quic/platform/api/quic_containers.h" #include "net/third_party/quiche/src/quic/platform/api/quic_export.h" #include "net/third_party/quiche/src/quic/platform/api/quic_socket_address.h" @@ -32,7 +33,7 @@ class QuicBufferedPacketStorePeer; // of connections: connections with CHLO buffered and those without CHLO. The // latter has its own upper limit along with the max number of connections this // store can hold. The former pool can grow till this store is full. -class QUIC_EXPORT_PRIVATE QuicBufferedPacketStore { +class QUIC_NO_EXPORT QuicBufferedPacketStore { public: enum EnqueuePacketResult { SUCCESS = 0, @@ -40,7 +41,7 @@ class QUIC_EXPORT_PRIVATE QuicBufferedPacketStore { TOO_MANY_CONNECTIONS // Too many connections stored up in the store. }; - struct QUIC_EXPORT_PRIVATE BufferedPacket { + struct QUIC_NO_EXPORT BufferedPacket { BufferedPacket(std::unique_ptr<QuicReceivedPacket> packet, QuicSocketAddress self_address, QuicSocketAddress peer_address); @@ -56,7 +57,7 @@ class QUIC_EXPORT_PRIVATE QuicBufferedPacketStore { }; // A queue of BufferedPackets for a connection. - struct QUIC_EXPORT_PRIVATE BufferedPacketList { + struct QUIC_NO_EXPORT BufferedPacketList { BufferedPacketList(); BufferedPacketList(BufferedPacketList&& other); @@ -66,13 +67,14 @@ class QUIC_EXPORT_PRIVATE QuicBufferedPacketStore { std::list<BufferedPacket> buffered_packets; QuicTime creation_time; - // The alpn from the CHLO, if one was found. - std::string alpn; + // The ALPNs from the CHLO, if found. + std::vector<std::string> alpns; // Indicating whether this is an IETF QUIC connection. bool ietf_quic; // If buffered_packets contains the CHLO, it is the version of the CHLO. // Otherwise, it is the version of the first packet in |buffered_packets|. ParsedQuicVersion version; + TlsChloExtractor tls_chlo_extractor; }; typedef QuicLinkedHashMap<QuicConnectionId, @@ -80,7 +82,7 @@ class QUIC_EXPORT_PRIVATE QuicBufferedPacketStore { QuicConnectionIdHash> BufferedPacketMap; - class QUIC_EXPORT_PRIVATE VisitorInterface { + class QUIC_NO_EXPORT VisitorInterface { public: virtual ~VisitorInterface() {} @@ -108,12 +110,22 @@ class QUIC_EXPORT_PRIVATE QuicBufferedPacketStore { QuicSocketAddress self_address, QuicSocketAddress peer_address, bool is_chlo, - const std::string& alpn, + const std::vector<std::string>& alpns, const ParsedQuicVersion& version); // Returns true if there are any packets buffered for |connection_id|. bool HasBufferedPackets(QuicConnectionId connection_id) const; + // Ingests this packet into the corresponding TlsChloExtractor. This should + // only be called when HasBufferedPackets(connection_id) is true. + // Returns whether we've now parsed a full multi-packet TLS CHLO. + // When this returns true, |out_alpns| is populated with the list of ALPNs + // extracted from the CHLO. + bool IngestPacketForTlsChloExtraction(const QuicConnectionId& connection_id, + const ParsedQuicVersion& version, + const QuicReceivedPacket& packet, + std::vector<std::string>* out_alpns); + // Returns the list of buffered packets for |connection_id| and removes them // from the store. Returns an empty list if no early arrived packets for this // connection are present. diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_buffered_packet_store_test.cc b/chromium/net/third_party/quiche/src/quic/core/quic_buffered_packet_store_test.cc index dbf6c16e627..d99f4e0586e 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_buffered_packet_store_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_buffered_packet_store_test.cc @@ -74,13 +74,13 @@ class QuicBufferedPacketStoreTest : public QuicTest { TEST_F(QuicBufferedPacketStoreTest, SimpleEnqueueAndDeliverPacket) { QuicConnectionId connection_id = TestConnectionId(1); store_.EnqueuePacket(connection_id, false, packet_, self_address_, - peer_address_, false, "", invalid_version_); + peer_address_, false, {}, invalid_version_); EXPECT_TRUE(store_.HasBufferedPackets(connection_id)); auto packets = store_.DeliverPackets(connection_id); const std::list<BufferedPacket>& queue = packets.buffered_packets; ASSERT_EQ(1u, queue.size()); // The alpn should be ignored for non-chlo packets. - ASSERT_EQ("", packets.alpn); + ASSERT_TRUE(packets.alpns.empty()); // There is no valid version because CHLO has not arrived. EXPECT_EQ(invalid_version_, packets.version); // Check content of the only packet in the queue. @@ -97,9 +97,9 @@ TEST_F(QuicBufferedPacketStoreTest, DifferentPacketAddressOnOneConnection) { QuicSocketAddress addr_with_new_port(QuicIpAddress::Any4(), 256); QuicConnectionId connection_id = TestConnectionId(1); store_.EnqueuePacket(connection_id, false, packet_, self_address_, - peer_address_, false, "", invalid_version_); + peer_address_, false, {}, invalid_version_); store_.EnqueuePacket(connection_id, false, packet_, self_address_, - addr_with_new_port, false, "", invalid_version_); + addr_with_new_port, false, {}, invalid_version_); std::list<BufferedPacket> queue = store_.DeliverPackets(connection_id).buffered_packets; ASSERT_EQ(2u, queue.size()); @@ -114,9 +114,9 @@ TEST_F(QuicBufferedPacketStoreTest, for (uint64_t conn_id = 1; conn_id <= num_connections; ++conn_id) { QuicConnectionId connection_id = TestConnectionId(conn_id); store_.EnqueuePacket(connection_id, false, packet_, self_address_, - peer_address_, false, "", invalid_version_); + peer_address_, false, {}, invalid_version_); store_.EnqueuePacket(connection_id, false, packet_, self_address_, - peer_address_, false, "", invalid_version_); + peer_address_, false, {}, invalid_version_); } // Deliver packets in reversed order. @@ -138,12 +138,12 @@ TEST_F(QuicBufferedPacketStoreTest, // keep. EXPECT_EQ(QuicBufferedPacketStore::SUCCESS, store_.EnqueuePacket(connection_id, false, packet_, self_address_, - peer_address_, true, "", valid_version_)); + peer_address_, true, {}, valid_version_)); for (size_t i = 1; i <= num_packets; ++i) { // Only first |kDefaultMaxUndecryptablePackets packets| will be buffered. EnqueuePacketResult result = store_.EnqueuePacket(connection_id, false, packet_, self_address_, - peer_address_, false, "", invalid_version_); + peer_address_, false, {}, invalid_version_); if (i <= kDefaultMaxUndecryptablePackets) { EXPECT_EQ(EnqueuePacketResult::SUCCESS, result); } else { @@ -165,7 +165,7 @@ TEST_F(QuicBufferedPacketStoreTest, ReachNonChloConnectionUpperLimit) { QuicConnectionId connection_id = TestConnectionId(conn_id); EnqueuePacketResult result = store_.EnqueuePacket(connection_id, false, packet_, self_address_, - peer_address_, false, "", invalid_version_); + peer_address_, false, {}, invalid_version_); if (conn_id <= kMaxConnectionsWithoutCHLO) { EXPECT_EQ(EnqueuePacketResult::SUCCESS, result); } else { @@ -194,7 +194,7 @@ TEST_F(QuicBufferedPacketStoreTest, for (uint64_t conn_id = 1; conn_id <= num_chlos; ++conn_id) { EXPECT_EQ(EnqueuePacketResult::SUCCESS, store_.EnqueuePacket(TestConnectionId(conn_id), false, packet_, - self_address_, peer_address_, true, "", + self_address_, peer_address_, true, {}, valid_version_)); } @@ -205,7 +205,7 @@ TEST_F(QuicBufferedPacketStoreTest, QuicConnectionId connection_id = TestConnectionId(conn_id); EnqueuePacketResult result = store_.EnqueuePacket(connection_id, false, packet_, self_address_, - peer_address_, true, "", valid_version_); + peer_address_, true, {}, valid_version_); if (conn_id <= kDefaultMaxConnectionsInStore) { EXPECT_EQ(EnqueuePacketResult::SUCCESS, result); } else { @@ -220,7 +220,7 @@ TEST_F(QuicBufferedPacketStoreTest, EnqueueChloOnTooManyDifferentConnections) { QuicConnectionId connection_id = TestConnectionId(conn_id); EXPECT_EQ(EnqueuePacketResult::SUCCESS, store_.EnqueuePacket(connection_id, false, packet_, self_address_, - peer_address_, false, "", invalid_version_)); + peer_address_, false, {}, invalid_version_)); } // Buffer CHLOs on other connections till store is full. @@ -229,7 +229,7 @@ TEST_F(QuicBufferedPacketStoreTest, EnqueueChloOnTooManyDifferentConnections) { QuicConnectionId connection_id = TestConnectionId(i); EnqueuePacketResult rs = store_.EnqueuePacket(connection_id, false, packet_, self_address_, - peer_address_, true, "", valid_version_); + peer_address_, true, {}, valid_version_); if (i <= kDefaultMaxConnectionsInStore) { EXPECT_EQ(EnqueuePacketResult::SUCCESS, rs); EXPECT_TRUE(store_.HasChloForConnection(connection_id)); @@ -246,7 +246,7 @@ TEST_F(QuicBufferedPacketStoreTest, EnqueueChloOnTooManyDifferentConnections) { EXPECT_EQ(EnqueuePacketResult::SUCCESS, store_.EnqueuePacket( /*connection_id=*/TestConnectionId(1), false, packet_, - self_address_, peer_address_, true, "", valid_version_)); + self_address_, peer_address_, true, {}, valid_version_)); EXPECT_TRUE(store_.HasChloForConnection( /*connection_id=*/TestConnectionId(1))); @@ -274,14 +274,14 @@ TEST_F(QuicBufferedPacketStoreTest, EnqueueChloOnTooManyDifferentConnections) { TEST_F(QuicBufferedPacketStoreTest, PacketQueueExpiredBeforeDelivery) { QuicConnectionId connection_id = TestConnectionId(1); store_.EnqueuePacket(connection_id, false, packet_, self_address_, - peer_address_, false, "", invalid_version_); + peer_address_, false, {}, invalid_version_); EXPECT_EQ(EnqueuePacketResult::SUCCESS, store_.EnqueuePacket(connection_id, false, packet_, self_address_, - peer_address_, true, "", valid_version_)); + peer_address_, true, {}, valid_version_)); QuicConnectionId connection_id2 = TestConnectionId(2); EXPECT_EQ(EnqueuePacketResult::SUCCESS, store_.EnqueuePacket(connection_id2, false, packet_, self_address_, - peer_address_, false, "", invalid_version_)); + peer_address_, false, {}, invalid_version_)); // CHLO on connection 3 arrives 1ms later. clock_.AdvanceTime(QuicTime::Delta::FromMilliseconds(1)); @@ -290,7 +290,7 @@ TEST_F(QuicBufferedPacketStoreTest, PacketQueueExpiredBeforeDelivery) { // connections. QuicSocketAddress another_client_address(QuicIpAddress::Any4(), 255); store_.EnqueuePacket(connection_id3, false, packet_, self_address_, - another_client_address, true, "", valid_version_); + another_client_address, true, {}, valid_version_); // Advance clock to the time when connection 1 and 2 expires. clock_.AdvanceTime( @@ -322,9 +322,9 @@ TEST_F(QuicBufferedPacketStoreTest, PacketQueueExpiredBeforeDelivery) { // for them to expire. QuicConnectionId connection_id4 = TestConnectionId(4); store_.EnqueuePacket(connection_id4, false, packet_, self_address_, - peer_address_, false, "", invalid_version_); + peer_address_, false, {}, invalid_version_); store_.EnqueuePacket(connection_id4, false, packet_, self_address_, - peer_address_, false, "", invalid_version_); + peer_address_, false, {}, invalid_version_); clock_.AdvanceTime( QuicBufferedPacketStorePeer::expiration_alarm(&store_)->deadline() - clock_.ApproximateNow()); @@ -339,9 +339,9 @@ TEST_F(QuicBufferedPacketStoreTest, SimpleDiscardPackets) { // Enqueue some packets store_.EnqueuePacket(connection_id, false, packet_, self_address_, - peer_address_, false, "", invalid_version_); + peer_address_, false, {}, invalid_version_); store_.EnqueuePacket(connection_id, false, packet_, self_address_, - peer_address_, false, "", invalid_version_); + peer_address_, false, {}, invalid_version_); EXPECT_TRUE(store_.HasBufferedPackets(connection_id)); EXPECT_FALSE(store_.HasChlosBuffered()); @@ -365,11 +365,11 @@ TEST_F(QuicBufferedPacketStoreTest, DiscardWithCHLOs) { // Enqueue some packets, which include a CHLO store_.EnqueuePacket(connection_id, false, packet_, self_address_, - peer_address_, false, "", invalid_version_); + peer_address_, false, {}, invalid_version_); store_.EnqueuePacket(connection_id, false, packet_, self_address_, - peer_address_, true, "", valid_version_); + peer_address_, true, {}, valid_version_); store_.EnqueuePacket(connection_id, false, packet_, self_address_, - peer_address_, false, "", invalid_version_); + peer_address_, false, {}, invalid_version_); EXPECT_TRUE(store_.HasBufferedPackets(connection_id)); EXPECT_TRUE(store_.HasChlosBuffered()); @@ -394,11 +394,11 @@ TEST_F(QuicBufferedPacketStoreTest, MultipleDiscardPackets) { // Enqueue some packets for two connection IDs store_.EnqueuePacket(connection_id_1, false, packet_, self_address_, - peer_address_, false, "", invalid_version_); + peer_address_, false, {}, invalid_version_); store_.EnqueuePacket(connection_id_1, false, packet_, self_address_, - peer_address_, false, "", invalid_version_); + peer_address_, false, {}, invalid_version_); store_.EnqueuePacket(connection_id_2, false, packet_, self_address_, - peer_address_, true, "h3", valid_version_); + peer_address_, true, {"h3"}, valid_version_); EXPECT_TRUE(store_.HasBufferedPackets(connection_id_1)); EXPECT_TRUE(store_.HasBufferedPackets(connection_id_2)); EXPECT_TRUE(store_.HasChlosBuffered()); @@ -415,7 +415,8 @@ TEST_F(QuicBufferedPacketStoreTest, MultipleDiscardPackets) { EXPECT_TRUE(store_.HasBufferedPackets(connection_id_2)); auto packets = store_.DeliverPackets(connection_id_2); EXPECT_EQ(1u, packets.buffered_packets.size()); - EXPECT_EQ("h3", packets.alpn); + ASSERT_EQ(1u, packets.alpns.size()); + EXPECT_EQ("h3", packets.alpns[0]); // Since connection_id_2's chlo arrives, verify version is set. EXPECT_EQ(valid_version_, packets.version); EXPECT_TRUE(store_.HasChlosBuffered()); diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_circular_deque.h b/chromium/net/third_party/quiche/src/quic/core/quic_circular_deque.h index 997740bf300..1949d85f79e 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_circular_deque.h +++ b/chromium/net/third_party/quiche/src/quic/core/quic_circular_deque.h @@ -7,6 +7,7 @@ #include <algorithm> #include <cstddef> +#include <cstring> #include <iterator> #include <memory> #include <ostream> @@ -62,6 +63,16 @@ class QUIC_NO_EXPORT QuicCircularDeque { const basic_iterator<value_type>& it) // NOLINT(runtime/explicit) : deque_(it.deque_), index_(it.index_) {} + // A copy assignment if Pointee is T. + // A assignment from iterator to const_iterator if Pointee is const T. + basic_iterator& operator=(const basic_iterator<value_type>& it) { + if (this != &it) { + deque_ = it.deque_; + index_ = it.index_; + } + return *this; + } + reference operator*() const { return *deque_->index_to_address(index_); } pointer operator->() const { return deque_->index_to_address(index_); } reference operator[](difference_type i) { return *(*this + i); } diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_coalesced_packet.cc b/chromium/net/third_party/quiche/src/quic/core/quic_coalesced_packet.cc index 6393f5d6c8a..c18369eac9b 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_coalesced_packet.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_coalesced_packet.cc @@ -90,9 +90,6 @@ void QuicCoalescedPacket::Clear() { for (auto& packet : encrypted_buffers_) { packet.clear(); } - if (initial_packet_ != nullptr) { - ClearSerializedPacket(initial_packet_.get()); - } initial_packet_ = nullptr; } diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_coalesced_packet.h b/chromium/net/third_party/quiche/src/quic/core/quic_coalesced_packet.h index 1974f77c56b..447ab95bf68 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_coalesced_packet.h +++ b/chromium/net/third_party/quiche/src/quic/core/quic_coalesced_packet.h @@ -36,6 +36,9 @@ class QUIC_EXPORT_PRIVATE QuicCoalescedPacket { std::string ToString(size_t serialized_length) const; + // Returns true if this coalesced packet contains packet of |level|. + bool ContainsPacketOfEncryptionLevel(EncryptionLevel level) const; + const SerializedPacket* initial_packet() const { return initial_packet_.get(); } @@ -49,9 +52,6 @@ class QUIC_EXPORT_PRIVATE QuicCoalescedPacket { QuicPacketLength max_packet_length() const { return max_packet_length_; } private: - // Returns true if this coalesced packet contains packet of |level|. - bool ContainsPacketOfEncryptionLevel(EncryptionLevel level) const; - // self/peer addresses are set when trying to coalesce the first packet. // Packets with different self/peer addresses cannot be coalesced. QuicSocketAddress self_address_; diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_config.cc b/chromium/net/third_party/quiche/src/quic/core/quic_config.cc index d0087c46f09..7c781f4def0 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_config.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_config.cc @@ -6,11 +6,13 @@ #include <algorithm> #include <cstring> +#include <limits> #include <string> #include <utility> #include "net/third_party/quiche/src/quic/core/crypto/crypto_handshake_message.h" #include "net/third_party/quiche/src/quic/core/crypto/crypto_protocol.h" +#include "net/third_party/quiche/src/quic/core/quic_connection_id.h" #include "net/third_party/quiche/src/quic/core/quic_constants.h" #include "net/third_party/quiche/src/quic/core/quic_socket_address_coder.h" #include "net/third_party/quiche/src/quic/core/quic_utils.h" @@ -58,74 +60,6 @@ QuicConfigValue::QuicConfigValue(QuicTag tag, QuicConfigPresence presence) : tag_(tag), presence_(presence) {} QuicConfigValue::~QuicConfigValue() {} -QuicNegotiableValue::QuicNegotiableValue(QuicTag tag, - QuicConfigPresence presence) - : QuicConfigValue(tag, presence), negotiated_(false) {} -QuicNegotiableValue::~QuicNegotiableValue() {} - -QuicNegotiableUint32::QuicNegotiableUint32(QuicTag tag, - QuicConfigPresence presence) - : QuicNegotiableValue(tag, presence), - max_value_(0), - default_value_(0), - negotiated_value_(0) {} -QuicNegotiableUint32::~QuicNegotiableUint32() {} - -void QuicNegotiableUint32::set(uint32_t max, uint32_t default_value) { - DCHECK_LE(default_value, max); - max_value_ = max; - default_value_ = default_value; -} - -uint32_t QuicNegotiableUint32::GetUint32() const { - if (negotiated()) { - return negotiated_value_; - } - return default_value_; -} - -// Returns the maximum value negotiable. -uint32_t QuicNegotiableUint32::GetMax() const { - return max_value_; -} - -void QuicNegotiableUint32::ToHandshakeMessage( - CryptoHandshakeMessage* out) const { - if (negotiated()) { - out->SetValue(tag_, negotiated_value_); - } else { - out->SetValue(tag_, max_value_); - } -} - -QuicErrorCode QuicNegotiableUint32::ProcessPeerHello( - const CryptoHandshakeMessage& peer_hello, - HelloType hello_type, - std::string* error_details) { - DCHECK(!negotiated()); - DCHECK(error_details != nullptr); - uint32_t value; - QuicErrorCode error = ReadUint32(peer_hello, tag_, presence_, default_value_, - &value, error_details); - if (error != QUIC_NO_ERROR) { - return error; - } - return ReceiveValue(value, hello_type, error_details); -} - -QuicErrorCode QuicNegotiableUint32::ReceiveValue(uint32_t value, - HelloType hello_type, - std::string* error_details) { - if (hello_type == SERVER && value > max_value_) { - *error_details = "Invalid value received for " + QuicTagToString(tag_); - return QUIC_INVALID_NEGOTIATED_VALUE; - } - - set_negotiated(true); - negotiated_value_ = std::min(value, max_value_); - return QUIC_NO_ERROR; -} - QuicFixedUint32::QuicFixedUint32(QuicTag tag, QuicConfigPresence presence) : QuicConfigValue(tag, presence), has_send_value_(false), @@ -163,6 +97,11 @@ void QuicFixedUint32::SetReceivedValue(uint32_t value) { } void QuicFixedUint32::ToHandshakeMessage(CryptoHandshakeMessage* out) const { + if (tag_ == 0) { + QUIC_BUG + << "This parameter does not support writing to CryptoHandshakeMessage"; + return; + } if (has_send_value_) { out->SetValue(tag_, send_value_); } @@ -173,6 +112,12 @@ QuicErrorCode QuicFixedUint32::ProcessPeerHello( HelloType /*hello_type*/, std::string* error_details) { DCHECK(error_details != nullptr); + if (tag_ == 0) { + *error_details = + "This parameter does not support reading from CryptoHandshakeMessage"; + QUIC_BUG << *error_details; + return QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND; + } QuicErrorCode error = peer_hello.GetUint32(tag_, &receive_value_); switch (error) { case QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND: @@ -191,6 +136,92 @@ QuicErrorCode QuicFixedUint32::ProcessPeerHello( return error; } +QuicFixedUint62::QuicFixedUint62(QuicTag name, QuicConfigPresence presence) + : QuicConfigValue(name, presence), + has_send_value_(false), + has_receive_value_(false) {} + +QuicFixedUint62::~QuicFixedUint62() {} + +bool QuicFixedUint62::HasSendValue() const { + return has_send_value_; +} + +uint64_t QuicFixedUint62::GetSendValue() const { + if (!has_send_value_) { + QUIC_BUG << "No send value to get for tag:" << QuicTagToString(tag_); + return 0; + } + return send_value_; +} + +void QuicFixedUint62::SetSendValue(uint64_t value) { + if (value > kVarInt62MaxValue) { + QUIC_BUG << "QuicFixedUint62 invalid value " << value; + value = kVarInt62MaxValue; + } + has_send_value_ = true; + send_value_ = value; +} + +bool QuicFixedUint62::HasReceivedValue() const { + return has_receive_value_; +} + +uint64_t QuicFixedUint62::GetReceivedValue() const { + if (!has_receive_value_) { + QUIC_BUG << "No receive value to get for tag:" << QuicTagToString(tag_); + return 0; + } + return receive_value_; +} + +void QuicFixedUint62::SetReceivedValue(uint64_t value) { + has_receive_value_ = true; + receive_value_ = value; +} + +void QuicFixedUint62::ToHandshakeMessage(CryptoHandshakeMessage* out) const { + if (!has_send_value_) { + return; + } + uint32_t send_value32; + if (send_value_ > std::numeric_limits<uint32_t>::max()) { + QUIC_BUG << "Attempting to send " << send_value_ + << " for tag:" << QuicTagToString(tag_); + send_value32 = std::numeric_limits<uint32_t>::max(); + } else { + send_value32 = static_cast<uint32_t>(send_value_); + } + out->SetValue(tag_, send_value32); +} + +QuicErrorCode QuicFixedUint62::ProcessPeerHello( + const CryptoHandshakeMessage& peer_hello, + HelloType /*hello_type*/, + std::string* error_details) { + DCHECK(error_details != nullptr); + uint32_t receive_value32; + QuicErrorCode error = peer_hello.GetUint32(tag_, &receive_value32); + // GetUint32 is guaranteed to always initialize receive_value32. + receive_value_ = receive_value32; + switch (error) { + case QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND: + if (presence_ == PRESENCE_OPTIONAL) { + return QUIC_NO_ERROR; + } + *error_details = "Missing " + QuicTagToString(tag_); + break; + case QUIC_NO_ERROR: + has_receive_value_ = true; + break; + default: + *error_details = "Bad " + QuicTagToString(tag_); + break; + } + return error; +} + QuicFixedUint128::QuicFixedUint128(QuicTag tag, QuicConfigPresence presence) : QuicConfigValue(tag, presence), has_send_value_(false), @@ -271,7 +302,7 @@ bool QuicFixedTagVector::HasSendValues() const { return has_send_values_; } -QuicTagVector QuicFixedTagVector::GetSendValues() const { +const QuicTagVector& QuicFixedTagVector::GetSendValues() const { QUIC_BUG_IF(!has_send_values_) << "No send values to get for tag:" << QuicTagToString(tag_); return send_values_; @@ -286,7 +317,7 @@ bool QuicFixedTagVector::HasReceivedValues() const { return has_receive_values_; } -QuicTagVector QuicFixedTagVector::GetReceivedValues() const { +const QuicTagVector& QuicFixedTagVector::GetReceivedValues() const { QUIC_BUG_IF(!has_receive_values_) << "No receive value to get for tag:" << QuicTagToString(tag_); return receive_values_; @@ -397,13 +428,13 @@ QuicErrorCode QuicFixedSocketAddress::ProcessPeerHello( } QuicConfig::QuicConfig() - : max_time_before_crypto_handshake_(QuicTime::Delta::Zero()), + : negotiated_(false), + max_time_before_crypto_handshake_(QuicTime::Delta::Zero()), max_idle_time_before_crypto_handshake_(QuicTime::Delta::Zero()), max_undecryptable_packets_(0), connection_options_(kCOPT, PRESENCE_OPTIONAL), client_connection_options_(kCLOP, PRESENCE_OPTIONAL), - idle_network_timeout_seconds_(kICSL, PRESENCE_REQUIRED), - silent_close_(kSCLS, PRESENCE_OPTIONAL), + idle_timeout_to_send_(QuicTime::Delta::Infinite()), max_bidirectional_streams_(kMIBS, PRESENCE_REQUIRED), max_unidirectional_streams_(kMIUS, PRESENCE_OPTIONAL), bytes_for_connection_id_(kTCID, PRESENCE_OPTIONAL), @@ -416,13 +447,14 @@ QuicConfig::QuicConfig() initial_stream_flow_control_window_bytes_(kSFCW, PRESENCE_OPTIONAL), initial_session_flow_control_window_bytes_(kCFCW, PRESENCE_OPTIONAL), connection_migration_disabled_(kNCMR, PRESENCE_OPTIONAL), - alternate_server_address_(kASAD, PRESENCE_OPTIONAL), - support_max_header_list_size_(kSMHL, PRESENCE_OPTIONAL), + alternate_server_address_ipv6_(kASAD, PRESENCE_OPTIONAL), + alternate_server_address_ipv4_(kASAD, PRESENCE_OPTIONAL), stateless_reset_token_(kSRST, PRESENCE_OPTIONAL), max_ack_delay_ms_(kMAD, PRESENCE_OPTIONAL), ack_delay_exponent_(kADE, PRESENCE_OPTIONAL), max_packet_size_(0, PRESENCE_OPTIONAL), - max_datagram_frame_size_(0, PRESENCE_OPTIONAL) { + max_datagram_frame_size_(0, PRESENCE_OPTIONAL), + active_connection_id_limit_(0, PRESENCE_OPTIONAL) { SetDefaults(); } @@ -450,7 +482,7 @@ bool QuicConfig::HasReceivedConnectionOptions() const { return connection_options_.HasReceivedValues(); } -QuicTagVector QuicConfig::ReceivedConnectionOptions() const { +const QuicTagVector& QuicConfig::ReceivedConnectionOptions() const { return connection_options_.GetReceivedValues(); } @@ -458,7 +490,7 @@ bool QuicConfig::HasSendConnectionOptions() const { return connection_options_.HasSendValues(); } -QuicTagVector QuicConfig::SendConnectionOptions() const { +const QuicTagVector& QuicConfig::SendConnectionOptions() const { return connection_options_.GetSendValues(); } @@ -493,26 +525,35 @@ bool QuicConfig::HasClientRequestedIndependentOption( ContainsQuicTag(client_connection_options_.GetSendValues(), tag)); } -void QuicConfig::SetIdleNetworkTimeout( - QuicTime::Delta max_idle_network_timeout, - QuicTime::Delta default_idle_network_timeout) { - idle_network_timeout_seconds_.set( - static_cast<uint32_t>(max_idle_network_timeout.ToSeconds()), - static_cast<uint32_t>(default_idle_network_timeout.ToSeconds())); -} +const QuicTagVector& QuicConfig::ClientRequestedIndependentOptions( + Perspective perspective) const { + static const QuicTagVector* no_options = new QuicTagVector; + if (perspective == Perspective::IS_SERVER) { + return HasReceivedConnectionOptions() ? ReceivedConnectionOptions() + : *no_options; + } -QuicTime::Delta QuicConfig::IdleNetworkTimeout() const { - return QuicTime::Delta::FromSeconds( - idle_network_timeout_seconds_.GetUint32()); + return client_connection_options_.HasSendValues() + ? client_connection_options_.GetSendValues() + : *no_options; } -// TODO(ianswett) Use this for silent close on mobile, or delete. -QUIC_UNUSED void QuicConfig::SetSilentClose(bool silent_close) { - silent_close_.set(silent_close ? 1 : 0, silent_close ? 1 : 0); +void QuicConfig::SetIdleNetworkTimeout(QuicTime::Delta idle_network_timeout) { + if (idle_network_timeout.ToMicroseconds() <= 0) { + QUIC_BUG << "Invalid idle network timeout " << idle_network_timeout; + return; + } + idle_timeout_to_send_ = idle_network_timeout; } -bool QuicConfig::SilentClose() const { - return silent_close_.GetUint32() > 0; +QuicTime::Delta QuicConfig::IdleNetworkTimeout() const { + // TODO(b/152032210) add a QUIC_BUG to ensure that is not called before we've + // received the peer's values. This is true in production code but not in all + // of our tests that use a fake QuicConfig. + if (!received_idle_timeout_.has_value()) { + return idle_timeout_to_send_; + } + return received_idle_timeout_.value(); } void QuicConfig::SetMaxBidirectionalStreamsToSend(uint32_t max_streams) { @@ -579,11 +620,11 @@ uint32_t QuicConfig::ReceivedAckDelayExponent() const { return ack_delay_exponent_.GetReceivedValue(); } -void QuicConfig::SetMaxPacketSizeToSend(uint32_t max_packet_size) { +void QuicConfig::SetMaxPacketSizeToSend(uint64_t max_packet_size) { max_packet_size_.SetSendValue(max_packet_size); } -uint32_t QuicConfig::GetMaxPacketSizeToSend() const { +uint64_t QuicConfig::GetMaxPacketSizeToSend() const { return max_packet_size_.GetSendValue(); } @@ -591,16 +632,16 @@ bool QuicConfig::HasReceivedMaxPacketSize() const { return max_packet_size_.HasReceivedValue(); } -uint32_t QuicConfig::ReceivedMaxPacketSize() const { +uint64_t QuicConfig::ReceivedMaxPacketSize() const { return max_packet_size_.GetReceivedValue(); } void QuicConfig::SetMaxDatagramFrameSizeToSend( - uint32_t max_datagram_frame_size) { + uint64_t max_datagram_frame_size) { max_datagram_frame_size_.SetSendValue(max_datagram_frame_size); } -uint32_t QuicConfig::GetMaxDatagramFrameSizeToSend() const { +uint64_t QuicConfig::GetMaxDatagramFrameSizeToSend() const { return max_datagram_frame_size_.GetSendValue(); } @@ -608,10 +649,27 @@ bool QuicConfig::HasReceivedMaxDatagramFrameSize() const { return max_datagram_frame_size_.HasReceivedValue(); } -uint32_t QuicConfig::ReceivedMaxDatagramFrameSize() const { +uint64_t QuicConfig::ReceivedMaxDatagramFrameSize() const { return max_datagram_frame_size_.GetReceivedValue(); } +void QuicConfig::SetActiveConnectionIdLimitToSend( + uint64_t active_connection_id_limit) { + active_connection_id_limit_.SetSendValue(active_connection_id_limit); +} + +uint64_t QuicConfig::GetActiveConnectionIdLimitToSend() const { + return active_connection_id_limit_.GetSendValue(); +} + +bool QuicConfig::HasReceivedActiveConnectionIdLimit() const { + return active_connection_id_limit_.HasReceivedValue(); +} + +uint64_t QuicConfig::ReceivedActiveConnectionIdLimit() const { + return active_connection_id_limit_.GetReceivedValue(); +} + bool QuicConfig::HasSetBytesForConnectionIdToSend() const { return bytes_for_connection_id_.HasSendValue(); } @@ -628,7 +686,7 @@ uint32_t QuicConfig::ReceivedBytesForConnectionId() const { return bytes_for_connection_id_.GetReceivedValue(); } -void QuicConfig::SetInitialRoundTripTimeUsToSend(uint32_t rtt) { +void QuicConfig::SetInitialRoundTripTimeUsToSend(uint64_t rtt) { initial_round_trip_time_us_.SetSendValue(rtt); } @@ -636,7 +694,7 @@ bool QuicConfig::HasReceivedInitialRoundTripTimeUs() const { return initial_round_trip_time_us_.HasReceivedValue(); } -uint32_t QuicConfig::ReceivedInitialRoundTripTimeUs() const { +uint64_t QuicConfig::ReceivedInitialRoundTripTimeUs() const { return initial_round_trip_time_us_.GetReceivedValue(); } @@ -644,12 +702,12 @@ bool QuicConfig::HasInitialRoundTripTimeUsToSend() const { return initial_round_trip_time_us_.HasSendValue(); } -uint32_t QuicConfig::GetInitialRoundTripTimeUsToSend() const { +uint64_t QuicConfig::GetInitialRoundTripTimeUsToSend() const { return initial_round_trip_time_us_.GetSendValue(); } void QuicConfig::SetInitialStreamFlowControlWindowToSend( - uint32_t window_bytes) { + uint64_t window_bytes) { if (window_bytes < kMinimumFlowControlSendWindow) { QUIC_BUG << "Initial stream flow control receive window (" << window_bytes << ") cannot be set lower than minimum (" @@ -659,7 +717,7 @@ void QuicConfig::SetInitialStreamFlowControlWindowToSend( initial_stream_flow_control_window_bytes_.SetSendValue(window_bytes); } -uint32_t QuicConfig::GetInitialStreamFlowControlWindowToSend() const { +uint64_t QuicConfig::GetInitialStreamFlowControlWindowToSend() const { return initial_stream_flow_control_window_bytes_.GetSendValue(); } @@ -667,17 +725,17 @@ bool QuicConfig::HasReceivedInitialStreamFlowControlWindowBytes() const { return initial_stream_flow_control_window_bytes_.HasReceivedValue(); } -uint32_t QuicConfig::ReceivedInitialStreamFlowControlWindowBytes() const { +uint64_t QuicConfig::ReceivedInitialStreamFlowControlWindowBytes() const { return initial_stream_flow_control_window_bytes_.GetReceivedValue(); } void QuicConfig::SetInitialMaxStreamDataBytesIncomingBidirectionalToSend( - uint32_t window_bytes) { + uint64_t window_bytes) { initial_max_stream_data_bytes_incoming_bidirectional_.SetSendValue( window_bytes); } -uint32_t QuicConfig::GetInitialMaxStreamDataBytesIncomingBidirectionalToSend() +uint64_t QuicConfig::GetInitialMaxStreamDataBytesIncomingBidirectionalToSend() const { if (initial_max_stream_data_bytes_incoming_bidirectional_.HasSendValue()) { return initial_max_stream_data_bytes_incoming_bidirectional_.GetSendValue(); @@ -691,19 +749,19 @@ bool QuicConfig::HasReceivedInitialMaxStreamDataBytesIncomingBidirectional() .HasReceivedValue(); } -uint32_t QuicConfig::ReceivedInitialMaxStreamDataBytesIncomingBidirectional() +uint64_t QuicConfig::ReceivedInitialMaxStreamDataBytesIncomingBidirectional() const { return initial_max_stream_data_bytes_incoming_bidirectional_ .GetReceivedValue(); } void QuicConfig::SetInitialMaxStreamDataBytesOutgoingBidirectionalToSend( - uint32_t window_bytes) { + uint64_t window_bytes) { initial_max_stream_data_bytes_outgoing_bidirectional_.SetSendValue( window_bytes); } -uint32_t QuicConfig::GetInitialMaxStreamDataBytesOutgoingBidirectionalToSend() +uint64_t QuicConfig::GetInitialMaxStreamDataBytesOutgoingBidirectionalToSend() const { if (initial_max_stream_data_bytes_outgoing_bidirectional_.HasSendValue()) { return initial_max_stream_data_bytes_outgoing_bidirectional_.GetSendValue(); @@ -717,18 +775,18 @@ bool QuicConfig::HasReceivedInitialMaxStreamDataBytesOutgoingBidirectional() .HasReceivedValue(); } -uint32_t QuicConfig::ReceivedInitialMaxStreamDataBytesOutgoingBidirectional() +uint64_t QuicConfig::ReceivedInitialMaxStreamDataBytesOutgoingBidirectional() const { return initial_max_stream_data_bytes_outgoing_bidirectional_ .GetReceivedValue(); } void QuicConfig::SetInitialMaxStreamDataBytesUnidirectionalToSend( - uint32_t window_bytes) { + uint64_t window_bytes) { initial_max_stream_data_bytes_unidirectional_.SetSendValue(window_bytes); } -uint32_t QuicConfig::GetInitialMaxStreamDataBytesUnidirectionalToSend() const { +uint64_t QuicConfig::GetInitialMaxStreamDataBytesUnidirectionalToSend() const { if (initial_max_stream_data_bytes_unidirectional_.HasSendValue()) { return initial_max_stream_data_bytes_unidirectional_.GetSendValue(); } @@ -739,12 +797,12 @@ bool QuicConfig::HasReceivedInitialMaxStreamDataBytesUnidirectional() const { return initial_max_stream_data_bytes_unidirectional_.HasReceivedValue(); } -uint32_t QuicConfig::ReceivedInitialMaxStreamDataBytesUnidirectional() const { +uint64_t QuicConfig::ReceivedInitialMaxStreamDataBytesUnidirectional() const { return initial_max_stream_data_bytes_unidirectional_.GetReceivedValue(); } void QuicConfig::SetInitialSessionFlowControlWindowToSend( - uint32_t window_bytes) { + uint64_t window_bytes) { if (window_bytes < kMinimumFlowControlSendWindow) { QUIC_BUG << "Initial session flow control receive window (" << window_bytes << ") cannot be set lower than default (" @@ -754,7 +812,7 @@ void QuicConfig::SetInitialSessionFlowControlWindowToSend( initial_session_flow_control_window_bytes_.SetSendValue(window_bytes); } -uint32_t QuicConfig::GetInitialSessionFlowControlWindowToSend() const { +uint64_t QuicConfig::GetInitialSessionFlowControlWindowToSend() const { return initial_session_flow_control_window_bytes_.GetSendValue(); } @@ -762,7 +820,7 @@ bool QuicConfig::HasReceivedInitialSessionFlowControlWindowBytes() const { return initial_session_flow_control_window_bytes_.HasReceivedValue(); } -uint32_t QuicConfig::ReceivedInitialSessionFlowControlWindowBytes() const { +uint64_t QuicConfig::ReceivedInitialSessionFlowControlWindowBytes() const { return initial_session_flow_control_window_bytes_.GetReceivedValue(); } @@ -774,25 +832,59 @@ bool QuicConfig::DisableConnectionMigration() const { return connection_migration_disabled_.HasReceivedValue(); } -void QuicConfig::SetAlternateServerAddressToSend( - const QuicSocketAddress& alternate_server_address) { - alternate_server_address_.SetSendValue(alternate_server_address); +void QuicConfig::SetIPv6AlternateServerAddressToSend( + const QuicSocketAddress& alternate_server_address_ipv6) { + if (!alternate_server_address_ipv6.host().IsIPv6()) { + QUIC_BUG << "Cannot use SetIPv6AlternateServerAddressToSend with " + << alternate_server_address_ipv6; + return; + } + alternate_server_address_ipv6_.SetSendValue(alternate_server_address_ipv6); +} + +bool QuicConfig::HasReceivedIPv6AlternateServerAddress() const { + return alternate_server_address_ipv6_.HasReceivedValue(); +} + +const QuicSocketAddress& QuicConfig::ReceivedIPv6AlternateServerAddress() + const { + return alternate_server_address_ipv6_.GetReceivedValue(); +} + +void QuicConfig::SetIPv4AlternateServerAddressToSend( + const QuicSocketAddress& alternate_server_address_ipv4) { + if (!alternate_server_address_ipv4.host().IsIPv4()) { + QUIC_BUG << "Cannot use SetIPv4AlternateServerAddressToSend with " + << alternate_server_address_ipv4; + return; + } + alternate_server_address_ipv4_.SetSendValue(alternate_server_address_ipv4); } -bool QuicConfig::HasReceivedAlternateServerAddress() const { - return alternate_server_address_.HasReceivedValue(); +bool QuicConfig::HasReceivedIPv4AlternateServerAddress() const { + return alternate_server_address_ipv4_.HasReceivedValue(); } -const QuicSocketAddress& QuicConfig::ReceivedAlternateServerAddress() const { - return alternate_server_address_.GetReceivedValue(); +const QuicSocketAddress& QuicConfig::ReceivedIPv4AlternateServerAddress() + const { + return alternate_server_address_ipv4_.GetReceivedValue(); } -void QuicConfig::SetSupportMaxHeaderListSize() { - support_max_header_list_size_.SetSendValue(1); +void QuicConfig::SetOriginalConnectionIdToSend( + const QuicConnectionId& original_connection_id) { + original_connection_id_to_send_ = original_connection_id; } -bool QuicConfig::SupportMaxHeaderListSize() const { - return support_max_header_list_size_.HasReceivedValue(); +bool QuicConfig::HasReceivedOriginalConnectionId() const { + return received_original_connection_id_.has_value(); +} + +QuicConnectionId QuicConfig::ReceivedOriginalConnectionId() const { + if (!HasReceivedOriginalConnectionId()) { + QUIC_BUG << "No received original connection ID"; + return EmptyQuicConnectionId(); + } + return received_original_connection_id_.value(); } void QuicConfig::SetStatelessResetTokenToSend( @@ -809,9 +901,7 @@ QuicUint128 QuicConfig::ReceivedStatelessResetToken() const { } bool QuicConfig::negotiated() const { - // TODO(ianswett): Add the negotiated parameters once and iterate over all - // of them in negotiated, ToHandshakeMessage, and ProcessPeerHello. - return idle_network_timeout_seconds_.negotiated(); + return negotiated_; } void QuicConfig::SetCreateSessionTagIndicators(QuicTagVector tags) { @@ -823,9 +913,7 @@ const QuicTagVector& QuicConfig::create_session_tag_indicators() const { } void QuicConfig::SetDefaults() { - idle_network_timeout_seconds_.set(kMaximumIdleTimeoutSecs, - kDefaultIdleTimeoutSecs); - silent_close_.set(1, 0); + SetIdleNetworkTimeout(QuicTime::Delta::FromSeconds(kMaximumIdleTimeoutSecs)); SetMaxBidirectionalStreamsToSend(kDefaultMaxStreamsPerConnection); SetMaxUnidirectionalStreamsToSend(kDefaultMaxStreamsPerConnection); max_time_before_crypto_handshake_ = @@ -837,7 +925,6 @@ void QuicConfig::SetDefaults() { SetInitialStreamFlowControlWindowToSend(kMinimumFlowControlSendWindow); SetInitialSessionFlowControlWindowToSend(kMinimumFlowControlSendWindow); SetMaxAckDelayToSendMs(kDefaultDelayedAckTimeMs); - SetSupportMaxHeaderListSize(); SetAckDelayExponentToSend(kDefaultAckDelayExponent); SetMaxPacketSizeToSend(kMaxIncomingPacketSize); SetMaxDatagramFrameSizeToSend(kMaxAcceptedDatagramFrameSize); @@ -846,8 +933,20 @@ void QuicConfig::SetDefaults() { void QuicConfig::ToHandshakeMessage( CryptoHandshakeMessage* out, QuicTransportVersion transport_version) const { - idle_network_timeout_seconds_.ToHandshakeMessage(out); - silent_close_.ToHandshakeMessage(out); + // Idle timeout has custom rules that are different from other values. + // We configure ourselves with the minumum value between the one sent and + // the one received. Additionally, when QUIC_CRYPTO is used, the server + // MUST send an idle timeout no greater than the idle timeout it received + // from the client. We therefore send the received value if it is lower. + QuicFixedUint32 idle_timeout_seconds(kICSL, PRESENCE_REQUIRED); + uint32_t idle_timeout_to_send_seconds = idle_timeout_to_send_.ToSeconds(); + if (received_idle_timeout_.has_value() && + received_idle_timeout_->ToSeconds() < idle_timeout_to_send_seconds) { + idle_timeout_to_send_seconds = received_idle_timeout_->ToSeconds(); + } + idle_timeout_seconds.SetSendValue(idle_timeout_to_send_seconds); + idle_timeout_seconds.ToHandshakeMessage(out); + // Do not need a version check here, max...bi... will encode // as "MIDS" -- the max initial dynamic streams tag -- if // doing some version other than IETF QUIC. @@ -866,8 +965,11 @@ void QuicConfig::ToHandshakeMessage( initial_session_flow_control_window_bytes_.ToHandshakeMessage(out); connection_migration_disabled_.ToHandshakeMessage(out); connection_options_.ToHandshakeMessage(out); - alternate_server_address_.ToHandshakeMessage(out); - support_max_header_list_size_.ToHandshakeMessage(out); + if (alternate_server_address_ipv6_.HasSendValue()) { + alternate_server_address_ipv6_.ToHandshakeMessage(out); + } else { + alternate_server_address_ipv4_.ToHandshakeMessage(out); + } stateless_reset_token_.ToHandshakeMessage(out); } @@ -879,12 +981,29 @@ QuicErrorCode QuicConfig::ProcessPeerHello( QuicErrorCode error = QUIC_NO_ERROR; if (error == QUIC_NO_ERROR) { - error = idle_network_timeout_seconds_.ProcessPeerHello( - peer_hello, hello_type, error_details); - } - if (error == QUIC_NO_ERROR) { - error = - silent_close_.ProcessPeerHello(peer_hello, hello_type, error_details); + // Idle timeout has custom rules that are different from other values. + // We configure ourselves with the minumum value between the one sent and + // the one received. Additionally, when QUIC_CRYPTO is used, the server + // MUST send an idle timeout no greater than the idle timeout it received + // from the client. + QuicFixedUint32 idle_timeout_seconds(kICSL, PRESENCE_REQUIRED); + error = idle_timeout_seconds.ProcessPeerHello(peer_hello, hello_type, + error_details); + if (error == QUIC_NO_ERROR) { + if (idle_timeout_seconds.GetReceivedValue() > + idle_timeout_to_send_.ToSeconds()) { + // The received value is higher than ours, ignore it if from the client + // and raise an error if from the server. + if (hello_type == SERVER) { + error = QUIC_INVALID_NEGOTIATED_VALUE; + *error_details = + "Invalid value received for " + QuicTagToString(kICSL); + } + } else { + received_idle_timeout_ = QuicTime::Delta::FromSeconds( + idle_timeout_seconds.GetReceivedValue()); + } + } } if (error == QUIC_NO_ERROR) { error = max_bidirectional_streams_.ProcessPeerHello(peer_hello, hello_type, @@ -919,12 +1038,18 @@ QuicErrorCode QuicConfig::ProcessPeerHello( error_details); } if (error == QUIC_NO_ERROR) { - error = alternate_server_address_.ProcessPeerHello(peer_hello, hello_type, - error_details); - } - if (error == QUIC_NO_ERROR) { - error = support_max_header_list_size_.ProcessPeerHello( - peer_hello, hello_type, error_details); + QuicFixedSocketAddress alternate_server_address(kASAD, PRESENCE_OPTIONAL); + error = alternate_server_address.ProcessPeerHello(peer_hello, hello_type, + error_details); + if (error == QUIC_NO_ERROR && alternate_server_address.HasReceivedValue()) { + const QuicSocketAddress& received_address = + alternate_server_address.GetReceivedValue(); + if (received_address.host().IsIPv6()) { + alternate_server_address_ipv6_.SetReceivedValue(received_address); + } else if (received_address.host().IsIPv4()) { + alternate_server_address_ipv4_.SetReceivedValue(received_address); + } + } } if (error == QUIC_NO_ERROR) { error = stateless_reset_token_.ProcessPeerHello(peer_hello, hello_type, @@ -941,12 +1066,19 @@ QuicErrorCode QuicConfig::ProcessPeerHello( error = ack_delay_exponent_.ProcessPeerHello(peer_hello, hello_type, error_details); } + if (error == QUIC_NO_ERROR) { + negotiated_ = true; + } return error; } bool QuicConfig::FillTransportParameters(TransportParameters* params) const { + if (original_connection_id_to_send_.has_value()) { + params->original_connection_id = original_connection_id_to_send_.value(); + } + params->idle_timeout_milliseconds.set_value( - idle_network_timeout_seconds_.GetMax() * kNumMillisPerSecond); + idle_timeout_to_send_.ToMilliseconds()); if (stateless_reset_token_.HasSendValue()) { QuicUint128 stateless_reset_token = stateless_reset_token_.GetSendValue(); @@ -985,26 +1117,50 @@ bool QuicConfig::FillTransportParameters(TransportParameters* params) const { connection_migration_disabled_.HasSendValue() && connection_migration_disabled_.GetSendValue() != 0; - if (alternate_server_address_.HasSendValue()) { + if (alternate_server_address_ipv6_.HasSendValue() || + alternate_server_address_ipv4_.HasSendValue()) { TransportParameters::PreferredAddress preferred_address; - QuicSocketAddress socket_address = alternate_server_address_.GetSendValue(); - if (socket_address.host().IsIPv6()) { - preferred_address.ipv6_socket_address = socket_address; - } else { - preferred_address.ipv4_socket_address = socket_address; + if (alternate_server_address_ipv6_.HasSendValue()) { + preferred_address.ipv6_socket_address = + alternate_server_address_ipv6_.GetSendValue(); + } + if (alternate_server_address_ipv4_.HasSendValue()) { + preferred_address.ipv4_socket_address = + alternate_server_address_ipv4_.GetSendValue(); } params->preferred_address = std::make_unique<TransportParameters::PreferredAddress>( preferred_address); } - if (!params->google_quic_params) { - params->google_quic_params = std::make_unique<CryptoHandshakeMessage>(); + if (active_connection_id_limit_.HasSendValue()) { + params->active_connection_id_limit.set_value( + active_connection_id_limit_.GetSendValue()); } - silent_close_.ToHandshakeMessage(params->google_quic_params.get()); - initial_round_trip_time_us_.ToHandshakeMessage( - params->google_quic_params.get()); - connection_options_.ToHandshakeMessage(params->google_quic_params.get()); + + if (GetQuicRestartFlag(quic_google_transport_param_send_new)) { + QUIC_RESTART_FLAG_COUNT_N(quic_google_transport_param_send_new, 1, 3); + if (initial_round_trip_time_us_.HasSendValue()) { + params->initial_round_trip_time_us.set_value( + initial_round_trip_time_us_.GetSendValue()); + } + if (connection_options_.HasSendValues() && + !connection_options_.GetSendValues().empty()) { + params->google_connection_options = connection_options_.GetSendValues(); + } + } + + if (!GetQuicRestartFlag(quic_google_transport_param_omit_old)) { + if (!params->google_quic_params) { + params->google_quic_params = std::make_unique<CryptoHandshakeMessage>(); + } + initial_round_trip_time_us_.ToHandshakeMessage( + params->google_quic_params.get()); + connection_options_.ToHandshakeMessage(params->google_quic_params.get()); + } else { + QUIC_RESTART_FLAG_COUNT_N(quic_google_transport_param_omit_old, 1, 3); + } + params->custom_parameters = custom_transport_parameters_to_send_; return true; @@ -1013,25 +1169,23 @@ bool QuicConfig::FillTransportParameters(TransportParameters* params) const { QuicErrorCode QuicConfig::ProcessTransportParameters( const TransportParameters& params, HelloType hello_type, + bool is_resumption, std::string* error_details) { - // Intentionally round down to probe too often rather than not often enough. - uint64_t idle_timeout_seconds = - params.idle_timeout_milliseconds.value() / kNumMillisPerSecond; - // An idle timeout of zero indicates it is disabled (in other words, it is - // set to infinity). When the idle timeout is very high, we set it to our - // preferred maximum and still probe that often. - if (idle_timeout_seconds > idle_network_timeout_seconds_.GetMax() || - idle_timeout_seconds == 0) { - idle_timeout_seconds = idle_network_timeout_seconds_.GetMax(); - } - QuicErrorCode error = idle_network_timeout_seconds_.ReceiveValue( - idle_timeout_seconds, hello_type, error_details); - if (error != QUIC_NO_ERROR) { - DCHECK(!error_details->empty()); - return error; - } - - if (!params.stateless_reset_token.empty()) { + if (!is_resumption && params.original_connection_id.has_value()) { + received_original_connection_id_ = params.original_connection_id.value(); + } + + if (params.idle_timeout_milliseconds.value() > 0 && + params.idle_timeout_milliseconds.value() < + static_cast<uint64_t>(idle_timeout_to_send_.ToMilliseconds())) { + // An idle timeout of zero indicates it is disabled. + // We also ignore values higher than ours which will cause us to use the + // smallest value between ours and our peer's. + received_idle_timeout_ = QuicTime::Delta::FromMilliseconds( + params.idle_timeout_milliseconds.value()); + } + + if (!is_resumption && !params.stateless_reset_token.empty()) { QuicUint128 stateless_reset_token; if (params.stateless_reset_token.size() != sizeof(stateless_reset_token)) { QUIC_BUG << "Bad stateless reset token length " @@ -1051,12 +1205,13 @@ QuicErrorCode QuicConfig::ProcessTransportParameters( if (params.max_datagram_frame_size.IsValid()) { max_datagram_frame_size_.SetReceivedValue( params.max_datagram_frame_size.value()); - // TODO(dschinazi) act on this. } initial_session_flow_control_window_bytes_.SetReceivedValue( - std::min<uint64_t>(params.initial_max_data.value(), - std::numeric_limits<uint32_t>::max())); + params.initial_max_data.value()); + + // IETF QUIC specifies stream IDs and stream counts as 62-bit integers but + // our implementation uses uint32_t to represent them to save memory. max_bidirectional_streams_.SetReceivedValue( std::min<uint64_t>(params.initial_max_streams_bidi.value(), std::numeric_limits<uint32_t>::max())); @@ -1071,61 +1226,79 @@ QuicErrorCode QuicConfig::ProcessTransportParameters( // received transport parameters, so a local stream is one initiated by our // peer, which means an incoming stream. initial_max_stream_data_bytes_incoming_bidirectional_.SetReceivedValue( - std::min<uint64_t>(params.initial_max_stream_data_bidi_local.value(), - std::numeric_limits<uint32_t>::max())); + params.initial_max_stream_data_bidi_local.value()); initial_max_stream_data_bytes_outgoing_bidirectional_.SetReceivedValue( - std::min<uint64_t>(params.initial_max_stream_data_bidi_remote.value(), - std::numeric_limits<uint32_t>::max())); + params.initial_max_stream_data_bidi_remote.value()); initial_max_stream_data_bytes_unidirectional_.SetReceivedValue( - std::min<uint64_t>(params.initial_max_stream_data_uni.value(), - std::numeric_limits<uint32_t>::max())); + params.initial_max_stream_data_uni.value()); - if (GetQuicReloadableFlag(quic_negotiate_ack_delay_time)) { - QUIC_RELOADABLE_FLAG_COUNT_N(quic_negotiate_ack_delay_time, 4, 4); - max_ack_delay_ms_.SetReceivedValue(std::min<uint32_t>( - params.max_ack_delay.value(), std::numeric_limits<uint32_t>::max())); - } - if (params.ack_delay_exponent.IsValid()) { - ack_delay_exponent_.SetReceivedValue(params.ack_delay_exponent.value()); + if (!is_resumption) { + if (GetQuicReloadableFlag(quic_negotiate_ack_delay_time)) { + QUIC_RELOADABLE_FLAG_COUNT_N(quic_negotiate_ack_delay_time, 4, 4); + max_ack_delay_ms_.SetReceivedValue(params.max_ack_delay.value()); + } + if (params.ack_delay_exponent.IsValid()) { + ack_delay_exponent_.SetReceivedValue(params.ack_delay_exponent.value()); + } + if (params.preferred_address != nullptr) { + if (params.preferred_address->ipv6_socket_address.port() != 0) { + alternate_server_address_ipv6_.SetReceivedValue( + params.preferred_address->ipv6_socket_address); + } + if (params.preferred_address->ipv4_socket_address.port() != 0) { + alternate_server_address_ipv4_.SetReceivedValue( + params.preferred_address->ipv4_socket_address); + } + } } + if (params.disable_migration) { connection_migration_disabled_.SetReceivedValue(1u); } - if (params.preferred_address != nullptr) { - if (params.preferred_address->ipv6_socket_address.port() != 0) { - alternate_server_address_.SetReceivedValue( - params.preferred_address->ipv6_socket_address); - } else if (params.preferred_address->ipv4_socket_address.port() != 0) { - alternate_server_address_.SetReceivedValue( - params.preferred_address->ipv4_socket_address); - } - } + active_connection_id_limit_.SetReceivedValue( + params.active_connection_id_limit.value()); - const CryptoHandshakeMessage* peer_params = params.google_quic_params.get(); - if (peer_params != nullptr) { - error = - silent_close_.ProcessPeerHello(*peer_params, hello_type, error_details); - if (error != QUIC_NO_ERROR) { - DCHECK(!error_details->empty()); - return error; + bool google_params_already_parsed = false; + if (GetQuicRestartFlag(quic_google_transport_param_send_new)) { + QUIC_RESTART_FLAG_COUNT_N(quic_google_transport_param_send_new, 2, 3); + if (params.initial_round_trip_time_us.value() > 0) { + google_params_already_parsed = true; + initial_round_trip_time_us_.SetReceivedValue( + params.initial_round_trip_time_us.value()); } - error = initial_round_trip_time_us_.ProcessPeerHello( - *peer_params, hello_type, error_details); - if (error != QUIC_NO_ERROR) { - DCHECK(!error_details->empty()); - return error; + if (params.google_connection_options.has_value()) { + google_params_already_parsed = true; + connection_options_.SetReceivedValues( + params.google_connection_options.value()); } - error = connection_options_.ProcessPeerHello(*peer_params, hello_type, - error_details); - if (error != QUIC_NO_ERROR) { - DCHECK(!error_details->empty()); - return error; + } + + if (!GetQuicRestartFlag(quic_google_transport_param_omit_old)) { + const CryptoHandshakeMessage* peer_params = params.google_quic_params.get(); + if (peer_params != nullptr && !google_params_already_parsed) { + QuicErrorCode error = initial_round_trip_time_us_.ProcessPeerHello( + *peer_params, hello_type, error_details); + if (error != QUIC_NO_ERROR) { + DCHECK(!error_details->empty()); + return error; + } + error = connection_options_.ProcessPeerHello(*peer_params, hello_type, + error_details); + if (error != QUIC_NO_ERROR) { + DCHECK(!error_details->empty()); + return error; + } } + } else { + QUIC_RESTART_FLAG_COUNT_N(quic_google_transport_param_omit_old, 2, 3); } received_custom_transport_parameters_ = params.custom_parameters; + if (!is_resumption) { + negotiated_ = true; + } *error_details = ""; return QUIC_NO_ERROR; } diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_config.h b/chromium/net/third_party/quiche/src/quic/core/quic_config.h index 95a26cb0d8f..4d2bacce383 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_config.h +++ b/chromium/net/third_party/quiche/src/quic/core/quic_config.h @@ -10,10 +10,12 @@ #include <string> #include "net/third_party/quiche/src/quic/core/crypto/transport_parameters.h" +#include "net/third_party/quiche/src/quic/core/quic_connection_id.h" #include "net/third_party/quiche/src/quic/core/quic_packets.h" #include "net/third_party/quiche/src/quic/core/quic_time.h" #include "net/third_party/quiche/src/quic/platform/api/quic_export.h" #include "net/third_party/quiche/src/quic/platform/api/quic_uint128.h" +#include "net/third_party/quiche/src/common/platform/api/quiche_optional.h" namespace quic { @@ -62,86 +64,62 @@ class QUIC_EXPORT_PRIVATE QuicConfigValue { const QuicConfigPresence presence_; }; -class QUIC_EXPORT_PRIVATE QuicNegotiableValue : public QuicConfigValue { +// Stores uint32_t from CHLO or SHLO messages that are not negotiated. +class QUIC_EXPORT_PRIVATE QuicFixedUint32 : public QuicConfigValue { public: - QuicNegotiableValue(QuicTag tag, QuicConfigPresence presence); - ~QuicNegotiableValue() override; - - bool negotiated() const { return negotiated_; } + QuicFixedUint32(QuicTag name, QuicConfigPresence presence); + ~QuicFixedUint32() override; - protected: - void set_negotiated(bool negotiated) { negotiated_ = negotiated; } + bool HasSendValue() const; - private: - bool negotiated_; -}; + uint32_t GetSendValue() const; -class QUIC_EXPORT_PRIVATE QuicNegotiableUint32 : public QuicNegotiableValue { - // TODO(fayang): some negotiated values use uint32 as bool (e.g., silent - // close). Consider adding a QuicNegotiableBool type. - public: - // Default and max values default to 0. - QuicNegotiableUint32(QuicTag name, QuicConfigPresence presence); - ~QuicNegotiableUint32() override; + void SetSendValue(uint32_t value); - // Sets the maximum possible value that can be achieved after negotiation and - // also the default values to be assumed if PRESENCE_OPTIONAL and the *HLO msg - // doesn't contain a value corresponding to |name_|. |max| is serialised via - // ToHandshakeMessage call if |negotiated_| is false. - void set(uint32_t max, uint32_t default_value); + bool HasReceivedValue() const; - // Returns the value negotiated if |negotiated_| is true, otherwise returns - // default_value_ (used to set default values before negotiation finishes). - uint32_t GetUint32() const; + uint32_t GetReceivedValue() const; - // Returns the maximum value negotiable. - uint32_t GetMax() const; + void SetReceivedValue(uint32_t value); - // Serialises |name_| and value to |out|. If |negotiated_| is true then - // |negotiated_value_| is serialised, otherwise |max_value_| is serialised. + // If has_send_value is true, serialises |tag_| and |send_value_| to |out|. void ToHandshakeMessage(CryptoHandshakeMessage* out) const override; - // Processes the corresponding value from |peer_hello| and if present calls - // ReceiveValue with it. If the corresponding value is missing and - // PRESENCE_OPTIONAL then |negotiated_value_| is set to |default_value_|. + // Sets |value_| to the corresponding value from |peer_hello_| if it exists. QuicErrorCode ProcessPeerHello(const CryptoHandshakeMessage& peer_hello, HelloType hello_type, std::string* error_details) override; - // Takes a value |value| parsed from a handshake message (whether a TLS - // ClientHello/ServerHello or a CryptoHandshakeMessage) whose sender was - // |hello_type|, and sets |negotiated_value_| to the minimum of |value| and - // |max_value_|. On success this function returns QUIC_NO_ERROR; if there is - // an error, details are put in |*error_details|. - QuicErrorCode ReceiveValue(uint32_t value, - HelloType hello_type, - std::string* error_details); - private: - uint32_t max_value_; - uint32_t default_value_; - uint32_t negotiated_value_; + uint32_t send_value_; + bool has_send_value_; + uint32_t receive_value_; + bool has_receive_value_; }; -// Stores uint32_t from CHLO or SHLO messages that are not negotiated. -class QUIC_EXPORT_PRIVATE QuicFixedUint32 : public QuicConfigValue { +// Stores 62bit numbers from handshake messages that unilaterally shared by each +// endpoint. IMPORTANT: these are serialized as 32-bit unsigned integers when +// using QUIC_CRYPTO versions and CryptoHandshakeMessage. +class QUIC_EXPORT_PRIVATE QuicFixedUint62 : public QuicConfigValue { public: - QuicFixedUint32(QuicTag name, QuicConfigPresence presence); - ~QuicFixedUint32() override; + QuicFixedUint62(QuicTag name, QuicConfigPresence presence); + ~QuicFixedUint62() override; bool HasSendValue() const; - uint32_t GetSendValue() const; + uint64_t GetSendValue() const; - void SetSendValue(uint32_t value); + void SetSendValue(uint64_t value); bool HasReceivedValue() const; - uint32_t GetReceivedValue() const; + uint64_t GetReceivedValue() const; - void SetReceivedValue(uint32_t value); + void SetReceivedValue(uint64_t value); // If has_send_value is true, serialises |tag_| and |send_value_| to |out|. + // IMPORTANT: this method serializes |send_value_| as an unsigned 32bit + // integer. void ToHandshakeMessage(CryptoHandshakeMessage* out) const override; // Sets |value_| to the corresponding value from |peer_hello_| if it exists. @@ -150,9 +128,9 @@ class QUIC_EXPORT_PRIVATE QuicFixedUint32 : public QuicConfigValue { std::string* error_details) override; private: - uint32_t send_value_; + uint64_t send_value_; bool has_send_value_; - uint32_t receive_value_; + uint64_t receive_value_; bool has_receive_value_; }; @@ -198,13 +176,13 @@ class QUIC_EXPORT_PRIVATE QuicFixedTagVector : public QuicConfigValue { bool HasSendValues() const; - QuicTagVector GetSendValues() const; + const QuicTagVector& GetSendValues() const; void SetSendValues(const QuicTagVector& values); bool HasReceivedValues() const; - QuicTagVector GetReceivedValues() const; + const QuicTagVector& GetReceivedValues() const; void SetReceivedValues(const QuicTagVector& values); @@ -275,11 +253,11 @@ class QUIC_EXPORT_PRIVATE QuicConfig { // function does nothing and returns false. bool SetInitialReceivedConnectionOptions(const QuicTagVector& tags); - QuicTagVector ReceivedConnectionOptions() const; + const QuicTagVector& ReceivedConnectionOptions() const; bool HasSendConnectionOptions() const; - QuicTagVector SendConnectionOptions() const; + const QuicTagVector& SendConnectionOptions() const; // Returns true if the client is sending or the server has received a // connection option. @@ -296,14 +274,12 @@ class QUIC_EXPORT_PRIVATE QuicConfig { bool HasClientRequestedIndependentOption(QuicTag tag, Perspective perspective) const; - void SetIdleNetworkTimeout(QuicTime::Delta max_idle_network_timeout, - QuicTime::Delta default_idle_network_timeout); - - QuicTime::Delta IdleNetworkTimeout() const; + const QuicTagVector& ClientRequestedIndependentOptions( + Perspective perspective) const; - void SetSilentClose(bool silent_close); + void SetIdleNetworkTimeout(QuicTime::Delta idle_network_timeout); - bool SilentClose() const; + QuicTime::Delta IdleNetworkTimeout() const; // Sets the max bidirectional stream count that this endpoint supports. void SetMaxBidirectionalStreamsToSend(uint32_t max_streams); @@ -340,10 +316,6 @@ class QUIC_EXPORT_PRIVATE QuicConfig { return max_idle_time_before_crypto_handshake_; } - QuicNegotiableUint32 idle_network_timeout_seconds() const { - return idle_network_timeout_seconds_; - } - void set_max_undecryptable_packets(size_t max_undecryptable_packets) { max_undecryptable_packets_ = max_undecryptable_packets; } @@ -352,89 +324,85 @@ class QUIC_EXPORT_PRIVATE QuicConfig { return max_undecryptable_packets_; } + // Peer's connection id length, in bytes. Only used in Q043 and Q046. bool HasSetBytesForConnectionIdToSend() const; - - // Sets the peer's connection id length, in bytes. void SetBytesForConnectionIdToSend(uint32_t bytes); - bool HasReceivedBytesForConnectionId() const; - uint32_t ReceivedBytesForConnectionId() const; - // Sets an estimated initial round trip time in us. - void SetInitialRoundTripTimeUsToSend(uint32_t rtt_us); - + // Estimated initial round trip time in us. + void SetInitialRoundTripTimeUsToSend(uint64_t rtt_us); bool HasReceivedInitialRoundTripTimeUs() const; - - uint32_t ReceivedInitialRoundTripTimeUs() const; - + uint64_t ReceivedInitialRoundTripTimeUs() const; bool HasInitialRoundTripTimeUsToSend() const; - - uint32_t GetInitialRoundTripTimeUsToSend() const; + uint64_t GetInitialRoundTripTimeUsToSend() const; // Sets an initial stream flow control window size to transmit to the peer. - void SetInitialStreamFlowControlWindowToSend(uint32_t window_bytes); - uint32_t GetInitialStreamFlowControlWindowToSend() const; + void SetInitialStreamFlowControlWindowToSend(uint64_t window_bytes); + uint64_t GetInitialStreamFlowControlWindowToSend() const; bool HasReceivedInitialStreamFlowControlWindowBytes() const; - uint32_t ReceivedInitialStreamFlowControlWindowBytes() const; + uint64_t ReceivedInitialStreamFlowControlWindowBytes() const; // Specifies the initial flow control window (max stream data) for // incoming bidirectional streams. Incoming means streams initiated by our // peer. If not set, GetInitialMaxStreamDataBytesIncomingBidirectionalToSend // returns the value passed to SetInitialStreamFlowControlWindowToSend. void SetInitialMaxStreamDataBytesIncomingBidirectionalToSend( - uint32_t window_bytes); - uint32_t GetInitialMaxStreamDataBytesIncomingBidirectionalToSend() const; + uint64_t window_bytes); + uint64_t GetInitialMaxStreamDataBytesIncomingBidirectionalToSend() const; bool HasReceivedInitialMaxStreamDataBytesIncomingBidirectional() const; - uint32_t ReceivedInitialMaxStreamDataBytesIncomingBidirectional() const; + uint64_t ReceivedInitialMaxStreamDataBytesIncomingBidirectional() const; // Specifies the initial flow control window (max stream data) for // outgoing bidirectional streams. Outgoing means streams initiated by us. // If not set, GetInitialMaxStreamDataBytesOutgoingBidirectionalToSend // returns the value passed to SetInitialStreamFlowControlWindowToSend. void SetInitialMaxStreamDataBytesOutgoingBidirectionalToSend( - uint32_t window_bytes); - uint32_t GetInitialMaxStreamDataBytesOutgoingBidirectionalToSend() const; + uint64_t window_bytes); + uint64_t GetInitialMaxStreamDataBytesOutgoingBidirectionalToSend() const; bool HasReceivedInitialMaxStreamDataBytesOutgoingBidirectional() const; - uint32_t ReceivedInitialMaxStreamDataBytesOutgoingBidirectional() const; + uint64_t ReceivedInitialMaxStreamDataBytesOutgoingBidirectional() const; // Specifies the initial flow control window (max stream data) for // unidirectional streams. If not set, // GetInitialMaxStreamDataBytesUnidirectionalToSend returns the value passed // to SetInitialStreamFlowControlWindowToSend. - void SetInitialMaxStreamDataBytesUnidirectionalToSend(uint32_t window_bytes); - uint32_t GetInitialMaxStreamDataBytesUnidirectionalToSend() const; + void SetInitialMaxStreamDataBytesUnidirectionalToSend(uint64_t window_bytes); + uint64_t GetInitialMaxStreamDataBytesUnidirectionalToSend() const; bool HasReceivedInitialMaxStreamDataBytesUnidirectional() const; - uint32_t ReceivedInitialMaxStreamDataBytesUnidirectional() const; + uint64_t ReceivedInitialMaxStreamDataBytesUnidirectional() const; // Sets an initial session flow control window size to transmit to the peer. - void SetInitialSessionFlowControlWindowToSend(uint32_t window_bytes); - - uint32_t GetInitialSessionFlowControlWindowToSend() const; - + void SetInitialSessionFlowControlWindowToSend(uint64_t window_bytes); + uint64_t GetInitialSessionFlowControlWindowToSend() const; bool HasReceivedInitialSessionFlowControlWindowBytes() const; + uint64_t ReceivedInitialSessionFlowControlWindowBytes() const; - uint32_t ReceivedInitialSessionFlowControlWindowBytes() const; - + // Disable connection migration. void SetDisableConnectionMigration(); - bool DisableConnectionMigration() const; - void SetAlternateServerAddressToSend( - const QuicSocketAddress& alternate_server_address); - - bool HasReceivedAlternateServerAddress() const; - - const QuicSocketAddress& ReceivedAlternateServerAddress() const; - - void SetSupportMaxHeaderListSize(); - - bool SupportMaxHeaderListSize() const; - + // IPv6 alternate server address. + void SetIPv6AlternateServerAddressToSend( + const QuicSocketAddress& alternate_server_address_ipv6); + bool HasReceivedIPv6AlternateServerAddress() const; + const QuicSocketAddress& ReceivedIPv6AlternateServerAddress() const; + + // IPv4 alternate server address. + void SetIPv4AlternateServerAddressToSend( + const QuicSocketAddress& alternate_server_address_ipv4); + bool HasReceivedIPv4AlternateServerAddress() const; + const QuicSocketAddress& ReceivedIPv4AlternateServerAddress() const; + + // Original connection ID. + void SetOriginalConnectionIdToSend( + const QuicConnectionId& original_connection_id); + bool HasReceivedOriginalConnectionId() const; + QuicConnectionId ReceivedOriginalConnectionId() const; + + // Stateless reset token. void SetStatelessResetTokenToSend(QuicUint128 stateless_reset_token); - bool HasReceivedStatelessResetToken() const; - QuicUint128 ReceivedStatelessResetToken() const; // Manage the IETF QUIC Max ACK Delay transport parameter. @@ -453,16 +421,22 @@ class QUIC_EXPORT_PRIVATE QuicConfig { uint32_t ReceivedAckDelayExponent() const; // IETF QUIC max_packet_size transport parameter. - void SetMaxPacketSizeToSend(uint32_t max_packet_size); - uint32_t GetMaxPacketSizeToSend() const; + void SetMaxPacketSizeToSend(uint64_t max_packet_size); + uint64_t GetMaxPacketSizeToSend() const; bool HasReceivedMaxPacketSize() const; - uint32_t ReceivedMaxPacketSize() const; + uint64_t ReceivedMaxPacketSize() const; // IETF QUIC max_datagram_frame_size transport parameter. - void SetMaxDatagramFrameSizeToSend(uint32_t max_datagram_frame_size); - uint32_t GetMaxDatagramFrameSizeToSend() const; + void SetMaxDatagramFrameSizeToSend(uint64_t max_datagram_frame_size); + uint64_t GetMaxDatagramFrameSizeToSend() const; bool HasReceivedMaxDatagramFrameSize() const; - uint32_t ReceivedMaxDatagramFrameSize() const; + uint64_t ReceivedMaxDatagramFrameSize() const; + + // IETF QUIC active_connection_id_limit transport parameter. + void SetActiveConnectionIdLimitToSend(uint64_t active_connection_id_limit); + uint64_t GetActiveConnectionIdLimitToSend() const; + bool HasReceivedActiveConnectionIdLimit() const; + uint64_t ReceivedActiveConnectionIdLimit() const; bool negotiated() const; @@ -488,10 +462,13 @@ class QUIC_EXPORT_PRIVATE QuicConfig { // ProcessTransportParameters reads from |params| which was received from a // peer operating as a |hello_type|. It processes values for ICSL, MIDS, CFCW, - // and SFCW and sets the corresponding members of this QuicConfig. On failure, - // it returns a QuicErrorCode and puts a detailed error in |*error_details|. + // and SFCW and sets the corresponding members of this QuicConfig. + // If |is_resumption|, some configs will not be processed. + // On failure, it returns a QuicErrorCode and puts a detailed error in + // |*error_details|. QuicErrorCode ProcessTransportParameters(const TransportParameters& params, HelloType hello_type, + bool is_resumption, std::string* error_details); TransportParameters::ParameterMap& custom_transport_parameters_to_send() { @@ -508,6 +485,9 @@ class QUIC_EXPORT_PRIVATE QuicConfig { // SetDefaults sets the members to sensible, default values. void SetDefaults(); + // Whether we've received the peer's config. + bool negotiated_; + // Configurations options that are not negotiated. // Maximum time the session can be alive before crypto handshake is finished. QuicTime::Delta max_time_before_crypto_handshake_; @@ -521,10 +501,12 @@ class QUIC_EXPORT_PRIVATE QuicConfig { QuicFixedTagVector connection_options_; // Connection options which only affect the client side. QuicFixedTagVector client_connection_options_; - // Idle network timeout in seconds. - QuicNegotiableUint32 idle_network_timeout_seconds_; - // Whether to use silent close. Defaults to 0 (false) and is otherwise true. - QuicNegotiableUint32 silent_close_; + // Idle network timeout. + // Uses the max_idle_timeout transport parameter in IETF QUIC. + // Note that received_idle_timeout_ is only populated if we receive the + // peer's value, which isn't guaranteed in IETF QUIC as sending is optional. + QuicTime::Delta idle_timeout_to_send_; + quiche::QuicheOptional<QuicTime::Delta> received_idle_timeout_; // Maximum number of dynamic streams that a Google QUIC connection // can support or the maximum number of bidirectional streams that // an IETF QUIC connection can support. @@ -532,6 +514,7 @@ class QUIC_EXPORT_PRIVATE QuicConfig { // advertising. // The ReceivedValue is the limit on locally-created streams that // the peer advertised. + // Uses the initial_max_streams_bidi transport parameter in IETF QUIC. QuicFixedUint32 max_bidirectional_streams_; // Maximum number of unidirectional streams that the connection can // support. @@ -539,36 +522,46 @@ class QUIC_EXPORT_PRIVATE QuicConfig { // advertising. // The ReceivedValue is the limit on locally-created streams that the peer // advertised. + // Uses the initial_max_streams_uni transport parameter in IETF QUIC. QuicFixedUint32 max_unidirectional_streams_; - // The number of bytes required for the connection ID. + // The number of bytes required for the connection ID. This is only used in + // the legacy header format used only by Q043 at this point. QuicFixedUint32 bytes_for_connection_id_; // Initial round trip time estimate in microseconds. - QuicFixedUint32 initial_round_trip_time_us_; + QuicFixedUint62 initial_round_trip_time_us_; // Initial IETF QUIC stream flow control receive windows in bytes. // Incoming bidirectional streams. - QuicFixedUint32 initial_max_stream_data_bytes_incoming_bidirectional_; + // Uses the initial_max_stream_data_bidi_{local,remote} transport parameter + // in IETF QUIC, depending on whether we're sending or receiving. + QuicFixedUint62 initial_max_stream_data_bytes_incoming_bidirectional_; // Outgoing bidirectional streams. - QuicFixedUint32 initial_max_stream_data_bytes_outgoing_bidirectional_; + // Uses the initial_max_stream_data_bidi_{local,remote} transport parameter + // in IETF QUIC, depending on whether we're sending or receiving. + QuicFixedUint62 initial_max_stream_data_bytes_outgoing_bidirectional_; // Unidirectional streams. - QuicFixedUint32 initial_max_stream_data_bytes_unidirectional_; + // Uses the initial_max_stream_data_uni transport parameter in IETF QUIC. + QuicFixedUint62 initial_max_stream_data_bytes_unidirectional_; // Initial Google QUIC stream flow control receive window in bytes. - QuicFixedUint32 initial_stream_flow_control_window_bytes_; + QuicFixedUint62 initial_stream_flow_control_window_bytes_; // Initial session flow control receive window in bytes. - QuicFixedUint32 initial_session_flow_control_window_bytes_; + // Uses the initial_max_data transport parameter in IETF QUIC. + QuicFixedUint62 initial_session_flow_control_window_bytes_; - // Whether tell peer not to attempt connection migration. + // Whether active connection migration is allowed. + // Uses the disable_active_migration transport parameter in IETF QUIC. QuicFixedUint32 connection_migration_disabled_; - // An alternate server address the client could connect to. - QuicFixedSocketAddress alternate_server_address_; - - // Whether support HTTP/2 SETTINGS_MAX_HEADER_LIST_SIZE SETTINGS frame. - QuicFixedUint32 support_max_header_list_size_; + // Alternate server addresses the client could connect to. + // Uses the preferred_address transport parameter in IETF QUIC. + // Note that when QUIC_CRYPTO is in use, only one of the addresses is sent. + QuicFixedSocketAddress alternate_server_address_ipv6_; + QuicFixedSocketAddress alternate_server_address_ipv4_; // Stateless reset token used in IETF public reset packet. + // Uses the stateless_reset_token transport parameter in IETF QUIC. QuicFixedUint128 stateless_reset_token_; // List of QuicTags whose presence immediately causes the session to @@ -579,20 +572,32 @@ class QUIC_EXPORT_PRIVATE QuicConfig { // Maximum ack delay. The sent value is the value used on this node. // The received value is the value received from the peer and used by // the peer. + // Uses the max_ack_delay transport parameter in IETF QUIC. QuicFixedUint32 max_ack_delay_ms_; - // ack_delay_exponent parameter negotiated in IETF QUIC transport - // parameter negotiation. The sent exponent is the exponent that this - // node uses when serializing an ACK frame (and the peer should use when - // deserializing the frame); the received exponent is the value the peer uses - // to serialize frames and this node uses to deserialize them. + // The sent exponent is the exponent that this node uses when serializing an + // ACK frame (and the peer should use when deserializing the frame); + // the received exponent is the value the peer uses to serialize frames and + // this node uses to deserialize them. + // Uses the ack_delay_exponent transport parameter in IETF QUIC. QuicFixedUint32 ack_delay_exponent_; - // max_packet_size IETF QUIC transport parameter. - QuicFixedUint32 max_packet_size_; + // Maximum packet size in bytes. + // Uses the max_packet_size transport parameter in IETF QUIC. + QuicFixedUint62 max_packet_size_; + + // Maximum DATAGRAM/MESSAGE frame size in bytes. + // Uses the max_datagram_frame_size transport parameter in IETF QUIC. + QuicFixedUint62 max_datagram_frame_size_; + + // Maximum number of connection IDs from the peer. + // Uses the active_connection_id_limit transport parameter in IETF QUIC. + QuicFixedUint62 active_connection_id_limit_; - // max_datagram_frame_size IETF QUIC transport parameter. - QuicFixedUint32 max_datagram_frame_size_; + // Sent by the server when it has previously sent a RETRY packet. + // Uses the original_connection_id transport parameter in IETF QUIC. + quiche::QuicheOptional<QuicConnectionId> original_connection_id_to_send_; + quiche::QuicheOptional<QuicConnectionId> received_original_connection_id_; // Custom transport parameters that can be sent and received in the TLS // handshake. diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_config_test.cc b/chromium/net/third_party/quiche/src/quic/core/quic_config_test.cc index 69ce78de0fd..4aa10ef40b0 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_config_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_config_test.cc @@ -12,6 +12,7 @@ #include "net/third_party/quiche/src/quic/core/quic_time.h" #include "net/third_party/quiche/src/quic/core/quic_utils.h" #include "net/third_party/quiche/src/quic/platform/api/quic_expect_bug.h" +#include "net/third_party/quiche/src/quic/platform/api/quic_flags.h" #include "net/third_party/quiche/src/quic/platform/api/quic_test.h" #include "net/third_party/quiche/src/quic/platform/api/quic_uint128.h" #include "net/third_party/quiche/src/quic/test_tools/quic_config_peer.h" @@ -21,18 +22,36 @@ namespace quic { namespace test { namespace { -const uint32_t kMaxPacketSizeForTest = 1234; -const uint32_t kMaxDatagramFrameSizeForTest = 1333; +constexpr uint32_t kMaxPacketSizeForTest = 1234; +constexpr uint32_t kMaxDatagramFrameSizeForTest = 1333; +constexpr uint8_t kFakeStatelessResetTokenData[16] = { + 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, + 0x98, 0x99, 0x9A, 0x9B, 0x9C, 0x9D, 0x9E, 0x9F}; +constexpr uint64_t kFakeAckDelayExponent = 10; +constexpr uint64_t kFakeMaxAckDelay = 51; +constexpr uint64_t kFakeActiveConnectionIdLimit = 52; + +// TODO(b/153726130): Consider merging this with methods in +// transport_parameters_test.cc. +std::vector<uint8_t> CreateFakeStatelessResetToken() { + return std::vector<uint8_t>( + kFakeStatelessResetTokenData, + kFakeStatelessResetTokenData + sizeof(kFakeStatelessResetTokenData)); +} + +class QuicConfigTest : public QuicTestWithParam<ParsedQuicVersion> { + public: + QuicConfigTest() : version_(GetParam()) {} -class QuicConfigTest : public QuicTestWithParam<QuicTransportVersion> { protected: + ParsedQuicVersion version_; QuicConfig config_; }; // Run all tests with all versions of QUIC. INSTANTIATE_TEST_SUITE_P(QuicConfigTests, QuicConfigTest, - ::testing::ValuesIn(AllSupportedTransportVersions()), + ::testing::ValuesIn(AllSupportedVersions()), ::testing::PrintToStringParamName()); TEST_P(QuicConfigTest, SetDefaults) { @@ -85,14 +104,17 @@ TEST_P(QuicConfigTest, AutoSetIetfFlowControl) { } TEST_P(QuicConfigTest, ToHandshakeMessage) { + if (version_.UsesTls()) { + // CryptoHandshakeMessage is only used for QUIC_CRYPTO. + return; + } config_.SetInitialStreamFlowControlWindowToSend( kInitialStreamFlowControlWindowForTest); config_.SetInitialSessionFlowControlWindowToSend( kInitialSessionFlowControlWindowForTest); - config_.SetIdleNetworkTimeout(QuicTime::Delta::FromSeconds(5), - QuicTime::Delta::FromSeconds(2)); + config_.SetIdleNetworkTimeout(QuicTime::Delta::FromSeconds(5)); CryptoHandshakeMessage msg; - config_.ToHandshakeMessage(&msg, GetParam()); + config_.ToHandshakeMessage(&msg, version_.transport_version); uint32_t value; QuicErrorCode error = msg.GetUint32(kICSL, &value); @@ -109,14 +131,17 @@ TEST_P(QuicConfigTest, ToHandshakeMessage) { } TEST_P(QuicConfigTest, ProcessClientHello) { + if (version_.UsesTls()) { + // CryptoHandshakeMessage is only used for QUIC_CRYPTO. + return; + } const uint32_t kTestMaxAckDelayMs = static_cast<uint32_t>(kDefaultDelayedAckTimeMs + 1); QuicConfig client_config; QuicTagVector cgst; cgst.push_back(kQBIC); client_config.SetIdleNetworkTimeout( - QuicTime::Delta::FromSeconds(2 * kMaximumIdleTimeoutSecs), - QuicTime::Delta::FromSeconds(kMaximumIdleTimeoutSecs)); + QuicTime::Delta::FromSeconds(2 * kMaximumIdleTimeoutSecs)); client_config.SetInitialRoundTripTimeUsToSend(10 * kNumMicrosPerMilli); client_config.SetInitialStreamFlowControlWindowToSend( 2 * kInitialStreamFlowControlWindowForTest); @@ -127,7 +152,7 @@ TEST_P(QuicConfigTest, ProcessClientHello) { client_config.SetConnectionOptionsToSend(copt); client_config.SetMaxAckDelayToSendMs(kTestMaxAckDelayMs); CryptoHandshakeMessage msg; - client_config.ToHandshakeMessage(&msg, GetParam()); + client_config.ToHandshakeMessage(&msg, version_.transport_version); std::string error_details; QuicTagVector initial_received_options; @@ -171,6 +196,10 @@ TEST_P(QuicConfigTest, ProcessClientHello) { } TEST_P(QuicConfigTest, ProcessServerHello) { + if (version_.UsesTls()) { + // CryptoHandshakeMessage is only used for QUIC_CRYPTO. + return; + } QuicIpAddress host; host.FromString("127.0.3.1"); const QuicSocketAddress kTestServerAddress = QuicSocketAddress(host, 1234); @@ -181,18 +210,17 @@ TEST_P(QuicConfigTest, ProcessServerHello) { QuicTagVector cgst; cgst.push_back(kQBIC); server_config.SetIdleNetworkTimeout( - QuicTime::Delta::FromSeconds(kMaximumIdleTimeoutSecs / 2), QuicTime::Delta::FromSeconds(kMaximumIdleTimeoutSecs / 2)); server_config.SetInitialRoundTripTimeUsToSend(10 * kNumMicrosPerMilli); server_config.SetInitialStreamFlowControlWindowToSend( 2 * kInitialStreamFlowControlWindowForTest); server_config.SetInitialSessionFlowControlWindowToSend( 2 * kInitialSessionFlowControlWindowForTest); - server_config.SetAlternateServerAddressToSend(kTestServerAddress); + server_config.SetIPv4AlternateServerAddressToSend(kTestServerAddress); server_config.SetStatelessResetTokenToSend(kTestResetToken); server_config.SetMaxAckDelayToSendMs(kTestMaxAckDelayMs); CryptoHandshakeMessage msg; - server_config.ToHandshakeMessage(&msg, GetParam()); + server_config.ToHandshakeMessage(&msg, version_.transport_version); std::string error_details; const QuicErrorCode error = config_.ProcessPeerHello(msg, SERVER, &error_details); @@ -205,8 +233,9 @@ TEST_P(QuicConfigTest, ProcessServerHello) { 2 * kInitialStreamFlowControlWindowForTest); EXPECT_EQ(config_.ReceivedInitialSessionFlowControlWindowBytes(), 2 * kInitialSessionFlowControlWindowForTest); - EXPECT_TRUE(config_.HasReceivedAlternateServerAddress()); - EXPECT_EQ(kTestServerAddress, config_.ReceivedAlternateServerAddress()); + EXPECT_TRUE(config_.HasReceivedIPv4AlternateServerAddress()); + EXPECT_EQ(kTestServerAddress, config_.ReceivedIPv4AlternateServerAddress()); + EXPECT_FALSE(config_.HasReceivedIPv6AlternateServerAddress()); EXPECT_TRUE(config_.HasReceivedStatelessResetToken()); EXPECT_EQ(kTestResetToken, config_.ReceivedStatelessResetToken()); if (GetQuicReloadableFlag(quic_negotiate_ack_delay_time)) { @@ -225,6 +254,10 @@ TEST_P(QuicConfigTest, ProcessServerHello) { } TEST_P(QuicConfigTest, MissingOptionalValuesInCHLO) { + if (version_.UsesTls()) { + // CryptoHandshakeMessage is only used for QUIC_CRYPTO. + return; + } CryptoHandshakeMessage msg; msg.SetValue(kICSL, 1); @@ -241,6 +274,10 @@ TEST_P(QuicConfigTest, MissingOptionalValuesInCHLO) { } TEST_P(QuicConfigTest, MissingOptionalValuesInSHLO) { + if (version_.UsesTls()) { + // CryptoHandshakeMessage is only used for QUIC_CRYPTO. + return; + } CryptoHandshakeMessage msg; // Set all REQUIRED tags. @@ -256,6 +293,10 @@ TEST_P(QuicConfigTest, MissingOptionalValuesInSHLO) { } TEST_P(QuicConfigTest, MissingValueInCHLO) { + if (version_.UsesTls()) { + // CryptoHandshakeMessage is only used for QUIC_CRYPTO. + return; + } // Server receives CHLO with missing kICSL. CryptoHandshakeMessage msg; std::string error_details; @@ -265,6 +306,10 @@ TEST_P(QuicConfigTest, MissingValueInCHLO) { } TEST_P(QuicConfigTest, MissingValueInSHLO) { + if (version_.UsesTls()) { + // CryptoHandshakeMessage is only used for QUIC_CRYPTO. + return; + } // Client receives SHLO with missing kICSL. CryptoHandshakeMessage msg; std::string error_details; @@ -274,13 +319,16 @@ TEST_P(QuicConfigTest, MissingValueInSHLO) { } TEST_P(QuicConfigTest, OutOfBoundSHLO) { + if (version_.UsesTls()) { + // CryptoHandshakeMessage is only used for QUIC_CRYPTO. + return; + } QuicConfig server_config; server_config.SetIdleNetworkTimeout( - QuicTime::Delta::FromSeconds(2 * kMaximumIdleTimeoutSecs), QuicTime::Delta::FromSeconds(2 * kMaximumIdleTimeoutSecs)); CryptoHandshakeMessage msg; - server_config.ToHandshakeMessage(&msg, GetParam()); + server_config.ToHandshakeMessage(&msg, version_.transport_version); std::string error_details; const QuicErrorCode error = config_.ProcessPeerHello(msg, SERVER, &error_details); @@ -301,6 +349,10 @@ TEST_P(QuicConfigTest, InvalidFlowControlWindow) { } TEST_P(QuicConfigTest, HasClientSentConnectionOption) { + if (version_.UsesTls()) { + // CryptoHandshakeMessage is only used for QUIC_CRYPTO. + return; + } QuicConfig client_config; QuicTagVector copt; copt.push_back(kTBBR); @@ -309,7 +361,7 @@ TEST_P(QuicConfigTest, HasClientSentConnectionOption) { kTBBR, Perspective::IS_CLIENT)); CryptoHandshakeMessage msg; - client_config.ToHandshakeMessage(&msg, GetParam()); + client_config.ToHandshakeMessage(&msg, version_.transport_version); std::string error_details; const QuicErrorCode error = @@ -324,13 +376,17 @@ TEST_P(QuicConfigTest, HasClientSentConnectionOption) { } TEST_P(QuicConfigTest, DontSendClientConnectionOptions) { + if (version_.UsesTls()) { + // CryptoHandshakeMessage is only used for QUIC_CRYPTO. + return; + } QuicConfig client_config; QuicTagVector copt; copt.push_back(kTBBR); client_config.SetClientConnectionOptions(copt); CryptoHandshakeMessage msg; - client_config.ToHandshakeMessage(&msg, GetParam()); + client_config.ToHandshakeMessage(&msg, version_.transport_version); std::string error_details; const QuicErrorCode error = @@ -342,6 +398,10 @@ TEST_P(QuicConfigTest, DontSendClientConnectionOptions) { } TEST_P(QuicConfigTest, HasClientRequestedIndependentOption) { + if (version_.UsesTls()) { + // CryptoHandshakeMessage is only used for QUIC_CRYPTO. + return; + } QuicConfig client_config; QuicTagVector client_opt; client_opt.push_back(kRENO); @@ -357,7 +417,7 @@ TEST_P(QuicConfigTest, HasClientRequestedIndependentOption) { kTBBR, Perspective::IS_CLIENT)); CryptoHandshakeMessage msg; - client_config.ToHandshakeMessage(&msg, GetParam()); + client_config.ToHandshakeMessage(&msg, version_.transport_version); std::string error_details; const QuicErrorCode error = @@ -374,23 +434,30 @@ TEST_P(QuicConfigTest, HasClientRequestedIndependentOption) { } TEST_P(QuicConfigTest, IncomingLargeIdleTimeoutTransportParameter) { - // Configure our default to 30s and max to 60s, then receive 120s from peer. - // Since the received value is above the max, we should then use the max. - config_.SetIdleNetworkTimeout(quic::QuicTime::Delta::FromSeconds(60), - quic::QuicTime::Delta::FromSeconds(30)); + if (!version_.UsesTls()) { + // TransportParameters are only used for QUIC+TLS. + return; + } + // Configure our idle timeout to 60s, then receive 120s from peer. + // Since the received value is above ours, we should then use ours. + config_.SetIdleNetworkTimeout(quic::QuicTime::Delta::FromSeconds(60)); TransportParameters params; params.idle_timeout_milliseconds.set_value(120000); std::string error_details = "foobar"; - EXPECT_THAT( - config_.ProcessTransportParameters(params, SERVER, &error_details), - IsQuicNoError()); + EXPECT_THAT(config_.ProcessTransportParameters( + params, SERVER, /* is_resumption = */ false, &error_details), + IsQuicNoError()); EXPECT_EQ("", error_details); EXPECT_EQ(quic::QuicTime::Delta::FromSeconds(60), config_.IdleNetworkTimeout()); } TEST_P(QuicConfigTest, FillTransportParams) { + if (!version_.UsesTls()) { + // TransportParameters are only used for QUIC+TLS. + return; + } config_.SetInitialMaxStreamDataBytesIncomingBidirectionalToSend( 2 * kMinimumFlowControlSendWindow); config_.SetInitialMaxStreamDataBytesOutgoingBidirectionalToSend( @@ -399,6 +466,7 @@ TEST_P(QuicConfigTest, FillTransportParams) { 4 * kMinimumFlowControlSendWindow); config_.SetMaxPacketSizeToSend(kMaxPacketSizeForTest); config_.SetMaxDatagramFrameSizeToSend(kMaxDatagramFrameSizeForTest); + config_.SetActiveConnectionIdLimitToSend(kFakeActiveConnectionIdLimit); TransportParameters params; config_.FillTransportParameters(¶ms); @@ -416,9 +484,16 @@ TEST_P(QuicConfigTest, FillTransportParams) { EXPECT_EQ(kMaxPacketSizeForTest, params.max_packet_size.value()); EXPECT_EQ(kMaxDatagramFrameSizeForTest, params.max_datagram_frame_size.value()); + EXPECT_EQ(kFakeActiveConnectionIdLimit, + params.active_connection_id_limit.value()); } TEST_P(QuicConfigTest, ProcessTransportParametersServer) { + if (!version_.UsesTls()) { + // TransportParameters are only used for QUIC+TLS. + return; + } + SetQuicReloadableFlag(quic_negotiate_ack_delay_time, true); TransportParameters params; params.initial_max_stream_data_bidi_local.set_value( @@ -429,11 +504,19 @@ TEST_P(QuicConfigTest, ProcessTransportParametersServer) { kMinimumFlowControlSendWindow); params.max_packet_size.set_value(kMaxPacketSizeForTest); params.max_datagram_frame_size.set_value(kMaxDatagramFrameSizeForTest); + params.initial_max_streams_bidi.set_value(kDefaultMaxStreamsPerConnection); + params.stateless_reset_token = CreateFakeStatelessResetToken(); + params.max_ack_delay.set_value(kFakeMaxAckDelay); + params.ack_delay_exponent.set_value(kFakeAckDelayExponent); + params.active_connection_id_limit.set_value(kFakeActiveConnectionIdLimit); std::string error_details; - EXPECT_THAT( - config_.ProcessTransportParameters(params, SERVER, &error_details), - IsQuicNoError()); + EXPECT_THAT(config_.ProcessTransportParameters( + params, SERVER, /* is_resumption = */ true, &error_details), + IsQuicNoError()) + << error_details; + + EXPECT_FALSE(config_.negotiated()); ASSERT_TRUE( config_.HasReceivedInitialMaxStreamDataBytesIncomingBidirectional()); @@ -456,16 +539,89 @@ TEST_P(QuicConfigTest, ProcessTransportParametersServer) { EXPECT_EQ(kMaxDatagramFrameSizeForTest, config_.ReceivedMaxDatagramFrameSize()); + ASSERT_TRUE(config_.HasReceivedMaxBidirectionalStreams()); + EXPECT_EQ(kDefaultMaxStreamsPerConnection, + config_.ReceivedMaxBidirectionalStreams()); + EXPECT_FALSE(config_.DisableConnectionMigration()); + + // The following config shouldn't be processed because of resumption. + EXPECT_FALSE(config_.HasReceivedStatelessResetToken()); + EXPECT_FALSE(config_.HasReceivedMaxAckDelayMs()); + EXPECT_FALSE(config_.HasReceivedAckDelayExponent()); + + // Let the config process another slightly tweaked transport paramters. + // Note that the values for flow control and stream limit cannot be smaller + // than before. This rule is enforced in QuicSession::OnConfigNegotiated(). + params.initial_max_stream_data_bidi_local.set_value( + 2 * kMinimumFlowControlSendWindow + 1); + params.initial_max_stream_data_bidi_remote.set_value( + 4 * kMinimumFlowControlSendWindow); + params.initial_max_stream_data_uni.set_value(5 * + kMinimumFlowControlSendWindow); + params.max_packet_size.set_value(2 * kMaxPacketSizeForTest); + params.max_datagram_frame_size.set_value(2 * kMaxDatagramFrameSizeForTest); + params.initial_max_streams_bidi.set_value(2 * + kDefaultMaxStreamsPerConnection); + params.disable_migration = true; + + EXPECT_THAT(config_.ProcessTransportParameters( + params, SERVER, /* is_resumption = */ false, &error_details), + IsQuicNoError()) + << error_details; + + EXPECT_TRUE(config_.negotiated()); + + ASSERT_TRUE( + config_.HasReceivedInitialMaxStreamDataBytesIncomingBidirectional()); + EXPECT_EQ(2 * kMinimumFlowControlSendWindow + 1, + config_.ReceivedInitialMaxStreamDataBytesIncomingBidirectional()); + + ASSERT_TRUE( + config_.HasReceivedInitialMaxStreamDataBytesOutgoingBidirectional()); + EXPECT_EQ(4 * kMinimumFlowControlSendWindow, + config_.ReceivedInitialMaxStreamDataBytesOutgoingBidirectional()); + + ASSERT_TRUE(config_.HasReceivedInitialMaxStreamDataBytesUnidirectional()); + EXPECT_EQ(5 * kMinimumFlowControlSendWindow, + config_.ReceivedInitialMaxStreamDataBytesUnidirectional()); + + ASSERT_TRUE(config_.HasReceivedMaxPacketSize()); + EXPECT_EQ(2 * kMaxPacketSizeForTest, config_.ReceivedMaxPacketSize()); + + ASSERT_TRUE(config_.HasReceivedMaxDatagramFrameSize()); + EXPECT_EQ(2 * kMaxDatagramFrameSizeForTest, + config_.ReceivedMaxDatagramFrameSize()); + + ASSERT_TRUE(config_.HasReceivedMaxBidirectionalStreams()); + EXPECT_EQ(2 * kDefaultMaxStreamsPerConnection, + config_.ReceivedMaxBidirectionalStreams()); + + EXPECT_TRUE(config_.DisableConnectionMigration()); + + ASSERT_TRUE(config_.HasReceivedStatelessResetToken()); + ASSERT_TRUE(config_.HasReceivedMaxAckDelayMs()); + EXPECT_EQ(config_.ReceivedMaxAckDelayMs(), kFakeMaxAckDelay); + + ASSERT_TRUE(config_.HasReceivedAckDelayExponent()); + EXPECT_EQ(config_.ReceivedAckDelayExponent(), kFakeAckDelayExponent); + + ASSERT_TRUE(config_.HasReceivedActiveConnectionIdLimit()); + EXPECT_EQ(config_.ReceivedActiveConnectionIdLimit(), + kFakeActiveConnectionIdLimit); } TEST_P(QuicConfigTest, DisableMigrationTransportParameter) { + if (!version_.UsesTls()) { + // TransportParameters are only used for QUIC+TLS. + return; + } TransportParameters params; params.disable_migration = true; std::string error_details; - EXPECT_THAT( - config_.ProcessTransportParameters(params, SERVER, &error_details), - IsQuicNoError()); + EXPECT_THAT(config_.ProcessTransportParameters( + params, SERVER, /* is_resumption = */ false, &error_details), + IsQuicNoError()); EXPECT_TRUE(config_.DisableConnectionMigration()); } diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_connection.cc b/chromium/net/third_party/quiche/src/quic/core/quic_connection.cc index f83dbdd8950..4f089a44fe9 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_connection.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_connection.cc @@ -286,9 +286,6 @@ QuicConnection::QuicConnection( mtu_discovery_alarm_(alarm_factory_->CreateAlarm( arena_.New<MtuDiscoveryAlarmDelegate>(this), &arena_)), - path_degrading_alarm_(alarm_factory_->CreateAlarm( - arena_.New<PathDegradingAlarmDelegate>(this), - &arena_)), process_undecryptable_packets_alarm_(alarm_factory_->CreateAlarm( arena_.New<ProcessUndecryptablePacketsAlarmDelegate>(this), &arena_)), @@ -299,6 +296,7 @@ QuicConnection::QuicConnection( handshake_timeout_(QuicTime::Delta::Infinite()), time_of_first_packet_sent_after_receiving_(QuicTime::Zero()), time_of_last_received_packet_(clock_->ApproximateNow()), + time_of_last_decryptable_packet_(time_of_last_received_packet_), sent_packet_manager_(perspective, clock_, random_generator_, @@ -347,7 +345,9 @@ QuicConnection::QuicConnection( << "QuicConnection: attempted to use server connection ID " << server_connection_id << " which is invalid with version " << QuicVersionToString(transport_version()); - + if (advance_ack_timeout_update_) { + QUIC_RELOADABLE_FLAG_COUNT(quic_advance_ack_timeout_update); + } framer_.set_visitor(this); stats_.connection_creation_time = clock_->ApproximateNow(); // TODO(ianswett): Supply the NetworkChangeVisitor as a constructor argument @@ -407,9 +407,40 @@ void QuicConnection::SetFromConfig(const QuicConfig& config) { // Handshake complete, set handshake timeout to Infinite. SetNetworkTimeouts(QuicTime::Delta::Infinite(), config.IdleNetworkTimeout()); - if (config.SilentClose()) { - idle_timeout_connection_close_behavior_ = - ConnectionCloseBehavior::SILENT_CLOSE; + idle_timeout_connection_close_behavior_ = + ConnectionCloseBehavior::SILENT_CLOSE; + if (original_connection_id_.has_value()) { + DCHECK_EQ(perspective_, Perspective::IS_CLIENT); + // We received a RETRY packet, validate that the |original_connection_id| + // from the config matches the one from the RETRY. + if (!config.HasReceivedOriginalConnectionId() || + config.ReceivedOriginalConnectionId() != + original_connection_id_.value()) { + std::string received_value; + if (config.HasReceivedOriginalConnectionId()) { + received_value = config.ReceivedOriginalConnectionId().ToString(); + } else { + received_value = "none"; + } + std::string error_details = quiche::QuicheStrCat( + "Bad original_connection_id: expected ", + original_connection_id_.value().ToString(), ", received ", + received_value, ", RETRY used ", server_connection_id_.ToString()); + CloseConnection(IETF_QUIC_PROTOCOL_VIOLATION, error_details, + ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET); + return; + } + } else { + // We did not receive a RETRY packet, make sure we did not receive the + // original_connection_id transport parameter. + if (config.HasReceivedOriginalConnectionId()) { + std::string error_details = quiche::QuicheStrCat( + "Bad original_connection_id: did not receive RETRY but received ", + config.ReceivedOriginalConnectionId().ToString()); + CloseConnection(IETF_QUIC_PROTOCOL_VIOLATION, error_details, + ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET); + return; + } } } else { SetNetworkTimeouts(config.max_time_before_crypto_handshake(), @@ -466,8 +497,7 @@ void QuicConnection::SetFromConfig(const QuicConfig& config) { framer_.set_process_timestamps(true); uber_received_packet_manager_.set_save_timestamps(true); } - if (GetQuicReloadableFlag(quic_bundle_retransmittable_with_pto_ack) && - config.HasClientSentConnectionOption(kEACK, perspective_)) { + if (config.HasClientSentConnectionOption(kEACK, perspective_)) { bundle_retransmittable_with_pto_ack_ = true; } if (config.HasReceivedMaxPacketSize()) { @@ -475,6 +505,10 @@ void QuicConnection::SetFromConfig(const QuicConfig& config) { packet_creator_.SetMaxPacketLength( GetLimitedMaxPacketSize(packet_creator_.max_packet_length())); } + if (config.HasReceivedMaxDatagramFrameSize()) { + packet_creator_.SetMaxDatagramFrameSize( + config.ReceivedMaxDatagramFrameSize()); + } supports_release_time_ = writer_ != nullptr && writer_->SupportsReleaseTime() && @@ -485,6 +519,11 @@ void QuicConnection::SetFromConfig(const QuicConfig& config) { } } +void QuicConnection::ApplyConnectionOptions( + const QuicTagVector& connection_options) { + sent_packet_manager_.ApplyConnectionOptions(connection_options); +} + void QuicConnection::OnSendConnectionState( const CachedNetworkParameters& cached_network_params) { if (debug_visitor_ != nullptr) { @@ -679,6 +718,8 @@ void QuicConnection::OnRetryPacket( << server_connection_id_ << " with " << new_connection_id << ", received token " << quiche::QuicheTextUtils::HexEncode(retry_token); + DCHECK(!original_connection_id_.has_value()); + original_connection_id_ = server_connection_id_; server_connection_id_ = new_connection_id; packet_creator_.SetServerConnectionId(server_connection_id_); packet_creator_.SetRetryToken(retry_token); @@ -808,6 +849,14 @@ void QuicConnection::OnDecryptedPacket(EncryptionLevel level) { // Address is validated by successfully processing a HANDSHAKE packet. address_validated_ = true; } + if (extend_idle_time_on_decryptable_packets_) { + QUIC_RELOADABLE_FLAG_COUNT(quic_extend_idle_time_on_decryptable_packets); + if (use_idle_network_detector_) { + idle_network_detector_.OnPacketReceived(time_of_last_received_packet_); + } else { + time_of_last_decryptable_packet_ = time_of_last_received_packet_; + } + } visitor_->OnPacketDecrypted(level); } @@ -913,9 +962,14 @@ bool QuicConnection::OnStreamFrame(const QuicStreamFrame& frame) { ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET); return false; } + if (advance_ack_timeout_update_) { + MaybeUpdateAckTimeout(); + } visitor_->OnStreamFrame(frame); stats_.stream_bytes_received += frame.data_length; - should_last_packet_instigate_acks_ = true; + if (!advance_ack_timeout_update_) { + should_last_packet_instigate_acks_ = true; + } consecutive_retransmittable_on_wire_ping_count_ = 0; return connected_; } @@ -930,8 +984,13 @@ bool QuicConnection::OnCryptoFrame(const QuicCryptoFrame& frame) { if (debug_visitor_ != nullptr) { debug_visitor_->OnCryptoFrame(frame); } + if (advance_ack_timeout_update_) { + MaybeUpdateAckTimeout(); + } visitor_->OnCryptoFrame(frame); - should_last_packet_instigate_acks_ = true; + if (!advance_ack_timeout_update_) { + should_last_packet_instigate_acks_ = true; + } return connected_; } @@ -1118,7 +1177,11 @@ bool QuicConnection::OnPingFrame(const QuicPingFrame& frame) { if (debug_visitor_ != nullptr) { debug_visitor_->OnPingFrame(frame); } - should_last_packet_instigate_acks_ = true; + if (advance_ack_timeout_update_) { + MaybeUpdateAckTimeout(); + } else { + should_last_packet_instigate_acks_ = true; + } return true; } @@ -1160,8 +1223,13 @@ bool QuicConnection::OnRstStreamFrame(const QuicRstStreamFrame& frame) { << "RST_STREAM_FRAME received for stream: " << frame.stream_id << " with error: " << QuicRstStreamErrorCodeToString(frame.error_code); + if (advance_ack_timeout_update_) { + MaybeUpdateAckTimeout(); + } visitor_->OnRstStream(frame); - should_last_packet_instigate_acks_ = true; + if (!advance_ack_timeout_update_) { + should_last_packet_instigate_acks_ = true; + } return connected_; } @@ -1192,7 +1260,11 @@ bool QuicConnection::OnPathChallengeFrame(const QuicPathChallengeFrame& frame) { // response. received_path_challenge_payloads_.push_back(frame.data_buffer); - should_last_packet_instigate_acks_ = true; + if (advance_ack_timeout_update_) { + MaybeUpdateAckTimeout(); + } else { + should_last_packet_instigate_acks_ = true; + } return true; } @@ -1200,7 +1272,11 @@ bool QuicConnection::OnPathResponseFrame(const QuicPathResponseFrame& frame) { if (debug_visitor_ != nullptr) { debug_visitor_->OnPathResponseFrame(frame); } - should_last_packet_instigate_acks_ = true; + if (advance_ack_timeout_update_) { + MaybeUpdateAckTimeout(); + } else { + should_last_packet_instigate_acks_ = true; + } if (!transmitted_connectivity_probe_payload_ || *transmitted_connectivity_probe_payload_ != frame.data_buffer) { // Is not for the probe we sent, ignore it. @@ -1226,31 +1302,30 @@ bool QuicConnection::OnConnectionCloseFrame( case GOOGLE_QUIC_CONNECTION_CLOSE: QUIC_DLOG(INFO) << ENDPOINT << "Received ConnectionClose for connection: " << connection_id() << ", with error: " - << QuicErrorCodeToString(frame.extracted_error_code) - << " (" << frame.error_details << ")"; + << QuicErrorCodeToString(frame.quic_error_code) << " (" + << frame.error_details << ")"; break; case IETF_QUIC_TRANSPORT_CONNECTION_CLOSE: QUIC_DLOG(INFO) << ENDPOINT << "Received Transport ConnectionClose for connection: " << connection_id() << ", with error: " - << QuicErrorCodeToString(frame.extracted_error_code) - << " (" << frame.error_details << ")" - << ", transport error code: " - << frame.transport_error_code << ", error frame type: " + << QuicErrorCodeToString(frame.quic_error_code) << " (" + << frame.error_details << ")" + << ", transport error code: " << frame.wire_error_code + << ", error frame type: " << frame.transport_close_frame_type; break; case IETF_QUIC_APPLICATION_CONNECTION_CLOSE: QUIC_DLOG(INFO) << ENDPOINT << "Received Application ConnectionClose for connection: " << connection_id() << ", with error: " - << QuicErrorCodeToString(frame.extracted_error_code) - << " (" << frame.error_details << ")" - << ", application error code: " - << frame.application_error_code; + << QuicErrorCodeToString(frame.quic_error_code) << " (" + << frame.error_details << ")" + << ", application error code: " << frame.wire_error_code; break; } - if (frame.extracted_error_code == QUIC_BAD_MULTIPATH_FLAG) { + if (frame.quic_error_code == QUIC_BAD_MULTIPATH_FLAG) { QUIC_LOG_FIRST_N(ERROR, 10) << "Unexpected QUIC_BAD_MULTIPATH_FLAG error." << " last_received_header: " << last_header_ << " encryption_level: " << encryption_level_; @@ -1288,9 +1363,13 @@ bool QuicConnection::OnGoAwayFrame(const QuicGoAwayFrame& frame) { << frame.last_good_stream_id << " and error: " << QuicErrorCodeToString(frame.error_code) << " and reason: " << frame.reason_phrase; - + if (advance_ack_timeout_update_) { + MaybeUpdateAckTimeout(); + } visitor_->OnGoAway(frame); - should_last_packet_instigate_acks_ = true; + if (!advance_ack_timeout_update_) { + should_last_packet_instigate_acks_ = true; + } return connected_; } @@ -1305,8 +1384,13 @@ bool QuicConnection::OnWindowUpdateFrame(const QuicWindowUpdateFrame& frame) { debug_visitor_->OnWindowUpdateFrame(frame, GetTimeOfLastReceivedPacket()); } QUIC_DVLOG(1) << ENDPOINT << "WINDOW_UPDATE_FRAME received " << frame; + if (advance_ack_timeout_update_) { + MaybeUpdateAckTimeout(); + } visitor_->OnWindowUpdateFrame(frame); - should_last_packet_instigate_acks_ = true; + if (!advance_ack_timeout_update_) { + should_last_packet_instigate_acks_ = true; + } return connected_; } @@ -1343,9 +1427,14 @@ bool QuicConnection::OnMessageFrame(const QuicMessageFrame& frame) { if (debug_visitor_ != nullptr) { debug_visitor_->OnMessageFrame(frame); } + if (advance_ack_timeout_update_) { + MaybeUpdateAckTimeout(); + } visitor_->OnMessageReceived( quiche::QuicheStringPiece(frame.data, frame.message_length)); - should_last_packet_instigate_acks_ = true; + if (!advance_ack_timeout_update_) { + should_last_packet_instigate_acks_ = true; + } return connected_; } @@ -1366,8 +1455,13 @@ bool QuicConnection::OnHandshakeDoneFrame(const QuicHandshakeDoneFrame& frame) { if (debug_visitor_ != nullptr) { debug_visitor_->OnHandshakeDoneFrame(frame); } + if (advance_ack_timeout_update_) { + MaybeUpdateAckTimeout(); + } visitor_->OnHandshakeDoneReceived(); - should_last_packet_instigate_acks_ = true; + if (!advance_ack_timeout_update_) { + should_last_packet_instigate_acks_ = true; + } return connected_; } @@ -1383,9 +1477,14 @@ bool QuicConnection::OnBlockedFrame(const QuicBlockedFrame& frame) { } QUIC_DLOG(INFO) << ENDPOINT << "BLOCKED_FRAME received for stream: " << frame.stream_id; + if (advance_ack_timeout_update_) { + MaybeUpdateAckTimeout(); + } visitor_->OnBlockedFrame(frame); stats_.blocked_frames_received++; - should_last_packet_instigate_acks_ = true; + if (!advance_ack_timeout_update_) { + should_last_packet_instigate_acks_ = true; + } return connected_; } @@ -1457,10 +1556,12 @@ void QuicConnection::OnPacketComplete() { // For IETF QUIC, it is guaranteed that TLS will give connection the // corresponding write key before read key. In other words, connection should // never process a packet while an ACK for it cannot be encrypted. - uber_received_packet_manager_.MaybeUpdateAckTimeout( - should_last_packet_instigate_acks_, last_decrypted_packet_level_, - last_header_.packet_number, GetTimeOfLastReceivedPacket(), - clock_->ApproximateNow(), sent_packet_manager_.GetRttStats()); + if (!advance_ack_timeout_update_ || !should_last_packet_instigate_acks_) { + uber_received_packet_manager_.MaybeUpdateAckTimeout( + should_last_packet_instigate_acks_, last_decrypted_packet_level_, + last_header_.packet_number, GetTimeOfLastReceivedPacket(), + clock_->ApproximateNow(), sent_packet_manager_.GetRttStats()); + } ClearLastFrames(); CloseIfTooManyOutstandingSentPackets(); @@ -1735,9 +1836,12 @@ void QuicConnection::OnUndecryptablePacket(const QuicEncryptedPacket& packet, } if (should_enqueue) { - QueueUndecryptablePacket(packet); - } else if (debug_visitor_ != nullptr) { - debug_visitor_->OnUndecryptablePacket(); + QueueUndecryptablePacket(packet, decryption_level); + } + + if (debug_visitor_ != nullptr) { + debug_visitor_->OnUndecryptablePacket(decryption_level, + /*dropped=*/!should_enqueue); } } @@ -1795,7 +1899,7 @@ void QuicConnection::ProcessUdpPacket(const QuicSocketAddress& self_address, << " too far from current time:" << clock_->ApproximateNow().ToDebuggingValue(); } - if (use_idle_network_detector_) { + if (!extend_idle_time_on_decryptable_packets_ && use_idle_network_detector_) { QUIC_RELOADABLE_FLAG_COUNT_N(quic_use_idle_network_detector, 1, 6); idle_network_detector_.OnPacketReceived(packet.receipt_time()); } else { @@ -2018,6 +2122,12 @@ void QuicConnection::WriteQueuedPackets() { // TODO(wub): Reduce max packet size to a safe default, or the actual MTU. mtu_discoverer_.Disable(); mtu_discovery_alarm_->Cancel(); + if (GetQuicReloadableFlag( + quic_ignore_msg_too_big_from_buffered_packets)) { + QUIC_RELOADABLE_FLAG_COUNT( + quic_ignore_msg_too_big_from_buffered_packets); + buffered_packets_.pop_front(); + } continue; } if (IsWriteError(result.status)) { @@ -2157,6 +2267,23 @@ bool QuicConnection::CanWrite(HasRetransmittableData retransmittable) { return true; } +QuicTime QuicConnection::CalculatePacketSentTime() { + const QuicTime now = clock_->Now(); + if (!supports_release_time_ || per_packet_options_ == nullptr) { + // Don't change the release delay. + return now; + } + + auto next_release_time_result = sent_packet_manager_.GetNextReleaseTime(); + + // Release before |now| is impossible. + QuicTime next_release_time = + std::max(now, next_release_time_result.release_time); + per_packet_options_->release_time_delay = next_release_time - now; + per_packet_options_->allow_burst = next_release_time_result.allow_burst; + return next_release_time; +} + bool QuicConnection::WritePacket(SerializedPacket* packet) { if (ShouldDiscardPacket(*packet)) { ++stats_.packets_discarded; @@ -2166,8 +2293,6 @@ bool QuicConnection::WritePacket(SerializedPacket* packet) { packet->packet_number < sent_packet_manager_.GetLargestSentPacket()) { QUIC_BUG << "Attempt to write packet:" << packet->packet_number << " after:" << sent_packet_manager_.GetLargestSentPacket(); - QUIC_CLIENT_HISTOGRAM_COUNTS("QuicSession.NumQueuedPacketsAtOutOfOrder", - buffered_packets_.size(), 1, 1000, 50, ""); CloseConnection(QUIC_INTERNAL_ERROR, "Packet written out of order.", ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET); return true; @@ -2180,7 +2305,7 @@ bool QuicConnection::WritePacket(SerializedPacket* packet) { // Termination packets are encrypted and saved, so don't exit early. const bool is_termination_packet = IsTerminationPacket(*packet); QuicPacketNumber packet_number = packet->packet_number; - QuicPacketLength encrypted_length = packet->encrypted_length; + const QuicPacketLength encrypted_length = packet->encrypted_length; // Termination packets are eventually owned by TimeWaitListManager. // Others are deleted at the end of this call. if (is_termination_packet) { @@ -2213,18 +2338,7 @@ bool QuicConnection::WritePacket(SerializedPacket* packet) { // Measure the RTT from before the write begins to avoid underestimating the // min_rtt_, especially in cases where the thread blocks or gets swapped out // during the WritePacket below. - QuicTime packet_send_time = clock_->Now(); - if (supports_release_time_ && per_packet_options_ != nullptr) { - QuicTime next_release_time = sent_packet_manager_.GetNextReleaseTime(); - QuicTime::Delta release_time_delay = QuicTime::Delta::Zero(); - QuicTime now = packet_send_time; - if (next_release_time > now) { - release_time_delay = next_release_time - now; - // Set packet_send_time to the future to make the RTT estimation accurate. - packet_send_time = next_release_time; - } - per_packet_options_->release_time_delay = release_time_delay; - } + QuicTime packet_send_time = CalculatePacketSentTime(); WriteResult result(WRITE_STATUS_OK, encrypted_length); switch (fate) { case COALESCE: @@ -2314,8 +2428,8 @@ bool QuicConnection::WritePacket(SerializedPacket* packet) { // When MSG_TOO_BIG is returned, the system typically knows what the // actual MTU is, so there is no need to probe further. // TODO(wub): Reduce max packet size to a safe default, or the actual MTU. - QUIC_DVLOG(1) << ENDPOINT << " MTU probe packet too big, size:" - << packet->encrypted_length + QUIC_DVLOG(1) << ENDPOINT + << " MTU probe packet too big, size:" << encrypted_length << ", long_term_mtu_:" << long_term_mtu_; mtu_discoverer_.Disable(); mtu_discovery_alarm_->Cancel(); @@ -2349,29 +2463,22 @@ bool QuicConnection::WritePacket(SerializedPacket* packet) { !is_termination_packet) { // Start blackhole/path degrading detections if the sent packet is not // termination packet and contains retransmittable data. - if (use_blackhole_detector_) { - // Do not restart detection if detection is in progress indicating no - // forward progress has been made since last event (i.e., packet was sent - // or new packets were acknowledged). - if (!blackhole_detector_.IsDetectionInProgress()) { - // Try to start detections if no detection in progress. This could - // because either both detections are inactive when sending last packet - // or this connection just gets out of quiescence. - QUIC_RELOADABLE_FLAG_COUNT_N(quic_use_blackhole_detector, 1, 4); - blackhole_detector_.RestartDetection(GetPathDegradingDeadline(), - GetNetworkBlackholeDeadline()); - } - } else if (!is_path_degrading_ && !path_degrading_alarm_->IsSet()) { - // This is the first retransmittable packet on the working path. - // Start the path degrading alarm to detect new path degrading. - SetPathDegradingAlarm(); + // Do not restart detection if detection is in progress indicating no + // forward progress has been made since last event (i.e., packet was sent + // or new packets were acknowledged). + if (!blackhole_detector_.IsDetectionInProgress()) { + // Try to start detections if no detection in progress. This could + // because either both detections are inactive when sending last packet + // or this connection just gets out of quiescence. + blackhole_detector_.RestartDetection(GetPathDegradingDeadline(), + GetNetworkBlackholeDeadline()); } if (use_idle_network_detector_) { idle_network_detector_.OnPacketSent(packet_send_time); QUIC_RELOADABLE_FLAG_COUNT_N(quic_use_idle_network_detector, 2, 6); } else if (time_of_first_packet_sent_after_receiving_ < - time_of_last_received_packet_) { + GetTimeOfLastReceivedPacket()) { // Update |time_of_first_packet_sent_after_receiving_| if this is the // first packet sent after the last packet was received. If it were // updated on every sent packet, then sending into a black hole might @@ -2386,7 +2493,7 @@ bool QuicConnection::WritePacket(SerializedPacket* packet) { if (EnforceAntiAmplificationLimit()) { // Include bytes sent even if they are not in flight. - bytes_sent_before_address_validation_ += packet->encrypted_length; + bytes_sent_before_address_validation_ += encrypted_length; } const bool in_flight = sent_packet_manager_.OnPacketSent( @@ -2474,12 +2581,10 @@ bool QuicConnection::ShouldDiscardPacket(const SerializedPacket& packet) { } bool QuicConnection::ShouldIgnoreWriteError() { - if (!GetQuicReloadableFlag(quic_ignore_one_write_error_after_mtu_probe) || - previous_validated_mtu_ == 0) { + if (previous_validated_mtu_ == 0) { return false; } - QUIC_CODE_COUNT(quic_ignore_one_write_error_after_mtu_probe); SetMaxPacketLength(previous_validated_mtu_); mtu_discoverer_.Disable(); mtu_discovery_alarm_->Cancel(); @@ -2524,8 +2629,8 @@ char* QuicConnection::GetPacketBuffer() { return writer_->GetNextWriteLocation(self_address().host(), peer_address()); } -void QuicConnection::OnSerializedPacket(SerializedPacket* serialized_packet) { - if (serialized_packet->encrypted_buffer == nullptr) { +void QuicConnection::OnSerializedPacket(SerializedPacket serialized_packet) { + if (serialized_packet.encrypted_buffer == nullptr) { // We failed to serialize the packet, so close the connection. // Specify that the close is silent, that no packet be sent, so no infinite // loop here. @@ -2544,14 +2649,14 @@ void QuicConnection::OnSerializedPacket(SerializedPacket* serialized_packet) { return; } - if (serialized_packet->retransmittable_frames.empty()) { + if (serialized_packet.retransmittable_frames.empty()) { // Increment consecutive_num_packets_with_no_retransmittable_frames_ if // this packet is a new transmission with no retransmittable frames. ++consecutive_num_packets_with_no_retransmittable_frames_; } else { consecutive_num_packets_with_no_retransmittable_frames_ = 0; } - SendOrQueuePacket(serialized_packet); + SendOrQueuePacket(std::move(serialized_packet)); } void QuicConnection::OnUnrecoverableError(QuicErrorCode error, @@ -2610,14 +2715,9 @@ void QuicConnection::OnHandshakeComplete() { kAlarmGranularity); } -void QuicConnection::SendOrQueuePacket(SerializedPacket* packet) { +void QuicConnection::SendOrQueuePacket(SerializedPacket packet) { // The caller of this function is responsible for checking CanWrite(). - if (packet->encrypted_buffer == nullptr) { - QUIC_BUG << "packet.encrypted_buffer == nullptr in to SendOrQueuePacket"; - return; - } - WritePacket(packet); - ClearSerializedPacket(packet); + WritePacket(&packet); } void QuicConnection::OnPingTimeout() { @@ -2668,28 +2768,6 @@ void QuicConnection::OnRetransmissionTimeout() { QuicPacketNumber previous_created_packet_number = packet_creator_.packet_number(); - if (!use_blackhole_detector_) { - if (close_connection_after_five_rtos_ && - sent_packet_manager_.GetConsecutiveRtoCount() >= 4) { - // Close on the 5th consecutive RTO, so after 4 previous RTOs have - // occurred. - CloseConnection(QUIC_TOO_MANY_RTOS, - "5 consecutive retransmission timeouts", - ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET); - return; - } - if (sent_packet_manager_.pto_enabled() && max_consecutive_ptos_ > 0 && - sent_packet_manager_.GetConsecutivePtoCount() >= - max_consecutive_ptos_) { - CloseConnection( - QUIC_TOO_MANY_RTOS, - quiche::QuicheStrCat(max_consecutive_ptos_ + 1, - "consecutive retransmission timeouts"), - ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET); - return; - } - } - const auto retransmission_mode = sent_packet_manager_.OnRetransmissionTimeout(); if (sent_packet_manager_.skip_packet_number_for_pto() && @@ -2701,10 +2779,7 @@ void QuicConnection::OnRetransmissionTimeout() { packet_creator_.SkipNPacketNumbers( num_packet_numbers_to_skip, sent_packet_manager_.GetLeastUnacked(), sent_packet_manager_.EstimateMaxPacketsInFlight(max_packet_length())); - if (GetQuicReloadableFlag(quic_send_ping_when_pto_skips_packet_number)) { - QUIC_RELOADABLE_FLAG_COUNT(quic_send_ping_when_pto_skips_packet_number); - previous_created_packet_number += num_packet_numbers_to_skip; - } + previous_created_packet_number += num_packet_numbers_to_skip; if (debug_visitor_ != nullptr) { debug_visitor_->OnNPacketNumbersSkipped(num_packet_numbers_to_skip); } @@ -2840,16 +2915,17 @@ const QuicDecrypter* QuicConnection::alternative_decrypter() const { } void QuicConnection::QueueUndecryptablePacket( - const QuicEncryptedPacket& packet) { + const QuicEncryptedPacket& packet, + EncryptionLevel decryption_level) { for (const auto& saved_packet : undecryptable_packets_) { - if (packet.data() == saved_packet->data() && - packet.length() == saved_packet->length()) { + if (packet.data() == saved_packet.packet->data() && + packet.length() == saved_packet.packet->length()) { QUIC_DVLOG(1) << ENDPOINT << "Not queueing known undecryptable packet"; return; } } QUIC_DVLOG(1) << ENDPOINT << "Queueing undecryptable packet."; - undecryptable_packets_.push_back(packet.Clone()); + undecryptable_packets_.emplace_back(packet, decryption_level); } void QuicConnection::MaybeProcessUndecryptablePackets() { @@ -2868,8 +2944,12 @@ void QuicConnection::MaybeProcessUndecryptablePackets() { return; } QUIC_DVLOG(1) << ENDPOINT << "Attempting to process undecryptable packet"; - QuicEncryptedPacket* packet = undecryptable_packets_.front().get(); - if (!framer_.ProcessPacket(*packet) && + const auto& undecryptable_packet = undecryptable_packets_.front(); + if (debug_visitor_ != nullptr) { + debug_visitor_->OnAttemptingToProcessUndecryptablePacket( + undecryptable_packet.encryption_level); + } + if (!framer_.ProcessPacket(*undecryptable_packet.packet) && framer_.error() == QUIC_DECRYPTION_FAILURE) { QUIC_DVLOG(1) << ENDPOINT << "Unable to process undecryptable packet..."; break; @@ -2884,11 +2964,9 @@ void QuicConnection::MaybeProcessUndecryptablePackets() { // never be able to be decrypted. if (encryption_level_ == ENCRYPTION_FORWARD_SECURE) { if (debug_visitor_ != nullptr) { - // TODO(rtenneti): perhaps more efficient to pass the number of - // undecryptable packets as the argument to OnUndecryptablePacket so that - // we just need to call OnUndecryptablePacket once? - for (size_t i = 0; i < undecryptable_packets_.size(); ++i) { - debug_visitor_->OnUndecryptablePacket(); + for (const auto& undecryptable_packet : undecryptable_packets_) { + debug_visitor_->OnUndecryptablePacket( + undecryptable_packet.encryption_level, /*dropped=*/true); } } undecryptable_packets_.clear(); @@ -3064,12 +3142,8 @@ void QuicConnection::CancelAllAlarms() { send_alarm_->Cancel(); timeout_alarm_->Cancel(); mtu_discovery_alarm_->Cancel(); - path_degrading_alarm_->Cancel(); process_undecryptable_packets_alarm_->Cancel(); - if (use_blackhole_detector_) { - QUIC_RELOADABLE_FLAG_COUNT_N(quic_use_blackhole_detector, 4, 4); - blackhole_detector_.StopDetection(); - } + blackhole_detector_.StopDetection(); if (use_idle_network_detector_) { QUIC_RELOADABLE_FLAG_COUNT_N(quic_use_idle_network_detector, 3, 6); idle_network_detector_.StopDetection(); @@ -3151,7 +3225,7 @@ void QuicConnection::CheckForTimeout() { } QuicTime time_of_last_packet = - std::max(time_of_last_received_packet_, + std::max(GetTimeOfLastReceivedPacket(), time_of_first_packet_sent_after_receiving_); // |delta| can be < 0 as |now| is approximate time but |time_of_last_packet| @@ -3187,7 +3261,7 @@ void QuicConnection::CheckForTimeout() { void QuicConnection::SetTimeoutAlarm() { DCHECK(!use_idle_network_detector_); QuicTime time_of_last_packet = - std::max(time_of_last_received_packet_, + std::max(GetTimeOfLastReceivedPacket(), time_of_first_packet_sent_after_receiving_); QuicTime deadline = time_of_last_packet + idle_network_timeout_; @@ -3270,16 +3344,6 @@ void QuicConnection::SetRetransmissionAlarm() { kAlarmGranularity); } -void QuicConnection::SetPathDegradingAlarm() { - DCHECK(!use_blackhole_detector_); - if (perspective_ == Perspective::IS_SERVER) { - return; - } - const QuicTime::Delta delay = sent_packet_manager_.GetPathDegradingDelay(); - path_degrading_alarm_->Update(clock_->ApproximateNow() + delay, - kAlarmGranularity); -} - void QuicConnection::MaybeSetMtuAlarm(QuicPacketNumber sent_packet_number) { if (mtu_discovery_alarm_->IsSet() || !mtu_discoverer_.ShouldProbeMtu(sent_packet_number)) { @@ -3505,7 +3569,7 @@ bool QuicConnection::SendGenericPathProbePacket( << "Sending path probe packet for connection_id = " << server_connection_id_; - OwningSerializedPacketPointer probing_packet; + std::unique_ptr<SerializedPacket> probing_packet; if (!version().HasIetfQuicFrames()) { // Non-IETF QUIC, generate a padded ping regardless of whether this is a // request or a response. @@ -3788,32 +3852,31 @@ void QuicConnection::UpdatePacketContent(PacketContent type) { void QuicConnection::PostProcessAfterAckFrame(bool send_stop_waiting, bool acked_new_packet) { if (no_stop_waiting_frames_) { - uber_received_packet_manager_.DontWaitForPacketsBefore( - last_decrypted_packet_level_, - SupportsMultiplePacketNumberSpaces() - ? sent_packet_manager_.GetLargestPacketPeerKnowsIsAcked( - last_decrypted_packet_level_) - : sent_packet_manager_.largest_packet_peer_knows_is_acked()); + if (GetQuicReloadableFlag(quic_donot_change_queued_ack) && + packet_creator_.has_ack()) { + QUIC_RELOADABLE_FLAG_COUNT(quic_donot_change_queued_ack); + } else { + uber_received_packet_manager_.DontWaitForPacketsBefore( + last_decrypted_packet_level_, + SupportsMultiplePacketNumberSpaces() + ? sent_packet_manager_.GetLargestPacketPeerKnowsIsAcked( + last_decrypted_packet_level_) + : sent_packet_manager_.largest_packet_peer_knows_is_acked()); + } } // Always reset the retransmission alarm when an ack comes in, since we now // have a better estimate of the current rtt than when it was set. SetRetransmissionAlarm(); - if (use_blackhole_detector_) { - if (acked_new_packet) { - is_path_degrading_ = false; - if (sent_packet_manager_.HasInFlightPackets()) { - QUIC_RELOADABLE_FLAG_COUNT_N(quic_use_blackhole_detector, 2, 4); - // Restart detections if forward progress has been made. - blackhole_detector_.RestartDetection(GetPathDegradingDeadline(), - GetNetworkBlackholeDeadline()); - } else { - QUIC_RELOADABLE_FLAG_COUNT_N(quic_use_blackhole_detector, 3, 4); - // Stop detections in quiecense. - blackhole_detector_.StopDetection(); - } + if (acked_new_packet) { + is_path_degrading_ = false; + if (sent_packet_manager_.HasInFlightPackets()) { + // Restart detections if forward progress has been made. + blackhole_detector_.RestartDetection(GetPathDegradingDeadline(), + GetNetworkBlackholeDeadline()); + } else { + // Stop detections in quiecense. + blackhole_detector_.StopDetection(); } - } else { - MaybeSetPathDegradingAlarm(acked_new_packet); } if (send_stop_waiting) { @@ -3823,21 +3886,6 @@ void QuicConnection::PostProcessAfterAckFrame(bool send_stop_waiting, } } -void QuicConnection::MaybeSetPathDegradingAlarm(bool acked_new_packet) { - DCHECK(!use_blackhole_detector_); - if (!sent_packet_manager_.HasInFlightPackets()) { - // There are no retransmittable packets on the wire, so it's impossible to - // say if the connection has degraded. - path_degrading_alarm_->Cancel(); - } else if (acked_new_packet) { - // A previously-unacked packet has been acked, which means forward progress - // has been made. Unset |is_path_degrading| if the path was considered as - // degrading previously. Set/update the path degrading alarm. - is_path_degrading_ = false; - SetPathDegradingAlarm(); - } -} - void QuicConnection::SetSessionNotifier( SessionNotifierInterface* session_notifier) { sent_packet_manager_.SetSessionNotifier(session_notifier); @@ -3855,6 +3903,7 @@ void QuicConnection::SetTransmissionType(TransmissionType type) { void QuicConnection::UpdateReleaseTimeIntoFuture() { DCHECK(supports_release_time_); + const QuicTime::Delta prior_max_release_time = release_time_into_future_; release_time_into_future_ = std::max( QuicTime::Delta::FromMilliseconds(kMinReleaseTimeIntoFutureMs), std::min( @@ -3862,6 +3911,9 @@ void QuicConnection::UpdateReleaseTimeIntoFuture() { GetQuicFlag(FLAGS_quic_max_pace_time_into_future_ms)), sent_packet_manager_.GetRttStats()->SmoothedOrInitialRtt() * GetQuicFlag(FLAGS_quic_pace_time_into_future_srtt_fraction))); + QUIC_DVLOG(3) << "Updated max release time delay from " + << prior_max_release_time << " to " + << release_time_into_future_; } void QuicConnection::ResetAckStates() { @@ -3998,7 +4050,6 @@ bool QuicConnection::ShouldBundleRetransmittableFrameWithAck() const { if (bundle_retransmittable_with_pto_ack_ && (sent_packet_manager_.GetConsecutiveRtoCount() > 0 || sent_packet_manager_.GetConsecutivePtoCount() > 0)) { - QUIC_RELOADABLE_FLAG_COUNT(quic_bundle_retransmittable_with_pto_ack); // Bundle a retransmittable frame with an ACK if the PTO or RTO has fired // in order to recover more quickly in cases of temporary network outage. return true; @@ -4032,6 +4083,12 @@ bool QuicConnection::FlushCoalescedPacket() { if (debug_visitor_ != nullptr) { debug_visitor_->OnCoalescedPacketSent(coalesced_packet_, length); } + if (coalesced_packet_.ContainsPacketOfEncryptionLevel( + ENCRYPTION_HANDSHAKE)) { + // This is only called in coalescer because all ENCRYPTION_HANDSHAKE + // packets go through the coalescer. + visitor_->OnHandshakePacketSent(); + } return true; } @@ -4055,6 +4112,11 @@ bool QuicConnection::FlushCoalescedPacket() { if (debug_visitor_ != nullptr) { debug_visitor_->OnCoalescedPacketSent(coalesced_packet_, length); } + if (coalesced_packet_.ContainsPacketOfEncryptionLevel(ENCRYPTION_HANDSHAKE)) { + // This is only called in coalescer because all ENCRYPTION_HANDSHAKE + // packets go through the coalescer. + visitor_->OnHandshakePacketSent(); + } // Account for added padding. if (length > coalesced_packet_.length()) { size_t padding_size = length - coalesced_packet_.length(); @@ -4202,13 +4264,11 @@ void QuicConnection::set_client_connection_id( } void QuicConnection::OnPathDegradingDetected() { - DCHECK(use_blackhole_detector_); is_path_degrading_ = true; visitor_->OnPathDegrading(); } void QuicConnection::OnBlackholeDetected() { - DCHECK(use_blackhole_detector_); CloseConnection(QUIC_TOO_MANY_RTOS, "Network blackhole detected.", ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET); } @@ -4250,8 +4310,19 @@ void QuicConnection::OnIdleNetworkDetected() { idle_timeout_connection_close_behavior_); } +void QuicConnection::MaybeUpdateAckTimeout() { + DCHECK(advance_ack_timeout_update_); + if (should_last_packet_instigate_acks_) { + return; + } + should_last_packet_instigate_acks_ = true; + uber_received_packet_manager_.MaybeUpdateAckTimeout( + /*should_last_packet_instigate_acks=*/true, last_decrypted_packet_level_, + last_header_.packet_number, GetTimeOfLastReceivedPacket(), + clock_->ApproximateNow(), sent_packet_manager_.GetRttStats()); +} + QuicTime QuicConnection::GetPathDegradingDeadline() const { - DCHECK(use_blackhole_detector_); if (!ShouldDetectPathDegrading()) { return QuicTime::Zero(); } @@ -4260,7 +4331,6 @@ QuicTime QuicConnection::GetPathDegradingDeadline() const { } bool QuicConnection::ShouldDetectPathDegrading() const { - DCHECK(use_blackhole_detector_); if (!connected_) { return false; } @@ -4272,7 +4342,6 @@ bool QuicConnection::ShouldDetectPathDegrading() const { } QuicTime QuicConnection::GetNetworkBlackholeDeadline() const { - DCHECK(use_blackhole_detector_); if (!ShouldDetectBlackhole()) { return QuicTime::Zero(); } @@ -4281,7 +4350,6 @@ QuicTime QuicConnection::GetNetworkBlackholeDeadline() const { } bool QuicConnection::ShouldDetectBlackhole() const { - DCHECK(use_blackhole_detector_); if (!connected_) { return false; } @@ -4304,6 +4372,11 @@ QuicTime QuicConnection::GetTimeOfLastReceivedPacket() const { if (use_idle_network_detector_) { return idle_network_detector_.time_of_last_received_packet(); } + if (extend_idle_time_on_decryptable_packets_) { + DCHECK(time_of_last_decryptable_packet_ == time_of_last_received_packet_ || + !last_packet_decrypted_); + return time_of_last_decryptable_packet_; + } return time_of_last_received_packet_; } diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_connection.h b/chromium/net/third_party/quiche/src/quic/core/quic_connection.h index a6be992badd..6586fb2870a 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_connection.h +++ b/chromium/net/third_party/quiche/src/quic/core/quic_connection.h @@ -49,6 +49,7 @@ #include "net/third_party/quiche/src/quic/platform/api/quic_containers.h" #include "net/third_party/quiche/src/quic/platform/api/quic_export.h" #include "net/third_party/quiche/src/quic/platform/api/quic_socket_address.h" +#include "net/third_party/quiche/src/common/platform/api/quiche_optional.h" #include "net/third_party/quiche/src/common/platform/api/quiche_str_cat.h" #include "net/third_party/quiche/src/common/platform/api/quiche_string_piece.h" @@ -181,6 +182,9 @@ class QUIC_EXPORT_PRIVATE QuicConnectionVisitorInterface { // Called when a 1RTT packet has been acknowledged. virtual void OnOneRttPacketAcknowledged() = 0; + + // Called when a packet of ENCRYPTION_HANDSHAKE gets sent. + virtual void OnHandshakePacketSent() = 0; }; // Interface which gets callbacks from the QuicConnection at interesting @@ -217,8 +221,15 @@ class QUIC_EXPORT_PRIVATE QuicConnectionDebugVisitor // match the ID of this connection. virtual void OnIncorrectConnectionId(QuicConnectionId /*connection_id*/) {} - // Called when an undecryptable packet has been received. - virtual void OnUndecryptablePacket() {} + // Called when an undecryptable packet has been received. If |dropped| is + // true, the packet has been dropped. Otherwise, the packet will be queued and + // connection will attempt to process it later. + virtual void OnUndecryptablePacket(EncryptionLevel /*decryption_level*/, + bool /*dropped*/) {} + + // Called when attempting to process a previously undecryptable packet. + virtual void OnAttemptingToProcessUndecryptablePacket( + EncryptionLevel /*decryption_level*/) {} // Called when a duplicate packet has been received. virtual void OnDuplicatePacket(QuicPacketNumber /*packet_number*/) {} @@ -373,6 +384,12 @@ class QUIC_EXPORT_PRIVATE QuicConnection // Sets connection parameters from the supplied |config|. void SetFromConfig(const QuicConfig& config); + // Apply |connection_options| for this connection. Unlike SetFromConfig, this + // can happen at anytime in the life of a connection. + // Note there is no guarantee that all options can be applied. Components will + // only apply cherrypicked options that make sense at the time of the call. + void ApplyConnectionOptions(const QuicTagVector& connection_options); + // Called by the session when sending connection state to the client. virtual void OnSendConnectionState( const CachedNetworkParameters& cached_network_params); @@ -571,7 +588,7 @@ class QUIC_EXPORT_PRIVATE QuicConnection IsHandshake handshake) override; const QuicFrames MaybeBundleAckOpportunistically() override; char* GetPacketBuffer() override; - void OnSerializedPacket(SerializedPacket* packet) override; + void OnSerializedPacket(SerializedPacket packet) override; void OnUnrecoverableError(QuicErrorCode error, const std::string& error_details) override; @@ -954,7 +971,7 @@ class QUIC_EXPORT_PRIVATE QuicConnection // Send a packet to the peer, and takes ownership of the packet if the packet // cannot be written immediately. - virtual void SendOrQueuePacket(SerializedPacket* packet); + virtual void SendOrQueuePacket(SerializedPacket packet); // Called after a packet is received from a new effective peer address and is // decrypted. Starts validation of effective peer's address change. Calls @@ -1053,6 +1070,19 @@ class QUIC_EXPORT_PRIVATE QuicConnection const QuicSocketAddress peer_address; }; + // UndecrytablePacket comprises a undecryptable packet and the its encryption + // level. + struct QUIC_EXPORT_PRIVATE UndecryptablePacket { + UndecryptablePacket(const QuicEncryptedPacket& packet, + EncryptionLevel encryption_level) + : packet(packet.Clone()), encryption_level(encryption_level) {} + + std::unique_ptr<QuicEncryptedPacket> packet; + // Currently, |encryption_level| is only used for logging and does not + // affect processing of the packet. + EncryptionLevel encryption_level; + }; + // Notifies the visitor of the close and marks the connection as disconnected. // Does not send a connection close frame to the peer. It should only be // called by CloseConnection or OnConnectionCloseFrame, OnPublicResetPacket, @@ -1102,7 +1132,8 @@ class QUIC_EXPORT_PRIVATE QuicConnection // Queues |packet| in the hopes that it can be decrypted in the // future, when a new key is installed. - void QueueUndecryptablePacket(const QuicEncryptedPacket& packet); + void QueueUndecryptablePacket(const QuicEncryptedPacket& packet, + EncryptionLevel decryption_level); // Sends any packets which are a response to the last packet, including both // acks and pending writes if an ack opened the congestion window. @@ -1121,9 +1152,6 @@ class QUIC_EXPORT_PRIVATE QuicConnection // Sets the retransmission alarm based on SentPacketManager. void SetRetransmissionAlarm(); - // Sets the path degrading alarm. - void SetPathDegradingAlarm(); - // Sets the MTU discovery alarm if necessary. // |sent_packet_number| is the recently sent packet number. void MaybeSetMtuAlarm(QuicPacketNumber sent_packet_number); @@ -1166,10 +1194,6 @@ class QUIC_EXPORT_PRIVATE QuicConnection // |acked_new_packet| is true if a previously-unacked packet was acked. void PostProcessAfterAckFrame(bool send_stop_waiting, bool acked_new_packet); - // Called when an ACK is received to set the path degrading alarm or - // retransmittable on wire alarm. - void MaybeSetPathDegradingAlarm(bool acked_new_packet); - // Updates the release time into the future. void UpdateReleaseTimeIntoFuture(); @@ -1195,6 +1219,9 @@ class QUIC_EXPORT_PRIVATE QuicConnection // and flags. void MaybeEnableMultiplePacketNumberSpacesSupport(); + // Called to update ACK timeout when an retransmittable frame has been parsed. + void MaybeUpdateAckTimeout(); + // Returns packet fate when trying to write a packet via WritePacket(). SerializedPacketFate DeterminePacketFate(bool is_mtu_discovery); @@ -1228,6 +1255,13 @@ class QUIC_EXPORT_PRIVATE QuicConnection // Whether connection is limited by amplification factor. bool LimitedByAmplificationFactor() const; + // Called before sending a packet to get packet send time and to set the + // release time delay in |per_packet_options_|. Return the time when the + // packet is scheduled to be released(a.k.a send time), which is NOW + delay. + // Returns Now() and does not update release time delay if + // |supports_release_time_| is false. + QuicTime CalculatePacketSentTime(); + // We've got a packet write error, should we ignore it? // NOTE: This is not a const function - if return true, the max packet size is // reverted to a previous(smaller) value to avoid write errors in the future. @@ -1331,8 +1365,7 @@ class QUIC_EXPORT_PRIVATE QuicConnection // established, but which could not be decrypted. We buffer these on // the assumption that they could not be processed because they were // sent with the INITIAL encryption and the CHLO message was lost. - QuicCircularDeque<std::unique_ptr<QuicEncryptedPacket>> - undecryptable_packets_; + QuicCircularDeque<UndecryptablePacket> undecryptable_packets_; // Collection of coalesced packets which were received while processing // the current packet. @@ -1357,9 +1390,8 @@ class QUIC_EXPORT_PRIVATE QuicConnection termination_packets_; // Determines whether or not a connection close packet is sent to the peer - // after idle timeout due to lack of network activity. - // This is particularly important on mobile, where waking up the radio is - // undesirable. + // after idle timeout due to lack of network activity. During the handshake, + // a connection close packet is sent, but not after. ConnectionCloseBehavior idle_timeout_connection_close_behavior_; // When true, close the QUIC connection after 5 RTOs. Due to the min rto of @@ -1409,10 +1441,6 @@ class QUIC_EXPORT_PRIVATE QuicConnection QuicArenaScopedPtr<QuicAlarm> ping_alarm_; // An alarm that fires when an MTU probe should be sent. QuicArenaScopedPtr<QuicAlarm> mtu_discovery_alarm_; - // An alarm that fires when this connection is considered degrading. - // TODO(fayang): Remove this when deprecating quic_use_blackhole_detector - // flag. - QuicArenaScopedPtr<QuicAlarm> path_degrading_alarm_; // An alarm that fires to process undecryptable packets when new decyrption // keys are available. QuicArenaScopedPtr<QuicAlarm> process_undecryptable_packets_alarm_; @@ -1435,13 +1463,20 @@ class QUIC_EXPORT_PRIVATE QuicConnection // Timestamps used for timeouts. // The time of the first retransmittable packet that was sent after the most // recently received packet. - // TODO(fayang): Remove these two when deprecating - // quic_use_idle_network_detector. + // TODO(fayang): Remove time_of_first_packet_sent_after_receiving_ when + // deprecating quic_use_idle_network_detector. QuicTime time_of_first_packet_sent_after_receiving_; // The time that a packet is received for this connection. Initialized to // connection creation time. - // This is used for timeouts, and does not indicate the packet was processed. + // This does not indicate the packet was processed. QuicTime time_of_last_received_packet_; + // This gets set to time_of_last_received_packet_ when a packet gets + // decrypted. Please note, this is not necessarily the original receive time + // of this decrypt packet because connection can decryptable packet out of + // order. + // TODO(fayang): Remove time_of_last_decryptable_packet_ when + // deprecating quic_use_idle_network_detector. + QuicTime time_of_last_decryptable_packet_; // Sent packet manager which tracks the status of packets sent by this // connection and contains the send and receive algorithms to determine when @@ -1566,6 +1601,11 @@ class QUIC_EXPORT_PRIVATE QuicConnection // vector to improve performance since it is expected to be very small. std::vector<QuicConnectionId> incoming_connection_ids_; + // When we receive a RETRY packet, we replace |server_connection_id_| with the + // value from the RETRY packet and save off the original value of + // |server_connection_id_| into |original_connection_id_| for validation. + quiche::QuicheOptional<QuicConnectionId> original_connection_id_; + // Indicates whether received RETRY packets should be dropped. bool drop_incoming_retry_packets_; @@ -1604,12 +1644,14 @@ class QUIC_EXPORT_PRIVATE QuicConnection QuicIdleNetworkDetector idle_network_detector_; - const bool use_blackhole_detector_ = - GetQuicReloadableFlag(quic_use_blackhole_detector); - const bool use_idle_network_detector_ = - use_blackhole_detector_ && GetQuicReloadableFlag(quic_use_idle_network_detector); + + const bool extend_idle_time_on_decryptable_packets_ = + GetQuicReloadableFlag(quic_extend_idle_time_on_decryptable_packets); + + const bool advance_ack_timeout_update_ = + GetQuicReloadableFlag(quic_advance_ack_timeout_update); }; } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_connection_stats.h b/chromium/net/third_party/quiche/src/quic/core/quic_connection_stats.h index 911ea6dac75..3b0c85d2228 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_connection_stats.h +++ b/chromium/net/third_party/quiche/src/quic/core/quic_connection_stats.h @@ -102,6 +102,9 @@ struct QUIC_EXPORT_PRIVATE QuicConnectionStats { // Maximum reordering observed in microseconds int64_t max_time_reordering_us = 0; + // Maximum sequence reordering observed from acked packets. + QuicPacketCount sent_packets_max_sequence_reordering = 0; + // The following stats are used only in TcpCubicSender. // The number of loss events from TCP's perspective. Each loss event includes // one or more lost packets. diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_connection_test.cc b/chromium/net/third_party/quiche/src/quic/core/quic_connection_test.cc index e5faa3586da..24f233ef233 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_connection_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_connection_test.cc @@ -382,7 +382,8 @@ class TestPacketWriter : public QuicPacketWriter { ENCRYPTION_FORWARD_SECURE, std::make_unique<NullDecrypter>(Perspective::IS_SERVER)); } - EXPECT_TRUE(framer_.ProcessPacket(packet)); + EXPECT_TRUE(framer_.ProcessPacket(packet)) + << framer_.framer()->detailed_error(); if (block_on_next_write_) { write_blocked_ = true; block_on_next_write_ = false; @@ -673,7 +674,7 @@ class TestConnection : public QuicConnection { serialized_packet.retransmittable_frames.push_back( QuicFrame(QuicPingFrame())); } - OnSerializedPacket(&serialized_packet); + OnSerializedPacket(std::move(serialized_packet)); } QuicConsumedData SaveAndSendStreamData(QuicStreamId id, @@ -844,8 +845,7 @@ class TestConnection : public QuicConnection { } TestAlarmFactory::TestAlarm* GetTimeoutAlarm() { - if (GetQuicReloadableFlag(quic_use_blackhole_detector) && - GetQuicReloadableFlag(quic_use_idle_network_detector)) { + if (GetQuicReloadableFlag(quic_use_idle_network_detector)) { return reinterpret_cast<TestAlarmFactory::TestAlarm*>( QuicConnectionPeer::GetIdleNetworkDetectorAlarm(this)); } @@ -858,40 +858,26 @@ class TestConnection : public QuicConnection { QuicConnectionPeer::GetMtuDiscoveryAlarm(this)); } - TestAlarmFactory::TestAlarm* GetPathDegradingAlarm() { - return reinterpret_cast<TestAlarmFactory::TestAlarm*>( - QuicConnectionPeer::GetPathDegradingAlarm(this)); - } - TestAlarmFactory::TestAlarm* GetProcessUndecryptablePacketsAlarm() { return reinterpret_cast<TestAlarmFactory::TestAlarm*>( QuicConnectionPeer::GetProcessUndecryptablePacketsAlarm(this)); } TestAlarmFactory::TestAlarm* GetBlackholeDetectorAlarm() { - DCHECK(GetQuicReloadableFlag(quic_use_blackhole_detector)); return reinterpret_cast<TestAlarmFactory::TestAlarm*>( QuicConnectionPeer::GetBlackholeDetectorAlarm(this)); } void PathDegradingTimeout() { DCHECK(PathDegradingDetectionInProgress()); - if (GetQuicReloadableFlag(quic_use_blackhole_detector)) { - GetBlackholeDetectorAlarm()->Fire(); - } else { - GetPathDegradingAlarm()->Fire(); - } + GetBlackholeDetectorAlarm()->Fire(); } bool PathDegradingDetectionInProgress() { - if (GetQuicReloadableFlag(quic_use_blackhole_detector)) { - return QuicConnectionPeer::GetPathDegradingDeadline(this).IsInitialized(); - } - return GetPathDegradingAlarm()->IsSet(); + return QuicConnectionPeer::GetPathDegradingDeadline(this).IsInitialized(); } bool BlackholeDetectionInProgress() { - DCHECK(GetQuicReloadableFlag(quic_use_blackhole_detector)); return QuicConnectionPeer::GetBlackholeDetectionDeadline(this) .IsInitialized(); } @@ -915,7 +901,8 @@ class TestConnection : public QuicConnection { if (QuicConnectionPeer::GetSentPacketManager(this)->pto_enabled()) { // PTO mode is default enabled for T099. And TLP/RTO related tests are // stale. - DCHECK_EQ(PROTOCOL_TLS1_3, version().handshake_protocol); + DCHECK(PROTOCOL_TLS1_3 == version().handshake_protocol || + GetQuicReloadableFlag(quic_default_on_pto)); return true; } return false; @@ -1094,8 +1081,6 @@ class QuicConnectionTest : public QuicTestWithParam<TestParams> { .WillRepeatedly(Return(kDefaultTCPMSS)); EXPECT_CALL(*send_algorithm_, PacingRate(_)) .WillRepeatedly(Return(QuicBandwidth::Zero())); - EXPECT_CALL(*send_algorithm_, HasReliableBandwidthEstimate()) - .Times(AnyNumber()); EXPECT_CALL(*send_algorithm_, BandwidthEstimate()) .Times(AnyNumber()) .WillRepeatedly(Return(QuicBandwidth::Zero())); @@ -1176,6 +1161,15 @@ class QuicConnectionTest : public QuicTestWithParam<TestParams> { } } + QuicFrame MakeCryptoFrame() const { + if (QuicVersionUsesCryptoFrames(connection_.transport_version())) { + return QuicFrame(new QuicCryptoFrame(crypto_frame_)); + } + return QuicFrame(QuicStreamFrame( + QuicUtils::GetCryptoStreamId(connection_.transport_version()), false, + 0u, quiche::QuicheStringPiece())); + } + void ProcessFramePacket(QuicFrame frame) { ProcessFramePacketWithAddresses(frame, kSelfAddress, kPeerAddress); } @@ -1522,7 +1516,7 @@ class QuicConnectionTest : public QuicTestWithParam<TestParams> { return ConstructPacket(header, frames); } - OwningSerializedPacketPointer ConstructProbingPacket() { + std::unique_ptr<SerializedPacket> ConstructProbingPacket() { if (VersionHasIetfQuicFrames(version().transport_version)) { QuicPathFrameBuffer payload = { {0xde, 0xad, 0xbe, 0xef, 0xba, 0xdc, 0x0f, 0xfe}}; @@ -1670,8 +1664,13 @@ class QuicConnectionTest : public QuicTestWithParam<TestParams> { const std::vector<QuicConnectionCloseFrame>& connection_close_frames = writer_->connection_close_frames(); ASSERT_EQ(1u, connection_close_frames.size()); + + EXPECT_THAT(connection_close_frames[0].quic_error_code, + IsError(expected_code)); + if (!VersionHasIetfQuicFrames(version().transport_version)) { - EXPECT_EQ(expected_code, connection_close_frames[0].quic_error_code); + EXPECT_THAT(connection_close_frames[0].wire_error_code, + IsError(expected_code)); EXPECT_EQ(GOOGLE_QUIC_CONNECTION_CLOSE, connection_close_frames[0].close_type); return; @@ -1680,22 +1679,16 @@ class QuicConnectionTest : public QuicTestWithParam<TestParams> { QuicErrorCodeToIetfMapping mapping = QuicErrorCodeToTransportErrorCode(expected_code); - if (mapping.is_transport_close_) { + if (mapping.is_transport_close) { // This Google QUIC Error Code maps to a transport close, EXPECT_EQ(IETF_QUIC_TRANSPORT_CONNECTION_CLOSE, connection_close_frames[0].close_type); - EXPECT_EQ(mapping.transport_error_code_, - connection_close_frames[0].transport_error_code); - // TODO(fkastenholz): when the extracted error code CL lands, - // need to test that extracted==expected. } else { // This maps to an application close. - EXPECT_EQ(expected_code, connection_close_frames[0].quic_error_code); EXPECT_EQ(IETF_QUIC_APPLICATION_CONNECTION_CLOSE, connection_close_frames[0].close_type); - // TODO(fkastenholz): when the extracted error code CL lands, - // need to test that extracted==expected. } + EXPECT_EQ(mapping.error_code, connection_close_frames[0].wire_error_code); } void MtuDiscoveryTestInit() { @@ -1719,6 +1712,10 @@ class QuicConnectionTest : public QuicTestWithParam<TestParams> { EXPECT_TRUE(connection_.connected()); } + void TestClientRetryHandling(bool invalid_retry_tag, + bool missing_id_in_config, + bool wrong_id_in_config); + QuicConnectionId connection_id_; QuicFramer framer_; @@ -1752,7 +1749,7 @@ class QuicConnectionTest : public QuicTestWithParam<TestParams> { }; // Run all end to end tests with all supported versions. -INSTANTIATE_TEST_SUITE_P(SupportedVersion, +INSTANTIATE_TEST_SUITE_P(QuicConnectionTests, QuicConnectionTest, ::testing::ValuesIn(GetTestParams()), ::testing::PrintToStringParamName()); @@ -1763,7 +1760,7 @@ INSTANTIATE_TEST_SUITE_P(SupportedVersion, // close, the second an application connection close. // The connection close codes for the two tests are manually chosen; // they are expected to always map to transport- and application- -// closes, respectively. If that changes, mew codes should be chosen. +// closes, respectively. If that changes, new codes should be chosen. TEST_P(QuicConnectionTest, CloseErrorCodeTestTransport) { EXPECT_TRUE(connection_.connected()); EXPECT_CALL(visitor_, OnConnectionClosed(_, _)); @@ -1793,17 +1790,13 @@ TEST_P(QuicConnectionTest, SelfAddressChangeAtClient) { EXPECT_EQ(Perspective::IS_CLIENT, connection_.perspective()); EXPECT_TRUE(connection_.connected()); - QuicFrame frame; if (QuicVersionUsesCryptoFrames(connection_.transport_version())) { - frame = QuicFrame(&crypto_frame_); EXPECT_CALL(visitor_, OnCryptoFrame(_)); } else { - frame = QuicFrame(QuicStreamFrame( - QuicUtils::GetCryptoStreamId(connection_.transport_version()), false, - 0u, quiche::QuicheStringPiece())); EXPECT_CALL(visitor_, OnStreamFrame(_)); } - ProcessFramePacketWithAddresses(frame, kSelfAddress, kPeerAddress); + ProcessFramePacketWithAddresses(MakeCryptoFrame(), kSelfAddress, + kPeerAddress); // Cause change in self_address. QuicIpAddress host; host.FromString("1.1.1.1"); @@ -1813,7 +1806,8 @@ TEST_P(QuicConnectionTest, SelfAddressChangeAtClient) { } else { EXPECT_CALL(visitor_, OnStreamFrame(_)); } - ProcessFramePacketWithAddresses(frame, self_address, kPeerAddress); + ProcessFramePacketWithAddresses(MakeCryptoFrame(), self_address, + kPeerAddress); EXPECT_TRUE(connection_.connected()); } @@ -1824,24 +1818,21 @@ TEST_P(QuicConnectionTest, SelfAddressChangeAtServer) { EXPECT_EQ(Perspective::IS_SERVER, connection_.perspective()); EXPECT_TRUE(connection_.connected()); - QuicFrame frame; if (QuicVersionUsesCryptoFrames(connection_.transport_version())) { - frame = QuicFrame(&crypto_frame_); EXPECT_CALL(visitor_, OnCryptoFrame(_)); } else { - frame = QuicFrame(QuicStreamFrame( - QuicUtils::GetCryptoStreamId(connection_.transport_version()), false, - 0u, quiche::QuicheStringPiece())); EXPECT_CALL(visitor_, OnStreamFrame(_)); } - ProcessFramePacketWithAddresses(frame, kSelfAddress, kPeerAddress); + ProcessFramePacketWithAddresses(MakeCryptoFrame(), kSelfAddress, + kPeerAddress); // Cause change in self_address. QuicIpAddress host; host.FromString("1.1.1.1"); QuicSocketAddress self_address(host, 123); EXPECT_CALL(visitor_, AllowSelfAddressChange()).WillOnce(Return(false)); EXPECT_CALL(visitor_, OnConnectionClosed(_, _)); - ProcessFramePacketWithAddresses(frame, self_address, kPeerAddress); + ProcessFramePacketWithAddresses(MakeCryptoFrame(), self_address, + kPeerAddress); EXPECT_FALSE(connection_.connected()); TestConnectionCloseQuicErrorCode(QUIC_ERROR_MIGRATING_ADDRESS); } @@ -1853,29 +1844,27 @@ TEST_P(QuicConnectionTest, AllowSelfAddressChangeToMappedIpv4AddressAtServer) { EXPECT_EQ(Perspective::IS_SERVER, connection_.perspective()); EXPECT_TRUE(connection_.connected()); - QuicFrame frame; if (QuicVersionUsesCryptoFrames(connection_.transport_version())) { - frame = QuicFrame(&crypto_frame_); EXPECT_CALL(visitor_, OnCryptoFrame(_)).Times(3); } else { - frame = QuicFrame(QuicStreamFrame( - QuicUtils::GetCryptoStreamId(connection_.transport_version()), false, - 0u, quiche::QuicheStringPiece())); EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(3); } QuicIpAddress host; host.FromString("1.1.1.1"); QuicSocketAddress self_address1(host, 443); - ProcessFramePacketWithAddresses(frame, self_address1, kPeerAddress); + ProcessFramePacketWithAddresses(MakeCryptoFrame(), self_address1, + kPeerAddress); // Cause self_address change to mapped Ipv4 address. QuicIpAddress host2; host2.FromString(quiche::QuicheStrCat( "::ffff:", connection_.self_address().host().ToString())); QuicSocketAddress self_address2(host2, connection_.self_address().port()); - ProcessFramePacketWithAddresses(frame, self_address2, kPeerAddress); + ProcessFramePacketWithAddresses(MakeCryptoFrame(), self_address2, + kPeerAddress); EXPECT_TRUE(connection_.connected()); // self_address change back to Ipv4 address. - ProcessFramePacketWithAddresses(frame, self_address1, kPeerAddress); + ProcessFramePacketWithAddresses(MakeCryptoFrame(), self_address1, + kPeerAddress); EXPECT_TRUE(connection_.connected()); } @@ -1890,21 +1879,17 @@ TEST_P(QuicConnectionTest, ClientAddressChangeAndPacketReordered) { QuicConnectionPeer::SetEffectivePeerAddress(&connection_, QuicSocketAddress()); - QuicFrame frame; if (QuicVersionUsesCryptoFrames(connection_.transport_version())) { - frame = QuicFrame(&crypto_frame_); EXPECT_CALL(visitor_, OnCryptoFrame(_)).Times(AnyNumber()); } else { - frame = QuicFrame(QuicStreamFrame( - QuicUtils::GetCryptoStreamId(connection_.transport_version()), false, - 0u, quiche::QuicheStringPiece())); EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(AnyNumber()); } QuicPacketCreatorPeer::SetPacketNumber(&peer_creator_, 5); const QuicSocketAddress kNewPeerAddress = QuicSocketAddress(QuicIpAddress::Loopback6(), /*port=*/23456); - ProcessFramePacketWithAddresses(frame, kSelfAddress, kNewPeerAddress); + ProcessFramePacketWithAddresses(MakeCryptoFrame(), kSelfAddress, + kNewPeerAddress); EXPECT_EQ(kNewPeerAddress, connection_.peer_address()); EXPECT_EQ(kNewPeerAddress, connection_.effective_peer_address()); @@ -1912,7 +1897,8 @@ TEST_P(QuicConnectionTest, ClientAddressChangeAndPacketReordered) { QuicPacketCreatorPeer::SetPacketNumber(&peer_creator_, 4); // This is an old packet, do not migrate. EXPECT_CALL(visitor_, OnConnectionMigration(PORT_CHANGE)).Times(0); - ProcessFramePacketWithAddresses(frame, kSelfAddress, kPeerAddress); + ProcessFramePacketWithAddresses(MakeCryptoFrame(), kSelfAddress, + kPeerAddress); EXPECT_EQ(kNewPeerAddress, connection_.peer_address()); EXPECT_EQ(kNewPeerAddress, connection_.effective_peer_address()); } @@ -1930,17 +1916,13 @@ TEST_P(QuicConnectionTest, PeerAddressChangeAtServer) { QuicSocketAddress()); EXPECT_FALSE(connection_.effective_peer_address().IsInitialized()); - QuicFrame frame; if (QuicVersionUsesCryptoFrames(connection_.transport_version())) { - frame = QuicFrame(&crypto_frame_); EXPECT_CALL(visitor_, OnCryptoFrame(_)).Times(AnyNumber()); } else { - frame = QuicFrame(QuicStreamFrame( - QuicUtils::GetCryptoStreamId(connection_.transport_version()), false, - 0u, quiche::QuicheStringPiece())); EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(AnyNumber()); } - ProcessFramePacketWithAddresses(frame, kSelfAddress, kPeerAddress); + ProcessFramePacketWithAddresses(MakeCryptoFrame(), kSelfAddress, + kPeerAddress); EXPECT_EQ(kPeerAddress, connection_.peer_address()); EXPECT_EQ(kPeerAddress, connection_.effective_peer_address()); @@ -1949,7 +1931,8 @@ TEST_P(QuicConnectionTest, PeerAddressChangeAtServer) { const QuicSocketAddress kNewPeerAddress = QuicSocketAddress(QuicIpAddress::Loopback6(), /*port=*/23456); EXPECT_CALL(visitor_, OnConnectionMigration(PORT_CHANGE)).Times(1); - ProcessFramePacketWithAddresses(frame, kSelfAddress, kNewPeerAddress); + ProcessFramePacketWithAddresses(MakeCryptoFrame(), kSelfAddress, + kNewPeerAddress); EXPECT_EQ(kNewPeerAddress, connection_.peer_address()); EXPECT_EQ(kNewPeerAddress, connection_.effective_peer_address()); } @@ -1969,17 +1952,13 @@ TEST_P(QuicConnectionTest, EffectivePeerAddressChangeAtServer) { QuicSocketAddress(QuicIpAddress::Loopback6(), /*port=*/43210); connection_.ReturnEffectivePeerAddressForNextPacket(kEffectivePeerAddress); - QuicFrame frame; if (QuicVersionUsesCryptoFrames(connection_.transport_version())) { - frame = QuicFrame(&crypto_frame_); EXPECT_CALL(visitor_, OnCryptoFrame(_)).Times(AnyNumber()); } else { - frame = QuicFrame(QuicStreamFrame( - QuicUtils::GetCryptoStreamId(connection_.transport_version()), false, - 0u, quiche::QuicheStringPiece())); EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(AnyNumber()); } - ProcessFramePacketWithAddresses(frame, kSelfAddress, kPeerAddress); + ProcessFramePacketWithAddresses(MakeCryptoFrame(), kSelfAddress, + kPeerAddress); EXPECT_EQ(kPeerAddress, connection_.peer_address()); EXPECT_EQ(kEffectivePeerAddress, connection_.effective_peer_address()); @@ -1989,7 +1968,8 @@ TEST_P(QuicConnectionTest, EffectivePeerAddressChangeAtServer) { QuicSocketAddress(QuicIpAddress::Loopback6(), /*port=*/54321); connection_.ReturnEffectivePeerAddressForNextPacket(kNewEffectivePeerAddress); EXPECT_CALL(visitor_, OnConnectionMigration(PORT_CHANGE)).Times(1); - ProcessFramePacketWithAddresses(frame, kSelfAddress, kPeerAddress); + ProcessFramePacketWithAddresses(MakeCryptoFrame(), kSelfAddress, + kPeerAddress); EXPECT_EQ(kPeerAddress, connection_.peer_address()); EXPECT_EQ(kNewEffectivePeerAddress, connection_.effective_peer_address()); @@ -2018,7 +1998,8 @@ TEST_P(QuicConnectionTest, EffectivePeerAddressChangeAtServer) { connection_.ReturnEffectivePeerAddressForNextPacket( kNewerEffectivePeerAddress); EXPECT_CALL(visitor_, OnConnectionMigration(PORT_CHANGE)).Times(1); - ProcessFramePacketWithAddresses(frame, kSelfAddress, kFinalPeerAddress); + ProcessFramePacketWithAddresses(MakeCryptoFrame(), kSelfAddress, + kFinalPeerAddress); EXPECT_EQ(kFinalPeerAddress, connection_.peer_address()); EXPECT_EQ(kNewerEffectivePeerAddress, connection_.effective_peer_address()); EXPECT_EQ(PORT_CHANGE, connection_.active_effective_peer_migration_type()); @@ -2032,7 +2013,8 @@ TEST_P(QuicConnectionTest, EffectivePeerAddressChangeAtServer) { kNewestEffectivePeerAddress); EXPECT_CALL(visitor_, OnConnectionMigration(IPV6_TO_IPV4_CHANGE)).Times(1); EXPECT_CALL(*send_algorithm_, OnConnectionMigration()).Times(1); - ProcessFramePacketWithAddresses(frame, kSelfAddress, kFinalPeerAddress); + ProcessFramePacketWithAddresses(MakeCryptoFrame(), kSelfAddress, + kFinalPeerAddress); EXPECT_EQ(kFinalPeerAddress, connection_.peer_address()); EXPECT_EQ(kNewestEffectivePeerAddress, connection_.effective_peer_address()); EXPECT_EQ(IPV6_TO_IPV4_CHANGE, @@ -2052,17 +2034,13 @@ TEST_P(QuicConnectionTest, ReceivePathProbeWithNoAddressChangeAtServer) { QuicSocketAddress()); EXPECT_FALSE(connection_.effective_peer_address().IsInitialized()); - QuicFrame frame; if (QuicVersionUsesCryptoFrames(connection_.transport_version())) { - frame = QuicFrame(&crypto_frame_); EXPECT_CALL(visitor_, OnCryptoFrame(_)).Times(AnyNumber()); } else { - frame = QuicFrame(QuicStreamFrame( - QuicUtils::GetCryptoStreamId(connection_.transport_version()), false, - 0u, quiche::QuicheStringPiece())); EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(AnyNumber()); } - ProcessFramePacketWithAddresses(frame, kSelfAddress, kPeerAddress); + ProcessFramePacketWithAddresses(MakeCryptoFrame(), kSelfAddress, + kPeerAddress); EXPECT_EQ(kPeerAddress, connection_.peer_address()); EXPECT_EQ(kPeerAddress, connection_.effective_peer_address()); @@ -2071,7 +2049,7 @@ TEST_P(QuicConnectionTest, ReceivePathProbeWithNoAddressChangeAtServer) { // Process a padded PING or PATH CHALLENGE packet with no peer address change // on server side will be ignored. - OwningSerializedPacketPointer probing_packet = ConstructProbingPacket(); + std::unique_ptr<SerializedPacket> probing_packet = ConstructProbingPacket(); std::unique_ptr<QuicReceivedPacket> received(ConstructReceivedPacket( QuicEncryptedPacket(probing_packet->encrypted_buffer, @@ -2088,6 +2066,24 @@ TEST_P(QuicConnectionTest, ReceivePathProbeWithNoAddressChangeAtServer) { EXPECT_EQ(kPeerAddress, connection_.effective_peer_address()); } +// Regression test for b/150161358. +TEST_P(QuicConnectionTest, BufferedMtuPacketTooBig) { + if (!GetQuicReloadableFlag(quic_ignore_msg_too_big_from_buffered_packets)) { + return; + } + EXPECT_CALL(visitor_, OnWriteBlocked()).Times(1); + writer_->SetWriteBlocked(); + + // Send a MTU packet while blocked. It should be buffered. + connection_.SendMtuDiscoveryPacket(kMaxOutgoingPacketSize); + EXPECT_EQ(1u, connection_.NumQueuedPackets()); + EXPECT_TRUE(writer_->IsWriteBlocked()); + + writer_->AlwaysGetPacketTooLarge(); + writer_->SetWritable(); + connection_.OnCanWrite(); +} + TEST_P(QuicConnectionTest, WriteOutOfOrderQueuedPackets) { // EXPECT_QUIC_BUG tests are expensive so only run one instance of them. if (!IsDefaultTestConfiguration()) { @@ -2154,17 +2150,13 @@ TEST_P(QuicConnectionTest, ReceivePathProbingAtServer) { QuicSocketAddress()); EXPECT_FALSE(connection_.effective_peer_address().IsInitialized()); - QuicFrame frame; if (QuicVersionUsesCryptoFrames(connection_.transport_version())) { - frame = QuicFrame(&crypto_frame_); EXPECT_CALL(visitor_, OnCryptoFrame(_)).Times(AnyNumber()); } else { - frame = QuicFrame(QuicStreamFrame( - QuicUtils::GetCryptoStreamId(connection_.transport_version()), false, - 0u, quiche::QuicheStringPiece())); EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(AnyNumber()); } - ProcessFramePacketWithAddresses(frame, kSelfAddress, kPeerAddress); + ProcessFramePacketWithAddresses(MakeCryptoFrame(), kSelfAddress, + kPeerAddress); EXPECT_EQ(kPeerAddress, connection_.peer_address()); EXPECT_EQ(kPeerAddress, connection_.effective_peer_address()); @@ -2181,7 +2173,7 @@ TEST_P(QuicConnectionTest, ReceivePathProbingAtServer) { const QuicSocketAddress kNewPeerAddress = QuicSocketAddress(QuicIpAddress::Loopback6(), /*port=*/23456); - OwningSerializedPacketPointer probing_packet = ConstructProbingPacket(); + std::unique_ptr<SerializedPacket> probing_packet = ConstructProbingPacket(); std::unique_ptr<QuicReceivedPacket> received(ConstructReceivedPacket( QuicEncryptedPacket(probing_packet->encrypted_buffer, probing_packet->encrypted_length), @@ -2199,7 +2191,8 @@ TEST_P(QuicConnectionTest, ReceivePathProbingAtServer) { // Process another packet with the old peer address on server side will not // start peer migration. EXPECT_CALL(visitor_, OnConnectionMigration(PORT_CHANGE)).Times(0); - ProcessFramePacketWithAddresses(frame, kSelfAddress, kPeerAddress); + ProcessFramePacketWithAddresses(MakeCryptoFrame(), kSelfAddress, + kPeerAddress); EXPECT_EQ(kPeerAddress, connection_.peer_address()); EXPECT_EQ(kPeerAddress, connection_.effective_peer_address()); } @@ -2218,17 +2211,13 @@ TEST_P(QuicConnectionTest, ReceivePaddedPingWithPortChangeAtServer) { QuicSocketAddress()); EXPECT_FALSE(connection_.effective_peer_address().IsInitialized()); - QuicFrame frame; if (GetParam().version.UsesCryptoFrames()) { - frame = QuicFrame(&crypto_frame_); EXPECT_CALL(visitor_, OnCryptoFrame(_)).Times(AnyNumber()); } else { - frame = QuicFrame(QuicStreamFrame( - QuicUtils::GetCryptoStreamId(connection_.transport_version()), false, - 0u, quiche::QuicheStringPiece())); EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(AnyNumber()); } - ProcessFramePacketWithAddresses(frame, kSelfAddress, kPeerAddress); + ProcessFramePacketWithAddresses(MakeCryptoFrame(), kSelfAddress, + kPeerAddress); EXPECT_EQ(kPeerAddress, connection_.peer_address()); EXPECT_EQ(kPeerAddress, connection_.effective_peer_address()); @@ -2282,7 +2271,8 @@ TEST_P(QuicConnectionTest, ReceivePaddedPingWithPortChangeAtServer) { } else { EXPECT_CALL(visitor_, OnConnectionMigration(PORT_CHANGE)).Times(0); } - ProcessFramePacketWithAddresses(frame, kSelfAddress, kPeerAddress); + ProcessFramePacketWithAddresses(MakeCryptoFrame(), kSelfAddress, + kPeerAddress); EXPECT_EQ(kPeerAddress, connection_.peer_address()); EXPECT_EQ(kPeerAddress, connection_.effective_peer_address()); } @@ -2300,18 +2290,14 @@ TEST_P(QuicConnectionTest, ReceiveReorderedPathProbingAtServer) { QuicSocketAddress()); EXPECT_FALSE(connection_.effective_peer_address().IsInitialized()); - QuicFrame frame; if (QuicVersionUsesCryptoFrames(connection_.transport_version())) { - frame = QuicFrame(&crypto_frame_); EXPECT_CALL(visitor_, OnCryptoFrame(_)).Times(AnyNumber()); } else { - frame = QuicFrame(QuicStreamFrame( - QuicUtils::GetCryptoStreamId(connection_.transport_version()), false, - 0u, quiche::QuicheStringPiece())); EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(AnyNumber()); } QuicPacketCreatorPeer::SetPacketNumber(&peer_creator_, 5); - ProcessFramePacketWithAddresses(frame, kSelfAddress, kPeerAddress); + ProcessFramePacketWithAddresses(MakeCryptoFrame(), kSelfAddress, + kPeerAddress); EXPECT_EQ(kPeerAddress, connection_.peer_address()); EXPECT_EQ(kPeerAddress, connection_.effective_peer_address()); @@ -2333,7 +2319,7 @@ TEST_P(QuicConnectionTest, ReceiveReorderedPathProbingAtServer) { const QuicSocketAddress kNewPeerAddress = QuicSocketAddress(QuicIpAddress::Loopback6(), /*port=*/23456); - OwningSerializedPacketPointer probing_packet = ConstructProbingPacket(); + std::unique_ptr<SerializedPacket> probing_packet = ConstructProbingPacket(); std::unique_ptr<QuicReceivedPacket> received(ConstructReceivedPacket( QuicEncryptedPacket(probing_packet->encrypted_buffer, probing_packet->encrypted_length), @@ -2362,17 +2348,13 @@ TEST_P(QuicConnectionTest, MigrateAfterProbingAtServer) { QuicSocketAddress()); EXPECT_FALSE(connection_.effective_peer_address().IsInitialized()); - QuicFrame frame; if (QuicVersionUsesCryptoFrames(connection_.transport_version())) { - frame = QuicFrame(&crypto_frame_); EXPECT_CALL(visitor_, OnCryptoFrame(_)).Times(AnyNumber()); } else { - frame = QuicFrame(QuicStreamFrame( - QuicUtils::GetCryptoStreamId(connection_.transport_version()), false, - 0u, quiche::QuicheStringPiece())); EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(AnyNumber()); } - ProcessFramePacketWithAddresses(frame, kSelfAddress, kPeerAddress); + ProcessFramePacketWithAddresses(MakeCryptoFrame(), kSelfAddress, + kPeerAddress); EXPECT_EQ(kPeerAddress, connection_.peer_address()); EXPECT_EQ(kPeerAddress, connection_.effective_peer_address()); @@ -2390,7 +2372,7 @@ TEST_P(QuicConnectionTest, MigrateAfterProbingAtServer) { const QuicSocketAddress kNewPeerAddress = QuicSocketAddress(QuicIpAddress::Loopback6(), /*port=*/23456); - OwningSerializedPacketPointer probing_packet = ConstructProbingPacket(); + std::unique_ptr<SerializedPacket> probing_packet = ConstructProbingPacket(); std::unique_ptr<QuicReceivedPacket> received(ConstructReceivedPacket( QuicEncryptedPacket(probing_packet->encrypted_buffer, probing_packet->encrypted_length), @@ -2403,7 +2385,8 @@ TEST_P(QuicConnectionTest, MigrateAfterProbingAtServer) { // side will start peer migration. EXPECT_CALL(visitor_, OnConnectionMigration(PORT_CHANGE)).Times(1); - ProcessFramePacketWithAddresses(frame, kSelfAddress, kNewPeerAddress); + ProcessFramePacketWithAddresses(MakeCryptoFrame(), kSelfAddress, + kNewPeerAddress); EXPECT_EQ(kNewPeerAddress, connection_.peer_address()); EXPECT_EQ(kNewPeerAddress, connection_.effective_peer_address()); } @@ -2421,17 +2404,13 @@ TEST_P(QuicConnectionTest, ReceivePaddedPingAtClient) { QuicSocketAddress()); EXPECT_FALSE(connection_.effective_peer_address().IsInitialized()); - QuicFrame frame; if (QuicVersionUsesCryptoFrames(connection_.transport_version())) { - frame = QuicFrame(&crypto_frame_); EXPECT_CALL(visitor_, OnCryptoFrame(_)).Times(AnyNumber()); } else { - frame = QuicFrame(QuicStreamFrame( - QuicUtils::GetCryptoStreamId(connection_.transport_version()), false, - 0u, quiche::QuicheStringPiece())); EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(AnyNumber()); } - ProcessFramePacketWithAddresses(frame, kSelfAddress, kPeerAddress); + ProcessFramePacketWithAddresses(MakeCryptoFrame(), kSelfAddress, + kPeerAddress); EXPECT_EQ(kPeerAddress, connection_.peer_address()); EXPECT_EQ(kPeerAddress, connection_.effective_peer_address()); @@ -2440,7 +2419,7 @@ TEST_P(QuicConnectionTest, ReceivePaddedPingAtClient) { EXPECT_CALL(visitor_, OnConnectionMigration(PORT_CHANGE)).Times(0); EXPECT_CALL(visitor_, OnPacketReceived(_, _, false)).Times(1); - OwningSerializedPacketPointer probing_packet = ConstructProbingPacket(); + std::unique_ptr<SerializedPacket> probing_packet = ConstructProbingPacket(); std::unique_ptr<QuicReceivedPacket> received(ConstructReceivedPacket( QuicEncryptedPacket(probing_packet->encrypted_buffer, probing_packet->encrypted_length), @@ -2474,17 +2453,13 @@ TEST_P(QuicConnectionTest, ReceiveConnectivityProbingResponseAtClient) { QuicSocketAddress()); EXPECT_FALSE(connection_.effective_peer_address().IsInitialized()); - QuicFrame frame; if (QuicVersionUsesCryptoFrames(connection_.transport_version())) { - frame = QuicFrame(&crypto_frame_); EXPECT_CALL(visitor_, OnCryptoFrame(_)).Times(AnyNumber()); } else { - frame = QuicFrame(QuicStreamFrame( - QuicUtils::GetCryptoStreamId(connection_.transport_version()), false, - 0u, quiche::QuicheStringPiece())); EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(AnyNumber()); } - ProcessFramePacketWithAddresses(frame, kSelfAddress, kPeerAddress); + ProcessFramePacketWithAddresses(MakeCryptoFrame(), kSelfAddress, + kPeerAddress); EXPECT_EQ(kPeerAddress, connection_.peer_address()); EXPECT_EQ(kPeerAddress, connection_.effective_peer_address()); @@ -2502,7 +2477,7 @@ TEST_P(QuicConnectionTest, ReceiveConnectivityProbingResponseAtClient) { const QuicSocketAddress kNewSelfAddress = QuicSocketAddress(QuicIpAddress::Loopback6(), /*port=*/23456); - OwningSerializedPacketPointer probing_packet = ConstructProbingPacket(); + std::unique_ptr<SerializedPacket> probing_packet = ConstructProbingPacket(); std::unique_ptr<QuicReceivedPacket> received(ConstructReceivedPacket( QuicEncryptedPacket(probing_packet->encrypted_buffer, probing_packet->encrypted_length), @@ -2530,17 +2505,13 @@ TEST_P(QuicConnectionTest, PeerAddressChangeAtClient) { QuicSocketAddress()); EXPECT_FALSE(connection_.effective_peer_address().IsInitialized()); - QuicFrame frame; if (QuicVersionUsesCryptoFrames(connection_.transport_version())) { - frame = QuicFrame(&crypto_frame_); EXPECT_CALL(visitor_, OnCryptoFrame(_)).Times(AnyNumber()); } else { - frame = QuicFrame(QuicStreamFrame( - QuicUtils::GetCryptoStreamId(connection_.transport_version()), false, - 0u, quiche::QuicheStringPiece())); EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(AnyNumber()); } - ProcessFramePacketWithAddresses(frame, kSelfAddress, kPeerAddress); + ProcessFramePacketWithAddresses(MakeCryptoFrame(), kSelfAddress, + kPeerAddress); EXPECT_EQ(kPeerAddress, connection_.peer_address()); EXPECT_EQ(kPeerAddress, connection_.effective_peer_address()); @@ -2549,7 +2520,8 @@ TEST_P(QuicConnectionTest, PeerAddressChangeAtClient) { const QuicSocketAddress kNewPeerAddress = QuicSocketAddress(QuicIpAddress::Loopback6(), /*port=*/23456); EXPECT_CALL(visitor_, OnConnectionMigration(PORT_CHANGE)).Times(0); - ProcessFramePacketWithAddresses(frame, kSelfAddress, kNewPeerAddress); + ProcessFramePacketWithAddresses(MakeCryptoFrame(), kSelfAddress, + kNewPeerAddress); EXPECT_EQ(kNewPeerAddress, connection_.peer_address()); EXPECT_EQ(kNewPeerAddress, connection_.effective_peer_address()); } @@ -2866,7 +2838,8 @@ TEST_P(QuicConnectionTest, AckReceiptCausesAckSend) { LostPacketVector lost_packets; lost_packets.push_back(LostPacket(original, kMaxOutgoingPacketSize)); EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _, _, _)) - .WillOnce(SetArgPointee<5>(lost_packets)); + .WillOnce(DoAll(SetArgPointee<5>(lost_packets), + Return(LossDetectionInterface::DetectionStats()))); EXPECT_CALL(*send_algorithm_, OnCongestionEvent(true, _, _, _, _)); QuicPacketNumber retransmission; // Packet 1 is short header for IETF QUIC because the encryption level @@ -3019,7 +2992,6 @@ TEST_P(QuicConnectionTest, AckNeedsRetransmittableFrames) { } TEST_P(QuicConnectionTest, AckNeedsRetransmittableFramesAfterPto) { - SetQuicReloadableFlag(quic_bundle_retransmittable_with_pto_ack, true); // Disable TLP so the RTO fires immediately. connection_.SetMaxTailLossProbes(0); EXPECT_CALL(*send_algorithm_, SetFromConfig(_, _)); @@ -3587,7 +3559,8 @@ TEST_P(QuicConnectionTest, RetransmitOnNack) { lost_packets.push_back( LostPacket(QuicPacketNumber(2), kMaxOutgoingPacketSize)); EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _, _, _)) - .WillOnce(SetArgPointee<5>(lost_packets)); + .WillOnce(DoAll(SetArgPointee<5>(lost_packets), + Return(LossDetectionInterface::DetectionStats()))); EXPECT_CALL(*send_algorithm_, OnCongestionEvent(true, _, _, _, _)); EXPECT_CALL(*send_algorithm_, OnPacketSent(_, _, _, _, _)).Times(1); EXPECT_FALSE(QuicPacketCreatorPeer::SendVersionInPacket(creator_)); @@ -3669,7 +3642,8 @@ TEST_P(QuicConnectionTest, RetransmitForQuicRstStreamNoErrorOnNack) { LostPacketVector lost_packets; lost_packets.push_back(LostPacket(last_packet - 1, kMaxOutgoingPacketSize)); EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _, _, _)) - .WillOnce(SetArgPointee<5>(lost_packets)); + .WillOnce(DoAll(SetArgPointee<5>(lost_packets), + Return(LossDetectionInterface::DetectionStats()))); EXPECT_CALL(*send_algorithm_, OnCongestionEvent(true, _, _, _, _)); EXPECT_CALL(*send_algorithm_, OnPacketSent(_, _, _, _, _)).Times(AtLeast(1)); ProcessAckPacket(&nack_two); @@ -3789,7 +3763,8 @@ TEST_P(QuicConnectionTest, SendPendingRetransmissionForQuicRstStreamNoError) { LostPacketVector lost_packets; lost_packets.push_back(LostPacket(last_packet - 1, kMaxOutgoingPacketSize)); EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _, _, _)) - .WillOnce(SetArgPointee<5>(lost_packets)); + .WillOnce(DoAll(SetArgPointee<5>(lost_packets), + Return(LossDetectionInterface::DetectionStats()))); EXPECT_CALL(*send_algorithm_, OnCongestionEvent(true, _, _, _, _)); EXPECT_CALL(*send_algorithm_, OnPacketSent(_, _, _, _, _)).Times(0); ProcessAckPacket(&ack); @@ -3828,7 +3803,8 @@ TEST_P(QuicConnectionTest, RetransmitAckedPacket) { lost_packets.push_back( LostPacket(QuicPacketNumber(2), kMaxOutgoingPacketSize)); EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _, _, _)) - .WillOnce(SetArgPointee<5>(lost_packets)); + .WillOnce(DoAll(SetArgPointee<5>(lost_packets), + Return(LossDetectionInterface::DetectionStats()))); EXPECT_CALL(*send_algorithm_, OnCongestionEvent(true, _, _, _, _)); EXPECT_CALL(*send_algorithm_, OnPacketSent(_, _, QuicPacketNumber(4), _, _)) .Times(1); @@ -3865,7 +3841,8 @@ TEST_P(QuicConnectionTest, RetransmitNackedLargestObserved) { LostPacketVector lost_packets; lost_packets.push_back(LostPacket(original, kMaxOutgoingPacketSize)); EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _, _, _)) - .WillOnce(SetArgPointee<5>(lost_packets)); + .WillOnce(DoAll(SetArgPointee<5>(lost_packets), + Return(LossDetectionInterface::DetectionStats()))); EXPECT_CALL(*send_algorithm_, OnCongestionEvent(true, _, _, _, _)); // Packet 1 is short header for IETF QUIC because the encryption level // switched to ENCRYPTION_FORWARD_SECURE in SendStreamDataToPeer. @@ -3960,8 +3937,10 @@ TEST_P(QuicConnectionTest, RetransmitWriteBlockedAckedOriginalThenSent) { writer_->SetWritable(); connection_.OnCanWrite(); EXPECT_TRUE(connection_.GetRetransmissionAlarm()->IsSet()); - const uint64_t retransmission = - connection_.SupportsMultiplePacketNumberSpaces() ? 3 : 2; + uint64_t retransmission = connection_.SupportsMultiplePacketNumberSpaces() && + !GetQuicReloadableFlag(quic_default_on_pto) + ? 3 + : 2; EXPECT_FALSE(QuicConnectionPeer::HasRetransmittableFrames(&connection_, retransmission)); } @@ -4082,7 +4061,8 @@ TEST_P(QuicConnectionTest, NoLimitPacketsPerNack) { LostPacket(QuicPacketNumber(i), kMaxOutgoingPacketSize)); } EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _, _, _)) - .WillOnce(SetArgPointee<5>(lost_packets)); + .WillOnce(DoAll(SetArgPointee<5>(lost_packets), + Return(LossDetectionInterface::DetectionStats()))); EXPECT_CALL(*send_algorithm_, OnCongestionEvent(true, _, _, _, _)); EXPECT_CALL(*send_algorithm_, OnPacketSent(_, _, _, _, _)).Times(1); ProcessAckPacket(&nack); @@ -4190,6 +4170,9 @@ TEST_P(QuicConnectionTest, DontLatchUnackedPacket) { } TEST_P(QuicConnectionTest, TLP) { + if (connection_.PtoEnabled()) { + return; + } connection_.SetMaxTailLossProbes(1); SendStreamDataToPeer(3, "foo", 0, NO_FIN, nullptr); @@ -4257,8 +4240,7 @@ TEST_P(QuicConnectionTest, TailLossProbeDelayForNonStreamDataInTLPR) { QuicTagVector options; options.push_back(kTLPR); config.SetConnectionOptionsToSend(options); - QuicConfigPeer::ReceiveIdleNetworkTimeout(&config, SERVER, - kDefaultIdleTimeoutSecs); + QuicConfigPeer::SetNegotiated(&config, true); connection_.SetFromConfig(config); connection_.SetMaxTailLossProbes(1); @@ -4795,8 +4777,7 @@ TEST_P(QuicConnectionTest, IdleTimeoutAfterFirstSentPacket) { EXPECT_CALL(visitor_, OnConnectionClosed(_, _)).Times(0); QuicTime::Delta delay = initial_ddl - clock_.ApproximateNow(); clock_.AdvanceTime(delay); - if (!GetQuicReloadableFlag(quic_use_blackhole_detector) || - !GetQuicReloadableFlag(quic_use_idle_network_detector)) { + if (!GetQuicReloadableFlag(quic_use_idle_network_detector)) { connection_.GetTimeoutAlarm()->Fire(); } // Verify the timeout alarm deadline is updated. @@ -4887,8 +4868,7 @@ TEST_P(QuicConnectionTest, HandshakeTimeout) { EXPECT_CALL(*send_algorithm_, OnCongestionEvent(true, _, _, _, _)); ProcessAckPacket(&frame); - if (!GetQuicReloadableFlag(quic_use_blackhole_detector) || - !GetQuicReloadableFlag(quic_use_idle_network_detector)) { + if (!GetQuicReloadableFlag(quic_use_idle_network_detector)) { // Fire early to verify it wouldn't timeout yet. connection_.GetTimeoutAlarm()->Fire(); } @@ -5167,23 +5147,21 @@ TEST_P(QuicConnectionTest, MtuDiscoveryEnabled) { // The last probe size should be equal to the target. EXPECT_EQ(probe_size, kMtuDiscoveryTargetPacketSizeHigh); - if (GetQuicReloadableFlag(quic_ignore_one_write_error_after_mtu_probe)) { - writer_->SetShouldWriteFail(); + writer_->SetShouldWriteFail(); - // Ignore PACKET_WRITE_ERROR once. - SendStreamDataToPeer(3, "(", stream_offset++, NO_FIN, nullptr); - EXPECT_EQ(last_probe_size, connection_.max_packet_length()); - EXPECT_TRUE(connection_.connected()); + // Ignore PACKET_WRITE_ERROR once. + SendStreamDataToPeer(3, "(", stream_offset++, NO_FIN, nullptr); + EXPECT_EQ(last_probe_size, connection_.max_packet_length()); + EXPECT_TRUE(connection_.connected()); - // Close connection on another PACKET_WRITE_ERROR. - EXPECT_CALL(visitor_, OnConnectionClosed(_, _)) - .WillOnce(Invoke(this, &QuicConnectionTest::SaveConnectionCloseFrame)); - SendStreamDataToPeer(3, ")", stream_offset++, NO_FIN, nullptr); - EXPECT_EQ(last_probe_size, connection_.max_packet_length()); - EXPECT_FALSE(connection_.connected()); - EXPECT_THAT(saved_connection_close_frame_.quic_error_code, - IsError(QUIC_PACKET_WRITE_ERROR)); - } + // Close connection on another PACKET_WRITE_ERROR. + EXPECT_CALL(visitor_, OnConnectionClosed(_, _)) + .WillOnce(Invoke(this, &QuicConnectionTest::SaveConnectionCloseFrame)); + SendStreamDataToPeer(3, ")", stream_offset++, NO_FIN, nullptr); + EXPECT_EQ(last_probe_size, connection_.max_packet_length()); + EXPECT_FALSE(connection_.connected()); + EXPECT_THAT(saved_connection_close_frame_.quic_error_code, + IsError(QUIC_PACKET_WRITE_ERROR)); } // After a successful MTU probe, one and only one write error should be ignored @@ -5232,31 +5210,29 @@ TEST_P(QuicConnectionTest, EXPECT_EQ(1u, connection_.mtu_probe_count()); - if (GetQuicReloadableFlag(quic_ignore_one_write_error_after_mtu_probe)) { - writer_->SetShouldWriteFail(); + writer_->SetShouldWriteFail(); - // Ignore PACKET_WRITE_ERROR once. - { - QuicConnection::ScopedPacketFlusher flusher(&connection_); - // flusher's destructor will call connection_.FlushPackets, which should - // get a WRITE_STATUS_ERROR from the writer and ignore it. - } - EXPECT_EQ(original_max_packet_length, connection_.max_packet_length()); - EXPECT_TRUE(connection_.connected()); + // Ignore PACKET_WRITE_ERROR once. + { + QuicConnection::ScopedPacketFlusher flusher(&connection_); + // flusher's destructor will call connection_.FlushPackets, which should + // get a WRITE_STATUS_ERROR from the writer and ignore it. + } + EXPECT_EQ(original_max_packet_length, connection_.max_packet_length()); + EXPECT_TRUE(connection_.connected()); - // Close connection on another PACKET_WRITE_ERROR. - EXPECT_CALL(visitor_, OnConnectionClosed(_, _)) - .WillOnce(Invoke(this, &QuicConnectionTest::SaveConnectionCloseFrame)); - { - QuicConnection::ScopedPacketFlusher flusher(&connection_); - // flusher's destructor will call connection_.FlushPackets, which should - // get a WRITE_STATUS_ERROR from the writer and ignore it. - } - EXPECT_EQ(original_max_packet_length, connection_.max_packet_length()); - EXPECT_FALSE(connection_.connected()); - EXPECT_THAT(saved_connection_close_frame_.quic_error_code, - IsError(QUIC_PACKET_WRITE_ERROR)); + // Close connection on another PACKET_WRITE_ERROR. + EXPECT_CALL(visitor_, OnConnectionClosed(_, _)) + .WillOnce(Invoke(this, &QuicConnectionTest::SaveConnectionCloseFrame)); + { + QuicConnection::ScopedPacketFlusher flusher(&connection_); + // flusher's destructor will call connection_.FlushPackets, which should + // get a WRITE_STATUS_ERROR from the writer and ignore it. } + EXPECT_EQ(original_max_packet_length, connection_.max_packet_length()); + EXPECT_FALSE(connection_.connected()); + EXPECT_THAT(saved_connection_close_frame_.quic_error_code, + IsError(QUIC_PACKET_WRITE_ERROR)); } // Simulate the case where the first attempt to send a probe is write blocked, @@ -5620,12 +5596,11 @@ TEST_P(QuicConnectionTest, NoMtuDiscoveryAfterConnectionClosed) { EXPECT_FALSE(connection_.GetMtuDiscoveryAlarm()->IsSet()); } -TEST_P(QuicConnectionTest, TimeoutAfterSend) { +TEST_P(QuicConnectionTest, TimeoutAfterSendDuringHandshake) { EXPECT_TRUE(connection_.connected()); EXPECT_CALL(*send_algorithm_, SetFromConfig(_, _)); QuicConfig config; connection_.SetFromConfig(config); - EXPECT_FALSE(QuicConnectionPeer::IsSilentCloseEnabled(&connection_)); const QuicTime::Delta initial_idle_timeout = QuicTime::Delta::FromSeconds(kInitialIdleTimeoutSecs - 1); @@ -5638,8 +5613,7 @@ TEST_P(QuicConnectionTest, TimeoutAfterSend) { SendStreamDataToPeer( GetNthClientInitiatedStreamId(1, connection_.transport_version()), "foo", 0, FIN, nullptr); - if (GetQuicReloadableFlag(quic_use_blackhole_detector) && - GetQuicReloadableFlag(quic_use_idle_network_detector)) { + if (GetQuicReloadableFlag(quic_use_idle_network_detector)) { EXPECT_EQ(default_timeout + five_ms, connection_.GetTimeoutAlarm()->deadline()); } else { @@ -5652,8 +5626,7 @@ TEST_P(QuicConnectionTest, TimeoutAfterSend) { SendStreamDataToPeer( GetNthClientInitiatedStreamId(1, connection_.transport_version()), "foo", 3, FIN, nullptr); - if (GetQuicReloadableFlag(quic_use_blackhole_detector) && - GetQuicReloadableFlag(quic_use_idle_network_detector)) { + if (GetQuicReloadableFlag(quic_use_idle_network_detector)) { EXPECT_EQ(default_timeout + five_ms, connection_.GetTimeoutAlarm()->deadline()); } else { @@ -5664,8 +5637,7 @@ TEST_P(QuicConnectionTest, TimeoutAfterSend) { // network event at t=5ms. The alarm will reregister. clock_.AdvanceTime(initial_idle_timeout - five_ms - five_ms); EXPECT_EQ(default_timeout, clock_.ApproximateNow()); - if (!GetQuicReloadableFlag(quic_use_blackhole_detector) || - !GetQuicReloadableFlag(quic_use_idle_network_detector)) { + if (!GetQuicReloadableFlag(quic_use_idle_network_detector)) { connection_.GetTimeoutAlarm()->Fire(); } EXPECT_TRUE(connection_.GetTimeoutAlarm()->IsSet()); @@ -5694,7 +5666,6 @@ TEST_P(QuicConnectionTest, TimeoutAfterRetransmission) { EXPECT_CALL(*send_algorithm_, SetFromConfig(_, _)); QuicConfig config; connection_.SetFromConfig(config); - EXPECT_FALSE(QuicConnectionPeer::IsSilentCloseEnabled(&connection_)); const QuicTime start_time = clock_.Now(); const QuicTime::Delta initial_idle_timeout = @@ -5716,8 +5687,7 @@ TEST_P(QuicConnectionTest, TimeoutAfterRetransmission) { SendStreamDataToPeer( GetNthClientInitiatedStreamId(1, connection_.transport_version()), "foo", 0, FIN, nullptr); - if (GetQuicReloadableFlag(quic_use_blackhole_detector) && - GetQuicReloadableFlag(quic_use_idle_network_detector)) { + if (GetQuicReloadableFlag(quic_use_idle_network_detector)) { EXPECT_EQ(default_timeout + five_ms, connection_.GetTimeoutAlarm()->deadline()); } else { @@ -5751,8 +5721,7 @@ TEST_P(QuicConnectionTest, TimeoutAfterRetransmission) { ASSERT_EQ(default_timeout.ToDebuggingValue(), clock_.Now().ToDebuggingValue()); EXPECT_EQ(default_timeout, clock_.Now()); - if (!GetQuicReloadableFlag(quic_use_blackhole_detector) || - !GetQuicReloadableFlag(quic_use_idle_network_detector)) { + if (!GetQuicReloadableFlag(quic_use_idle_network_detector)) { connection_.GetTimeoutAlarm()->Fire(); } EXPECT_TRUE(connection_.GetTimeoutAlarm()->IsSet()); @@ -5773,9 +5742,9 @@ TEST_P(QuicConnectionTest, TimeoutAfterRetransmission) { TestConnectionCloseQuicErrorCode(QUIC_NETWORK_IDLE_TIMEOUT); } -TEST_P(QuicConnectionTest, NewTimeoutAfterSendSilentClose) { - // Same test as above, but complete a handshake which enables silent close, - // causing no connection close packet to be sent. +TEST_P(QuicConnectionTest, TimeoutAfterSendAfterHandshake) { + // When the idle timeout fires, verify that by default we do not send any + // connection close packets. EXPECT_TRUE(connection_.connected()); EXPECT_CALL(*send_algorithm_, SetFromConfig(_, _)); QuicConfig config; @@ -5789,18 +5758,16 @@ TEST_P(QuicConnectionTest, NewTimeoutAfterSendSilentClose) { client_config.SetInitialSessionFlowControlWindowToSend( kInitialSessionFlowControlWindowForTest); client_config.SetIdleNetworkTimeout( - QuicTime::Delta::FromSeconds(kDefaultIdleTimeoutSecs), - QuicTime::Delta::FromSeconds(kDefaultIdleTimeoutSecs)); + QuicTime::Delta::FromSeconds(kMaximumIdleTimeoutSecs)); client_config.ToHandshakeMessage(&msg, connection_.transport_version()); const QuicErrorCode error = config.ProcessPeerHello(msg, CLIENT, &error_details); EXPECT_THAT(error, IsQuicNoError()); connection_.SetFromConfig(config); - EXPECT_TRUE(QuicConnectionPeer::IsSilentCloseEnabled(&connection_)); const QuicTime::Delta default_idle_timeout = - QuicTime::Delta::FromSeconds(kDefaultIdleTimeoutSecs - 1); + QuicTime::Delta::FromSeconds(kMaximumIdleTimeoutSecs - 1); const QuicTime::Delta five_ms = QuicTime::Delta::FromMilliseconds(5); QuicTime default_timeout = clock_.ApproximateNow() + default_idle_timeout; @@ -5810,8 +5777,7 @@ TEST_P(QuicConnectionTest, NewTimeoutAfterSendSilentClose) { SendStreamDataToPeer( GetNthClientInitiatedStreamId(1, connection_.transport_version()), "foo", 0, FIN, nullptr); - if (GetQuicReloadableFlag(quic_use_blackhole_detector) && - GetQuicReloadableFlag(quic_use_idle_network_detector)) { + if (GetQuicReloadableFlag(quic_use_idle_network_detector)) { EXPECT_EQ(default_timeout + five_ms, connection_.GetTimeoutAlarm()->deadline()); } else { @@ -5824,8 +5790,7 @@ TEST_P(QuicConnectionTest, NewTimeoutAfterSendSilentClose) { SendStreamDataToPeer( GetNthClientInitiatedStreamId(1, connection_.transport_version()), "foo", 3, FIN, nullptr); - if (GetQuicReloadableFlag(quic_use_blackhole_detector) && - GetQuicReloadableFlag(quic_use_idle_network_detector)) { + if (GetQuicReloadableFlag(quic_use_idle_network_detector)) { EXPECT_EQ(default_timeout + five_ms, connection_.GetTimeoutAlarm()->deadline()); } else { @@ -5836,8 +5801,7 @@ TEST_P(QuicConnectionTest, NewTimeoutAfterSendSilentClose) { // network event at t=5ms. The alarm will reregister. clock_.AdvanceTime(default_idle_timeout - five_ms - five_ms); EXPECT_EQ(default_timeout, clock_.ApproximateNow()); - if (!GetQuicReloadableFlag(quic_use_blackhole_detector) || - !GetQuicReloadableFlag(quic_use_idle_network_detector)) { + if (!GetQuicReloadableFlag(quic_use_idle_network_detector)) { connection_.GetTimeoutAlarm()->Fire(); } EXPECT_TRUE(connection_.GetTimeoutAlarm()->IsSet()); @@ -5866,8 +5830,7 @@ TEST_P(QuicConnectionTest, TimeoutAfterSendSilentCloseAndTLP) { if (connection_.PtoEnabled()) { return; } - // Same test as above, but complete a handshake which enables silent close, - // but sending TLPs causes the connection close to be sent. + // Same test as above, but sending TLPs causes a connection close to be sent. EXPECT_TRUE(connection_.connected()); EXPECT_CALL(*send_algorithm_, SetFromConfig(_, _)); QuicConfig config; @@ -5881,18 +5844,16 @@ TEST_P(QuicConnectionTest, TimeoutAfterSendSilentCloseAndTLP) { client_config.SetInitialSessionFlowControlWindowToSend( kInitialSessionFlowControlWindowForTest); client_config.SetIdleNetworkTimeout( - QuicTime::Delta::FromSeconds(kDefaultIdleTimeoutSecs), - QuicTime::Delta::FromSeconds(kDefaultIdleTimeoutSecs)); + QuicTime::Delta::FromSeconds(kMaximumIdleTimeoutSecs)); client_config.ToHandshakeMessage(&msg, connection_.transport_version()); const QuicErrorCode error = config.ProcessPeerHello(msg, CLIENT, &error_details); EXPECT_THAT(error, IsQuicNoError()); connection_.SetFromConfig(config); - EXPECT_TRUE(QuicConnectionPeer::IsSilentCloseEnabled(&connection_)); const QuicTime::Delta default_idle_timeout = - QuicTime::Delta::FromSeconds(kDefaultIdleTimeoutSecs - 1); + QuicTime::Delta::FromSeconds(kMaximumIdleTimeoutSecs - 1); const QuicTime::Delta five_ms = QuicTime::Delta::FromMilliseconds(5); QuicTime default_timeout = clock_.ApproximateNow() + default_idle_timeout; @@ -5902,8 +5863,7 @@ TEST_P(QuicConnectionTest, TimeoutAfterSendSilentCloseAndTLP) { SendStreamDataToPeer( GetNthClientInitiatedStreamId(1, connection_.transport_version()), "foo", 0, FIN, nullptr); - if (GetQuicReloadableFlag(quic_use_blackhole_detector) && - GetQuicReloadableFlag(quic_use_idle_network_detector)) { + if (GetQuicReloadableFlag(quic_use_idle_network_detector)) { EXPECT_EQ(default_timeout + five_ms, connection_.GetTimeoutAlarm()->deadline()); } else { @@ -5929,8 +5889,8 @@ TEST_P(QuicConnectionTest, TimeoutAfterSendSilentCloseAndTLP) { } TEST_P(QuicConnectionTest, TimeoutAfterSendSilentCloseWithOpenStreams) { - // Same test as above, but complete a handshake which enables silent close, - // but having open streams causes the connection close to be sent. + // Same test as above, but having open streams causes a connection close + // to be sent. EXPECT_TRUE(connection_.connected()); EXPECT_CALL(*send_algorithm_, SetFromConfig(_, _)); QuicConfig config; @@ -5944,18 +5904,16 @@ TEST_P(QuicConnectionTest, TimeoutAfterSendSilentCloseWithOpenStreams) { client_config.SetInitialSessionFlowControlWindowToSend( kInitialSessionFlowControlWindowForTest); client_config.SetIdleNetworkTimeout( - QuicTime::Delta::FromSeconds(kDefaultIdleTimeoutSecs), - QuicTime::Delta::FromSeconds(kDefaultIdleTimeoutSecs)); + QuicTime::Delta::FromSeconds(kMaximumIdleTimeoutSecs)); client_config.ToHandshakeMessage(&msg, connection_.transport_version()); const QuicErrorCode error = config.ProcessPeerHello(msg, CLIENT, &error_details); EXPECT_THAT(error, IsQuicNoError()); connection_.SetFromConfig(config); - EXPECT_TRUE(QuicConnectionPeer::IsSilentCloseEnabled(&connection_)); const QuicTime::Delta default_idle_timeout = - QuicTime::Delta::FromSeconds(kDefaultIdleTimeoutSecs - 1); + QuicTime::Delta::FromSeconds(kMaximumIdleTimeoutSecs - 1); const QuicTime::Delta five_ms = QuicTime::Delta::FromMilliseconds(5); QuicTime default_timeout = clock_.ApproximateNow() + default_idle_timeout; @@ -5965,8 +5923,7 @@ TEST_P(QuicConnectionTest, TimeoutAfterSendSilentCloseWithOpenStreams) { SendStreamDataToPeer( GetNthClientInitiatedStreamId(1, connection_.transport_version()), "foo", 0, FIN, nullptr); - if (GetQuicReloadableFlag(quic_use_blackhole_detector) && - GetQuicReloadableFlag(quic_use_idle_network_detector)) { + if (GetQuicReloadableFlag(quic_use_idle_network_detector)) { EXPECT_EQ(default_timeout + five_ms, connection_.GetTimeoutAlarm()->deadline()); } else { @@ -5995,7 +5952,6 @@ TEST_P(QuicConnectionTest, TimeoutAfterReceive) { EXPECT_CALL(*send_algorithm_, SetFromConfig(_, _)); QuicConfig config; connection_.SetFromConfig(config); - EXPECT_FALSE(QuicConnectionPeer::IsSilentCloseEnabled(&connection_)); const QuicTime::Delta initial_idle_timeout = QuicTime::Delta::FromSeconds(kInitialIdleTimeoutSecs - 1); @@ -6022,8 +5978,7 @@ TEST_P(QuicConnectionTest, TimeoutAfterReceive) { // network event at t=5ms. The alarm will reregister. clock_.AdvanceTime(initial_idle_timeout - five_ms); EXPECT_EQ(default_timeout, clock_.ApproximateNow()); - if (!GetQuicReloadableFlag(quic_use_blackhole_detector) || - !GetQuicReloadableFlag(quic_use_idle_network_detector)) { + if (!GetQuicReloadableFlag(quic_use_idle_network_detector)) { connection_.GetTimeoutAlarm()->Fire(); } EXPECT_TRUE(connection_.connected()); @@ -6049,7 +6004,6 @@ TEST_P(QuicConnectionTest, TimeoutAfterReceiveNotSendWhenUnacked) { EXPECT_CALL(*send_algorithm_, SetFromConfig(_, _)); QuicConfig config; connection_.SetFromConfig(config); - EXPECT_FALSE(QuicConnectionPeer::IsSilentCloseEnabled(&connection_)); const QuicTime::Delta initial_idle_timeout = QuicTime::Delta::FromSeconds(kInitialIdleTimeoutSecs - 1); @@ -6082,8 +6036,7 @@ TEST_P(QuicConnectionTest, TimeoutAfterReceiveNotSendWhenUnacked) { // network event at t=5ms. The alarm will reregister. clock_.AdvanceTime(initial_idle_timeout - five_ms); EXPECT_EQ(default_timeout, clock_.ApproximateNow()); - if (!GetQuicReloadableFlag(quic_use_blackhole_detector) || - !GetQuicReloadableFlag(quic_use_idle_network_detector)) { + if (!GetQuicReloadableFlag(quic_use_idle_network_detector)) { connection_.GetTimeoutAlarm()->Fire(); } EXPECT_TRUE(connection_.connected()); @@ -6120,8 +6073,7 @@ TEST_P(QuicConnectionTest, TimeoutAfter5ClientRTOs) { QuicTagVector connection_options; connection_options.push_back(k5RTO); config.SetConnectionOptionsToSend(connection_options); - QuicConfigPeer::ReceiveIdleNetworkTimeout(&config, SERVER, - kDefaultIdleTimeoutSecs); + QuicConfigPeer::SetNegotiated(&config, true); connection_.SetFromConfig(config); // Send stream data. @@ -6136,10 +6088,8 @@ TEST_P(QuicConnectionTest, TimeoutAfter5ClientRTOs) { EXPECT_TRUE(connection_.GetTimeoutAlarm()->IsSet()); EXPECT_TRUE(connection_.connected()); } - if (GetQuicReloadableFlag(quic_use_blackhole_detector)) { - EXPECT_CALL(visitor_, OnPathDegrading()); - connection_.PathDegradingTimeout(); - } + EXPECT_CALL(visitor_, OnPathDegrading()); + connection_.PathDegradingTimeout(); EXPECT_EQ(2u, connection_.sent_packet_manager().GetConsecutiveTlpCount()); EXPECT_EQ(4u, connection_.sent_packet_manager().GetConsecutiveRtoCount()); @@ -6147,12 +6097,8 @@ TEST_P(QuicConnectionTest, TimeoutAfter5ClientRTOs) { EXPECT_CALL(visitor_, OnConnectionClosed(_, ConnectionCloseSource::FROM_SELF)); EXPECT_CALL(*send_algorithm_, OnPacketSent(_, _, _, _, _)).Times(AtLeast(1)); - if (GetQuicReloadableFlag(quic_use_blackhole_detector)) { - ASSERT_TRUE(connection_.BlackholeDetectionInProgress()); - connection_.GetBlackholeDetectorAlarm()->Fire(); - } else { - connection_.GetRetransmissionAlarm()->Fire(); - } + ASSERT_TRUE(connection_.BlackholeDetectionInProgress()); + connection_.GetBlackholeDetectorAlarm()->Fire(); EXPECT_FALSE(connection_.GetTimeoutAlarm()->IsSet()); EXPECT_FALSE(connection_.connected()); TestConnectionCloseQuicErrorCode(QUIC_TOO_MANY_RTOS); @@ -7207,7 +7153,8 @@ TEST_P(QuicConnectionTest, BundleAckWithDataOnIncomingAck) { lost_packets.push_back( LostPacket(QuicPacketNumber(1), kMaxOutgoingPacketSize)); EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _, _, _)) - .WillOnce(SetArgPointee<5>(lost_packets)); + .WillOnce(DoAll(SetArgPointee<5>(lost_packets), + Return(LossDetectionInterface::DetectionStats()))); EXPECT_CALL(*send_algorithm_, OnCongestionEvent(true, _, _, _, _)); ProcessAckPacket(&ack); size_t padding_frame_count = writer_->padding_frames().size(); @@ -7425,31 +7372,31 @@ TEST_P(QuicConnectionTest, GoAway) { EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_)); - QuicGoAwayFrame goaway; - goaway.last_good_stream_id = 1; - goaway.error_code = QUIC_PEER_GOING_AWAY; - goaway.reason_phrase = "Going away."; + QuicGoAwayFrame* goaway = new QuicGoAwayFrame(); + goaway->last_good_stream_id = 1; + goaway->error_code = QUIC_PEER_GOING_AWAY; + goaway->reason_phrase = "Going away."; EXPECT_CALL(visitor_, OnGoAway(_)); - ProcessGoAwayPacket(&goaway); + ProcessGoAwayPacket(goaway); } TEST_P(QuicConnectionTest, WindowUpdate) { EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_)); - QuicWindowUpdateFrame window_update; - window_update.stream_id = 3; - window_update.max_data = 1234; + QuicWindowUpdateFrame* window_update = new QuicWindowUpdateFrame(); + window_update->stream_id = 3; + window_update->max_data = 1234; EXPECT_CALL(visitor_, OnWindowUpdateFrame(_)); - ProcessFramePacket(QuicFrame(&window_update)); + ProcessFramePacket(QuicFrame(window_update)); } TEST_P(QuicConnectionTest, Blocked) { EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_)); - QuicBlockedFrame blocked; - blocked.stream_id = 3; + QuicBlockedFrame* blocked = new QuicBlockedFrame(); + blocked->stream_id = 3; EXPECT_CALL(visitor_, OnBlockedFrame(_)); - ProcessFramePacket(QuicFrame(&blocked)); + ProcessFramePacket(QuicFrame(blocked)); EXPECT_EQ(1u, connection_.GetStats().blocked_frames_received); EXPECT_EQ(0u, connection_.GetStats().blocked_frames_sent); } @@ -7552,7 +7499,8 @@ TEST_P(QuicConnectionTest, CheckSendStats) { lost_packets.push_back( LostPacket(QuicPacketNumber(3), kMaxOutgoingPacketSize)); EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _, _, _)) - .WillOnce(SetArgPointee<5>(lost_packets)); + .WillOnce(DoAll(SetArgPointee<5>(lost_packets), + Return(LossDetectionInterface::DetectionStats()))); EXPECT_CALL(*send_algorithm_, OnCongestionEvent(true, _, _, _, _)); EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_)); ProcessAckPacket(&nack_three); @@ -7621,7 +7569,7 @@ TEST_P(QuicConnectionTest, ProcessFramesIfPacketClosedConnection) { kSelfAddress, kPeerAddress, QuicReceivedPacket(buffer, encrypted_length, QuicTime::Zero(), false)); EXPECT_EQ(1, connection_close_frame_count_); - EXPECT_THAT(saved_connection_close_frame_.extracted_error_code, + EXPECT_THAT(saved_connection_close_frame_.quic_error_code, IsError(QUIC_PEER_GOING_AWAY)); } @@ -7726,11 +7674,11 @@ TEST_P(QuicConnectionTest, WindowUpdateInstigateAcks) { EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_)); // Send a WINDOW_UPDATE frame. - QuicWindowUpdateFrame window_update; - window_update.stream_id = 3; - window_update.max_data = 1234; + QuicWindowUpdateFrame* window_update = new QuicWindowUpdateFrame(); + window_update->stream_id = 3; + window_update->max_data = 1234; EXPECT_CALL(visitor_, OnWindowUpdateFrame(_)); - ProcessFramePacket(QuicFrame(&window_update)); + ProcessFramePacket(QuicFrame(window_update)); // Ensure that this has caused the ACK alarm to be set. QuicAlarm* ack_alarm = QuicConnectionPeer::GetAckAlarm(&connection_); @@ -7741,10 +7689,10 @@ TEST_P(QuicConnectionTest, BlockedFrameInstigateAcks) { EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_)); // Send a BLOCKED frame. - QuicBlockedFrame blocked; - blocked.stream_id = 3; + QuicBlockedFrame* blocked = new QuicBlockedFrame(); + blocked->stream_id = 3; EXPECT_CALL(visitor_, OnBlockedFrame(_)); - ProcessFramePacket(QuicFrame(&blocked)); + ProcessFramePacket(QuicFrame(blocked)); // Ensure that this has caused the ACK alarm to be set. QuicAlarm* ack_alarm = QuicConnectionPeer::GetAckAlarm(&connection_); @@ -7902,13 +7850,8 @@ TEST_P(QuicConnectionTest, PathDegradingAlarmForCryptoPacket) { EXPECT_FALSE(connection_.IsPathDegrading()); QuicTime::Delta delay = QuicConnectionPeer::GetSentPacketManager(&connection_) ->GetPathDegradingDelay(); - if (GetQuicReloadableFlag(quic_use_blackhole_detector)) { - EXPECT_EQ(delay, connection_.GetBlackholeDetectorAlarm()->deadline() - - clock_.ApproximateNow()); - } else { - EXPECT_EQ(delay, connection_.GetPathDegradingAlarm()->deadline() - - clock_.ApproximateNow()); - } + EXPECT_EQ(delay, connection_.GetBlackholeDetectorAlarm()->deadline() - + clock_.ApproximateNow()); // Fire the path degrading alarm, path degrading signal should be sent to // the visitor. @@ -7941,33 +7884,22 @@ TEST_P(QuicConnectionTest, PathDegradingAlarmForNonCryptoPackets) { QuicTime::Delta delay = QuicConnectionPeer::GetSentPacketManager(&connection_) ->GetPathDegradingDelay(); - if (GetQuicReloadableFlag(quic_use_blackhole_detector)) { - EXPECT_EQ(delay, connection_.GetBlackholeDetectorAlarm()->deadline() - - clock_.ApproximateNow()); - } else { - EXPECT_EQ(delay, connection_.GetPathDegradingAlarm()->deadline() - - clock_.ApproximateNow()); - } + EXPECT_EQ(delay, connection_.GetBlackholeDetectorAlarm()->deadline() - + clock_.ApproximateNow()); // Send a second packet. The path degrading alarm's deadline should remain // the same. // Regression test for b/69979024. clock_.AdvanceTime(QuicTime::Delta::FromMilliseconds(5)); - QuicTime prev_deadline = connection_.GetPathDegradingAlarm()->deadline(); - if (GetQuicReloadableFlag(quic_use_blackhole_detector)) { - prev_deadline = connection_.GetBlackholeDetectorAlarm()->deadline(); - } + QuicTime prev_deadline = + connection_.GetBlackholeDetectorAlarm()->deadline(); connection_.SendStreamDataWithString( GetNthClientInitiatedStreamId(1, connection_.transport_version()), data, offset, NO_FIN); offset += data_size; EXPECT_TRUE(connection_.PathDegradingDetectionInProgress()); - if (GetQuicReloadableFlag(quic_use_blackhole_detector)) { - EXPECT_EQ(prev_deadline, - connection_.GetBlackholeDetectorAlarm()->deadline()); - } else { - EXPECT_EQ(prev_deadline, connection_.GetPathDegradingAlarm()->deadline()); - } + EXPECT_EQ(prev_deadline, + connection_.GetBlackholeDetectorAlarm()->deadline()); // Now receive an ACK of the first packet. This should advance the path // degrading alarm's deadline since forward progress has been made. @@ -7983,13 +7915,8 @@ TEST_P(QuicConnectionTest, PathDegradingAlarmForNonCryptoPackets) { // Check the deadline of the path degrading alarm. delay = QuicConnectionPeer::GetSentPacketManager(&connection_) ->GetPathDegradingDelay(); - if (GetQuicReloadableFlag(quic_use_blackhole_detector)) { - EXPECT_EQ(delay, connection_.GetBlackholeDetectorAlarm()->deadline() - - clock_.ApproximateNow()); - } else { - EXPECT_EQ(delay, connection_.GetPathDegradingAlarm()->deadline() - - clock_.ApproximateNow()); - } + EXPECT_EQ(delay, connection_.GetBlackholeDetectorAlarm()->deadline() - + clock_.ApproximateNow()); if (i == 0) { // Now receive an ACK of the second packet. Since there are no more @@ -8039,13 +7966,8 @@ TEST_P(QuicConnectionTest, RetransmittableOnWireSetsPingAlarm) { EXPECT_TRUE(connection_.PathDegradingDetectionInProgress()); QuicTime::Delta delay = QuicConnectionPeer::GetSentPacketManager(&connection_) ->GetPathDegradingDelay(); - if (GetQuicReloadableFlag(quic_use_blackhole_detector)) { - EXPECT_EQ(delay, connection_.GetBlackholeDetectorAlarm()->deadline() - - clock_.ApproximateNow()); - } else { - EXPECT_EQ(delay, connection_.GetPathDegradingAlarm()->deadline() - - clock_.ApproximateNow()); - } + EXPECT_EQ(delay, connection_.GetBlackholeDetectorAlarm()->deadline() - + clock_.ApproximateNow()); ASSERT_TRUE(connection_.sent_packet_manager().HasInFlightPackets()); // The ping alarm is set for the ping timeout, not the shorter // retransmittable_on_wire_timeout. @@ -8081,13 +8003,8 @@ TEST_P(QuicConnectionTest, RetransmittableOnWireSetsPingAlarm) { EXPECT_TRUE(connection_.PathDegradingDetectionInProgress()); delay = QuicConnectionPeer::GetSentPacketManager(&connection_) ->GetPathDegradingDelay(); - if (GetQuicReloadableFlag(quic_use_blackhole_detector)) { - EXPECT_EQ(delay, connection_.GetBlackholeDetectorAlarm()->deadline() - - clock_.ApproximateNow()); - } else { - EXPECT_EQ(delay, connection_.GetPathDegradingAlarm()->deadline() - - clock_.ApproximateNow()); - } + EXPECT_EQ(delay, connection_.GetBlackholeDetectorAlarm()->deadline() - + clock_.ApproximateNow()); } // This test verifies that the connection marks path as degrading and does not @@ -8110,30 +8027,17 @@ TEST_P(QuicConnectionTest, NoPathDegradingAlarmIfPathIsDegrading) { // Check the deadline of the path degrading alarm. QuicTime::Delta delay = QuicConnectionPeer::GetSentPacketManager(&connection_) ->GetPathDegradingDelay(); - if (GetQuicReloadableFlag(quic_use_blackhole_detector)) { - EXPECT_EQ(delay, connection_.GetBlackholeDetectorAlarm()->deadline() - - clock_.ApproximateNow()); - } else { - EXPECT_EQ(delay, connection_.GetPathDegradingAlarm()->deadline() - - clock_.ApproximateNow()); - } + EXPECT_EQ(delay, connection_.GetBlackholeDetectorAlarm()->deadline() - + clock_.ApproximateNow()); // Send a second packet. The path degrading alarm's deadline should remain // the same. clock_.AdvanceTime(QuicTime::Delta::FromMilliseconds(5)); - QuicTime prev_deadline = connection_.GetPathDegradingAlarm()->deadline(); - if (GetQuicReloadableFlag(quic_use_blackhole_detector)) { - prev_deadline = connection_.GetBlackholeDetectorAlarm()->deadline(); - } + QuicTime prev_deadline = connection_.GetBlackholeDetectorAlarm()->deadline(); connection_.SendStreamDataWithString(1, data, offset, NO_FIN); offset += data_size; EXPECT_TRUE(connection_.PathDegradingDetectionInProgress()); - if (GetQuicReloadableFlag(quic_use_blackhole_detector)) { - EXPECT_EQ(prev_deadline, - connection_.GetBlackholeDetectorAlarm()->deadline()); - } else { - EXPECT_EQ(prev_deadline, connection_.GetPathDegradingAlarm()->deadline()); - } + EXPECT_EQ(prev_deadline, connection_.GetBlackholeDetectorAlarm()->deadline()); // Now receive an ACK of the first packet. This should advance the path // degrading alarm's deadline since forward progress has been made. @@ -8147,13 +8051,8 @@ TEST_P(QuicConnectionTest, NoPathDegradingAlarmIfPathIsDegrading) { // Check the deadline of the path degrading alarm. delay = QuicConnectionPeer::GetSentPacketManager(&connection_) ->GetPathDegradingDelay(); - if (GetQuicReloadableFlag(quic_use_blackhole_detector)) { - EXPECT_EQ(delay, connection_.GetBlackholeDetectorAlarm()->deadline() - - clock_.ApproximateNow()); - } else { - EXPECT_EQ(delay, connection_.GetPathDegradingAlarm()->deadline() - - clock_.ApproximateNow()); - } + EXPECT_EQ(delay, connection_.GetBlackholeDetectorAlarm()->deadline() - + clock_.ApproximateNow()); // Advance time to the path degrading alarm's deadline and simulate // firing the path degrading alarm. This path will be considered as @@ -8194,30 +8093,17 @@ TEST_P(QuicConnectionTest, UnmarkPathDegradingOnForwardProgress) { // Check the deadline of the path degrading alarm. QuicTime::Delta delay = QuicConnectionPeer::GetSentPacketManager(&connection_) ->GetPathDegradingDelay(); - if (GetQuicReloadableFlag(quic_use_blackhole_detector)) { - EXPECT_EQ(delay, connection_.GetBlackholeDetectorAlarm()->deadline() - - clock_.ApproximateNow()); - } else { - EXPECT_EQ(delay, connection_.GetPathDegradingAlarm()->deadline() - - clock_.ApproximateNow()); - } + EXPECT_EQ(delay, connection_.GetBlackholeDetectorAlarm()->deadline() - + clock_.ApproximateNow()); // Send a second packet. The path degrading alarm's deadline should remain // the same. clock_.AdvanceTime(QuicTime::Delta::FromMilliseconds(5)); - QuicTime prev_deadline = connection_.GetPathDegradingAlarm()->deadline(); - if (GetQuicReloadableFlag(quic_use_blackhole_detector)) { - prev_deadline = connection_.GetBlackholeDetectorAlarm()->deadline(); - } + QuicTime prev_deadline = connection_.GetBlackholeDetectorAlarm()->deadline(); connection_.SendStreamDataWithString(1, data, offset, NO_FIN); offset += data_size; EXPECT_TRUE(connection_.PathDegradingDetectionInProgress()); - if (GetQuicReloadableFlag(quic_use_blackhole_detector)) { - EXPECT_EQ(prev_deadline, - connection_.GetBlackholeDetectorAlarm()->deadline()); - } else { - EXPECT_EQ(prev_deadline, connection_.GetPathDegradingAlarm()->deadline()); - } + EXPECT_EQ(prev_deadline, connection_.GetBlackholeDetectorAlarm()->deadline()); // Now receive an ACK of the first packet. This should advance the path // degrading alarm's deadline since forward progress has been made. @@ -8231,13 +8117,8 @@ TEST_P(QuicConnectionTest, UnmarkPathDegradingOnForwardProgress) { // Check the deadline of the path degrading alarm. delay = QuicConnectionPeer::GetSentPacketManager(&connection_) ->GetPathDegradingDelay(); - if (GetQuicReloadableFlag(quic_use_blackhole_detector)) { - EXPECT_EQ(delay, connection_.GetBlackholeDetectorAlarm()->deadline() - - clock_.ApproximateNow()); - } else { - EXPECT_EQ(delay, connection_.GetPathDegradingAlarm()->deadline() - - clock_.ApproximateNow()); - } + EXPECT_EQ(delay, connection_.GetBlackholeDetectorAlarm()->deadline() - + clock_.ApproximateNow()); // Advance time to the path degrading alarm's deadline and simulate // firing the alarm. @@ -9166,6 +9047,13 @@ TEST_P(QuicConnectionTest, SendMessage) { if (!VersionSupportsMessageFrames(connection_.transport_version())) { return; } + if (connection_.version().UsesTls()) { + QuicConfig config; + QuicConfigPeer::SetReceivedMaxDatagramFrameSize( + &config, kMaxAcceptedDatagramFrameSize); + EXPECT_CALL(*send_algorithm_, SetFromConfig(_, _)); + connection_.SetFromConfig(config); + } std::string message(connection_.GetCurrentLargestMessagePayload() * 2, 'a'); quiche::QuicheStringPiece message_data(message); QuicMemSliceStorage storage(nullptr, 0, nullptr, 0); @@ -9208,6 +9096,94 @@ TEST_P(QuicConnectionTest, SendMessage) { false)); } +TEST_P(QuicConnectionTest, GetCurrentLargestMessagePayload) { + if (!connection_.version().SupportsMessageFrames()) { + return; + } + // Force use of this encrypter to simplify test expectations by making sure + // that the encryption overhead is constant across versions. + connection_.SetEncrypter(ENCRYPTION_INITIAL, + std::make_unique<TaggingEncrypter>(0x00)); + QuicPacketLength expected_largest_payload = 1319; + if (connection_.version().SendsVariableLengthPacketNumberInLongHeader()) { + expected_largest_payload += 3; + } + if (connection_.version().HasLongHeaderLengths()) { + expected_largest_payload -= 2; + } + if (connection_.version().HasLengthPrefixedConnectionIds()) { + expected_largest_payload -= 1; + } + if (connection_.version().UsesTls()) { + // QUIC+TLS disallows DATAGRAM/MESSAGE frames before the handshake. + EXPECT_EQ(connection_.GetCurrentLargestMessagePayload(), 0); + QuicConfig config; + QuicConfigPeer::SetReceivedMaxDatagramFrameSize( + &config, kMaxAcceptedDatagramFrameSize); + EXPECT_CALL(*send_algorithm_, SetFromConfig(_, _)); + connection_.SetFromConfig(config); + // Verify the value post-handshake. + EXPECT_EQ(connection_.GetCurrentLargestMessagePayload(), + expected_largest_payload); + } else { + EXPECT_EQ(connection_.GetCurrentLargestMessagePayload(), + expected_largest_payload); + } +} + +TEST_P(QuicConnectionTest, GetGuaranteedLargestMessagePayload) { + if (!connection_.version().SupportsMessageFrames()) { + return; + } + // Force use of this encrypter to simplify test expectations by making sure + // that the encryption overhead is constant across versions. + connection_.SetEncrypter(ENCRYPTION_INITIAL, + std::make_unique<TaggingEncrypter>(0x00)); + QuicPacketLength expected_largest_payload = 1319; + if (connection_.version().HasLongHeaderLengths()) { + expected_largest_payload -= 2; + } + if (connection_.version().HasLengthPrefixedConnectionIds()) { + expected_largest_payload -= 1; + } + if (connection_.version().UsesTls()) { + // QUIC+TLS disallows DATAGRAM/MESSAGE frames before the handshake. + EXPECT_EQ(connection_.GetGuaranteedLargestMessagePayload(), 0); + QuicConfig config; + QuicConfigPeer::SetReceivedMaxDatagramFrameSize( + &config, kMaxAcceptedDatagramFrameSize); + EXPECT_CALL(*send_algorithm_, SetFromConfig(_, _)); + connection_.SetFromConfig(config); + // Verify the value post-handshake. + EXPECT_EQ(connection_.GetGuaranteedLargestMessagePayload(), + expected_largest_payload); + } else { + EXPECT_EQ(connection_.GetGuaranteedLargestMessagePayload(), + expected_largest_payload); + } +} + +TEST_P(QuicConnectionTest, LimitedLargestMessagePayload) { + if (!connection_.version().SupportsMessageFrames() || + !connection_.version().UsesTls()) { + return; + } + constexpr QuicPacketLength kFrameSizeLimit = 1000; + constexpr QuicPacketLength kPayloadSizeLimit = + kFrameSizeLimit - kQuicFrameTypeSize; + // QUIC+TLS disallows DATAGRAM/MESSAGE frames before the handshake. + EXPECT_EQ(connection_.GetCurrentLargestMessagePayload(), 0); + EXPECT_EQ(connection_.GetGuaranteedLargestMessagePayload(), 0); + QuicConfig config; + QuicConfigPeer::SetReceivedMaxDatagramFrameSize(&config, kFrameSizeLimit); + EXPECT_CALL(*send_algorithm_, SetFromConfig(_, _)); + connection_.SetFromConfig(config); + // Verify the value post-handshake. + EXPECT_EQ(connection_.GetCurrentLargestMessagePayload(), kPayloadSizeLimit); + EXPECT_EQ(connection_.GetGuaranteedLargestMessagePayload(), + kPayloadSizeLimit); +} + // Test to check that the path challenge/path response logic works // correctly. This test is only for version-99 TEST_P(QuicConnectionTest, PathChallengeResponse) { @@ -9318,17 +9294,13 @@ TEST_P(QuicConnectionTest, StopProcessingGQuicPacketInIetfQuicConnection) { return; } set_perspective(Perspective::IS_SERVER); - QuicFrame frame; if (QuicVersionUsesCryptoFrames(connection_.transport_version())) { - frame = QuicFrame(&crypto_frame_); EXPECT_CALL(visitor_, OnCryptoFrame(_)).Times(1); } else { - frame = QuicFrame(QuicStreamFrame( - QuicUtils::GetCryptoStreamId(connection_.transport_version()), false, - 0u, quiche::QuicheStringPiece())); EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1); } - ProcessFramePacketWithAddresses(frame, kSelfAddress, kPeerAddress); + ProcessFramePacketWithAddresses(MakeCryptoFrame(), kSelfAddress, + kPeerAddress); // Let connection process a Google QUIC packet. peer_framer_.set_version_for_tests( @@ -9639,20 +9611,16 @@ TEST_P(QuicConnectionTest, CheckConnectedBeforeFlush) { /*transport_close_frame_type=*/0)); // Received 2 packets. - QuicFrame frame; if (QuicVersionUsesCryptoFrames(connection_.transport_version())) { - frame = QuicFrame(&crypto_frame_); EXPECT_CALL(visitor_, OnCryptoFrame(_)).Times(AnyNumber()); } else { - frame = QuicFrame(QuicStreamFrame( - QuicUtils::GetCryptoStreamId(connection_.transport_version()), false, - 0u, quiche::QuicheStringPiece())); EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(AnyNumber()); } - ProcessFramePacketWithAddresses(frame, kSelfAddress, kPeerAddress); + ProcessFramePacketWithAddresses(MakeCryptoFrame(), kSelfAddress, + kPeerAddress); QuicAlarm* ack_alarm = QuicConnectionPeer::GetAckAlarm(&connection_); EXPECT_TRUE(ack_alarm->IsSet()); - ProcessFramePacketWithAddresses(QuicFrame(connection_close_frame.get()), + ProcessFramePacketWithAddresses(QuicFrame(connection_close_frame.release()), kSelfAddress, kPeerAddress); // Verify ack alarm is not set. EXPECT_FALSE(ack_alarm->IsSet()); @@ -9892,8 +9860,7 @@ TEST_P(QuicConnectionTest, CloseConnectionAfter6ClientPTOs) { connection_options.push_back(k1PTO); connection_options.push_back(k6PTO); config.SetConnectionOptionsToSend(connection_options); - QuicConfigPeer::ReceiveIdleNetworkTimeout(&config, SERVER, - kDefaultIdleTimeoutSecs); + QuicConfigPeer::SetNegotiated(&config, true); EXPECT_CALL(*send_algorithm_, SetFromConfig(_, _)); connection_.SetFromConfig(config); EXPECT_FALSE(connection_.GetRetransmissionAlarm()->IsSet()); @@ -9903,32 +9870,26 @@ TEST_P(QuicConnectionTest, CloseConnectionAfter6ClientPTOs) { GetNthClientInitiatedStreamId(1, connection_.transport_version()), "foo", 0, FIN, nullptr); - // 5PTO + 1 connection close. - EXPECT_CALL(*send_algorithm_, OnPacketSent(_, _, _, _, _)).Times(AtLeast(6)); - // Fire the retransmission alarm 5 times. for (int i = 0; i < 5; ++i) { + EXPECT_CALL(*send_algorithm_, OnPacketSent(_, _, _, _, _)).Times(1); connection_.GetRetransmissionAlarm()->Fire(); EXPECT_TRUE(connection_.GetTimeoutAlarm()->IsSet()); EXPECT_TRUE(connection_.connected()); } - if (GetQuicReloadableFlag(quic_use_blackhole_detector)) { - EXPECT_CALL(visitor_, OnPathDegrading()); - connection_.PathDegradingTimeout(); - } + EXPECT_CALL(visitor_, OnPathDegrading()); + connection_.PathDegradingTimeout(); EXPECT_EQ(0u, connection_.sent_packet_manager().GetConsecutiveTlpCount()); EXPECT_EQ(0u, connection_.sent_packet_manager().GetConsecutiveRtoCount()); EXPECT_EQ(5u, connection_.sent_packet_manager().GetConsecutivePtoCount()); // Closes connection on 6th PTO. + // May send multiple connecction close packets with multiple PN spaces. + EXPECT_CALL(*send_algorithm_, OnPacketSent(_, _, _, _, _)).Times(AtLeast(1)); EXPECT_CALL(visitor_, OnConnectionClosed(_, ConnectionCloseSource::FROM_SELF)); - if (GetQuicReloadableFlag(quic_use_blackhole_detector)) { - ASSERT_TRUE(connection_.BlackholeDetectionInProgress()); - connection_.GetBlackholeDetectorAlarm()->Fire(); - } else { - connection_.GetRetransmissionAlarm()->Fire(); - } + ASSERT_TRUE(connection_.BlackholeDetectionInProgress()); + connection_.GetBlackholeDetectorAlarm()->Fire(); EXPECT_FALSE(connection_.GetTimeoutAlarm()->IsSet()); EXPECT_FALSE(connection_.connected()); TestConnectionCloseQuicErrorCode(QUIC_TOO_MANY_RTOS); @@ -9940,8 +9901,7 @@ TEST_P(QuicConnectionTest, CloseConnectionAfter7ClientPTOs) { connection_options.push_back(k2PTO); connection_options.push_back(k7PTO); config.SetConnectionOptionsToSend(connection_options); - QuicConfigPeer::ReceiveIdleNetworkTimeout(&config, SERVER, - kDefaultIdleTimeoutSecs); + QuicConfigPeer::SetNegotiated(&config, true); EXPECT_CALL(*send_algorithm_, SetFromConfig(_, _)); connection_.SetFromConfig(config); EXPECT_FALSE(connection_.GetRetransmissionAlarm()->IsSet()); @@ -9958,10 +9918,8 @@ TEST_P(QuicConnectionTest, CloseConnectionAfter7ClientPTOs) { EXPECT_TRUE(connection_.GetTimeoutAlarm()->IsSet()); EXPECT_TRUE(connection_.connected()); } - if (GetQuicReloadableFlag(quic_use_blackhole_detector)) { - EXPECT_CALL(visitor_, OnPathDegrading()); - connection_.PathDegradingTimeout(); - } + EXPECT_CALL(visitor_, OnPathDegrading()); + connection_.PathDegradingTimeout(); EXPECT_EQ(0u, connection_.sent_packet_manager().GetConsecutiveTlpCount()); EXPECT_EQ(0u, connection_.sent_packet_manager().GetConsecutiveRtoCount()); @@ -9970,12 +9928,8 @@ TEST_P(QuicConnectionTest, CloseConnectionAfter7ClientPTOs) { EXPECT_CALL(visitor_, OnConnectionClosed(_, ConnectionCloseSource::FROM_SELF)); EXPECT_CALL(*send_algorithm_, OnPacketSent(_, _, _, _, _)).Times(AtLeast(1)); - if (GetQuicReloadableFlag(quic_use_blackhole_detector)) { - ASSERT_TRUE(connection_.BlackholeDetectionInProgress()); - connection_.GetBlackholeDetectorAlarm()->Fire(); - } else { - connection_.GetRetransmissionAlarm()->Fire(); - } + ASSERT_TRUE(connection_.BlackholeDetectionInProgress()); + connection_.GetBlackholeDetectorAlarm()->Fire(); EXPECT_FALSE(connection_.GetTimeoutAlarm()->IsSet()); EXPECT_FALSE(connection_.connected()); TestConnectionCloseQuicErrorCode(QUIC_TOO_MANY_RTOS); @@ -9986,8 +9940,7 @@ TEST_P(QuicConnectionTest, CloseConnectionAfter8ClientPTOs) { QuicTagVector connection_options; connection_options.push_back(k2PTO); connection_options.push_back(k8PTO); - QuicConfigPeer::ReceiveIdleNetworkTimeout(&config, SERVER, - kDefaultIdleTimeoutSecs); + QuicConfigPeer::SetNegotiated(&config, true); config.SetConnectionOptionsToSend(connection_options); EXPECT_CALL(*send_algorithm_, SetFromConfig(_, _)); connection_.SetFromConfig(config); @@ -10005,10 +9958,8 @@ TEST_P(QuicConnectionTest, CloseConnectionAfter8ClientPTOs) { EXPECT_TRUE(connection_.GetTimeoutAlarm()->IsSet()); EXPECT_TRUE(connection_.connected()); } - if (GetQuicReloadableFlag(quic_use_blackhole_detector)) { - EXPECT_CALL(visitor_, OnPathDegrading()); - connection_.PathDegradingTimeout(); - } + EXPECT_CALL(visitor_, OnPathDegrading()); + connection_.PathDegradingTimeout(); EXPECT_EQ(0u, connection_.sent_packet_manager().GetConsecutiveTlpCount()); EXPECT_EQ(0u, connection_.sent_packet_manager().GetConsecutiveRtoCount()); @@ -10017,12 +9968,8 @@ TEST_P(QuicConnectionTest, CloseConnectionAfter8ClientPTOs) { EXPECT_CALL(visitor_, OnConnectionClosed(_, ConnectionCloseSource::FROM_SELF)); EXPECT_CALL(*send_algorithm_, OnPacketSent(_, _, _, _, _)).Times(AtLeast(1)); - if (GetQuicReloadableFlag(quic_use_blackhole_detector)) { - ASSERT_TRUE(connection_.BlackholeDetectionInProgress()); - connection_.GetBlackholeDetectorAlarm()->Fire(); - } else { - connection_.GetRetransmissionAlarm()->Fire(); - } + ASSERT_TRUE(connection_.BlackholeDetectionInProgress()); + connection_.GetBlackholeDetectorAlarm()->Fire(); EXPECT_FALSE(connection_.GetTimeoutAlarm()->IsSet()); EXPECT_FALSE(connection_.connected()); TestConnectionCloseQuicErrorCode(QUIC_TOO_MANY_RTOS); @@ -10032,7 +9979,6 @@ TEST_P(QuicConnectionTest, DeprecateHandshakeMode) { if (!connection_.version().SupportsAntiAmplificationLimit()) { return; } - SetQuicReloadableFlag(quic_send_ping_when_pto_skips_packet_number, true); EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_)); EXPECT_FALSE(connection_.GetRetransmissionAlarm()->IsSet()); @@ -10054,7 +10000,12 @@ TEST_P(QuicConnectionTest, DeprecateHandshakeMode) { EXPECT_EQ(0u, connection_.GetStats().crypto_retransmit_count); // PTO fires, verify a PING packet gets sent because there is no data to send. - EXPECT_CALL(*send_algorithm_, OnPacketSent(_, _, QuicPacketNumber(3), _, _)); + EXPECT_CALL(*send_algorithm_, + OnPacketSent(_, _, + GetQuicReloadableFlag(quic_default_on_pto) + ? QuicPacketNumber(2) + : QuicPacketNumber(3), + _, _)); EXPECT_CALL(visitor_, SendPing()).WillOnce(Invoke([this]() { SendPing(); })); connection_.GetRetransmissionAlarm()->Fire(); EXPECT_EQ(1u, connection_.GetStats().pto_count); @@ -10134,7 +10085,7 @@ TEST_P(QuicConnectionTest, ConnectionCloseFrameType) { ASSERT_EQ(1u, connection_close_frames.size()); EXPECT_EQ(IETF_QUIC_TRANSPORT_CONNECTION_CLOSE, connection_close_frames[0].close_type); - EXPECT_EQ(kQuicErrorCode, connection_close_frames[0].extracted_error_code); + EXPECT_EQ(kQuicErrorCode, connection_close_frames[0].quic_error_code); EXPECT_EQ(kTransportCloseFrameType, connection_close_frames[0].transport_close_frame_type); } @@ -10216,6 +10167,7 @@ TEST_P(QuicConnectionTest, SendCoalescedPackets) { connection_.set_debug_visitor(&debug_visitor); EXPECT_CALL(debug_visitor, OnPacketSent(_, _, _)).Times(3); EXPECT_CALL(debug_visitor, OnCoalescedPacketSent(_, _)).Times(1); + EXPECT_CALL(visitor_, OnHandshakePacketSent()).Times(1); { QuicConnection::ScopedPacketFlusher flusher(&connection_); use_tagging_decrypter(); @@ -10287,6 +10239,7 @@ TEST_P(QuicConnectionTest, MultiplePacketNumberSpacePto) { connection_.SetEncrypter(ENCRYPTION_HANDSHAKE, std::make_unique<TaggingEncrypter>(0x02)); connection_.SetDefaultEncryptionLevel(ENCRYPTION_HANDSHAKE); + EXPECT_CALL(visitor_, OnHandshakePacketSent()).Times(1); connection_.SendCryptoDataWithString("foo", 0, ENCRYPTION_HANDSHAKE); EXPECT_EQ(0x02020202u, writer_->final_bytes_of_last_packet()); @@ -10300,7 +10253,13 @@ TEST_P(QuicConnectionTest, MultiplePacketNumberSpacePto) { // Retransmit handshake data. clock_.AdvanceTime(retransmission_time - clock_.Now()); - EXPECT_CALL(*send_algorithm_, OnPacketSent(_, _, QuicPacketNumber(4), _, _)); + EXPECT_CALL(*send_algorithm_, + OnPacketSent(_, _, + GetQuicReloadableFlag(quic_default_on_pto) + ? QuicPacketNumber(3) + : QuicPacketNumber(4), + _, _)); + EXPECT_CALL(visitor_, OnHandshakePacketSent()).Times(1); connection_.GetRetransmissionAlarm()->Fire(); EXPECT_EQ(0x02020202u, writer_->final_bytes_of_last_packet()); @@ -10313,7 +10272,13 @@ TEST_P(QuicConnectionTest, MultiplePacketNumberSpacePto) { // Retransmit handshake data again. clock_.AdvanceTime(retransmission_time - clock_.Now()); - EXPECT_CALL(*send_algorithm_, OnPacketSent(_, _, QuicPacketNumber(7), _, _)); + EXPECT_CALL(*send_algorithm_, + OnPacketSent(_, _, + GetQuicReloadableFlag(quic_default_on_pto) + ? QuicPacketNumber(5) + : QuicPacketNumber(7), + _, _)); + EXPECT_CALL(visitor_, OnHandshakePacketSent()).Times(1); connection_.GetRetransmissionAlarm()->Fire(); EXPECT_EQ(0x02020202u, writer_->final_bytes_of_last_packet()); @@ -10324,27 +10289,55 @@ TEST_P(QuicConnectionTest, MultiplePacketNumberSpacePto) { // Retransmit application data. clock_.AdvanceTime(retransmission_time - clock_.Now()); - EXPECT_CALL(*send_algorithm_, OnPacketSent(_, _, QuicPacketNumber(9), _, _)); + EXPECT_CALL(*send_algorithm_, + OnPacketSent(_, _, + GetQuicReloadableFlag(quic_default_on_pto) + ? QuicPacketNumber(6) + : QuicPacketNumber(9), + _, _)); connection_.GetRetransmissionAlarm()->Fire(); EXPECT_EQ(0x01010101u, writer_->final_bytes_of_last_packet()); } -TEST_P(QuicConnectionTest, ClientParsesRetry) { +void QuicConnectionTest::TestClientRetryHandling(bool invalid_retry_tag, + bool missing_id_in_config, + bool wrong_id_in_config) { + if (invalid_retry_tag) { + ASSERT_FALSE(missing_id_in_config); + ASSERT_FALSE(wrong_id_in_config); + } else { + ASSERT_FALSE(missing_id_in_config && wrong_id_in_config); + } if (!version().HasRetryIntegrityTag()) { return; } - if (version() != - ParsedQuicVersion(PROTOCOL_TLS1_3, QUIC_VERSION_IETF_DRAFT_25)) { + + // These values come from draft-ietf-quic-tls Appendix A.4. + char retry_packet25[] = { + 0xff, 0xff, 0x00, 0x00, 0x19, 0x00, 0x08, 0xf0, 0x67, 0xa5, 0x50, 0x2a, + 0x42, 0x62, 0xb5, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x1e, 0x5e, 0xc5, 0xb0, + 0x14, 0xcb, 0xb1, 0xf0, 0xfd, 0x93, 0xdf, 0x40, 0x48, 0xc4, 0x46, 0xa6}; + char retry_packet27[] = { + 0xff, 0xff, 0x00, 0x00, 0x1b, 0x00, 0x08, 0xf0, 0x67, 0xa5, 0x50, 0x2a, + 0x42, 0x62, 0xb5, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0xa5, 0x23, 0xcb, 0x5b, + 0xa5, 0x24, 0x69, 0x5f, 0x65, 0x69, 0xf2, 0x93, 0xa1, 0x35, 0x9d, 0x8e}; + + char* retry_packet; + size_t retry_packet_length; + if (version() == + ParsedQuicVersion(PROTOCOL_TLS1_3, QUIC_VERSION_IETF_DRAFT_27)) { + retry_packet = retry_packet27; + retry_packet_length = QUICHE_ARRAYSIZE(retry_packet27); + } else if (version() == + ParsedQuicVersion(PROTOCOL_TLS1_3, QUIC_VERSION_IETF_DRAFT_25)) { + retry_packet = retry_packet25; + retry_packet_length = QUICHE_ARRAYSIZE(retry_packet25); + } else { // TODO(dschinazi) generate retry packets for all versions once we have // server-side support for generating these programmatically. return; } - // These values come from draft-ietf-quic-tls Appendix A.4. - char retry_packet[] = {0xff, 0xff, 0x00, 0x00, 0x19, 0x00, 0x08, 0xf0, 0x67, - 0xa5, 0x50, 0x2a, 0x42, 0x62, 0xb5, 0x74, 0x6f, 0x6b, - 0x65, 0x6e, 0x1e, 0x5e, 0xc5, 0xb0, 0x14, 0xcb, 0xb1, - 0xf0, 0xfd, 0x93, 0xdf, 0x40, 0x48, 0xc4, 0x46, 0xa6}; char original_connection_id_bytes[] = {0x83, 0x94, 0xc8, 0xf0, 0x3e, 0x51, 0x57, 0x08}; char new_connection_id_bytes[] = {0xf0, 0x67, 0xa5, 0x50, @@ -10360,43 +10353,110 @@ TEST_P(QuicConnectionTest, ClientParsesRetry) { std::string retry_token(retry_token_bytes, QUICHE_ARRAYSIZE(retry_token_bytes)); - { - TestConnection connection1( - original_connection_id, kPeerAddress, helper_.get(), - alarm_factory_.get(), writer_.get(), Perspective::IS_CLIENT, version()); - connection1.set_visitor(&visitor_); + if (invalid_retry_tag) { + // Flip the last bit of the retry packet to prevent the integrity tag + // from validating correctly. + retry_packet[retry_packet_length - 1] ^= 1; + } - connection1.ProcessUdpPacket( - kSelfAddress, kPeerAddress, - QuicReceivedPacket(retry_packet, QUICHE_ARRAYSIZE(retry_packet), - clock_.Now())); - EXPECT_TRUE(connection1.GetStats().retry_packet_processed); - EXPECT_EQ(connection1.connection_id(), new_connection_id); - EXPECT_EQ(QuicPacketCreatorPeer::GetRetryToken( - QuicConnectionPeer::GetPacketCreator(&connection1)), - retry_token); + QuicConnectionId config_original_connection_id = original_connection_id; + if (wrong_id_in_config) { + // Flip the first bit of the connection ID. + ASSERT_FALSE(config_original_connection_id.IsEmpty()); + config_original_connection_id.mutable_data()[0] ^= 0x80; } - // Now flip the last bit of the retry packet to prevent the integrity tag - // from validating correctly. - retry_packet[QUICHE_ARRAYSIZE(retry_packet) - 1] ^= 1; + // Make sure the connection uses the connection ID from the test vectors, + QuicConnectionPeer::SetServerConnectionId(&connection_, + original_connection_id); - { - TestConnection connection2( - original_connection_id, kPeerAddress, helper_.get(), - alarm_factory_.get(), writer_.get(), Perspective::IS_CLIENT, version()); - connection2.set_visitor(&visitor_); + // Process the RETRY packet. + connection_.ProcessUdpPacket( + kSelfAddress, kPeerAddress, + QuicReceivedPacket(retry_packet, retry_packet_length, clock_.Now())); - connection2.ProcessUdpPacket( - kSelfAddress, kPeerAddress, - QuicReceivedPacket(retry_packet, QUICHE_ARRAYSIZE(retry_packet), - clock_.Now())); - EXPECT_FALSE(connection2.GetStats().retry_packet_processed); - EXPECT_EQ(connection2.connection_id(), original_connection_id); + if (invalid_retry_tag) { + // Make sure we refuse to process a RETRY with invalid tag. + EXPECT_FALSE(connection_.GetStats().retry_packet_processed); + EXPECT_EQ(connection_.connection_id(), original_connection_id); EXPECT_TRUE(QuicPacketCreatorPeer::GetRetryToken( - QuicConnectionPeer::GetPacketCreator(&connection2)) + QuicConnectionPeer::GetPacketCreator(&connection_)) .empty()); + return; } + + // Make sure we correctly parsed the RETRY. + EXPECT_TRUE(connection_.GetStats().retry_packet_processed); + EXPECT_EQ(connection_.connection_id(), new_connection_id); + EXPECT_EQ(QuicPacketCreatorPeer::GetRetryToken( + QuicConnectionPeer::GetPacketCreator(&connection_)), + retry_token); + // Make sure our fake framer has the new post-retry INITIAL keys. + writer_->framer()->framer()->SetInitialObfuscators(new_connection_id); + + // Test validating the original_connection_id from the config. + QuicConfig received_config; + QuicConfigPeer::SetNegotiated(&received_config, true); + if (!missing_id_in_config) { + QuicConfigPeer::SetReceivedOriginalConnectionId( + &received_config, config_original_connection_id); + } + if (missing_id_in_config || wrong_id_in_config) { + EXPECT_CALL(visitor_, + OnConnectionClosed(_, ConnectionCloseSource::FROM_SELF)) + .Times(1); + } else { + EXPECT_CALL(visitor_, + OnConnectionClosed(_, ConnectionCloseSource::FROM_SELF)) + .Times(0); + } + EXPECT_CALL(*send_algorithm_, SetFromConfig(_, _)).Times(AnyNumber()); + connection_.SetFromConfig(received_config); + if (missing_id_in_config || wrong_id_in_config) { + EXPECT_FALSE(connection_.connected()); + TestConnectionCloseQuicErrorCode(IETF_QUIC_PROTOCOL_VIOLATION); + } else { + EXPECT_TRUE(connection_.connected()); + } +} + +TEST_P(QuicConnectionTest, ClientParsesRetry) { + TestClientRetryHandling(/*invalid_retry_tag=*/false, + /*missing_id_in_config=*/false, + /*wrong_id_in_config=*/false); +} + +TEST_P(QuicConnectionTest, ClientParsesInvalidRetry) { + TestClientRetryHandling(/*invalid_retry_tag=*/true, + /*missing_id_in_config=*/false, + /*wrong_id_in_config=*/false); +} + +TEST_P(QuicConnectionTest, ClientParsesRetryMissingId) { + TestClientRetryHandling(/*invalid_retry_tag=*/false, + /*missing_id_in_config=*/true, + /*wrong_id_in_config=*/false); +} + +TEST_P(QuicConnectionTest, ClientParsesRetryWrongId) { + TestClientRetryHandling(/*invalid_retry_tag=*/false, + /*missing_id_in_config=*/false, + /*wrong_id_in_config=*/true); +} + +TEST_P(QuicConnectionTest, ClientReceivesOriginalConnectionIdWithoutRetry) { + // Make sure that receiving the original_connection_id transport parameter + // fails the handshake when no RETRY packet was received before it. + QuicConfig received_config; + QuicConfigPeer::SetNegotiated(&received_config, true); + QuicConfigPeer::SetReceivedOriginalConnectionId(&received_config, + TestConnectionId(0x12345)); + EXPECT_CALL(*send_algorithm_, SetFromConfig(_, _)).Times(AnyNumber()); + EXPECT_CALL(visitor_, OnConnectionClosed(_, ConnectionCloseSource::FROM_SELF)) + .Times(1); + connection_.SetFromConfig(received_config); + EXPECT_FALSE(connection_.connected()); + TestConnectionCloseQuicErrorCode(IETF_QUIC_PROTOCOL_VIOLATION); } // Regression test for http://crbug/1047977 @@ -10501,6 +10561,10 @@ TEST_P(QuicConnectionTest, SendPingWhenSkipPacketNumberForPto) { connection_options.push_back(kPTOS); connection_options.push_back(k1PTO); config.SetConnectionOptionsToSend(connection_options); + if (connection_.version().UsesTls()) { + QuicConfigPeer::SetReceivedMaxDatagramFrameSize( + &config, kMaxAcceptedDatagramFrameSize); + } EXPECT_CALL(*send_algorithm_, SetFromConfig(_, _)); connection_.SetFromConfig(config); EXPECT_FALSE(connection_.GetRetransmissionAlarm()->IsSet()); @@ -10508,24 +10572,116 @@ TEST_P(QuicConnectionTest, SendPingWhenSkipPacketNumberForPto) { EXPECT_EQ(MESSAGE_STATUS_SUCCESS, SendMessage("message")); EXPECT_TRUE(connection_.GetRetransmissionAlarm()->IsSet()); - // Although there are bytes in flight, no packet gets sent on PTO firing. - if (GetQuicReloadableFlag(quic_send_ping_when_pto_skips_packet_number)) { - // PTO fires, verify a PING packet gets sent because there is no data to - // send. - EXPECT_CALL(*send_algorithm_, - OnPacketSent(_, _, QuicPacketNumber(3), _, _)); - EXPECT_CALL(visitor_, SendPing()).WillOnce(Invoke([this]() { - SendPing(); - })); + // PTO fires, verify a PING packet gets sent because there is no data to + // send. + EXPECT_CALL(*send_algorithm_, OnPacketSent(_, _, QuicPacketNumber(3), _, _)); + EXPECT_CALL(visitor_, SendPing()).WillOnce(Invoke([this]() { SendPing(); })); + connection_.GetRetransmissionAlarm()->Fire(); + EXPECT_EQ(1u, connection_.GetStats().pto_count); + EXPECT_EQ(0u, connection_.GetStats().crypto_retransmit_count); + EXPECT_EQ(1u, writer_->ping_frames().size()); +} + +// Regression test for b/155757133 +TEST_P(QuicConnectionTest, DonotChangeQueuedAcks) { + if (!connection_.SupportsMultiplePacketNumberSpaces()) { + return; + } + const size_t kMinRttMs = 40; + RttStats* rtt_stats = const_cast<RttStats*>(manager_->GetRttStats()); + rtt_stats->UpdateRtt(QuicTime::Delta::FromMilliseconds(kMinRttMs), + QuicTime::Delta::Zero(), QuicTime::Zero()); + EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_)); + EXPECT_CALL(*send_algorithm_, OnCongestionEvent(_, _, _, _, _)); + connection_.SetDefaultEncryptionLevel(ENCRYPTION_FORWARD_SECURE); + + ProcessPacket(2); + ProcessPacket(3); + ProcessPacket(4); + // Process a packet containing stream frame followed by ACK of packets 1. + QuicFrames frames; + frames.push_back(QuicFrame(QuicStreamFrame( + QuicUtils::GetFirstBidirectionalStreamId( + connection_.version().transport_version, Perspective::IS_CLIENT), + false, 0u, quiche::QuicheStringPiece()))); + QuicAckFrame ack_frame = InitAckFrame(1); + frames.push_back(QuicFrame(&ack_frame)); + // Receiving stream frame causes something to send. + EXPECT_CALL(visitor_, OnStreamFrame(_)).WillOnce(Invoke([this]() { + connection_.SendControlFrame(QuicFrame(new QuicWindowUpdateFrame(1, 0, 0))); + // Verify now the queued ACK contains packet number 2. + EXPECT_TRUE(QuicPacketCreatorPeer::QueuedFrames( + QuicConnectionPeer::GetPacketCreator(&connection_))[0] + .ack_frame->packets.Contains(QuicPacketNumber(2))); + })); + ProcessFramesPacketAtLevel(9, frames, ENCRYPTION_FORWARD_SECURE); + if (GetQuicReloadableFlag(quic_donot_change_queued_ack)) { + EXPECT_TRUE(writer_->ack_frames()[0].packets.Contains(QuicPacketNumber(2))); } else { - // No packet gets sent. - EXPECT_CALL(*send_algorithm_, OnPacketSent(_, _, _, _, _)).Times(0); + // ACK frame changes mid packet serialiation! + EXPECT_FALSE( + writer_->ack_frames()[0].packets.Contains(QuicPacketNumber(2))); } - connection_.GetRetransmissionAlarm()->Fire(); - if (GetQuicReloadableFlag(quic_send_ping_when_pto_skips_packet_number)) { - EXPECT_EQ(1u, connection_.GetStats().pto_count); - EXPECT_EQ(0u, connection_.GetStats().crypto_retransmit_count); - EXPECT_EQ(1u, writer_->ping_frames().size()); +} + +TEST_P(QuicConnectionTest, DonotExtendIdleTimeOnUndecryptablePackets) { + EXPECT_CALL(*send_algorithm_, SetFromConfig(_, _)); + QuicConfig config; + connection_.SetFromConfig(config); + // Subtract a second from the idle timeout on the client side. + QuicTime initial_deadline = + clock_.ApproximateNow() + + QuicTime::Delta::FromSeconds(kInitialIdleTimeoutSecs - 1); + EXPECT_EQ(initial_deadline, connection_.GetTimeoutAlarm()->deadline()); + + // Received an undecryptable packet. + clock_.AdvanceTime(QuicTime::Delta::FromSeconds(1)); + const uint8_t tag = 0x07; + peer_framer_.SetEncrypter(ENCRYPTION_FORWARD_SECURE, + std::make_unique<TaggingEncrypter>(tag)); + ProcessDataPacketAtLevel(1, !kHasStopWaiting, ENCRYPTION_FORWARD_SECURE); + if (GetQuicReloadableFlag(quic_extend_idle_time_on_decryptable_packets)) { + // Verify deadline does not get extended. + EXPECT_EQ(initial_deadline, connection_.GetTimeoutAlarm()->deadline()); + } + if (GetQuicReloadableFlag(quic_extend_idle_time_on_decryptable_packets)) { + EXPECT_CALL(visitor_, OnConnectionClosed(_, _)).Times(1); + } else { + EXPECT_CALL(visitor_, OnConnectionClosed(_, _)).Times(0); + } + QuicTime::Delta delay = initial_deadline - clock_.ApproximateNow(); + clock_.AdvanceTime(delay); + if (GetQuicReloadableFlag(quic_extend_idle_time_on_decryptable_packets)) { + connection_.GetTimeoutAlarm()->Fire(); + } + if (GetQuicReloadableFlag(quic_extend_idle_time_on_decryptable_packets)) { + // Verify connection gets closed. + EXPECT_FALSE(connection_.connected()); + } else { + // Verify the timeout alarm deadline is updated. + EXPECT_TRUE(connection_.connected()); + EXPECT_TRUE(connection_.GetTimeoutAlarm()->IsSet()); + } +} + +TEST_P(QuicConnectionTest, BundleAckWithImmediateResponse) { + EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_)); + connection_.SetDefaultEncryptionLevel(ENCRYPTION_FORWARD_SECURE); + + EXPECT_CALL(visitor_, OnStreamFrame(_)).WillOnce(Invoke([this]() { + connection_.SendControlFrame(QuicFrame(new QuicWindowUpdateFrame(1, 0, 0))); + })); + EXPECT_CALL(*send_algorithm_, OnPacketSent(_, _, _, _, _)).Times(1); + ProcessDataPacket(1); + QuicAlarm* ack_alarm = QuicConnectionPeer::GetAckAlarm(&connection_); + if (GetQuicReloadableFlag(quic_advance_ack_timeout_update)) { + // Verify ACK is bundled with WINDOW_UPDATE. + EXPECT_FALSE(writer_->ack_frames().empty()); + EXPECT_FALSE(ack_alarm->IsSet()); + } else { + // ACK is pending. + EXPECT_TRUE(writer_->ack_frames().empty()); + EXPECT_TRUE(ack_alarm->IsSet()); } } diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_constants.h b/chromium/net/third_party/quiche/src/quic/core/quic_constants.h index 15f0abbad5a..51ad0f0c084 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_constants.h +++ b/chromium/net/third_party/quiche/src/quic/core/quic_constants.h @@ -72,9 +72,9 @@ const QuicPacketCount kMinInitialCongestionWindow = 10; // Minimum size of initial flow control window, for both stream and session. // This is only enforced when version.AllowsLowFlowControlLimits() is false. -const uint32_t kMinimumFlowControlSendWindow = 16 * 1024; // 16 KB +const QuicByteCount kMinimumFlowControlSendWindow = 16 * 1024; // 16 KB // Default size of initial flow control window, for both stream and session. -const uint32_t kDefaultFlowControlSendWindow = 16 * 1024; // 16 KB +const QuicByteCount kDefaultFlowControlSendWindow = 16 * 1024; // 16 KB // Maximum flow control receive window limits for connection and stream. const QuicByteCount kStreamReceiveWindowLimit = 16 * 1024 * 1024; // 16 MB @@ -131,8 +131,6 @@ static const int64_t kMinTailLossProbeTimeoutMs = 10; // The timeout before the handshake succeeds. const int64_t kInitialIdleTimeoutSecs = 5; -// The default idle timeout. -const int64_t kDefaultIdleTimeoutSecs = 30; // The maximum idle timeout that can be negotiated. const int64_t kMaximumIdleTimeoutSecs = 60 * 10; // 10 minutes. // The default timeout for a connection until the crypto handshake succeeds. @@ -250,6 +248,9 @@ const size_t kMaxNewTokenTokenLength = 0xffff; // Default initial rtt used before any samples are received. const int kInitialRttMs = 100; +// Default threshold of packet reordering before a packet is declared lost. +static const QuicPacketCount kDefaultPacketReorderingThreshold = 3; + // Default fraction (1/4) of an RTT the algorithm waits before determining a // packet is lost due to early retransmission by time based loss detection. static const int kDefaultLossDelayShift = 2; diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_control_frame_manager.cc b/chromium/net/third_party/quiche/src/quic/core/quic_control_frame_manager.cc index f4b01ff3333..ba00b8816b0 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_control_frame_manager.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_control_frame_manager.cc @@ -292,9 +292,6 @@ void QuicControlFrameManager::WriteBufferedFrames() { DCHECK(session_->connection()->connected()) << ENDPOINT << "Try to write control frames when connection is closed."; while (HasBufferedFrames()) { - if (!session_->write_with_transmission()) { - session_->SetTransmissionType(NOT_RETRANSMISSION); - } QuicFrame frame_to_send = control_frames_.at(least_unsent_ - least_unacked_); QuicFrame copy = CopyRetransmittableControlFrame(frame_to_send); diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_crypto_client_handshaker.h b/chromium/net/third_party/quiche/src/quic/core/quic_crypto_client_handshaker.h index 8c33ee91447..5ba93f24848 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_crypto_client_handshaker.h +++ b/chromium/net/third_party/quiche/src/quic/core/quic_crypto_client_handshaker.h @@ -12,6 +12,7 @@ #include "net/third_party/quiche/src/quic/core/quic_crypto_client_stream.h" #include "net/third_party/quiche/src/quic/core/quic_server_id.h" #include "net/third_party/quiche/src/quic/platform/api/quic_export.h" +#include "net/third_party/quiche/src/common/platform/api/quiche_logging.h" namespace quic { @@ -50,7 +51,14 @@ class QUIC_EXPORT_PRIVATE QuicCryptoClientHandshaker HandshakeState GetHandshakeState() const override; size_t BufferSizeLimitForLevel(EncryptionLevel level) const override; void OnOneRttPacketAcknowledged() override {} + void OnHandshakePacketSent() override {} + void OnConnectionClosed(QuicErrorCode /*error*/, + ConnectionCloseSource /*source*/) override {} void OnHandshakeDoneReceived() override; + void OnApplicationState( + std::unique_ptr<ApplicationState> /*application_state*/) override { + QUICHE_NOTREACHED(); + } // From QuicCryptoHandshaker void OnHandshakeMessage(const CryptoHandshakeMessage& message) override; diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_crypto_client_handshaker_test.cc b/chromium/net/third_party/quiche/src/quic/core/quic_crypto_client_handshaker_test.cc index 92de76f300d..3ea08a51941 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_crypto_client_handshaker_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_crypto_client_handshaker_test.cc @@ -47,6 +47,7 @@ class InsecureProofVerifier : public ProofVerifier { QuicAsyncStatus VerifyCertChain( const std::string& /*hostname*/, + const uint16_t /*port*/, const std::vector<std::string>& /*certs*/, const std::string& /*ocsp_response*/, const std::string& /*cert_sct*/, @@ -69,13 +70,14 @@ class DummyProofSource : public ProofSource { // ProofSource override. void GetProof(const QuicSocketAddress& server_address, + const QuicSocketAddress& client_address, const std::string& hostname, const std::string& /*server_config*/, QuicTransportVersion /*transport_version*/, quiche::QuicheStringPiece /*chlo_hash*/, std::unique_ptr<Callback> callback) override { QuicReferenceCountedPointer<ProofSource::Chain> chain = - GetCertChain(server_address, hostname); + GetCertChain(server_address, client_address, hostname); QuicCryptoProof proof; proof.signature = "Dummy signature"; proof.leaf_cert_scts = "Dummy timestamp"; @@ -84,6 +86,7 @@ class DummyProofSource : public ProofSource { QuicReferenceCountedPointer<Chain> GetCertChain( const QuicSocketAddress& /*server_address*/, + const QuicSocketAddress& /*client_address*/, const std::string& /*hostname*/) override { std::vector<std::string> certs; certs.push_back("Dummy cert"); @@ -93,12 +96,15 @@ class DummyProofSource : public ProofSource { void ComputeTlsSignature( const QuicSocketAddress& /*server_address*/, + const QuicSocketAddress& /*client_address*/, const std::string& /*hostname*/, uint16_t /*signature_algorit*/, quiche::QuicheStringPiece /*in*/, std::unique_ptr<SignatureCallback> callback) override { callback->Run(true, "Dummy signature", /*details=*/nullptr); } + + TicketCrypter* GetTicketCrypter() override { return nullptr; } }; class Handshaker : public QuicCryptoClientHandshaker { @@ -136,11 +142,13 @@ class QuicCryptoClientHandshakerTest {version_})), session_(connection_, false), crypto_client_config_(std::make_unique<InsecureProofVerifier>()), - client_stream_(new QuicCryptoClientStream(server_id_, - &session_, - nullptr, - &crypto_client_config_, - &proof_handler_)), + client_stream_( + new QuicCryptoClientStream(server_id_, + &session_, + nullptr, + &crypto_client_config_, + &proof_handler_, + /*has_application_state = */ false)), handshaker_(server_id_, client_stream_, &session_, diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_crypto_client_stream.cc b/chromium/net/third_party/quiche/src/quic/core/quic_crypto_client_stream.cc index 62990c1faa5..36dc4cdb4c3 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_crypto_client_stream.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_crypto_client_stream.cc @@ -11,6 +11,7 @@ #include "net/third_party/quiche/src/quic/core/crypto/crypto_protocol.h" #include "net/third_party/quiche/src/quic/core/crypto/crypto_utils.h" #include "net/third_party/quiche/src/quic/core/crypto/null_encrypter.h" +#include "net/third_party/quiche/src/quic/core/crypto/quic_crypto_client_config.h" #include "net/third_party/quiche/src/quic/core/quic_crypto_client_handshaker.h" #include "net/third_party/quiche/src/quic/core/quic_packets.h" #include "net/third_party/quiche/src/quic/core/quic_session.h" @@ -31,7 +32,8 @@ QuicCryptoClientStream::QuicCryptoClientStream( QuicSession* session, std::unique_ptr<ProofVerifyContext> verify_context, QuicCryptoClientConfig* crypto_config, - ProofHandler* proof_handler) + ProofHandler* proof_handler, + bool has_application_state) : QuicCryptoClientStreamBase(session) { DCHECK_EQ(Perspective::IS_CLIENT, session->connection()->perspective()); switch (session->connection()->version().handshake_protocol) { @@ -43,7 +45,7 @@ QuicCryptoClientStream::QuicCryptoClientStream( case PROTOCOL_TLS1_3: handshaker_ = std::make_unique<TlsClientHandshaker>( server_id, this, session, std::move(verify_context), crypto_config, - proof_handler); + proof_handler, has_application_state); break; case PROTOCOL_UNSUPPORTED: QUIC_BUG << "Attempting to create QuicCryptoClientStream for unknown " @@ -111,8 +113,22 @@ void QuicCryptoClientStream::OnOneRttPacketAcknowledged() { handshaker_->OnOneRttPacketAcknowledged(); } +void QuicCryptoClientStream::OnHandshakePacketSent() { + handshaker_->OnHandshakePacketSent(); +} + +void QuicCryptoClientStream::OnConnectionClosed(QuicErrorCode error, + ConnectionCloseSource source) { + handshaker_->OnConnectionClosed(error, source); +} + void QuicCryptoClientStream::OnHandshakeDoneReceived() { handshaker_->OnHandshakeDoneReceived(); } +void QuicCryptoClientStream::OnApplicationState( + std::unique_ptr<ApplicationState> application_state) { + handshaker_->OnApplicationState(std::move(application_state)); +} + } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_crypto_client_stream.h b/chromium/net/third_party/quiche/src/quic/core/quic_crypto_client_stream.h index 5af0a663fd7..23f83c7e390 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_crypto_client_stream.h +++ b/chromium/net/third_party/quiche/src/quic/core/quic_crypto_client_stream.h @@ -16,10 +16,15 @@ #include "net/third_party/quiche/src/quic/core/quic_crypto_stream.h" #include "net/third_party/quiche/src/quic/core/quic_server_id.h" #include "net/third_party/quiche/src/quic/core/quic_session.h" +#include "net/third_party/quiche/src/quic/core/quic_versions.h" #include "net/third_party/quiche/src/quic/platform/api/quic_export.h" namespace quic { +namespace test { +class QuicCryptoClientStreamPeer; +} // namespace test + class QUIC_EXPORT_PRIVATE QuicCryptoClientStreamBase : public QuicCryptoStream { public: explicit QuicCryptoClientStreamBase(QuicSession* session); @@ -58,6 +63,9 @@ class QUIC_EXPORT_PRIVATE QuicCryptoClientStreamBase : public QuicCryptoStream { // client. Does not count update messages that were received prior // to handshake confirmation. virtual int num_scup_messages_received() const = 0; + + virtual void OnApplicationState( + std::unique_ptr<ApplicationState> application_state) = 0; }; class QUIC_EXPORT_PRIVATE QuicCryptoClientStream @@ -148,8 +156,19 @@ class QUIC_EXPORT_PRIVATE QuicCryptoClientStream // Called when a 1RTT packet has been acknowledged. virtual void OnOneRttPacketAcknowledged() = 0; + // Called when a packet of ENCRYPTION_HANDSHAKE gets sent. + virtual void OnHandshakePacketSent() = 0; + + // Called when connection gets closed. + virtual void OnConnectionClosed(QuicErrorCode error, + ConnectionCloseSource source) = 0; + // Called when handshake done has been received. virtual void OnHandshakeDoneReceived() = 0; + + // Called when application state is received. + virtual void OnApplicationState( + std::unique_ptr<ApplicationState> application_state) = 0; }; // ProofHandler is an interface that handles callbacks from the crypto @@ -175,7 +194,8 @@ class QUIC_EXPORT_PRIVATE QuicCryptoClientStream QuicSession* session, std::unique_ptr<ProofVerifyContext> verify_context, QuicCryptoClientConfig* crypto_config, - ProofHandler* proof_handler); + ProofHandler* proof_handler, + bool has_application_state); QuicCryptoClientStream(const QuicCryptoClientStream&) = delete; QuicCryptoClientStream& operator=(const QuicCryptoClientStream&) = delete; @@ -198,10 +218,16 @@ class QUIC_EXPORT_PRIVATE QuicCryptoClientStream CryptoMessageParser* crypto_message_parser() override; void OnPacketDecrypted(EncryptionLevel /*level*/) override {} void OnOneRttPacketAcknowledged() override; + void OnHandshakePacketSent() override; + void OnConnectionClosed(QuicErrorCode error, + ConnectionCloseSource source) override; void OnHandshakeDoneReceived() override; HandshakeState GetHandshakeState() const override; size_t BufferSizeLimitForLevel(EncryptionLevel level) const override; + void OnApplicationState( + std::unique_ptr<ApplicationState> application_state) override; + std::string chlo_hash() const; protected: @@ -210,6 +236,7 @@ class QUIC_EXPORT_PRIVATE QuicCryptoClientStream } private: + friend class test::QuicCryptoClientStreamPeer; std::unique_ptr<HandshakerInterface> handshaker_; }; diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_crypto_client_stream_test.cc b/chromium/net/third_party/quiche/src/quic/core/quic_crypto_client_stream_test.cc index bcd6a1f536e..6542382d670 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_crypto_client_stream_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_crypto_client_stream_test.cc @@ -34,10 +34,12 @@ namespace { const char kServerHostname[] = "test.example.com"; const uint16_t kServerPort = 443; +// This test tests the client-side of the QUIC crypto handshake. It does not +// test the TLS handshake - that is in tls_client_handshaker_test.cc. class QuicCryptoClientStreamTest : public QuicTest { public: QuicCryptoClientStreamTest() - : supported_versions_(AllSupportedVersions()), + : supported_versions_(AllSupportedVersionsWithQuicCrypto()), server_id_(kServerHostname, kServerPort, false), crypto_config_(crypto_test_utils::ProofVerifierForTesting(), std::make_unique<test::SimpleSessionCache>()), @@ -64,26 +66,6 @@ class QuicCryptoClientStreamTest : public QuicTest { CreateSession(); } - void UseTlsHandshake() { - supported_versions_.clear(); - for (ParsedQuicVersion version : AllSupportedVersions()) { - if (version.handshake_protocol != PROTOCOL_TLS1_3) { - continue; - } - supported_versions_.push_back(version); - } - } - - void UseQuicCryptoHandshake() { - supported_versions_.clear(); - for (ParsedQuicVersion version : AllSupportedVersions()) { - if (version.handshake_protocol != PROTOCOL_QUIC_CRYPTO) { - continue; - } - supported_versions_.push_back(version); - } - } - void CompleteCryptoHandshake() { int proof_verify_details_calls = 1; if (stream()->handshake_protocol() != PROTOCOL_TLS1_3) { @@ -127,59 +109,7 @@ TEST_F(QuicCryptoClientStreamTest, ConnectedAfterSHLO) { EXPECT_FALSE(stream()->IsResumption()); } -TEST_F(QuicCryptoClientStreamTest, ConnectedAfterTlsHandshake) { - UseTlsHandshake(); - CreateConnection(); - CompleteCryptoHandshake(); - EXPECT_EQ(PROTOCOL_TLS1_3, stream()->handshake_protocol()); - EXPECT_TRUE(stream()->encryption_established()); - EXPECT_TRUE(stream()->one_rtt_keys_available()); - EXPECT_FALSE(stream()->IsResumption()); -} - -TEST_F(QuicCryptoClientStreamTest, - ProofVerifyDetailsAvailableAfterTlsHandshake) { - UseTlsHandshake(); - CreateConnection(); - - EXPECT_CALL(*session_, OnProofVerifyDetailsAvailable(testing::_)); - stream()->CryptoConnect(); - QuicConfig config; - crypto_test_utils::HandshakeWithFakeServer( - &config, server_crypto_config_.get(), &server_helper_, &alarm_factory_, - connection_, stream(), AlpnForVersion(connection_->version())); - EXPECT_EQ(PROTOCOL_TLS1_3, stream()->handshake_protocol()); - EXPECT_TRUE(stream()->encryption_established()); - EXPECT_TRUE(stream()->one_rtt_keys_available()); -} - -TEST_F(QuicCryptoClientStreamTest, TlsResumption) { - UseTlsHandshake(); - // Enable resumption on the server: - SSL_CTX_clear_options(server_crypto_config_->ssl_ctx(), SSL_OP_NO_TICKET); - CreateConnection(); - - // Finish establishing the first connection: - CompleteCryptoHandshake(); - - EXPECT_EQ(PROTOCOL_TLS1_3, stream()->handshake_protocol()); - EXPECT_TRUE(stream()->encryption_established()); - EXPECT_TRUE(stream()->one_rtt_keys_available()); - EXPECT_FALSE(stream()->IsResumption()); - - // Create a second connection - CreateConnection(); - CompleteCryptoHandshake(); - - EXPECT_EQ(PROTOCOL_TLS1_3, stream()->handshake_protocol()); - EXPECT_TRUE(stream()->encryption_established()); - EXPECT_TRUE(stream()->one_rtt_keys_available()); - EXPECT_TRUE(stream()->IsResumption()); -} - TEST_F(QuicCryptoClientStreamTest, MessageAfterHandshake) { - UseQuicCryptoHandshake(); - CreateConnection(); CompleteCryptoHandshake(); EXPECT_CALL( @@ -191,8 +121,6 @@ TEST_F(QuicCryptoClientStreamTest, MessageAfterHandshake) { } TEST_F(QuicCryptoClientStreamTest, BadMessageType) { - UseQuicCryptoHandshake(); - CreateConnection(); stream()->CryptoConnect(); message_.set_tag(kCHLO); @@ -204,8 +132,6 @@ TEST_F(QuicCryptoClientStreamTest, BadMessageType) { } TEST_F(QuicCryptoClientStreamTest, NegotiatedParameters) { - UseQuicCryptoHandshake(); - CreateConnection(); CompleteCryptoHandshake(); const QuicConfig* config = session_->config(); @@ -218,8 +144,6 @@ TEST_F(QuicCryptoClientStreamTest, NegotiatedParameters) { } TEST_F(QuicCryptoClientStreamTest, ExpiredServerConfig) { - UseQuicCryptoHandshake(); - CreateConnection(); // Seed the config with a cached server config. CompleteCryptoHandshake(); @@ -278,8 +202,6 @@ TEST_F(QuicCryptoClientStreamTest, InvalidCachedServerConfig) { TEST_F(QuicCryptoClientStreamTest, ServerConfigUpdate) { // Test that the crypto client stream can receive server config updates after // the connection has been established. - UseQuicCryptoHandshake(); - CreateConnection(); CompleteCryptoHandshake(); QuicCryptoClientConfig::CachedState* state = @@ -331,8 +253,6 @@ TEST_F(QuicCryptoClientStreamTest, ServerConfigUpdate) { TEST_F(QuicCryptoClientStreamTest, ServerConfigUpdateWithCert) { // Test that the crypto client stream can receive and use server config // updates with certificates after the connection has been established. - UseQuicCryptoHandshake(); - CreateConnection(); CompleteCryptoHandshake(); // Build a server config update message with certificates @@ -365,7 +285,7 @@ TEST_F(QuicCryptoClientStreamTest, ServerConfigUpdateWithCert) { crypto_config.BuildServerConfigUpdateMessage( session_->transport_version(), stream()->chlo_hash(), tokens, QuicSocketAddress(QuicIpAddress::Loopback6(), 1234), - QuicIpAddress::Loopback6(), connection_->clock(), + QuicSocketAddress(QuicIpAddress::Loopback6(), 4321), connection_->clock(), QuicRandom::GetInstance(), &cache, stream()->crypto_negotiated_params(), &network_params, std::unique_ptr<BuildServerConfigUpdateMessageResultCallback>( @@ -388,8 +308,6 @@ TEST_F(QuicCryptoClientStreamTest, ServerConfigUpdateWithCert) { } TEST_F(QuicCryptoClientStreamTest, ServerConfigUpdateBeforeHandshake) { - UseQuicCryptoHandshake(); - CreateConnection(); EXPECT_CALL( *connection_, CloseConnection(QUIC_CRYPTO_UPDATE_BEFORE_HANDSHAKE_COMPLETE, _, _)); @@ -402,7 +320,6 @@ TEST_F(QuicCryptoClientStreamTest, ServerConfigUpdateBeforeHandshake) { TEST_F(QuicCryptoClientStreamTest, PreferredVersion) { // This mimics the case where client receives version negotiation packet, such // that, the preferred version is different from the packets' version. - UseQuicCryptoHandshake(); connection_ = new PacketSavingConnection( &client_helper_, &alarm_factory_, Perspective::IS_CLIENT, ParsedVersionOfIndex(supported_versions_, 1)); diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_crypto_server_stream.cc b/chromium/net/third_party/quiche/src/quic/core/quic_crypto_server_stream.cc index c651351702e..66f82298476 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_crypto_server_stream.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_crypto_server_stream.cc @@ -129,9 +129,9 @@ void QuicCryptoServerStream::OnHandshakeMessage( DCHECK(process_client_hello_cb_ == nullptr); validate_client_hello_cb_ = cb.get(); crypto_config_->ValidateClientHello( - message, GetClientAddress().host(), - session()->connection()->self_address(), transport_version(), - session()->connection()->clock(), signed_config_, std::move(cb)); + message, GetClientAddress(), session()->connection()->self_address(), + transport_version(), session()->connection()->clock(), signed_config_, + std::move(cb)); } void QuicCryptoServerStream::FinishProcessingHandshakeMessage( @@ -245,7 +245,7 @@ void QuicCryptoServerStream::SendServerConfigUpdate( crypto_config_->BuildServerConfigUpdateMessage( session()->transport_version(), chlo_hash_, previous_source_address_tokens_, session()->connection()->self_address(), - GetClientAddress().host(), session()->connection()->clock(), + GetClientAddress(), session()->connection()->clock(), session()->connection()->random_generator(), compressed_certs_cache_, *crypto_negotiated_params_, cached_network_params, std::move(cb)); } diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_crypto_server_stream.h b/chromium/net/third_party/quiche/src/quic/core/quic_crypto_server_stream.h index fd14d27a270..52d4874994d 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_crypto_server_stream.h +++ b/chromium/net/third_party/quiche/src/quic/core/quic_crypto_server_stream.h @@ -42,6 +42,9 @@ class QUIC_EXPORT_PRIVATE QuicCryptoServerStream CachedNetworkParameters cached_network_params) override; void OnPacketDecrypted(EncryptionLevel level) override; void OnOneRttPacketAcknowledged() override {} + void OnHandshakePacketSent() override {} + void OnConnectionClosed(QuicErrorCode /*error*/, + ConnectionCloseSource /*source*/) override {} void OnHandshakeDoneReceived() override; bool ShouldSendExpectCTHeader() const override; diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_crypto_server_stream_base.cc b/chromium/net/third_party/quiche/src/quic/core/quic_crypto_server_stream_base.cc index 0a77ca7aee9..8ea63ba0876 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_crypto_server_stream_base.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_crypto_server_stream_base.cc @@ -37,8 +37,8 @@ std::unique_ptr<QuicCryptoServerStreamBase> CreateCryptoServerStream( return std::unique_ptr<QuicCryptoServerStream>(new QuicCryptoServerStream( crypto_config, compressed_certs_cache, session, helper)); case PROTOCOL_TLS1_3: - return std::unique_ptr<TlsServerHandshaker>(new TlsServerHandshaker( - session, crypto_config->ssl_ctx(), crypto_config->proof_source())); + return std::unique_ptr<TlsServerHandshaker>( + new TlsServerHandshaker(session, *crypto_config)); case PROTOCOL_UNSUPPORTED: break; } diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_crypto_server_stream_test.cc b/chromium/net/third_party/quiche/src/quic/core/quic_crypto_server_stream_test.cc index 60882b861e2..debfc3b0f52 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_crypto_server_stream_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_crypto_server_stream_test.cc @@ -50,7 +50,9 @@ namespace { const char kServerHostname[] = "test.example.com"; const uint16_t kServerPort = 443; -class QuicCryptoServerStreamTest : public QuicTestWithParam<bool> { +// This test tests the server-side of the QUIC crypto handshake. It does not +// test the TLS handshake - that is in tls_server_handshaker_test.cc. +class QuicCryptoServerStreamTest : public QuicTest { public: QuicCryptoServerStreamTest() : QuicCryptoServerStreamTest(crypto_test_utils::ProofSourceForTesting()) { @@ -152,28 +154,6 @@ class QuicCryptoServerStreamTest : public QuicTestWithParam<bool> { server_connection_, server_stream(), 0); } - void UseTlsHandshake() { - client_options_.only_tls_versions = true; - supported_versions_.clear(); - for (ParsedQuicVersion version : AllSupportedVersions()) { - if (version.handshake_protocol != PROTOCOL_TLS1_3) { - continue; - } - supported_versions_.push_back(version); - } - } - - void UseQuicCryptoHandshake() { - client_options_.only_quic_crypto_versions = true; - supported_versions_.clear(); - for (ParsedQuicVersion version : AllSupportedVersions()) { - if (version.handshake_protocol != PROTOCOL_QUIC_CRYPTO) { - continue; - } - supported_versions_.push_back(version); - } - } - protected: // Every connection gets its own MockQuicConnectionHelper and // MockAlarmFactory, tracked separately from the server and client state so @@ -197,43 +177,28 @@ class QuicCryptoServerStreamTest : public QuicTestWithParam<bool> { crypto_test_utils::FakeClientOptions client_options_; // Which QUIC versions the client and server support. - ParsedQuicVersionVector supported_versions_ = AllSupportedVersions(); + ParsedQuicVersionVector supported_versions_ = + AllSupportedVersionsWithQuicCrypto(); }; -INSTANTIATE_TEST_SUITE_P(Tests, - QuicCryptoServerStreamTest, - ::testing::Bool(), - ::testing::PrintToStringParamName()); - -TEST_P(QuicCryptoServerStreamTest, NotInitiallyConected) { +TEST_F(QuicCryptoServerStreamTest, NotInitiallyConected) { Initialize(); EXPECT_FALSE(server_stream()->encryption_established()); EXPECT_FALSE(server_stream()->one_rtt_keys_available()); } -TEST_P(QuicCryptoServerStreamTest, ConnectedAfterCHLO) { +TEST_F(QuicCryptoServerStreamTest, ConnectedAfterCHLO) { // CompleteCryptoHandshake returns the number of client hellos sent. This // test should send: // * One to get a source-address token and certificates. // * One to complete the handshake. - UseQuicCryptoHandshake(); Initialize(); EXPECT_EQ(2, CompleteCryptoHandshake()); EXPECT_TRUE(server_stream()->encryption_established()); EXPECT_TRUE(server_stream()->one_rtt_keys_available()); } -TEST_P(QuicCryptoServerStreamTest, ConnectedAfterTlsHandshake) { - UseTlsHandshake(); - Initialize(); - CompleteCryptoHandshake(); - EXPECT_EQ(PROTOCOL_TLS1_3, server_stream()->handshake_protocol()); - EXPECT_TRUE(server_stream()->encryption_established()); - EXPECT_TRUE(server_stream()->one_rtt_keys_available()); -} - -TEST_P(QuicCryptoServerStreamTest, ForwardSecureAfterCHLO) { - UseQuicCryptoHandshake(); +TEST_F(QuicCryptoServerStreamTest, ForwardSecureAfterCHLO) { Initialize(); InitializeFakeClient(); @@ -254,8 +219,7 @@ TEST_P(QuicCryptoServerStreamTest, ForwardSecureAfterCHLO) { server_session_->connection()->encryption_level()); } -TEST_P(QuicCryptoServerStreamTest, ZeroRTT) { - UseQuicCryptoHandshake(); +TEST_F(QuicCryptoServerStreamTest, ZeroRTT) { Initialize(); InitializeFakeClient(); @@ -286,8 +250,7 @@ TEST_P(QuicCryptoServerStreamTest, ZeroRTT) { EXPECT_TRUE(server_stream()->ZeroRttAttempted()); } -TEST_P(QuicCryptoServerStreamTest, FailByPolicy) { - UseQuicCryptoHandshake(); +TEST_F(QuicCryptoServerStreamTest, FailByPolicy) { Initialize(); InitializeFakeClient(); @@ -299,8 +262,7 @@ TEST_P(QuicCryptoServerStreamTest, FailByPolicy) { AdvanceHandshakeWithFakeClient(); } -TEST_P(QuicCryptoServerStreamTest, MessageAfterHandshake) { - UseQuicCryptoHandshake(); +TEST_F(QuicCryptoServerStreamTest, MessageAfterHandshake) { Initialize(); CompleteCryptoHandshake(); EXPECT_CALL( @@ -311,8 +273,7 @@ TEST_P(QuicCryptoServerStreamTest, MessageAfterHandshake) { Perspective::IS_CLIENT); } -TEST_P(QuicCryptoServerStreamTest, BadMessageType) { - UseQuicCryptoHandshake(); +TEST_F(QuicCryptoServerStreamTest, BadMessageType) { Initialize(); message_.set_tag(kSHLO); @@ -322,7 +283,7 @@ TEST_P(QuicCryptoServerStreamTest, BadMessageType) { Perspective::IS_SERVER); } -TEST_P(QuicCryptoServerStreamTest, OnlySendSCUPAfterHandshakeComplete) { +TEST_F(QuicCryptoServerStreamTest, OnlySendSCUPAfterHandshakeComplete) { // An attempt to send a SCUP before completing handshake should fail. Initialize(); @@ -330,8 +291,7 @@ TEST_P(QuicCryptoServerStreamTest, OnlySendSCUPAfterHandshakeComplete) { EXPECT_EQ(0, server_stream()->NumServerConfigUpdateMessagesSent()); } -TEST_P(QuicCryptoServerStreamTest, SendSCUPAfterHandshakeComplete) { - UseQuicCryptoHandshake(); +TEST_F(QuicCryptoServerStreamTest, SendSCUPAfterHandshakeComplete) { Initialize(); InitializeFakeClient(); @@ -363,13 +323,7 @@ class QuicCryptoServerStreamTestWithFailingProofSource std::unique_ptr<FailingProofSource>(new FailingProofSource)) {} }; -INSTANTIATE_TEST_SUITE_P(MoreTests, - QuicCryptoServerStreamTestWithFailingProofSource, - ::testing::Bool(), - ::testing::PrintToStringParamName()); - -TEST_P(QuicCryptoServerStreamTestWithFailingProofSource, Test) { - UseQuicCryptoHandshake(); +TEST_F(QuicCryptoServerStreamTestWithFailingProofSource, Test) { Initialize(); InitializeFakeClient(); @@ -399,16 +353,10 @@ class QuicCryptoServerStreamTestWithFakeProofSource QuicCryptoServerConfigPeer crypto_config_peer_; }; -INSTANTIATE_TEST_SUITE_P(YetMoreTests, - QuicCryptoServerStreamTestWithFakeProofSource, - ::testing::Bool(), - ::testing::PrintToStringParamName()); - // Regression test for b/35422225, in which multiple CHLOs arriving on the same // connection in close succession could cause a crash, especially when the use // of Mentat signing meant that it took a while for each CHLO to be processed. -TEST_P(QuicCryptoServerStreamTestWithFakeProofSource, MultipleChlo) { - UseQuicCryptoHandshake(); +TEST_F(QuicCryptoServerStreamTestWithFakeProofSource, MultipleChlo) { Initialize(); GetFakeProofSource()->Activate(); EXPECT_CALL(*server_session_->helper(), CanAcceptClientHello(_, _, _, _, _)) diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_crypto_stream.cc b/chromium/net/third_party/quiche/src/quic/core/quic_crypto_stream.cc index 094613c7395..20704fb627a 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_crypto_stream.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_crypto_stream.cc @@ -38,8 +38,7 @@ QuicCryptoStream::QuicCryptoStream(QuicSession* session) substreams_{{{this, ENCRYPTION_INITIAL}, {this, ENCRYPTION_HANDSHAKE}, {this, ENCRYPTION_ZERO_RTT}, - {this, ENCRYPTION_FORWARD_SECURE}}}, - writevdata_at_level_(GetQuicReloadableFlag(quic_writevdata_at_level)) { + {this, ENCRYPTION_FORWARD_SECURE}}} { // The crypto stream is exempt from connection level flow control. DisableConnectionFlowControlForThisStream(); } @@ -200,16 +199,20 @@ void QuicCryptoStream::OnStreamReset(const QuicRstStreamFrame& /*frame*/) { } void QuicCryptoStream::NeuterUnencryptedStreamData() { + NeuterStreamDataOfEncryptionLevel(ENCRYPTION_INITIAL); +} + +void QuicCryptoStream::NeuterStreamDataOfEncryptionLevel( + EncryptionLevel level) { if (!QuicVersionUsesCryptoFrames(session()->transport_version())) { - for (const auto& interval : bytes_consumed_[ENCRYPTION_INITIAL]) { + for (const auto& interval : bytes_consumed_[level]) { QuicByteCount newly_acked_length = 0; send_buffer().OnStreamDataAcked( interval.min(), interval.max() - interval.min(), &newly_acked_length); } return; } - QuicStreamSendBuffer* send_buffer = - &substreams_[ENCRYPTION_INITIAL].send_buffer; + QuicStreamSendBuffer* send_buffer = &substreams_[level].send_buffer; // TODO(nharper): Consider adding a Clear() method to QuicStreamSendBuffer to // replace the following code. QuicIntervalSet<QuicStreamOffset> to_ack = send_buffer->bytes_acked(); @@ -221,7 +224,7 @@ void QuicCryptoStream::NeuterUnencryptedStreamData() { } } -void QuicCryptoStream::OnStreamDataConsumed(size_t bytes_consumed) { +void QuicCryptoStream::OnStreamDataConsumed(QuicByteCount bytes_consumed) { if (QuicVersionUsesCryptoFrames(session()->transport_version())) { QUIC_BUG << "Stream data consumed when CRYPTO frames should be in use"; } @@ -232,12 +235,21 @@ void QuicCryptoStream::OnStreamDataConsumed(size_t bytes_consumed) { QuicStream::OnStreamDataConsumed(bytes_consumed); } +namespace { + +constexpr std::array<EncryptionLevel, NUM_ENCRYPTION_LEVELS> +AllEncryptionLevels() { + return {ENCRYPTION_INITIAL, ENCRYPTION_HANDSHAKE, ENCRYPTION_ZERO_RTT, + ENCRYPTION_FORWARD_SECURE}; +} + +} // namespace + bool QuicCryptoStream::HasPendingCryptoRetransmission() const { if (!QuicVersionUsesCryptoFrames(session()->transport_version())) { return false; } - for (EncryptionLevel level : - {ENCRYPTION_INITIAL, ENCRYPTION_ZERO_RTT, ENCRYPTION_FORWARD_SECURE}) { + for (EncryptionLevel level : AllEncryptionLevels()) { if (substreams_[level].send_buffer.HasPendingRetransmission()) { return true; } @@ -248,8 +260,7 @@ bool QuicCryptoStream::HasPendingCryptoRetransmission() const { void QuicCryptoStream::WritePendingCryptoRetransmission() { QUIC_BUG_IF(!QuicVersionUsesCryptoFrames(session()->transport_version())) << "Versions less than 47 don't write CRYPTO frames"; - for (EncryptionLevel level : - {ENCRYPTION_INITIAL, ENCRYPTION_ZERO_RTT, ENCRYPTION_FORWARD_SECURE}) { + for (EncryptionLevel level : AllEncryptionLevels()) { QuicStreamSendBuffer* send_buffer = &substreams_[level].send_buffer; while (send_buffer->HasPendingRetransmission()) { auto pending = send_buffer->NextPendingRetransmission(); @@ -283,33 +294,9 @@ void QuicCryptoStream::WritePendingRetransmission() { pending.offset = retransmission.begin()->min(); pending.length = retransmission.begin()->max() - retransmission.begin()->min(); - QuicConsumedData consumed(0, false); - if (!writevdata_at_level_) { - EncryptionLevel current_encryption_level = - session()->connection()->encryption_level(); - // Set appropriate encryption level. - session()->connection()->SetDefaultEncryptionLevel( - retransmission_encryption_level); - consumed = stream_delegate()->WritevData( - id(), pending.length, pending.offset, NO_FIN, - HANDSHAKE_RETRANSMISSION, QuicheNullOpt); - QUIC_DVLOG(1) << ENDPOINT << "stream " << id() - << " tries to retransmit stream data [" << pending.offset - << ", " << pending.offset + pending.length - << ") with encryption level: " - << retransmission_encryption_level - << ", consumed: " << consumed; - OnStreamFrameRetransmitted(pending.offset, consumed.bytes_consumed, - consumed.fin_consumed); - // Restore encryption level. - session()->connection()->SetDefaultEncryptionLevel( - current_encryption_level); - } else { - QUIC_RELOADABLE_FLAG_COUNT_N(quic_writevdata_at_level, 1, 2); - consumed = RetransmitStreamDataAtLevel(pending.offset, pending.length, - retransmission_encryption_level, - HANDSHAKE_RETRANSMISSION); - } + QuicConsumedData consumed = RetransmitStreamDataAtLevel( + pending.offset, pending.length, retransmission_encryption_level, + HANDSHAKE_RETRANSMISSION); if (consumed.bytes_consumed < pending.length) { // The connection is write blocked. break; @@ -334,35 +321,12 @@ bool QuicCryptoStream::RetransmitStreamData(QuicStreamOffset offset, } } retransmission.Difference(bytes_acked()); - EncryptionLevel current_encryption_level = - session()->connection()->encryption_level(); for (const auto& interval : retransmission) { QuicStreamOffset retransmission_offset = interval.min(); QuicByteCount retransmission_length = interval.max() - interval.min(); - QuicConsumedData consumed(0, false); - if (!writevdata_at_level_) { - // Set appropriate encryption level. - session()->connection()->SetDefaultEncryptionLevel(send_encryption_level); - consumed = stream_delegate()->WritevData(id(), retransmission_length, - retransmission_offset, NO_FIN, - type, QuicheNullOpt); - QUIC_DVLOG(1) << ENDPOINT << "stream " << id() - << " is forced to retransmit stream data [" - << retransmission_offset << ", " - << retransmission_offset + retransmission_length - << "), with encryption level: " << send_encryption_level - << ", consumed: " << consumed; - OnStreamFrameRetransmitted(retransmission_offset, consumed.bytes_consumed, - consumed.fin_consumed); - // Restore encryption level. - session()->connection()->SetDefaultEncryptionLevel( - current_encryption_level); - } else { - QUIC_RELOADABLE_FLAG_COUNT_N(quic_writevdata_at_level, 2, 2); - consumed = RetransmitStreamDataAtLevel(retransmission_offset, - retransmission_length, - send_encryption_level, type); - } + QuicConsumedData consumed = RetransmitStreamDataAtLevel( + retransmission_offset, retransmission_length, send_encryption_level, + type); if (consumed.bytes_consumed < retransmission_length) { // The connection is write blocked. return false; @@ -378,7 +342,6 @@ QuicConsumedData QuicCryptoStream::RetransmitStreamDataAtLevel( EncryptionLevel encryption_level, TransmissionType type) { DCHECK_EQ(HANDSHAKE_RETRANSMISSION, type); - DCHECK(writevdata_at_level_); const auto consumed = stream_delegate()->WritevData( id(), retransmission_length, retransmission_offset, NO_FIN, type, encryption_level); @@ -398,9 +361,11 @@ uint64_t QuicCryptoStream::crypto_bytes_read() const { if (!QuicVersionUsesCryptoFrames(session()->transport_version())) { return stream_bytes_read(); } - return substreams_[ENCRYPTION_INITIAL].sequencer.NumBytesConsumed() + - substreams_[ENCRYPTION_ZERO_RTT].sequencer.NumBytesConsumed() + - substreams_[ENCRYPTION_FORWARD_SECURE].sequencer.NumBytesConsumed(); + uint64_t bytes_read = 0; + for (EncryptionLevel level : AllEncryptionLevels()) { + bytes_read += substreams_[level].sequencer.NumBytesConsumed(); + } + return bytes_read; } uint64_t QuicCryptoStream::BytesReadOnLevel(EncryptionLevel level) const { @@ -453,8 +418,7 @@ void QuicCryptoStream::RetransmitData(QuicCryptoFrame* crypto_frame, void QuicCryptoStream::WriteBufferedCryptoFrames() { QUIC_BUG_IF(!QuicVersionUsesCryptoFrames(session()->transport_version())) << "Versions less than 47 don't use CRYPTO frames"; - for (EncryptionLevel level : - {ENCRYPTION_INITIAL, ENCRYPTION_ZERO_RTT, ENCRYPTION_FORWARD_SECURE}) { + for (EncryptionLevel level : AllEncryptionLevels()) { QuicStreamSendBuffer* send_buffer = &substreams_[level].send_buffer; const size_t data_length = send_buffer->stream_offset() - send_buffer->stream_bytes_written(); @@ -476,8 +440,7 @@ void QuicCryptoStream::WriteBufferedCryptoFrames() { bool QuicCryptoStream::HasBufferedCryptoFrames() const { QUIC_BUG_IF(!QuicVersionUsesCryptoFrames(session()->transport_version())) << "Versions less than 47 don't use CRYPTO frames"; - for (EncryptionLevel level : - {ENCRYPTION_INITIAL, ENCRYPTION_ZERO_RTT, ENCRYPTION_FORWARD_SECURE}) { + for (EncryptionLevel level : AllEncryptionLevels()) { const QuicStreamSendBuffer& send_buffer = substreams_[level].send_buffer; DCHECK_GE(send_buffer.stream_offset(), send_buffer.stream_bytes_written()); if (send_buffer.stream_offset() > send_buffer.stream_bytes_written()) { @@ -506,8 +469,7 @@ bool QuicCryptoStream::IsWaitingForAcks() const { if (!QuicVersionUsesCryptoFrames(session()->transport_version())) { return QuicStream::IsWaitingForAcks(); } - for (EncryptionLevel level : - {ENCRYPTION_INITIAL, ENCRYPTION_ZERO_RTT, ENCRYPTION_FORWARD_SECURE}) { + for (EncryptionLevel level : AllEncryptionLevels()) { if (substreams_[level].send_buffer.stream_bytes_outstanding()) { return true; } diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_crypto_stream.h b/chromium/net/third_party/quiche/src/quic/core/quic_crypto_stream.h index 82f81fe9832..49d37042390 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_crypto_stream.h +++ b/chromium/net/third_party/quiche/src/quic/core/quic_crypto_stream.h @@ -91,6 +91,9 @@ class QUIC_EXPORT_PRIVATE QuicCryptoStream : public QuicStream { // Called when a 1RTT packet has been acknowledged. virtual void OnOneRttPacketAcknowledged() = 0; + // Called when a packet of ENCRYPTION_HANDSHAKE gets sent. + virtual void OnHandshakePacketSent() = 0; + // Called when a handshake done frame has been received. virtual void OnHandshakeDoneReceived() = 0; @@ -104,8 +107,11 @@ class QUIC_EXPORT_PRIVATE QuicCryptoStream : public QuicStream { // Called to cancel retransmission of unencrypted crypto stream data. void NeuterUnencryptedStreamData(); + // Called to cancel retransmission of data of encryption |level|. + void NeuterStreamDataOfEncryptionLevel(EncryptionLevel level); + // Override to record the encryption level of consumed data. - void OnStreamDataConsumed(size_t bytes_consumed) override; + void OnStreamDataConsumed(QuicByteCount bytes_consumed) override; // Returns whether there are any bytes pending retransmission in CRYPTO // frames. @@ -197,9 +203,6 @@ class QUIC_EXPORT_PRIVATE QuicCryptoStream : public QuicStream { // Keeps state for data sent/received in CRYPTO frames at each encryption // level. std::array<CryptoSubstream, NUM_ENCRYPTION_LEVELS> substreams_; - - // Latched value of gfe2_reloadable_flag_quic_writevdata_at_level. - const bool writevdata_at_level_; }; } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_crypto_stream_test.cc b/chromium/net/third_party/quiche/src/quic/core/quic_crypto_stream_test.cc index 436e572308b..5f414e6a98a 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_crypto_stream_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_crypto_stream_test.cc @@ -58,6 +58,7 @@ class MockQuicCryptoStream : public QuicCryptoStream, } void OnPacketDecrypted(EncryptionLevel /*level*/) override {} void OnOneRttPacketAcknowledged() override {} + void OnHandshakePacketSent() override {} void OnHandshakeDoneReceived() override {} HandshakeState GetHandshakeState() const override { return HANDSHAKE_START; } @@ -253,6 +254,48 @@ TEST_F(QuicCryptoStreamTest, RetransmitCryptoDataInCryptoFrames) { EXPECT_EQ(ENCRYPTION_FORWARD_SECURE, connection_->encryption_level()); } +// Regression test for handling the missing ENCRYPTION_HANDSHAKE in +// quic_crypto_stream.cc. This test is essentially the same as +// RetransmitCryptoDataInCryptoFrames, except it uses ENCRYPTION_HANDSHAKE in +// place of ENCRYPTION_ZERO_RTT. +TEST_F(QuicCryptoStreamTest, RetransmitEncryptionHandshakeLevelCryptoFrames) { + if (!QuicVersionUsesCryptoFrames(connection_->transport_version())) { + return; + } + EXPECT_CALL(*connection_, SendCryptoData(_, _, _)).Times(0); + InSequence s; + // Send [0, 1000) in ENCRYPTION_INITIAL. + EXPECT_EQ(ENCRYPTION_INITIAL, connection_->encryption_level()); + std::string data(1000, 'a'); + EXPECT_CALL(*connection_, SendCryptoData(ENCRYPTION_INITIAL, 1000, 0)) + .WillOnce(Invoke(connection_, + &MockQuicConnection::QuicConnection_SendCryptoData)); + stream_->WriteCryptoData(ENCRYPTION_INITIAL, data); + // Send [1000, 2000) in ENCRYPTION_HANDSHAKE. + connection_->SetDefaultEncryptionLevel(ENCRYPTION_HANDSHAKE); + std::unique_ptr<NullEncrypter> encrypter = + std::make_unique<NullEncrypter>(Perspective::IS_CLIENT); + connection_->SetEncrypter(ENCRYPTION_HANDSHAKE, std::move(encrypter)); + EXPECT_EQ(ENCRYPTION_HANDSHAKE, connection_->encryption_level()); + EXPECT_CALL(*connection_, SendCryptoData(ENCRYPTION_HANDSHAKE, 1000, 0)) + .WillOnce(Invoke(connection_, + &MockQuicConnection::QuicConnection_SendCryptoData)); + stream_->WriteCryptoData(ENCRYPTION_HANDSHAKE, data); + connection_->SetDefaultEncryptionLevel(ENCRYPTION_FORWARD_SECURE); + EXPECT_EQ(ENCRYPTION_FORWARD_SECURE, connection_->encryption_level()); + + // Lost [1000, 1200). + QuicCryptoFrame lost_frame(ENCRYPTION_HANDSHAKE, 0, 200); + stream_->OnCryptoFrameLost(&lost_frame); + EXPECT_TRUE(stream_->HasPendingCryptoRetransmission()); + // Verify [1000, 1200) is sent. + EXPECT_CALL(*connection_, SendCryptoData(ENCRYPTION_HANDSHAKE, 200, 0)) + .WillOnce(Invoke(connection_, + &MockQuicConnection::QuicConnection_SendCryptoData)); + stream_->WritePendingCryptoRetransmission(); + EXPECT_FALSE(stream_->HasPendingCryptoRetransmission()); +} + TEST_F(QuicCryptoStreamTest, NeuterUnencryptedStreamData) { if (QuicVersionUsesCryptoFrames(connection_->transport_version())) { return; diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_dispatcher.cc b/chromium/net/third_party/quiche/src/quic/core/quic_dispatcher.cc index c160ced24b6..c0d39700f41 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_dispatcher.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_dispatcher.cc @@ -15,6 +15,7 @@ #include "net/third_party/quiche/src/quic/core/quic_types.h" #include "net/third_party/quiche/src/quic/core/quic_utils.h" #include "net/third_party/quiche/src/quic/core/quic_versions.h" +#include "net/third_party/quiche/src/quic/core/tls_chlo_extractor.h" #include "net/third_party/quiche/src/quic/platform/api/quic_bug_tracker.h" #include "net/third_party/quiche/src/quic/platform/api/quic_flag_utils.h" #include "net/third_party/quiche/src/quic/platform/api/quic_flags.h" @@ -60,14 +61,11 @@ class PacketCollector : public QuicPacketCreator::DelegateInterface, ~PacketCollector() override = default; // QuicPacketCreator::DelegateInterface methods: - void OnSerializedPacket(SerializedPacket* serialized_packet) override { + void OnSerializedPacket(SerializedPacket serialized_packet) override { // Make a copy of the serialized packet to send later. packets_.emplace_back( - new QuicEncryptedPacket(CopyBuffer(*serialized_packet), - serialized_packet->encrypted_length, true)); - serialized_packet->encrypted_buffer = nullptr; - DeleteFrames(&(serialized_packet->retransmittable_frames)); - serialized_packet->retransmittable_frames.clear(); + new QuicEncryptedPacket(CopyBuffer(serialized_packet), + serialized_packet.encrypted_length, true)); } char* GetPacketBuffer() override { @@ -180,7 +178,7 @@ class StatelessConnectionTerminator { QuicTimeWaitListManager* time_wait_list_manager_; }; -// Class which extracts the ALPN from a CHLO packet. +// Class which extracts the ALPN from a QUIC_CRYPTO CHLO packet. class ChloAlpnExtractor : public ChloExtractor::Delegate { public: void OnChlo(QuicTransportVersion /*version*/, @@ -310,7 +308,7 @@ void QuicDispatcher::ProcessPacket(const QuicSocketAddress& self_address, QuicConnectionId QuicDispatcher::MaybeReplaceServerConnectionId( QuicConnectionId server_connection_id, - ParsedQuicVersion version) { + ParsedQuicVersion version) const { if (server_connection_id.length() == expected_server_connection_id_length_) { return server_connection_id; } @@ -476,16 +474,42 @@ void QuicDispatcher::ProcessHeader(ReceivedPacketInfo* packet_info) { QuicConnectionId server_connection_id = packet_info->destination_connection_id; // Packet's connection ID is unknown. Apply the validity checks. - // TODO(wub): Determine the fate completely in ValidityChecks, then call - // ProcessUnauthenticatedHeaderFate in one place. QuicPacketFate fate = ValidityChecks(*packet_info); ChloAlpnExtractor alpn_extractor; switch (fate) { case kFateProcess: { if (packet_info->version.handshake_protocol == PROTOCOL_TLS1_3) { - // TODO(nharper): Support buffering non-ClientHello packets when using - // TLS. - ProcessChlo(/*alpn=*/"", packet_info); + bool has_full_tls_chlo = false; + std::vector<std::string> alpns; + if (buffered_packets_.HasBufferedPackets( + packet_info->destination_connection_id)) { + // If we already have buffered packets for this connection ID, + // use the associated TlsChloExtractor to parse this packet. + has_full_tls_chlo = + buffered_packets_.IngestPacketForTlsChloExtraction( + packet_info->destination_connection_id, packet_info->version, + packet_info->packet, &alpns); + } else { + // If we do not have a BufferedPacketList for this connection ID, + // create a single-use one to check whether this packet contains a + // full single-packet CHLO. + TlsChloExtractor tls_chlo_extractor; + tls_chlo_extractor.IngestPacket(packet_info->version, + packet_info->packet); + if (tls_chlo_extractor.HasParsedFullChlo()) { + // This packet contains a full single-packet CHLO. + has_full_tls_chlo = true; + alpns = tls_chlo_extractor.alpns(); + } + } + if (has_full_tls_chlo) { + ProcessChlo(alpns, packet_info); + } else { + // This packet does not contain a full CHLO. It could be a 0-RTT + // packet that arrived before the CHLO (due to loss or reordering), + // or it could be a fragment of a multi-packet CHLO. + BufferEarlyPacket(*packet_info); + } break; } if (GetQuicFlag(FLAGS_quic_allow_chlo_buffering) && @@ -497,7 +521,7 @@ void QuicDispatcher::ProcessHeader(ReceivedPacketInfo* packet_info) { BufferEarlyPacket(*packet_info); break; } - ProcessChlo(alpn_extractor.ConsumeAlpn(), packet_info); + ProcessChlo({alpn_extractor.ConsumeAlpn()}, packet_info); } break; case kFateTimeWait: // Add this connection_id to the time-wait state, to safely reject @@ -524,36 +548,55 @@ void QuicDispatcher::ProcessHeader(ReceivedPacketInfo* packet_info) { } } +std::string QuicDispatcher::SelectAlpn(const std::vector<std::string>& alpns) { + if (alpns.empty()) { + return ""; + } + if (alpns.size() > 1u) { + const std::vector<std::string>& supported_alpns = + version_manager_->GetSupportedAlpns(); + for (const std::string& alpn : alpns) { + if (std::find(supported_alpns.begin(), supported_alpns.end(), alpn) != + supported_alpns.end()) { + return alpn; + } + } + } + return alpns[0]; +} + QuicDispatcher::QuicPacketFate QuicDispatcher::ValidityChecks( const ReceivedPacketInfo& packet_info) { if (!packet_info.version_flag) { - // The Android network conformance test contains a UDP test that sends a - // 12-byte packet with the following format: - // - 0x0c (public flags: 8-byte connection ID, 1-byte packet number) - // - randomized 8-byte connection ID - // - 0x01 (1-byte packet number) - // - 0x00 (private flags) - // - 0x07 (PING frame). - // That packet is invalid and we would normally drop it but in order to - // unblock this conformance testing we have the following workaround that - // will be removed once the fixed test is deployed. - // TODO(b/139691956) Remove this workaround once fixed test is deployed. - if (packet_info.packet.length() == 12 && - packet_info.packet.data()[0] == 0x0c && - packet_info.packet.data()[9] == 0x01 && - packet_info.packet.data()[10] == 0x00 && - packet_info.packet.data()[11] == 0x07) { - QUIC_DLOG(INFO) << "Received Android UDP network conformance test " - "packet with connection ID " - << packet_info.destination_connection_id; - // Respond with a public reset that the test will know how to parse - // then return kFateDrop to stop processing of this packet. - time_wait_list_manager()->SendPublicReset( - packet_info.self_address, packet_info.peer_address, - packet_info.destination_connection_id, - /*ietf_quic=*/false, GetPerPacketContext()); - return kFateDrop; - } + // The Android network conformance test contains a UDP test that sends a + // 12-byte packet with the following format: + // - 0x0c (public flags: 8-byte connection ID, 1-byte packet number) + // - randomized 8-byte connection ID + // - 0x01 (1-byte packet number) + // - 0x00 (private flags) + // - 0x07 (PING frame). + // That packet is invalid and we would normally drop it but in order to + // unblock this conformance testing we have the following workaround that + // will be removed once the fixed test is deployed. + // TODO(b/139691956) Remove this workaround once fixed test is deployed. + if (!GetQuicReloadableFlag( + quic_remove_android_conformance_test_workaround) && + packet_info.packet.length() == 12 && + packet_info.packet.data()[0] == 0x0c && + packet_info.packet.data()[9] == 0x01 && + packet_info.packet.data()[10] == 0x00 && + packet_info.packet.data()[11] == 0x07) { + QUIC_DLOG(INFO) << "Received Android UDP network conformance test " + "packet with connection ID " + << packet_info.destination_connection_id; + // Respond with a public reset that the test will know how to parse + // then return kFateDrop to stop processing of this packet. + time_wait_list_manager()->SendPublicReset( + packet_info.self_address, packet_info.peer_address, + packet_info.destination_connection_id, + /*ietf_quic=*/false, GetPerPacketContext()); + return kFateDrop; + } QUIC_DLOG(INFO) << "Packet without version arrived for unknown connection ID " @@ -574,7 +617,12 @@ void QuicDispatcher::CleanUpSession(SessionMap::iterator it, QuicTimeWaitListManager::SEND_STATELESS_RESET; if (connection->termination_packets() != nullptr && !connection->termination_packets()->empty()) { - action = QuicTimeWaitListManager::SEND_TERMINATION_PACKETS; + if (GetQuicRestartFlag(quic_replace_time_wait_list_encryption_level)) { + QUIC_RESTART_FLAG_COUNT(quic_replace_time_wait_list_encryption_level); + action = QuicTimeWaitListManager::SEND_CONNECTION_CLOSE_PACKETS; + } else { + action = QuicTimeWaitListManager::SEND_TERMINATION_PACKETS; + } } else { if (!connection->IsHandshakeComplete()) { if (!VersionHasIetfInvariantHeader(connection->transport_version())) { @@ -831,9 +879,10 @@ void QuicDispatcher::ProcessBufferedChlos(size_t max_connections_to_create) { QuicConnectionId original_connection_id = server_connection_id; server_connection_id = MaybeReplaceServerConnectionId(server_connection_id, packet_list.version); + std::string alpn = SelectAlpn(packet_list.alpns); std::unique_ptr<QuicSession> session = CreateQuicSession(server_connection_id, packets.front().peer_address, - packet_list.alpn, packet_list.version); + alpn, packet_list.version); if (original_connection_id != server_connection_id) { session->connection()->AddIncomingConnectionId(original_connection_id); session->connection()->InstallInitialCrypters(original_connection_id); @@ -889,13 +938,13 @@ void QuicDispatcher::BufferEarlyPacket(const ReceivedPacketInfo& packet_info) { packet_info.destination_connection_id, packet_info.form != GOOGLE_QUIC_PACKET, packet_info.packet, packet_info.self_address, packet_info.peer_address, /*is_chlo=*/false, - /*alpn=*/"", packet_info.version); + /*alpns=*/{}, packet_info.version); if (rs != EnqueuePacketResult::SUCCESS) { OnBufferPacketFailure(rs, packet_info.destination_connection_id); } } -void QuicDispatcher::ProcessChlo(const std::string& alpn, +void QuicDispatcher::ProcessChlo(const std::vector<std::string>& alpns, ReceivedPacketInfo* packet_info) { if (!buffered_packets_.HasBufferedPackets( packet_info->destination_connection_id) && @@ -911,7 +960,7 @@ void QuicDispatcher::ProcessChlo(const std::string& alpn, packet_info->destination_connection_id, packet_info->form != GOOGLE_QUIC_PACKET, packet_info->packet, packet_info->self_address, packet_info->peer_address, - /*is_chlo=*/true, alpn, packet_info->version); + /*is_chlo=*/true, alpns, packet_info->version); if (rs != EnqueuePacketResult::SUCCESS) { OnBufferPacketFailure(rs, packet_info->destination_connection_id); } @@ -923,6 +972,7 @@ void QuicDispatcher::ProcessChlo(const std::string& alpn, packet_info->destination_connection_id = MaybeReplaceServerConnectionId( original_connection_id, packet_info->version); // Creates a new session and process all buffered packets for this connection. + std::string alpn = SelectAlpn(alpns); std::unique_ptr<QuicSession> session = CreateQuicSession(packet_info->destination_connection_id, packet_info->peer_address, alpn, packet_info->version); @@ -975,6 +1025,11 @@ const ParsedQuicVersionVector& QuicDispatcher::GetSupportedVersions() { return version_manager_->GetSupportedVersions(); } +const ParsedQuicVersionVector& +QuicDispatcher::GetSupportedVersionsWithQuicCrypto() { + return version_manager_->GetSupportedVersionsWithQuicCrypto(); +} + void QuicDispatcher::DeliverPacketsToSession( const std::list<BufferedPacket>& packets, QuicSession* session) { diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_dispatcher.h b/chromium/net/third_party/quiche/src/quic/core/quic_dispatcher.h index 71cbb5771be..73ab3ec4fd0 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_dispatcher.h +++ b/chromium/net/third_party/quiche/src/quic/core/quic_dispatcher.h @@ -196,7 +196,8 @@ class QUIC_NO_EXPORT QuicDispatcher // Called when |packet_info| is a CHLO packet. Creates a new connection and // delivers any buffered packets for that connection id. - void ProcessChlo(const std::string& alpn, ReceivedPacketInfo* packet_info); + void ProcessChlo(const std::vector<std::string>& alpns, + ReceivedPacketInfo* packet_info); // Return true if dispatcher wants to destroy session outside of // OnConnectionClosed() call stack. @@ -210,6 +211,8 @@ class QUIC_NO_EXPORT QuicDispatcher const ParsedQuicVersionVector& GetSupportedVersions(); + const ParsedQuicVersionVector& GetSupportedVersionsWithQuicCrypto(); + const QuicConfig& config() const { return *config_; } const QuicCryptoServerConfig* crypto_config() const { return crypto_config_; } @@ -298,12 +301,22 @@ class QUIC_NO_EXPORT QuicDispatcher // Called if a packet from an unseen connection is reset or rejected. virtual void OnNewConnectionRejected() {} + // Selects the preferred ALPN from a vector of ALPNs. + // This runs through the list of ALPNs provided by the client and picks the + // first one it supports. If no supported versions are found, the first + // element of the vector is returned. + std::string SelectAlpn(const std::vector<std::string>& alpns); + + // If the connection ID length is different from what the dispatcher expects, + // replace the connection ID with a random one of the right length, + // and save it to make sure the mapping is persistent. + QuicConnectionId MaybeReplaceServerConnectionId( + QuicConnectionId server_connection_id, + ParsedQuicVersion version) const; + private: friend class test::QuicDispatcherPeer; - typedef QuicUnorderedSet<QuicConnectionId, QuicConnectionIdHash> - QuicConnectionIdSet; - // TODO(fayang): Consider to rename this function to // ProcessValidatedPacketWithUnknownConnectionId. void ProcessHeader(ReceivedPacketInfo* packet_info); @@ -313,13 +326,6 @@ class QUIC_NO_EXPORT QuicDispatcher const std::list<QuicBufferedPacketStore::BufferedPacket>& packets, QuicSession* session); - // If the connection ID length is different from what the dispatcher expects, - // replace the connection ID with a random one of the right length, - // and save it to make sure the mapping is persistent. - QuicConnectionId MaybeReplaceServerConnectionId( - QuicConnectionId server_connection_id, - ParsedQuicVersion version); - // Returns true if |version| is a supported protocol version. bool IsSupportedVersion(const ParsedQuicVersion version); diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_dispatcher_test.cc b/chromium/net/third_party/quiche/src/quic/core/quic_dispatcher_test.cc index 7e54dd24cf0..814462e9d01 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_dispatcher_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_dispatcher_test.cc @@ -14,6 +14,7 @@ #include "net/third_party/quiche/src/quic/core/crypto/crypto_protocol.h" #include "net/third_party/quiche/src/quic/core/crypto/quic_crypto_server_config.h" #include "net/third_party/quiche/src/quic/core/crypto/quic_random.h" +#include "net/third_party/quiche/src/quic/core/quic_config.h" #include "net/third_party/quiche/src/quic/core/quic_connection_id.h" #include "net/third_party/quiche/src/quic/core/quic_crypto_stream.h" #include "net/third_party/quiche/src/quic/core/quic_packet_writer_wrapper.h" @@ -27,6 +28,7 @@ #include "net/third_party/quiche/src/quic/platform/api/quic_test.h" #include "net/third_party/quiche/src/quic/test_tools/crypto_test_utils.h" #include "net/third_party/quiche/src/quic/test_tools/fake_proof_source.h" +#include "net/third_party/quiche/src/quic/test_tools/first_flight.h" #include "net/third_party/quiche/src/quic/test_tools/mock_quic_time_wait_list_manager.h" #include "net/third_party/quiche/src/quic/test_tools/quic_buffered_packet_store_peer.h" #include "net/third_party/quiche/src/quic/test_tools/quic_crypto_server_config_peer.h" @@ -78,13 +80,27 @@ class TestQuicSpdyServerSession : public QuicServerSessionBase { ~TestQuicSpdyServerSession() override { DeleteConnection(); } - MOCK_METHOD2(OnConnectionClosed, - void(const QuicConnectionCloseFrame& frame, - ConnectionCloseSource source)); - MOCK_METHOD1(CreateIncomingStream, QuicSpdyStream*(QuicStreamId id)); - MOCK_METHOD1(CreateIncomingStream, QuicSpdyStream*(PendingStream* pending)); - MOCK_METHOD0(CreateOutgoingBidirectionalStream, QuicSpdyStream*()); - MOCK_METHOD0(CreateOutgoingUnidirectionalStream, QuicSpdyStream*()); + MOCK_METHOD(void, + OnConnectionClosed, + (const QuicConnectionCloseFrame& frame, + ConnectionCloseSource source), + (override)); + MOCK_METHOD(QuicSpdyStream*, + CreateIncomingStream, + (QuicStreamId id), + (override)); + MOCK_METHOD(QuicSpdyStream*, + CreateIncomingStream, + (PendingStream*), + (override)); + MOCK_METHOD(QuicSpdyStream*, + CreateOutgoingBidirectionalStream, + (), + (override)); + MOCK_METHOD(QuicSpdyStream*, + CreateOutgoingUnidirectionalStream, + (), + (override)); std::unique_ptr<QuicCryptoServerStreamBase> CreateQuicCryptoServerStream( const QuicCryptoServerConfig* crypto_config, @@ -114,15 +130,18 @@ class TestDispatcher : public QuicDispatcher { kQuicDefaultConnectionIdLength), random_(random) {} - MOCK_METHOD4( - CreateQuicSession, - std::unique_ptr<QuicSession>(QuicConnectionId connection_id, - const QuicSocketAddress& peer_address, - quiche::QuicheStringPiece alpn, - const quic::ParsedQuicVersion& version)); + MOCK_METHOD(std::unique_ptr<QuicSession>, + CreateQuicSession, + (QuicConnectionId connection_id, + const QuicSocketAddress& peer_address, + quiche::QuicheStringPiece alpn, + const quic::ParsedQuicVersion& version), + (override)); - MOCK_METHOD1(ShouldCreateOrBufferPacketForConnection, - bool(const ReceivedPacketInfo& packet_info)); + MOCK_METHOD(bool, + ShouldCreateOrBufferPacketForConnection, + (const ReceivedPacketInfo& packet_info), + (override)); struct TestQuicPerPacketContext : public QuicPerPacketContext { std::string custom_packet_context; @@ -201,7 +220,7 @@ class QuicDispatcherTestBase : public QuicTestWithParam<ParsedQuicVersion> { connection_id_(1) {} void SetUp() override { - dispatcher_->InitializeWithWriter(new MockPacketWriter()); + dispatcher_->InitializeWithWriter(new NiceMock<MockPacketWriter>()); // Set the counter to some value to start with. QuicDispatcherPeer::set_new_sessions_allowed_per_event_loop( dispatcher_.get(), kMaxNumSessionsToCreate); @@ -294,17 +313,26 @@ class QuicDispatcherTestBase : public QuicTestWithParam<ParsedQuicVersion> { client_connection_id_included, packet_number_length, &versions)); std::unique_ptr<QuicReceivedPacket> received_packet( ConstructReceivedPacket(*packet, mock_helper_.GetClock()->Now())); + ProcessReceivedPacket(std::move(received_packet), peer_address, version, + server_connection_id); + } - if (ChloExtractor::Extract(*packet, version, {}, nullptr, + void ProcessReceivedPacket( + std::unique_ptr<QuicReceivedPacket> received_packet, + const QuicSocketAddress& peer_address, + const ParsedQuicVersion& version, + const QuicConnectionId& server_connection_id) { + if (version.UsesQuicCrypto() && + ChloExtractor::Extract(*received_packet, version, {}, nullptr, server_connection_id.length())) { // Add CHLO packet to the beginning to be verified first, because it is // also processed first by new session. data_connection_map_[server_connection_id].push_front( - std::string(packet->data(), packet->length())); + std::string(received_packet->data(), received_packet->length())); } else { // For non-CHLO, always append to last. data_connection_map_[server_connection_id].push_back( - std::string(packet->data(), packet->length())); + std::string(received_packet->data(), received_packet->length())); } dispatcher_->ProcessPacket(server_address_, peer_address, *received_packet); } @@ -353,16 +381,56 @@ class QuicDispatcherTestBase : public QuicTestWithParam<ParsedQuicVersion> { std::string SerializeCHLO() { CryptoHandshakeMessage client_hello; client_hello.set_tag(kCHLO); - client_hello.SetStringPiece(kALPN, "hq"); + client_hello.SetStringPiece(kALPN, ExpectedAlpn()); return std::string(client_hello.GetSerialized().AsStringPiece()); } - std::string ExpectedAlpnForVersion(ParsedQuicVersion version) { - if (version.handshake_protocol == PROTOCOL_TLS1_3) { - // TODO(b/149597791) Remove this once we can parse ALPN with TLS. - return ""; + void ProcessUndecryptableEarlyPacket( + const QuicSocketAddress& peer_address, + const QuicConnectionId& server_connection_id) { + ProcessUndecryptableEarlyPacket(version_, peer_address, + server_connection_id); + } + + void ProcessUndecryptableEarlyPacket( + const ParsedQuicVersion& version, + const QuicSocketAddress& peer_address, + const QuicConnectionId& server_connection_id) { + std::unique_ptr<QuicEncryptedPacket> encrypted_packet = + GetUndecryptableEarlyPacket(version, server_connection_id); + std::unique_ptr<QuicReceivedPacket> received_packet(ConstructReceivedPacket( + *encrypted_packet, mock_helper_.GetClock()->Now())); + ProcessReceivedPacket(std::move(received_packet), peer_address, version, + server_connection_id); + } + + void ProcessFirstFlight(const QuicSocketAddress& peer_address, + const QuicConnectionId& server_connection_id) { + ProcessFirstFlight(version_, peer_address, server_connection_id); + } + + void ProcessFirstFlight(const ParsedQuicVersion& version, + const QuicSocketAddress& peer_address, + const QuicConnectionId& server_connection_id) { + ProcessFirstFlight(version, peer_address, server_connection_id, + EmptyQuicConnectionId()); + } + + void ProcessFirstFlight(const ParsedQuicVersion& version, + const QuicSocketAddress& peer_address, + const QuicConnectionId& server_connection_id, + const QuicConnectionId& client_connection_id) { + std::vector<std::unique_ptr<QuicReceivedPacket>> packets = + GetFirstFlightOfPackets(version, server_connection_id, + client_connection_id); + for (auto&& packet : packets) { + ProcessReceivedPacket(std::move(packet), peer_address, version, + server_connection_id); } - return "hq"; + } + + std::string ExpectedAlpnForVersion(ParsedQuicVersion version) { + return AlpnForVersion(version); } std::string ExpectedAlpn() { return ExpectedAlpnForVersion(version_); } @@ -388,8 +456,7 @@ class QuicDispatcherTestBase : public QuicTestWithParam<ParsedQuicVersion> { EXPECT_CALL(*dispatcher_, ShouldCreateOrBufferPacketForConnection( ReceivedPacketInfoConnectionIdEquals(connection_id))); - ProcessPacket(client_address, connection_id, true, version, SerializeCHLO(), - true, CONNECTION_ID_PRESENT, PACKET_4BYTE_PACKET_NUMBER, 1); + ProcessFirstFlight(version, client_address, connection_id); } void VerifyVersionNotSupported(ParsedQuicVersion version) { @@ -398,10 +465,11 @@ class QuicDispatcherTestBase : public QuicTestWithParam<ParsedQuicVersion> { EXPECT_CALL(*dispatcher_, CreateQuicSession(connection_id, client_address, _, _)) .Times(0); - ProcessPacket(client_address, connection_id, true, version, SerializeCHLO(), - true, CONNECTION_ID_PRESENT, PACKET_4BYTE_PACKET_NUMBER, 1); + ProcessFirstFlight(version, client_address, connection_id); } + void TestTlsMultiPacketClientHello(bool add_reordering); + ParsedQuicVersion version_; MockQuicConnectionHelper mock_helper_; MockAlarmFactory mock_alarm_factory_; @@ -432,7 +500,7 @@ INSTANTIATE_TEST_SUITE_P(QuicDispatcherTestsOneVersion, ::testing::PrintToStringParamName()); TEST_P(QuicDispatcherTestAllVersions, TlsClientHelloCreatesSession) { - if (version_.handshake_protocol != PROTOCOL_TLS1_3) { + if (version_.UsesQuicCrypto()) { return; } QuicSocketAddress client_address(QuicIpAddress::Loopback4(), 1); @@ -452,9 +520,64 @@ TEST_P(QuicDispatcherTestAllVersions, TlsClientHelloCreatesSession) { EXPECT_CALL(*dispatcher_, ShouldCreateOrBufferPacketForConnection( ReceivedPacketInfoConnectionIdEquals(TestConnectionId(1)))); - ProcessPacket(client_address, TestConnectionId(1), true, version_, - SerializeCHLO(), true, CONNECTION_ID_PRESENT, - PACKET_4BYTE_PACKET_NUMBER, 1); + + ProcessFirstFlight(client_address, TestConnectionId(1)); +} + +void QuicDispatcherTestBase::TestTlsMultiPacketClientHello( + bool add_reordering) { + if (!version_.UsesTls()) { + return; + } + QuicSocketAddress client_address(QuicIpAddress::Loopback4(), 1); + QuicConnectionId server_connection_id = TestConnectionId(); + QuicConfig client_config = DefaultQuicConfig(); + // Add a 2000-byte custom parameter to increase the length of the CHLO. + constexpr auto kCustomParameterId = + static_cast<TransportParameters::TransportParameterId>(0xff33); + std::string kCustomParameterValue(2000, '-'); + client_config.custom_transport_parameters_to_send()[kCustomParameterId] = + kCustomParameterValue; + std::vector<std::unique_ptr<QuicReceivedPacket>> packets = + GetFirstFlightOfPackets(version_, client_config, server_connection_id); + ASSERT_EQ(packets.size(), 2u); + if (add_reordering) { + std::swap(packets[0], packets[1]); + } + + // Processing the first packet should not create a new session. + EXPECT_CALL(*dispatcher_, + ShouldCreateOrBufferPacketForConnection( + ReceivedPacketInfoConnectionIdEquals(server_connection_id))); + ProcessReceivedPacket(std::move(packets[0]), client_address, version_, + server_connection_id); + + EXPECT_EQ(dispatcher_->session_map().size(), 0u) + << "No session should be created before the rest of the CHLO arrives."; + + // Processing the second packet should create the new session. + EXPECT_CALL(*dispatcher_, + CreateQuicSession(server_connection_id, client_address, + Eq(ExpectedAlpn()), _)) + .WillOnce(Return(ByMove(CreateSession( + dispatcher_.get(), config_, server_connection_id, client_address, + &mock_helper_, &mock_alarm_factory_, &crypto_config_, + QuicDispatcherPeer::GetCache(dispatcher_.get()), &session1_)))); + EXPECT_CALL(*reinterpret_cast<MockQuicConnection*>(session1_->connection()), + ProcessUdpPacket(_, _, _)) + .Times(2); + + ProcessReceivedPacket(std::move(packets[1]), client_address, version_, + server_connection_id); + EXPECT_EQ(dispatcher_->session_map().size(), 1u); +} + +TEST_P(QuicDispatcherTestAllVersions, TlsMultiPacketClientHello) { + TestTlsMultiPacketClientHello(/*add_reordering=*/false); +} + +TEST_P(QuicDispatcherTestAllVersions, TlsMultiPacketClientHelloWithReordering) { + TestTlsMultiPacketClientHello(/*add_reordering=*/true); } TEST_P(QuicDispatcherTestAllVersions, ProcessPackets) { @@ -475,7 +598,7 @@ TEST_P(QuicDispatcherTestAllVersions, ProcessPackets) { EXPECT_CALL(*dispatcher_, ShouldCreateOrBufferPacketForConnection( ReceivedPacketInfoConnectionIdEquals(TestConnectionId(1)))); - ProcessPacket(client_address, TestConnectionId(1), true, SerializeCHLO()); + ProcessFirstFlight(client_address, TestConnectionId(1)); EXPECT_CALL(*dispatcher_, CreateQuicSession(TestConnectionId(2), client_address, @@ -492,7 +615,7 @@ TEST_P(QuicDispatcherTestAllVersions, ProcessPackets) { EXPECT_CALL(*dispatcher_, ShouldCreateOrBufferPacketForConnection( ReceivedPacketInfoConnectionIdEquals(TestConnectionId(2)))); - ProcessPacket(client_address, TestConnectionId(2), true, SerializeCHLO()); + ProcessFirstFlight(client_address, TestConnectionId(2)); EXPECT_CALL(*reinterpret_cast<MockQuicConnection*>(session1_->connection()), ProcessUdpPacket(_, _, _)) @@ -525,9 +648,7 @@ TEST_P(QuicDispatcherTestAllVersions, DispatcherDoesNotRejectPacketNumberZero) { EXPECT_CALL(*dispatcher_, ShouldCreateOrBufferPacketForConnection( ReceivedPacketInfoConnectionIdEquals(TestConnectionId(1)))); - ProcessPacket(client_address, TestConnectionId(1), true, version_, - SerializeCHLO(), true, CONNECTION_ID_PRESENT, - PACKET_4BYTE_PACKET_NUMBER, 1); + ProcessFirstFlight(client_address, TestConnectionId(1)); // Packet number 256 with packet number length 1 would be considered as 0 in // dispatcher. ProcessPacket(client_address, TestConnectionId(1), false, version_, "", true, @@ -543,13 +664,8 @@ TEST_P(QuicDispatcherTestOneVersion, StatelessVersionNegotiation) { *time_wait_list_manager_, SendVersionNegotiationPacket(TestConnectionId(1), _, _, _, _, _, _, _)) .Times(1); - // Pad the CHLO message with enough data to make the packet large enough - // to trigger version negotiation. - std::string chlo = SerializeCHLO() + std::string(1200, 'a'); - DCHECK_LE(1200u, chlo.length()); - ProcessPacket(client_address, TestConnectionId(1), true, - QuicVersionReservedForNegotiation(), chlo, true, - CONNECTION_ID_PRESENT, PACKET_4BYTE_PACKET_NUMBER, 1); + ProcessFirstFlight(QuicVersionReservedForNegotiation(), client_address, + TestConnectionId(1)); } TEST_P(QuicDispatcherTestOneVersion, @@ -562,13 +678,8 @@ TEST_P(QuicDispatcherTestOneVersion, EXPECT_CALL(*time_wait_list_manager_, SendVersionNegotiationPacket(connection_id, _, _, _, _, _, _, _)) .Times(1); - // Pad the CHLO message with enough data to make the packet large enough - // to trigger version negotiation. - std::string chlo = SerializeCHLO() + std::string(1200, 'a'); - DCHECK_LE(1200u, chlo.length()); - ProcessPacket(client_address, connection_id, true, - QuicVersionReservedForNegotiation(), chlo, true, - CONNECTION_ID_PRESENT, PACKET_4BYTE_PACKET_NUMBER, 1); + ProcessFirstFlight(QuicVersionReservedForNegotiation(), client_address, + connection_id); } TEST_P(QuicDispatcherTestOneVersion, @@ -581,14 +692,8 @@ TEST_P(QuicDispatcherTestOneVersion, SendVersionNegotiationPacket( TestConnectionId(1), TestConnectionId(2), _, _, _, _, _, _)) .Times(1); - // Pad the CHLO message with enough data to make the packet large enough - // to trigger version negotiation. - std::string chlo = SerializeCHLO() + std::string(1200, 'a'); - DCHECK_LE(1200u, chlo.length()); - ProcessPacket(client_address, TestConnectionId(1), TestConnectionId(2), true, - QuicVersionReservedForNegotiation(), chlo, true, - CONNECTION_ID_PRESENT, CONNECTION_ID_PRESENT, - PACKET_4BYTE_PACKET_NUMBER, 1); + ProcessFirstFlight(QuicVersionReservedForNegotiation(), client_address, + TestConnectionId(1), TestConnectionId(2)); } TEST_P(QuicDispatcherTestOneVersion, NoVersionNegotiationWithSmallPacket) { @@ -652,7 +757,7 @@ TEST_P(QuicDispatcherTestAllVersions, Shutdown) { EXPECT_CALL(*dispatcher_, ShouldCreateOrBufferPacketForConnection( ReceivedPacketInfoConnectionIdEquals(TestConnectionId(1)))); - ProcessPacket(client_address, TestConnectionId(1), true, SerializeCHLO()); + ProcessFirstFlight(client_address, TestConnectionId(1)); EXPECT_CALL(*reinterpret_cast<MockQuicConnection*>(session1_->connection()), CloseConnection(QUIC_PEER_GOING_AWAY, _, _)); @@ -681,7 +786,7 @@ TEST_P(QuicDispatcherTestAllVersions, TimeWaitListManager) { EXPECT_CALL(*dispatcher_, ShouldCreateOrBufferPacketForConnection( ReceivedPacketInfoConnectionIdEquals(TestConnectionId(1)))); - ProcessPacket(client_address, connection_id, true, SerializeCHLO()); + ProcessFirstFlight(client_address, connection_id); // Now close the connection, which should add it to the time wait list. session1_->connection()->CloseConnection( @@ -717,7 +822,8 @@ TEST_P(QuicDispatcherTestAllVersions, NoVersionPacketToTimeWaitListManager) { .Times(0); EXPECT_CALL(*time_wait_list_manager_, SendPublicReset(_, _, _, _, _)) .Times(1); - ProcessPacket(client_address, connection_id, false, SerializeCHLO()); + ProcessPacket(client_address, connection_id, /*has_version_flag=*/false, + "data"); } TEST_P(QuicDispatcherTestAllVersions, @@ -772,7 +878,7 @@ TEST_P(QuicDispatcherTestAllVersions, LongConnectionIdLengthReplaced) { EXPECT_CALL(*dispatcher_, ShouldCreateOrBufferPacketForConnection( ReceivedPacketInfoConnectionIdEquals(bad_connection_id))); - ProcessPacket(client_address, bad_connection_id, true, SerializeCHLO()); + ProcessFirstFlight(client_address, bad_connection_id); } // Makes sure zero-byte connection IDs are replaced by 8-byte ones. @@ -809,7 +915,7 @@ TEST_P(QuicDispatcherTestAllVersions, InvalidShortConnectionIdLengthReplaced) { EXPECT_CALL(*dispatcher_, ShouldCreateOrBufferPacketForConnection( ReceivedPacketInfoConnectionIdEquals(bad_connection_id))); - ProcessPacket(client_address, bad_connection_id, true, SerializeCHLO()); + ProcessFirstFlight(client_address, bad_connection_id); } // Makes sure TestConnectionId(1) creates a new connection and @@ -839,7 +945,7 @@ TEST_P(QuicDispatcherTestAllVersions, MixGoodAndBadConnectionIdLengthPackets) { EXPECT_CALL(*dispatcher_, ShouldCreateOrBufferPacketForConnection( ReceivedPacketInfoConnectionIdEquals(TestConnectionId(1)))); - ProcessPacket(client_address, TestConnectionId(1), true, SerializeCHLO()); + ProcessFirstFlight(client_address, TestConnectionId(1)); EXPECT_CALL(*dispatcher_, CreateQuicSession(fixed_connection_id, client_address, @@ -857,7 +963,7 @@ TEST_P(QuicDispatcherTestAllVersions, MixGoodAndBadConnectionIdLengthPackets) { EXPECT_CALL(*dispatcher_, ShouldCreateOrBufferPacketForConnection( ReceivedPacketInfoConnectionIdEquals(bad_connection_id))); - ProcessPacket(client_address, bad_connection_id, true, SerializeCHLO()); + ProcessFirstFlight(client_address, bad_connection_id); EXPECT_CALL(*reinterpret_cast<MockQuicConnection*>(session1_->connection()), ProcessUdpPacket(_, _, _)) @@ -881,7 +987,8 @@ TEST_P(QuicDispatcherTestAllVersions, ProcessPacketWithZeroPort) { EXPECT_CALL(*time_wait_list_manager_, AddConnectionIdToTimeWait(_, _, _, _, _)) .Times(0); - ProcessPacket(client_address, TestConnectionId(1), true, SerializeCHLO()); + ProcessPacket(client_address, TestConnectionId(1), /*has_version_flag=*/true, + "data"); } TEST_P(QuicDispatcherTestAllVersions, @@ -900,10 +1007,14 @@ TEST_P(QuicDispatcherTestAllVersions, EXPECT_CALL(*time_wait_list_manager_, AddConnectionIdToTimeWait(_, _, _, _, _)) .Times(0); - ProcessPacket(client_address, EmptyQuicConnectionId(), true, SerializeCHLO()); + ProcessFirstFlight(client_address, EmptyQuicConnectionId()); } TEST_P(QuicDispatcherTestAllVersions, OKSeqNoPacketProcessed) { + if (version_.UsesTls()) { + // QUIC+TLS allows clients to start with any packet number. + return; + } QuicSocketAddress client_address(QuicIpAddress::Loopback4(), 1); QuicConnectionId connection_id = TestConnectionId(1); @@ -1165,7 +1276,10 @@ TEST_P(QuicDispatcherTestOneVersion, VersionNegotiationProbeEndToEnd) { } TEST_P(QuicDispatcherTestOneVersion, AndroidConformanceTestOld) { - // TODO(b/139691956) Remove this test once the workaround is removed. + if (GetQuicReloadableFlag(quic_remove_android_conformance_test_workaround)) { + // TODO(b/139691956) Remove this test once the flag is deprecated. + return; + } SavingWriter* saving_writer = new SavingWriter(); // dispatcher_ takes ownership of saving_writer. QuicDispatcherPeer::UseWriter(dispatcher_.get(), saving_writer); @@ -1339,7 +1453,7 @@ TEST_P(QuicDispatcherTestAllVersions, StopAcceptingNewConnections) { .WillOnce(WithArg<2>(Invoke([this](const QuicEncryptedPacket& packet) { ValidatePacket(TestConnectionId(1), packet); }))); - ProcessPacket(client_address, TestConnectionId(1), true, SerializeCHLO()); + ProcessFirstFlight(client_address, TestConnectionId(1)); dispatcher_->StopAcceptingNewConnections(); EXPECT_FALSE(dispatcher_->accept_new_connections()); @@ -1349,7 +1463,7 @@ TEST_P(QuicDispatcherTestAllVersions, StopAcceptingNewConnections) { CreateQuicSession(TestConnectionId(2), client_address, Eq(ExpectedAlpn()), _)) .Times(0u); - ProcessPacket(client_address, TestConnectionId(2), true, SerializeCHLO()); + ProcessFirstFlight(client_address, TestConnectionId(2)); // Existing connections should be able to continue. EXPECT_CALL(*reinterpret_cast<MockQuicConnection*>(session1_->connection()), @@ -1370,7 +1484,7 @@ TEST_P(QuicDispatcherTestAllVersions, StartAcceptingNewConnections) { CreateQuicSession(TestConnectionId(2), client_address, Eq(ExpectedAlpn()), _)) .Times(0u); - ProcessPacket(client_address, TestConnectionId(2), true, SerializeCHLO()); + ProcessFirstFlight(client_address, TestConnectionId(2)); dispatcher_->StartAcceptingNewConnections(); EXPECT_TRUE(dispatcher_->accept_new_connections()); @@ -1387,7 +1501,18 @@ TEST_P(QuicDispatcherTestAllVersions, StartAcceptingNewConnections) { .WillOnce(WithArg<2>(Invoke([this](const QuicEncryptedPacket& packet) { ValidatePacket(TestConnectionId(1), packet); }))); - ProcessPacket(client_address, TestConnectionId(1), true, SerializeCHLO()); + ProcessFirstFlight(client_address, TestConnectionId(1)); +} + +TEST_P(QuicDispatcherTestOneVersion, SelectAlpn) { + EXPECT_EQ(QuicDispatcherPeer::SelectAlpn(dispatcher_.get(), {}), ""); + EXPECT_EQ(QuicDispatcherPeer::SelectAlpn(dispatcher_.get(), {""}), ""); + EXPECT_EQ(QuicDispatcherPeer::SelectAlpn(dispatcher_.get(), {"hq"}), "hq"); + // Q033 is no longer supported but Q050 is. + QuicEnableVersion(ParsedQuicVersion(PROTOCOL_QUIC_CRYPTO, QUIC_VERSION_50)); + EXPECT_EQ( + QuicDispatcherPeer::SelectAlpn(dispatcher_.get(), {"h3-Q033", "h3-Q050"}), + "h3-Q050"); } // Verify the stopgap test: Packets with truncated connection IDs should be @@ -1462,7 +1587,7 @@ class QuicDispatcherWriteBlockedListTest : public QuicDispatcherTestBase { EXPECT_CALL(*dispatcher_, ShouldCreateOrBufferPacketForConnection( ReceivedPacketInfoConnectionIdEquals(TestConnectionId(1)))); - ProcessPacket(client_address, TestConnectionId(1), true, SerializeCHLO()); + ProcessFirstFlight(client_address, TestConnectionId(1)); EXPECT_CALL(*dispatcher_, CreateQuicSession(_, client_address, Eq(ExpectedAlpn()), _)) @@ -1478,7 +1603,7 @@ class QuicDispatcherWriteBlockedListTest : public QuicDispatcherTestBase { EXPECT_CALL(*dispatcher_, ShouldCreateOrBufferPacketForConnection( ReceivedPacketInfoConnectionIdEquals(TestConnectionId(2)))); - ProcessPacket(client_address, TestConnectionId(2), true, SerializeCHLO()); + ProcessFirstFlight(client_address, TestConnectionId(2)); blocked_list_ = QuicDispatcherPeer::GetWriteBlockedList(dispatcher_.get()); } @@ -1724,69 +1849,100 @@ class BufferedPacketStoreTest : public QuicDispatcherTestBase { public: BufferedPacketStoreTest() : QuicDispatcherTestBase(), - server_addr_(QuicSocketAddress(QuicIpAddress::Any4(), 5)), - client_addr_(QuicIpAddress::Loopback4(), 1234), - signed_config_(new QuicSignedServerConfig) {} + client_addr_(QuicIpAddress::Loopback4(), 1234) {} - void SetUp() override { - QuicDispatcherTestBase::SetUp(); - clock_ = QuicDispatcherPeer::GetHelper(dispatcher_.get())->GetClock(); + void ProcessFirstFlight(const ParsedQuicVersion& version, + const QuicSocketAddress& peer_address, + const QuicConnectionId& server_connection_id) { + QuicDispatcherTestBase::ProcessFirstFlight(version, peer_address, + server_connection_id); + } - ASSERT_EQ(PROTOCOL_QUIC_CRYPTO, version_.handshake_protocol); - ASSERT_NE(QUIC_VERSION_UNSUPPORTED, version_.transport_version); + void ProcessFirstFlight(const QuicSocketAddress& peer_address, + const QuicConnectionId& server_connection_id) { + ProcessFirstFlight(version_, peer_address, server_connection_id); + } - CryptoHandshakeMessage chlo = - crypto_test_utils::GenerateDefaultInchoateCHLO( - clock_, version_.transport_version, &crypto_config_); - // Pass an inchoate CHLO. - crypto_test_utils::GenerateFullCHLO( - chlo, &crypto_config_, server_addr_, client_addr_, - version_.transport_version, clock_, signed_config_, - QuicDispatcherPeer::GetCache(dispatcher_.get()), &full_chlo_); + void ProcessFirstFlight(const QuicConnectionId& server_connection_id) { + ProcessFirstFlight(client_addr_, server_connection_id); } - std::string SerializeFullCHLO() { - return std::string(full_chlo_.GetSerialized().AsStringPiece()); + void ProcessFirstFlight(const ParsedQuicVersion& version, + const QuicConnectionId& server_connection_id) { + ProcessFirstFlight(version, client_addr_, server_connection_id); + } + + void ProcessUndecryptableEarlyPacket( + const ParsedQuicVersion& version, + const QuicSocketAddress& peer_address, + const QuicConnectionId& server_connection_id) { + QuicDispatcherTestBase::ProcessUndecryptableEarlyPacket( + version, peer_address, server_connection_id); + } + + void ProcessUndecryptableEarlyPacket( + const QuicSocketAddress& peer_address, + const QuicConnectionId& server_connection_id) { + ProcessUndecryptableEarlyPacket(version_, peer_address, + server_connection_id); + } + + void ProcessUndecryptableEarlyPacket( + const QuicConnectionId& server_connection_id) { + ProcessUndecryptableEarlyPacket(version_, client_addr_, + server_connection_id); } protected: - QuicSocketAddress server_addr_; QuicSocketAddress client_addr_; - QuicReferenceCountedPointer<QuicSignedServerConfig> signed_config_; - const QuicClock* clock_; - CryptoHandshakeMessage full_chlo_; }; -ParsedQuicVersionVector BufferedPacketStoreTestParams() { - ParsedQuicVersionVector versions; - for (const ParsedQuicVersion& version : CurrentSupportedVersions()) { - if (version.handshake_protocol != PROTOCOL_QUIC_CRYPTO) { - // TODO(b/149597791) Remove this once we can parse ALPN with TLS. - break; - } - versions.push_back(version); - } - return versions; -} - INSTANTIATE_TEST_SUITE_P(BufferedPacketStoreTests, BufferedPacketStoreTest, - ::testing::ValuesIn(BufferedPacketStoreTestParams()), + ::testing::ValuesIn(CurrentSupportedVersions()), ::testing::PrintToStringParamName()); +TEST_P(BufferedPacketStoreTest, ProcessNonChloPacketBeforeChlo) { + InSequence s; + QuicConnectionId conn_id = TestConnectionId(1); + // Non-CHLO should be buffered upon arrival, and should trigger + // ShouldCreateOrBufferPacketForConnection(). + EXPECT_CALL(*dispatcher_, ShouldCreateOrBufferPacketForConnection( + ReceivedPacketInfoConnectionIdEquals(conn_id))); + // Process non-CHLO packet. + ProcessUndecryptableEarlyPacket(conn_id); + EXPECT_EQ(0u, dispatcher_->session_map().size()) + << "No session should be created before CHLO arrives."; + + // When CHLO arrives, a new session should be created, and all packets + // buffered should be delivered to the session. + EXPECT_CALL(*dispatcher_, + CreateQuicSession(conn_id, client_addr_, Eq(ExpectedAlpn()), _)) + .WillOnce(Return(ByMove(CreateSession( + dispatcher_.get(), config_, conn_id, client_addr_, &mock_helper_, + &mock_alarm_factory_, &crypto_config_, + QuicDispatcherPeer::GetCache(dispatcher_.get()), &session1_)))); + EXPECT_CALL(*reinterpret_cast<MockQuicConnection*>(session1_->connection()), + ProcessUdpPacket(_, _, _)) + .Times(2) // non-CHLO + CHLO. + .WillRepeatedly( + WithArg<2>(Invoke([this, conn_id](const QuicEncryptedPacket& packet) { + if (version_.UsesQuicCrypto()) { + ValidatePacket(conn_id, packet); + } + }))); + ProcessFirstFlight(conn_id); +} + TEST_P(BufferedPacketStoreTest, ProcessNonChloPacketsUptoLimitAndProcessChlo) { InSequence s; - QuicSocketAddress client_address(QuicIpAddress::Loopback4(), 1); QuicConnectionId conn_id = TestConnectionId(1); // A bunch of non-CHLO should be buffered upon arrival, and the first one // should trigger ShouldCreateOrBufferPacketForConnection(). EXPECT_CALL(*dispatcher_, ShouldCreateOrBufferPacketForConnection( ReceivedPacketInfoConnectionIdEquals(conn_id))); for (size_t i = 1; i <= kDefaultMaxUndecryptablePackets + 1; ++i) { - ProcessPacket(client_address, conn_id, true, - quiche::QuicheStrCat("data packet ", i + 1), - CONNECTION_ID_PRESENT, PACKET_4BYTE_PACKET_NUMBER, - /*packet_number=*/i + 1); + ProcessUndecryptableEarlyPacket(conn_id); } EXPECT_EQ(0u, dispatcher_->session_map().size()) << "No session should be created before CHLO arrives."; @@ -1795,10 +1951,10 @@ TEST_P(BufferedPacketStoreTest, ProcessNonChloPacketsUptoLimitAndProcessChlo) { data_connection_map_[conn_id].pop_back(); // When CHLO arrives, a new session should be created, and all packets // buffered should be delivered to the session. - EXPECT_CALL(*dispatcher_, CreateQuicSession(conn_id, client_address, - quiche::QuicheStringPiece(), _)) + EXPECT_CALL(*dispatcher_, + CreateQuicSession(conn_id, client_addr_, Eq(ExpectedAlpn()), _)) .WillOnce(Return(ByMove(CreateSession( - dispatcher_.get(), config_, conn_id, client_address, &mock_helper_, + dispatcher_.get(), config_, conn_id, client_addr_, &mock_helper_, &mock_alarm_factory_, &crypto_config_, QuicDispatcherPeer::GetCache(dispatcher_.get()), &session1_)))); @@ -1809,9 +1965,11 @@ TEST_P(BufferedPacketStoreTest, ProcessNonChloPacketsUptoLimitAndProcessChlo) { .Times(kDefaultMaxUndecryptablePackets + 1) // + 1 for CHLO. .WillRepeatedly( WithArg<2>(Invoke([this, conn_id](const QuicEncryptedPacket& packet) { - ValidatePacket(conn_id, packet); + if (version_.UsesQuicCrypto()) { + ValidatePacket(conn_id, packet); + } }))); - ProcessPacket(client_address, conn_id, true, SerializeFullCHLO()); + ProcessFirstFlight(conn_id); } TEST_P(BufferedPacketStoreTest, @@ -1825,10 +1983,7 @@ TEST_P(BufferedPacketStoreTest, EXPECT_CALL(*dispatcher_, ShouldCreateOrBufferPacketForConnection( ReceivedPacketInfoConnectionIdEquals(conn_id))); - ProcessPacket(client_address, conn_id, true, - quiche::QuicheStrCat("data packet on connection ", i), - CONNECTION_ID_PRESENT, PACKET_4BYTE_PACKET_NUMBER, - /*packet_number=*/2); + ProcessUndecryptableEarlyPacket(client_address, conn_id); } // Pop out the packet on last connection as it shouldn't be enqueued in store @@ -1849,7 +2004,7 @@ TEST_P(BufferedPacketStoreTest, ReceivedPacketInfoConnectionIdEquals(conn_id))); } EXPECT_CALL(*dispatcher_, CreateQuicSession(conn_id, client_address, - quiche::QuicheStringPiece(), _)) + Eq(ExpectedAlpn()), _)) .WillOnce(Return(ByMove(CreateSession( dispatcher_.get(), config_, conn_id, client_address, &mock_helper_, &mock_alarm_factory_, &crypto_config_, @@ -1862,48 +2017,45 @@ TEST_P(BufferedPacketStoreTest, .Times(num_packet_to_process) .WillRepeatedly(WithArg<2>( Invoke([this, conn_id](const QuicEncryptedPacket& packet) { - ValidatePacket(conn_id, packet); + if (version_.UsesQuicCrypto()) { + ValidatePacket(conn_id, packet); + } }))); - ProcessPacket(client_address, conn_id, true, SerializeFullCHLO()); + ProcessFirstFlight(client_address, conn_id); } } // Tests that store delivers empty packet list if CHLO arrives firstly. TEST_P(BufferedPacketStoreTest, DeliverEmptyPackets) { QuicConnectionId conn_id = TestConnectionId(1); - QuicSocketAddress client_address(QuicIpAddress::Loopback4(), 1); EXPECT_CALL(*dispatcher_, ShouldCreateOrBufferPacketForConnection( ReceivedPacketInfoConnectionIdEquals(conn_id))); - EXPECT_CALL(*dispatcher_, CreateQuicSession(conn_id, client_address, - quiche::QuicheStringPiece(), _)) + EXPECT_CALL(*dispatcher_, + CreateQuicSession(conn_id, client_addr_, Eq(ExpectedAlpn()), _)) .WillOnce(Return(ByMove(CreateSession( - dispatcher_.get(), config_, conn_id, client_address, &mock_helper_, + dispatcher_.get(), config_, conn_id, client_addr_, &mock_helper_, &mock_alarm_factory_, &crypto_config_, QuicDispatcherPeer::GetCache(dispatcher_.get()), &session1_)))); EXPECT_CALL(*reinterpret_cast<MockQuicConnection*>(session1_->connection()), - ProcessUdpPacket(_, client_address, _)); - ProcessPacket(client_address, conn_id, true, SerializeFullCHLO()); + ProcessUdpPacket(_, client_addr_, _)); + ProcessFirstFlight(conn_id); } // Tests that a retransmitted CHLO arrives after a connection for the // CHLO has been created. TEST_P(BufferedPacketStoreTest, ReceiveRetransmittedCHLO) { InSequence s; - QuicSocketAddress client_address(QuicIpAddress::Loopback4(), 1); QuicConnectionId conn_id = TestConnectionId(1); - ProcessPacket(client_address, conn_id, true, - quiche::QuicheStrCat("data packet ", 2), CONNECTION_ID_PRESENT, - PACKET_4BYTE_PACKET_NUMBER, - /*packet_number=*/2); + ProcessUndecryptableEarlyPacket(conn_id); // When CHLO arrives, a new session should be created, and all packets // buffered should be delivered to the session. - EXPECT_CALL(*dispatcher_, CreateQuicSession(conn_id, client_address, - quiche::QuicheStringPiece(), _)) + EXPECT_CALL(*dispatcher_, + CreateQuicSession(conn_id, client_addr_, Eq(ExpectedAlpn()), _)) .Times(1) // Only triggered by 1st CHLO. .WillOnce(Return(ByMove(CreateSession( - dispatcher_.get(), config_, conn_id, client_address, &mock_helper_, + dispatcher_.get(), config_, conn_id, client_addr_, &mock_helper_, &mock_alarm_factory_, &crypto_config_, QuicDispatcherPeer::GetCache(dispatcher_.get()), &session1_)))); EXPECT_CALL(*reinterpret_cast<MockQuicConnection*>(session1_->connection()), @@ -1911,11 +2063,18 @@ TEST_P(BufferedPacketStoreTest, ReceiveRetransmittedCHLO) { .Times(3) // Triggered by 1 data packet and 2 CHLOs. .WillRepeatedly( WithArg<2>(Invoke([this, conn_id](const QuicEncryptedPacket& packet) { - ValidatePacket(conn_id, packet); + if (version_.UsesQuicCrypto()) { + ValidatePacket(conn_id, packet); + } }))); - ProcessPacket(client_address, conn_id, true, SerializeFullCHLO()); - ProcessPacket(client_address, conn_id, true, SerializeFullCHLO()); + std::vector<std::unique_ptr<QuicReceivedPacket>> packets = + GetFirstFlightOfPackets(version_, conn_id); + ASSERT_EQ(packets.size(), 1u); + // Receive the CHLO once. + ProcessReceivedPacket(packets[0]->Clone(), client_addr_, version_, conn_id); + // Receive the CHLO a second time to simulate retransmission. + ProcessReceivedPacket(std::move(packets[0]), client_addr_, version_, conn_id); } // Tests that expiration of a connection add connection id to time wait list. @@ -1926,9 +2085,8 @@ TEST_P(BufferedPacketStoreTest, ReceiveCHLOAfterExpiration) { QuicDispatcherPeer::GetBufferedPackets(dispatcher_.get()); QuicBufferedPacketStorePeer::set_clock(store, mock_helper_.GetClock()); - QuicSocketAddress client_address(QuicIpAddress::Loopback4(), 1); QuicConnectionId conn_id = TestConnectionId(1); - ProcessPacket(client_address, conn_id, true, + ProcessPacket(client_addr_, conn_id, true, quiche::QuicheStrCat("data packet ", 2), CONNECTION_ID_PRESENT, PACKET_4BYTE_PACKET_NUMBER, /*packet_number=*/2); @@ -1943,7 +2101,7 @@ TEST_P(BufferedPacketStoreTest, ReceiveCHLOAfterExpiration) { // list. ASSERT_TRUE(time_wait_list_manager_->IsConnectionIdInTimeWait(conn_id)); EXPECT_CALL(*time_wait_list_manager_, ProcessPacket(_, _, conn_id, _, _)); - ProcessPacket(client_address, conn_id, true, SerializeFullCHLO()); + ProcessFirstFlight(conn_id); } TEST_P(BufferedPacketStoreTest, ProcessCHLOsUptoLimitAndBufferTheRest) { @@ -1964,7 +2122,7 @@ TEST_P(BufferedPacketStoreTest, ProcessCHLOsUptoLimitAndBufferTheRest) { if (conn_id <= kMaxNumSessionsToCreate) { EXPECT_CALL(*dispatcher_, CreateQuicSession(TestConnectionId(conn_id), client_addr_, - quiche::QuicheStringPiece(), _)) + Eq(ExpectedAlpn()), _)) .WillOnce(Return(ByMove(CreateSession( dispatcher_.get(), config_, TestConnectionId(conn_id), client_addr_, &mock_helper_, &mock_alarm_factory_, @@ -1975,11 +2133,12 @@ TEST_P(BufferedPacketStoreTest, ProcessCHLOsUptoLimitAndBufferTheRest) { ProcessUdpPacket(_, _, _)) .WillOnce(WithArg<2>( Invoke([this, conn_id](const QuicEncryptedPacket& packet) { - ValidatePacket(TestConnectionId(conn_id), packet); + if (version_.UsesQuicCrypto()) { + ValidatePacket(TestConnectionId(conn_id), packet); + } }))); } - ProcessPacket(client_addr_, TestConnectionId(conn_id), true, - SerializeFullCHLO()); + ProcessFirstFlight(TestConnectionId(conn_id)); if (conn_id <= kMaxNumSessionsToCreate + kDefaultMaxConnectionsInStore && conn_id > kMaxNumSessionsToCreate) { EXPECT_TRUE(store->HasChloForConnection(TestConnectionId(conn_id))); @@ -1998,7 +2157,7 @@ TEST_P(BufferedPacketStoreTest, ProcessCHLOsUptoLimitAndBufferTheRest) { ++conn_id) { EXPECT_CALL(*dispatcher_, CreateQuicSession(TestConnectionId(conn_id), client_addr_, - quiche::QuicheStringPiece(), _)) + Eq(ExpectedAlpn()), _)) .WillOnce(Return(ByMove(CreateSession( dispatcher_.get(), config_, TestConnectionId(conn_id), client_addr_, &mock_helper_, &mock_alarm_factory_, &crypto_config_, @@ -2007,12 +2166,14 @@ TEST_P(BufferedPacketStoreTest, ProcessCHLOsUptoLimitAndBufferTheRest) { ProcessUdpPacket(_, _, _)) .WillOnce(WithArg<2>( Invoke([this, conn_id](const QuicEncryptedPacket& packet) { - ValidatePacket(TestConnectionId(conn_id), packet); + if (version_.UsesQuicCrypto()) { + ValidatePacket(TestConnectionId(conn_id), packet); + } }))); } EXPECT_CALL(*dispatcher_, CreateQuicSession(TestConnectionId(kNumCHLOs), client_addr_, - quiche::QuicheStringPiece(), _)) + Eq(ExpectedAlpn()), _)) .Times(0); while (store->HasChlosBuffered()) { @@ -2032,7 +2193,7 @@ TEST_P(BufferedPacketStoreTest, BufferDuplicatedCHLO) { if (conn_id <= kMaxNumSessionsToCreate) { EXPECT_CALL(*dispatcher_, CreateQuicSession(TestConnectionId(conn_id), client_addr_, - quiche::QuicheStringPiece(), _)) + Eq(ExpectedAlpn()), _)) .WillOnce(Return(ByMove(CreateSession( dispatcher_.get(), config_, TestConnectionId(conn_id), client_addr_, &mock_helper_, &mock_alarm_factory_, @@ -2043,22 +2204,23 @@ TEST_P(BufferedPacketStoreTest, BufferDuplicatedCHLO) { ProcessUdpPacket(_, _, _)) .WillOnce(WithArg<2>( Invoke([this, conn_id](const QuicEncryptedPacket& packet) { - ValidatePacket(TestConnectionId(conn_id), packet); + if (version_.UsesQuicCrypto()) { + ValidatePacket(TestConnectionId(conn_id), packet); + } }))); } - ProcessPacket(client_addr_, TestConnectionId(conn_id), true, - SerializeFullCHLO()); + ProcessFirstFlight(TestConnectionId(conn_id)); } // Retransmit CHLO on last connection should be dropped. QuicConnectionId last_connection = TestConnectionId(kMaxNumSessionsToCreate + 1); - ProcessPacket(client_addr_, last_connection, true, SerializeFullCHLO()); + ProcessFirstFlight(last_connection); size_t packets_buffered = 2; // Reset counter and process buffered CHLO. EXPECT_CALL(*dispatcher_, CreateQuicSession(last_connection, client_addr_, - quiche::QuicheStringPiece(), _)) + Eq(ExpectedAlpn()), _)) .WillOnce(Return(ByMove(CreateSession( dispatcher_.get(), config_, last_connection, client_addr_, &mock_helper_, &mock_alarm_factory_, &crypto_config_, @@ -2069,7 +2231,9 @@ TEST_P(BufferedPacketStoreTest, BufferDuplicatedCHLO) { .Times(packets_buffered) .WillRepeatedly(WithArg<2>( Invoke([this, last_connection](const QuicEncryptedPacket& packet) { - ValidatePacket(last_connection, packet); + if (version_.UsesQuicCrypto()) { + ValidatePacket(last_connection, packet); + } }))); dispatcher_->ProcessBufferedChlos(kMaxNumSessionsToCreate); } @@ -2082,7 +2246,7 @@ TEST_P(BufferedPacketStoreTest, BufferNonChloPacketsUptoLimitWithChloBuffered) { if (conn_id <= kMaxNumSessionsToCreate) { EXPECT_CALL(*dispatcher_, CreateQuicSession(TestConnectionId(conn_id), client_addr_, - quiche::QuicheStringPiece(), _)) + Eq(ExpectedAlpn()), _)) .WillOnce(Return(ByMove(CreateSession( dispatcher_.get(), config_, TestConnectionId(conn_id), client_addr_, &mock_helper_, &mock_alarm_factory_, @@ -2093,11 +2257,12 @@ TEST_P(BufferedPacketStoreTest, BufferNonChloPacketsUptoLimitWithChloBuffered) { ProcessUdpPacket(_, _, _)) .WillRepeatedly(WithArg<2>( Invoke([this, conn_id](const QuicEncryptedPacket& packet) { - ValidatePacket(TestConnectionId(conn_id), packet); + if (version_.UsesQuicCrypto()) { + ValidatePacket(TestConnectionId(conn_id), packet); + } }))); } - ProcessPacket(client_addr_, TestConnectionId(conn_id), true, - SerializeFullCHLO()); + ProcessFirstFlight(TestConnectionId(conn_id)); } // Process another |kDefaultMaxUndecryptablePackets| + 1 data packets. The @@ -2109,7 +2274,7 @@ TEST_P(BufferedPacketStoreTest, BufferNonChloPacketsUptoLimitWithChloBuffered) { // Reset counter and process buffered CHLO. EXPECT_CALL(*dispatcher_, CreateQuicSession(last_connection_id, client_addr_, - quiche::QuicheStringPiece(), _)) + Eq(ExpectedAlpn()), _)) .WillOnce(Return(ByMove(CreateSession( dispatcher_.get(), config_, last_connection_id, client_addr_, &mock_helper_, &mock_alarm_factory_, &crypto_config_, @@ -2121,7 +2286,9 @@ TEST_P(BufferedPacketStoreTest, BufferNonChloPacketsUptoLimitWithChloBuffered) { .Times(kDefaultMaxUndecryptablePackets + 1) .WillRepeatedly(WithArg<2>( Invoke([this, last_connection_id](const QuicEncryptedPacket& packet) { - ValidatePacket(last_connection_id, packet); + if (version_.UsesQuicCrypto()) { + ValidatePacket(last_connection_id, packet); + } }))); dispatcher_->ProcessBufferedChlos(kMaxNumSessionsToCreate); } @@ -2133,9 +2300,7 @@ TEST_P(BufferedPacketStoreTest, ReceiveCHLOForBufferedConnection) { QuicDispatcherPeer::GetBufferedPackets(dispatcher_.get()); uint64_t conn_id = 1; - ProcessPacket(client_addr_, TestConnectionId(conn_id), true, "data packet", - CONNECTION_ID_PRESENT, PACKET_4BYTE_PACKET_NUMBER, - /*packet_number=*/1); + ProcessUndecryptableEarlyPacket(TestConnectionId(conn_id)); // Fill packet buffer to full with CHLOs on other connections. Need to feed // extra CHLOs because the first |kMaxNumSessionsToCreate| are going to create // session directly. @@ -2145,7 +2310,7 @@ TEST_P(BufferedPacketStoreTest, ReceiveCHLOForBufferedConnection) { if (conn_id <= kMaxNumSessionsToCreate + 1) { EXPECT_CALL(*dispatcher_, CreateQuicSession(TestConnectionId(conn_id), client_addr_, - quiche::QuicheStringPiece(), _)) + Eq(ExpectedAlpn()), _)) .WillOnce(Return(ByMove(CreateSession( dispatcher_.get(), config_, TestConnectionId(conn_id), client_addr_, &mock_helper_, &mock_alarm_factory_, @@ -2156,18 +2321,18 @@ TEST_P(BufferedPacketStoreTest, ReceiveCHLOForBufferedConnection) { ProcessUdpPacket(_, _, _)) .WillOnce(WithArg<2>( Invoke([this, conn_id](const QuicEncryptedPacket& packet) { - ValidatePacket(TestConnectionId(conn_id), packet); + if (version_.UsesQuicCrypto()) { + ValidatePacket(TestConnectionId(conn_id), packet); + } }))); } - ProcessPacket(client_addr_, TestConnectionId(conn_id), true, - SerializeFullCHLO()); + ProcessFirstFlight(TestConnectionId(conn_id)); } EXPECT_FALSE(store->HasChloForConnection( /*connection_id=*/TestConnectionId(1))); // CHLO on connection 1 should still be buffered. - ProcessPacket(client_addr_, /*server_connection_id=*/TestConnectionId(1), - true, SerializeFullCHLO()); + ProcessFirstFlight(TestConnectionId(1)); EXPECT_TRUE(store->HasChloForConnection( /*connection_id=*/TestConnectionId(1))); } @@ -2183,9 +2348,10 @@ TEST_P(BufferedPacketStoreTest, ProcessBufferedChloWithDifferentVersion) { ParsedQuicVersion version = supported_versions[(conn_id - 1) % supported_versions.size()]; if (conn_id <= kMaxNumSessionsToCreate) { - EXPECT_CALL(*dispatcher_, - CreateQuicSession(TestConnectionId(conn_id), client_addr_, - quiche::QuicheStringPiece(), version)) + EXPECT_CALL( + *dispatcher_, + CreateQuicSession(TestConnectionId(conn_id), client_addr_, + Eq(ExpectedAlpnForVersion(version)), version)) .WillOnce(Return(ByMove(CreateSession( dispatcher_.get(), config_, TestConnectionId(conn_id), client_addr_, &mock_helper_, &mock_alarm_factory_, @@ -2196,12 +2362,12 @@ TEST_P(BufferedPacketStoreTest, ProcessBufferedChloWithDifferentVersion) { ProcessUdpPacket(_, _, _)) .WillRepeatedly(WithArg<2>( Invoke([this, conn_id](const QuicEncryptedPacket& packet) { - ValidatePacket(TestConnectionId(conn_id), packet); + if (version_.UsesQuicCrypto()) { + ValidatePacket(TestConnectionId(conn_id), packet); + } }))); } - ProcessPacket(client_addr_, TestConnectionId(conn_id), true, version, - SerializeFullCHLO(), true, CONNECTION_ID_PRESENT, - PACKET_4BYTE_PACKET_NUMBER, 1); + ProcessFirstFlight(version, TestConnectionId(conn_id)); } // Process buffered CHLOs. Verify the version is correct. @@ -2211,7 +2377,7 @@ TEST_P(BufferedPacketStoreTest, ProcessBufferedChloWithDifferentVersion) { supported_versions[(conn_id - 1) % supported_versions.size()]; EXPECT_CALL(*dispatcher_, CreateQuicSession(TestConnectionId(conn_id), client_addr_, - quiche::QuicheStringPiece(), version)) + Eq(ExpectedAlpnForVersion(version)), version)) .WillOnce(Return(ByMove(CreateSession( dispatcher_.get(), config_, TestConnectionId(conn_id), client_addr_, &mock_helper_, &mock_alarm_factory_, &crypto_config_, @@ -2220,7 +2386,9 @@ TEST_P(BufferedPacketStoreTest, ProcessBufferedChloWithDifferentVersion) { ProcessUdpPacket(_, _, _)) .WillRepeatedly(WithArg<2>( Invoke([this, conn_id](const QuicEncryptedPacket& packet) { - ValidatePacket(TestConnectionId(conn_id), packet); + if (version_.UsesQuicCrypto()) { + ValidatePacket(TestConnectionId(conn_id), packet); + } }))); } dispatcher_->ProcessBufferedChlos(kMaxNumSessionsToCreate); diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_error_codes.cc b/chromium/net/third_party/quiche/src/quic/core/quic_error_codes.cc index db97d32572d..6afccfece10 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_error_codes.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_error_codes.cc @@ -2,7 +2,13 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. +#include <cstdint> +#include <cstring> + +#include "third_party/boringssl/src/include/openssl/ssl.h" #include "net/third_party/quiche/src/quic/core/quic_error_codes.h" +#include "net/third_party/quiche/src/quic/platform/api/quic_logging.h" +#include "net/third_party/quiche/src/common/platform/api/quiche_str_cat.h" namespace quic { @@ -13,15 +19,14 @@ namespace quic { const char* QuicRstStreamErrorCodeToString(QuicRstStreamErrorCode error) { switch (error) { RETURN_STRING_LITERAL(QUIC_STREAM_NO_ERROR); - RETURN_STRING_LITERAL(QUIC_STREAM_CONNECTION_ERROR); RETURN_STRING_LITERAL(QUIC_ERROR_PROCESSING_STREAM); RETURN_STRING_LITERAL(QUIC_MULTIPLE_TERMINATION_OFFSETS); RETURN_STRING_LITERAL(QUIC_BAD_APPLICATION_PAYLOAD); + RETURN_STRING_LITERAL(QUIC_STREAM_CONNECTION_ERROR); RETURN_STRING_LITERAL(QUIC_STREAM_PEER_GOING_AWAY); RETURN_STRING_LITERAL(QUIC_STREAM_CANCELLED); RETURN_STRING_LITERAL(QUIC_RST_ACKNOWLEDGEMENT); RETURN_STRING_LITERAL(QUIC_REFUSED_STREAM); - RETURN_STRING_LITERAL(QUIC_STREAM_LAST_ERROR); RETURN_STRING_LITERAL(QUIC_INVALID_PROMISE_URL); RETURN_STRING_LITERAL(QUIC_UNAUTHORIZED_PROMISE_URL); RETURN_STRING_LITERAL(QUIC_DUPLICATE_PROMISE_URL); @@ -29,8 +34,27 @@ const char* QuicRstStreamErrorCodeToString(QuicRstStreamErrorCode error) { RETURN_STRING_LITERAL(QUIC_INVALID_PROMISE_METHOD); RETURN_STRING_LITERAL(QUIC_PUSH_STREAM_TIMED_OUT); RETURN_STRING_LITERAL(QUIC_HEADERS_TOO_LARGE); - RETURN_STRING_LITERAL(QUIC_DATA_AFTER_CLOSE_OFFSET); RETURN_STRING_LITERAL(QUIC_STREAM_TTL_EXPIRED); + RETURN_STRING_LITERAL(QUIC_DATA_AFTER_CLOSE_OFFSET); + RETURN_STRING_LITERAL(QUIC_STREAM_GENERAL_PROTOCOL_ERROR); + RETURN_STRING_LITERAL(QUIC_STREAM_INTERNAL_ERROR); + RETURN_STRING_LITERAL(QUIC_STREAM_STREAM_CREATION_ERROR); + RETURN_STRING_LITERAL(QUIC_STREAM_CLOSED_CRITICAL_STREAM); + RETURN_STRING_LITERAL(QUIC_STREAM_FRAME_UNEXPECTED); + RETURN_STRING_LITERAL(QUIC_STREAM_FRAME_ERROR); + RETURN_STRING_LITERAL(QUIC_STREAM_EXCESSIVE_LOAD); + RETURN_STRING_LITERAL(QUIC_STREAM_ID_ERROR); + RETURN_STRING_LITERAL(QUIC_STREAM_SETTINGS_ERROR); + RETURN_STRING_LITERAL(QUIC_STREAM_MISSING_SETTINGS); + RETURN_STRING_LITERAL(QUIC_STREAM_REQUEST_REJECTED); + RETURN_STRING_LITERAL(QUIC_STREAM_REQUEST_INCOMPLETE); + RETURN_STRING_LITERAL(QUIC_STREAM_CONNECT_ERROR); + RETURN_STRING_LITERAL(QUIC_STREAM_VERSION_FALLBACK); + RETURN_STRING_LITERAL(QUIC_STREAM_DECOMPRESSION_FAILED); + RETURN_STRING_LITERAL(QUIC_STREAM_ENCODER_STREAM_ERROR); + RETURN_STRING_LITERAL(QUIC_STREAM_DECODER_STREAM_ERROR); + RETURN_STRING_LITERAL(QUIC_STREAM_UNKNOWN_APPLICATION_ERROR_CODE); + RETURN_STRING_LITERAL(QUIC_STREAM_LAST_ERROR); } // Return a default value so that we return this when |error| doesn't match // any of the QuicRstStreamErrorCodes. This can happen when the RstStream @@ -177,6 +201,8 @@ const char* QuicErrorCodeToString(QuicErrorCode error) { RETURN_STRING_LITERAL(QUIC_HTTP_CLOSED_CRITICAL_STREAM); RETURN_STRING_LITERAL(QUIC_HTTP_MISSING_SETTINGS_FRAME); RETURN_STRING_LITERAL(QUIC_HTTP_DUPLICATE_SETTING_IDENTIFIER); + RETURN_STRING_LITERAL(QUIC_HTTP_INVALID_MAX_PUSH_ID); + RETURN_STRING_LITERAL(QUIC_HTTP_STREAM_LIMIT_TOO_LOW); RETURN_STRING_LITERAL(QUIC_HPACK_INDEX_VARINT_ERROR); RETURN_STRING_LITERAL(QUIC_HPACK_NAME_LENGTH_VARINT_ERROR); RETURN_STRING_LITERAL(QUIC_HPACK_VALUE_LENGTH_VARINT_ERROR); @@ -206,5 +232,513 @@ const char* QuicErrorCodeToString(QuicErrorCode error) { return "INVALID_ERROR_CODE"; } +std::string QuicIetfTransportErrorCodeString(QuicIetfTransportErrorCodes c) { + if (static_cast<uint64_t>(c) >= 0xff00u) { + return quiche::QuicheStrCat("Private(", static_cast<uint64_t>(c), ")"); + } + if (c >= CRYPTO_ERROR_FIRST && c <= CRYPTO_ERROR_LAST) { + const int tls_error = static_cast<int>(c - CRYPTO_ERROR_FIRST); + const char* tls_error_description = SSL_alert_desc_string_long(tls_error); + if (strcmp("unknown", tls_error_description) != 0) { + return quiche::QuicheStrCat("CRYPTO_ERROR(", tls_error_description, ")"); + } + return quiche::QuicheStrCat("CRYPTO_ERROR(unknown(", tls_error, "))"); + } + + switch (c) { + RETURN_STRING_LITERAL(NO_IETF_QUIC_ERROR); + RETURN_STRING_LITERAL(INTERNAL_ERROR); + RETURN_STRING_LITERAL(SERVER_BUSY_ERROR); + RETURN_STRING_LITERAL(FLOW_CONTROL_ERROR); + RETURN_STRING_LITERAL(STREAM_LIMIT_ERROR); + RETURN_STRING_LITERAL(STREAM_STATE_ERROR); + RETURN_STRING_LITERAL(FINAL_SIZE_ERROR); + RETURN_STRING_LITERAL(FRAME_ENCODING_ERROR); + RETURN_STRING_LITERAL(TRANSPORT_PARAMETER_ERROR); + RETURN_STRING_LITERAL(CONNECTION_ID_LIMIT_ERROR); + RETURN_STRING_LITERAL(PROTOCOL_VIOLATION); + RETURN_STRING_LITERAL(INVALID_TOKEN); + RETURN_STRING_LITERAL(CRYPTO_BUFFER_EXCEEDED); + // CRYPTO_ERROR is handled in the if before this switch, these cases do not + // change behavior and are only here to make the compiler happy. + case CRYPTO_ERROR_FIRST: + case CRYPTO_ERROR_LAST: + DCHECK(false) << "Unexpected error " << static_cast<uint64_t>(c); + break; + } + + return quiche::QuicheStrCat("Unknown(", static_cast<uint64_t>(c), ")"); +} + +std::ostream& operator<<(std::ostream& os, + const QuicIetfTransportErrorCodes& c) { + os << QuicIetfTransportErrorCodeString(c); + return os; +} + +QuicErrorCodeToIetfMapping QuicErrorCodeToTransportErrorCode( + QuicErrorCode error) { + switch (error) { + case QUIC_NO_ERROR: + return {true, static_cast<uint64_t>(NO_IETF_QUIC_ERROR)}; + case QUIC_INTERNAL_ERROR: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_STREAM_DATA_AFTER_TERMINATION: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_INVALID_PACKET_HEADER: + return {true, static_cast<uint64_t>(FRAME_ENCODING_ERROR)}; + case QUIC_INVALID_FRAME_DATA: + return {true, static_cast<uint64_t>(FRAME_ENCODING_ERROR)}; + case QUIC_MISSING_PAYLOAD: + return {true, static_cast<uint64_t>(FRAME_ENCODING_ERROR)}; + case QUIC_INVALID_FEC_DATA: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_INVALID_STREAM_DATA: + return {true, static_cast<uint64_t>(FRAME_ENCODING_ERROR)}; + case QUIC_OVERLAPPING_STREAM_DATA: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_UNENCRYPTED_STREAM_DATA: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_ATTEMPT_TO_SEND_UNENCRYPTED_STREAM_DATA: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_MAYBE_CORRUPTED_MEMORY: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_UNENCRYPTED_FEC_DATA: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_INVALID_RST_STREAM_DATA: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_INVALID_CONNECTION_CLOSE_DATA: + return {true, static_cast<uint64_t>(FRAME_ENCODING_ERROR)}; + case QUIC_INVALID_GOAWAY_DATA: + return {true, static_cast<uint64_t>(FRAME_ENCODING_ERROR)}; + case QUIC_INVALID_WINDOW_UPDATE_DATA: + return {true, static_cast<uint64_t>(FRAME_ENCODING_ERROR)}; + case QUIC_INVALID_BLOCKED_DATA: + return {true, static_cast<uint64_t>(FRAME_ENCODING_ERROR)}; + case QUIC_INVALID_STOP_WAITING_DATA: + return {true, static_cast<uint64_t>(FRAME_ENCODING_ERROR)}; + case QUIC_INVALID_PATH_CLOSE_DATA: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_INVALID_ACK_DATA: + return {true, static_cast<uint64_t>(FRAME_ENCODING_ERROR)}; + case QUIC_INVALID_MESSAGE_DATA: + return {true, static_cast<uint64_t>(FRAME_ENCODING_ERROR)}; + case QUIC_INVALID_VERSION_NEGOTIATION_PACKET: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_INVALID_PUBLIC_RST_PACKET: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_DECRYPTION_FAILURE: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_ENCRYPTION_FAILURE: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_PACKET_TOO_LARGE: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_PEER_GOING_AWAY: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_INVALID_STREAM_ID: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_INVALID_PRIORITY: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_TOO_MANY_OPEN_STREAMS: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_TOO_MANY_AVAILABLE_STREAMS: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_PUBLIC_RESET: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_INVALID_VERSION: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_INVALID_HEADER_ID: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_INVALID_NEGOTIATED_VALUE: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_DECOMPRESSION_FAILURE: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_NETWORK_IDLE_TIMEOUT: + return {true, static_cast<uint64_t>(NO_IETF_QUIC_ERROR)}; + case QUIC_HANDSHAKE_TIMEOUT: + return {true, static_cast<uint64_t>(NO_IETF_QUIC_ERROR)}; + case QUIC_ERROR_MIGRATING_ADDRESS: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_ERROR_MIGRATING_PORT: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_PACKET_WRITE_ERROR: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_PACKET_READ_ERROR: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_EMPTY_STREAM_FRAME_NO_FIN: + return {true, static_cast<uint64_t>(FRAME_ENCODING_ERROR)}; + case QUIC_INVALID_HEADERS_STREAM_DATA: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_HEADERS_STREAM_DATA_DECOMPRESS_FAILURE: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_FLOW_CONTROL_RECEIVED_TOO_MUCH_DATA: + return {true, static_cast<uint64_t>(FLOW_CONTROL_ERROR)}; + case QUIC_FLOW_CONTROL_SENT_TOO_MUCH_DATA: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_FLOW_CONTROL_INVALID_WINDOW: + return {true, static_cast<uint64_t>(FLOW_CONTROL_ERROR)}; + case QUIC_CONNECTION_IP_POOLED: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_TOO_MANY_OUTSTANDING_SENT_PACKETS: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_TOO_MANY_OUTSTANDING_RECEIVED_PACKETS: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_CONNECTION_CANCELLED: + return {true, static_cast<uint64_t>(NO_IETF_QUIC_ERROR)}; + case QUIC_BAD_PACKET_LOSS_RATE: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_PUBLIC_RESETS_POST_HANDSHAKE: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_FAILED_TO_SERIALIZE_PACKET: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_TOO_MANY_RTOS: + return {true, static_cast<uint64_t>(NO_IETF_QUIC_ERROR)}; + case QUIC_HANDSHAKE_FAILED: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_CRYPTO_TAGS_OUT_OF_ORDER: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_CRYPTO_TOO_MANY_ENTRIES: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_CRYPTO_INVALID_VALUE_LENGTH: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_CRYPTO_MESSAGE_AFTER_HANDSHAKE_COMPLETE: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_INVALID_CRYPTO_MESSAGE_TYPE: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_INVALID_CHANNEL_ID_SIGNATURE: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_CRYPTO_MESSAGE_PARAMETER_NO_OVERLAP: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_CRYPTO_MESSAGE_INDEX_NOT_FOUND: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_UNSUPPORTED_PROOF_DEMAND: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_CRYPTO_INTERNAL_ERROR: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_CRYPTO_VERSION_NOT_SUPPORTED: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_CRYPTO_NO_SUPPORT: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_CRYPTO_TOO_MANY_REJECTS: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_PROOF_INVALID: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_CRYPTO_DUPLICATE_TAG: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_CRYPTO_ENCRYPTION_LEVEL_INCORRECT: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_CRYPTO_SERVER_CONFIG_EXPIRED: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_CRYPTO_MESSAGE_WHILE_VALIDATING_CLIENT_HELLO: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_CRYPTO_UPDATE_BEFORE_HANDSHAKE_COMPLETE: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_CRYPTO_CHLO_TOO_LARGE: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_VERSION_NEGOTIATION_MISMATCH: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_BAD_MULTIPATH_FLAG: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_MULTIPATH_PATH_DOES_NOT_EXIST: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_MULTIPATH_PATH_NOT_ACTIVE: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_IP_ADDRESS_CHANGED: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_CONNECTION_MIGRATION_NO_MIGRATABLE_STREAMS: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_CONNECTION_MIGRATION_TOO_MANY_CHANGES: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_CONNECTION_MIGRATION_NO_NEW_NETWORK: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_CONNECTION_MIGRATION_NON_MIGRATABLE_STREAM: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_CONNECTION_MIGRATION_DISABLED_BY_CONFIG: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_CONNECTION_MIGRATION_INTERNAL_ERROR: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_CONNECTION_MIGRATION_HANDSHAKE_UNCONFIRMED: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_TOO_MANY_STREAM_DATA_INTERVALS: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_STREAM_SEQUENCER_INVALID_STATE: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_TOO_MANY_SESSIONS_ON_SERVER: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_STREAM_LENGTH_OVERFLOW: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_INVALID_MAX_DATA_FRAME_DATA: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_INVALID_MAX_STREAM_DATA_FRAME_DATA: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_MAX_STREAMS_DATA: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_STREAMS_BLOCKED_DATA: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_INVALID_STREAM_BLOCKED_DATA: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_INVALID_NEW_CONNECTION_ID_DATA: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_INVALID_STOP_SENDING_FRAME_DATA: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_INVALID_PATH_CHALLENGE_DATA: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_INVALID_PATH_RESPONSE_DATA: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case IETF_QUIC_PROTOCOL_VIOLATION: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_INVALID_NEW_TOKEN: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_DATA_RECEIVED_ON_WRITE_UNIDIRECTIONAL_STREAM: + return {true, static_cast<uint64_t>(STREAM_STATE_ERROR)}; + case QUIC_TRY_TO_WRITE_DATA_ON_READ_UNIDIRECTIONAL_STREAM: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_INVALID_RETIRE_CONNECTION_ID_DATA: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_STREAMS_BLOCKED_ERROR: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_MAX_STREAMS_ERROR: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_HTTP_DECODER_ERROR: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_STALE_CONNECTION_CANCELLED: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_IETF_GQUIC_ERROR_MISSING: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_WINDOW_UPDATE_RECEIVED_ON_READ_UNIDIRECTIONAL_STREAM: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_TOO_MANY_BUFFERED_CONTROL_FRAMES: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_TRANSPORT_INVALID_CLIENT_INDICATION: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_QPACK_DECOMPRESSION_FAILED: + return {false, static_cast<uint64_t>( + QuicHttpQpackErrorCode::DECOMPRESSION_FAILED)}; + case QUIC_QPACK_ENCODER_STREAM_ERROR: + return {false, static_cast<uint64_t>( + QuicHttpQpackErrorCode::ENCODER_STREAM_ERROR)}; + case QUIC_QPACK_DECODER_STREAM_ERROR: + return {false, static_cast<uint64_t>( + QuicHttpQpackErrorCode::DECODER_STREAM_ERROR)}; + case QUIC_STREAM_DATA_BEYOND_CLOSE_OFFSET: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_STREAM_MULTIPLE_OFFSET: + return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)}; + case QUIC_HTTP_FRAME_TOO_LARGE: + return {false, static_cast<uint64_t>(QuicHttp3ErrorCode::EXCESSIVE_LOAD)}; + case QUIC_HTTP_FRAME_ERROR: + return {false, static_cast<uint64_t>(QuicHttp3ErrorCode::FRAME_ERROR)}; + case QUIC_HTTP_FRAME_UNEXPECTED_ON_SPDY_STREAM: + return {false, + static_cast<uint64_t>(QuicHttp3ErrorCode::FRAME_UNEXPECTED)}; + case QUIC_HTTP_FRAME_UNEXPECTED_ON_CONTROL_STREAM: + return {false, + static_cast<uint64_t>(QuicHttp3ErrorCode::FRAME_UNEXPECTED)}; + case QUIC_HTTP_INVALID_FRAME_SEQUENCE_ON_SPDY_STREAM: + return {false, + static_cast<uint64_t>(QuicHttp3ErrorCode::FRAME_UNEXPECTED)}; + case QUIC_HTTP_INVALID_FRAME_SEQUENCE_ON_CONTROL_STREAM: + return {false, + static_cast<uint64_t>(QuicHttp3ErrorCode::FRAME_UNEXPECTED)}; + case QUIC_HTTP_DUPLICATE_UNIDIRECTIONAL_STREAM: + return {false, + static_cast<uint64_t>(QuicHttp3ErrorCode::STREAM_CREATION_ERROR)}; + case QUIC_HTTP_SERVER_INITIATED_BIDIRECTIONAL_STREAM: + return {false, + static_cast<uint64_t>(QuicHttp3ErrorCode::STREAM_CREATION_ERROR)}; + case QUIC_HTTP_STREAM_WRONG_DIRECTION: + return {true, static_cast<uint64_t>(STREAM_STATE_ERROR)}; + case QUIC_HTTP_CLOSED_CRITICAL_STREAM: + return {false, static_cast<uint64_t>( + QuicHttp3ErrorCode::CLOSED_CRITICAL_STREAM)}; + case QUIC_HTTP_MISSING_SETTINGS_FRAME: + return {false, + static_cast<uint64_t>(QuicHttp3ErrorCode::MISSING_SETTINGS)}; + case QUIC_HTTP_DUPLICATE_SETTING_IDENTIFIER: + return {false, static_cast<uint64_t>(QuicHttp3ErrorCode::SETTINGS_ERROR)}; + case QUIC_HTTP_INVALID_MAX_PUSH_ID: + return {false, static_cast<uint64_t>(QuicHttp3ErrorCode::ID_ERROR)}; + case QUIC_HTTP_STREAM_LIMIT_TOO_LOW: + return {false, static_cast<uint64_t>( + QuicHttp3ErrorCode::GENERAL_PROTOCOL_ERROR)}; + case QUIC_HPACK_INDEX_VARINT_ERROR: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_HPACK_NAME_LENGTH_VARINT_ERROR: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_HPACK_VALUE_LENGTH_VARINT_ERROR: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_HPACK_NAME_TOO_LONG: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_HPACK_VALUE_TOO_LONG: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_HPACK_NAME_HUFFMAN_ERROR: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_HPACK_VALUE_HUFFMAN_ERROR: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_HPACK_MISSING_DYNAMIC_TABLE_SIZE_UPDATE: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_HPACK_INVALID_INDEX: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_HPACK_INVALID_NAME_INDEX: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_HPACK_DYNAMIC_TABLE_SIZE_UPDATE_NOT_ALLOWED: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_HPACK_INITIAL_TABLE_SIZE_UPDATE_IS_ABOVE_LOW_WATER_MARK: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_HPACK_TABLE_SIZE_UPDATE_IS_ABOVE_ACKNOWLEDGED_SETTING: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_HPACK_TRUNCATED_BLOCK: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_HPACK_FRAGMENT_TOO_LONG: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_HPACK_COMPRESSED_HEADER_SIZE_EXCEEDS_LIMIT: + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; + case QUIC_LAST_ERROR: + return {false, static_cast<uint64_t>(QUIC_LAST_ERROR)}; + } + // This function should not be called with unknown error code. + return {true, static_cast<uint64_t>(INTERNAL_ERROR)}; +} + +// Convert a QuicRstStreamErrorCode to an application error code to be used in +// an IETF QUIC RESET_STREAM frame +uint64_t RstStreamErrorCodeToIetfResetStreamErrorCode( + QuicRstStreamErrorCode rst_stream_error_code) { + switch (rst_stream_error_code) { + case QUIC_STREAM_NO_ERROR: + return static_cast<uint64_t>(QuicHttp3ErrorCode::HTTP3_NO_ERROR); + case QUIC_ERROR_PROCESSING_STREAM: + return static_cast<uint64_t>(QuicHttp3ErrorCode::GENERAL_PROTOCOL_ERROR); + case QUIC_MULTIPLE_TERMINATION_OFFSETS: + return static_cast<uint64_t>(QuicHttp3ErrorCode::GENERAL_PROTOCOL_ERROR); + case QUIC_BAD_APPLICATION_PAYLOAD: + return static_cast<uint64_t>(QuicHttp3ErrorCode::GENERAL_PROTOCOL_ERROR); + case QUIC_STREAM_CONNECTION_ERROR: + return static_cast<uint64_t>(QuicHttp3ErrorCode::INTERNAL_ERROR); + case QUIC_STREAM_PEER_GOING_AWAY: + return static_cast<uint64_t>(QuicHttp3ErrorCode::GENERAL_PROTOCOL_ERROR); + case QUIC_STREAM_CANCELLED: + return static_cast<uint64_t>(QuicHttp3ErrorCode::REQUEST_CANCELLED); + case QUIC_RST_ACKNOWLEDGEMENT: + return static_cast<uint64_t>(QuicHttp3ErrorCode::HTTP3_NO_ERROR); + case QUIC_REFUSED_STREAM: + return static_cast<uint64_t>(QuicHttp3ErrorCode::ID_ERROR); + case QUIC_INVALID_PROMISE_URL: + return static_cast<uint64_t>(QuicHttp3ErrorCode::STREAM_CREATION_ERROR); + case QUIC_UNAUTHORIZED_PROMISE_URL: + return static_cast<uint64_t>(QuicHttp3ErrorCode::STREAM_CREATION_ERROR); + case QUIC_DUPLICATE_PROMISE_URL: + return static_cast<uint64_t>(QuicHttp3ErrorCode::STREAM_CREATION_ERROR); + case QUIC_PROMISE_VARY_MISMATCH: + return static_cast<uint64_t>(QuicHttp3ErrorCode::REQUEST_CANCELLED); + case QUIC_INVALID_PROMISE_METHOD: + return static_cast<uint64_t>(QuicHttp3ErrorCode::STREAM_CREATION_ERROR); + case QUIC_PUSH_STREAM_TIMED_OUT: + return static_cast<uint64_t>(QuicHttp3ErrorCode::REQUEST_CANCELLED); + case QUIC_HEADERS_TOO_LARGE: + return static_cast<uint64_t>(QuicHttp3ErrorCode::EXCESSIVE_LOAD); + case QUIC_STREAM_TTL_EXPIRED: + return static_cast<uint64_t>(QuicHttp3ErrorCode::REQUEST_CANCELLED); + case QUIC_DATA_AFTER_CLOSE_OFFSET: + return static_cast<uint64_t>(QuicHttp3ErrorCode::GENERAL_PROTOCOL_ERROR); + case QUIC_STREAM_GENERAL_PROTOCOL_ERROR: + return static_cast<uint64_t>(QuicHttp3ErrorCode::GENERAL_PROTOCOL_ERROR); + case QUIC_STREAM_INTERNAL_ERROR: + return static_cast<uint64_t>(QuicHttp3ErrorCode::INTERNAL_ERROR); + case QUIC_STREAM_STREAM_CREATION_ERROR: + return static_cast<uint64_t>(QuicHttp3ErrorCode::STREAM_CREATION_ERROR); + case QUIC_STREAM_CLOSED_CRITICAL_STREAM: + return static_cast<uint64_t>(QuicHttp3ErrorCode::CLOSED_CRITICAL_STREAM); + case QUIC_STREAM_FRAME_UNEXPECTED: + return static_cast<uint64_t>(QuicHttp3ErrorCode::FRAME_UNEXPECTED); + case QUIC_STREAM_FRAME_ERROR: + return static_cast<uint64_t>(QuicHttp3ErrorCode::FRAME_ERROR); + case QUIC_STREAM_EXCESSIVE_LOAD: + return static_cast<uint64_t>(QuicHttp3ErrorCode::EXCESSIVE_LOAD); + case QUIC_STREAM_ID_ERROR: + return static_cast<uint64_t>(QuicHttp3ErrorCode::ID_ERROR); + case QUIC_STREAM_SETTINGS_ERROR: + return static_cast<uint64_t>(QuicHttp3ErrorCode::SETTINGS_ERROR); + case QUIC_STREAM_MISSING_SETTINGS: + return static_cast<uint64_t>(QuicHttp3ErrorCode::MISSING_SETTINGS); + case QUIC_STREAM_REQUEST_REJECTED: + return static_cast<uint64_t>(QuicHttp3ErrorCode::REQUEST_REJECTED); + case QUIC_STREAM_REQUEST_INCOMPLETE: + return static_cast<uint64_t>(QuicHttp3ErrorCode::REQUEST_INCOMPLETE); + case QUIC_STREAM_CONNECT_ERROR: + return static_cast<uint64_t>(QuicHttp3ErrorCode::CONNECT_ERROR); + case QUIC_STREAM_VERSION_FALLBACK: + return static_cast<uint64_t>(QuicHttp3ErrorCode::VERSION_FALLBACK); + case QUIC_STREAM_DECOMPRESSION_FAILED: + return static_cast<uint64_t>( + QuicHttpQpackErrorCode::DECOMPRESSION_FAILED); + case QUIC_STREAM_ENCODER_STREAM_ERROR: + return static_cast<uint64_t>( + QuicHttpQpackErrorCode::ENCODER_STREAM_ERROR); + case QUIC_STREAM_DECODER_STREAM_ERROR: + return static_cast<uint64_t>( + QuicHttpQpackErrorCode::DECODER_STREAM_ERROR); + case QUIC_STREAM_UNKNOWN_APPLICATION_ERROR_CODE: + return static_cast<uint64_t>(QuicHttp3ErrorCode::INTERNAL_ERROR); + case QUIC_STREAM_LAST_ERROR: + return static_cast<uint64_t>(QuicHttp3ErrorCode::INTERNAL_ERROR); + } + return static_cast<uint64_t>(QuicHttp3ErrorCode::INTERNAL_ERROR); +} + +// Convert the application error code of an IETF QUIC RESET_STREAM frame +// to QuicRstStreamErrorCode. +QuicRstStreamErrorCode IetfResetStreamErrorCodeToRstStreamErrorCode( + uint64_t ietf_error_code) { + switch (ietf_error_code) { + case static_cast<uint64_t>(QuicHttp3ErrorCode::HTTP3_NO_ERROR): + return QUIC_STREAM_NO_ERROR; + case static_cast<uint64_t>(QuicHttp3ErrorCode::GENERAL_PROTOCOL_ERROR): + return QUIC_STREAM_GENERAL_PROTOCOL_ERROR; + case static_cast<uint64_t>(QuicHttp3ErrorCode::INTERNAL_ERROR): + return QUIC_STREAM_INTERNAL_ERROR; + case static_cast<uint64_t>(QuicHttp3ErrorCode::STREAM_CREATION_ERROR): + return QUIC_STREAM_STREAM_CREATION_ERROR; + case static_cast<uint64_t>(QuicHttp3ErrorCode::CLOSED_CRITICAL_STREAM): + return QUIC_STREAM_CLOSED_CRITICAL_STREAM; + case static_cast<uint64_t>(QuicHttp3ErrorCode::FRAME_UNEXPECTED): + return QUIC_STREAM_FRAME_UNEXPECTED; + case static_cast<uint64_t>(QuicHttp3ErrorCode::FRAME_ERROR): + return QUIC_STREAM_FRAME_ERROR; + case static_cast<uint64_t>(QuicHttp3ErrorCode::EXCESSIVE_LOAD): + return QUIC_STREAM_EXCESSIVE_LOAD; + case static_cast<uint64_t>(QuicHttp3ErrorCode::ID_ERROR): + return QUIC_STREAM_ID_ERROR; + case static_cast<uint64_t>(QuicHttp3ErrorCode::SETTINGS_ERROR): + return QUIC_STREAM_SETTINGS_ERROR; + case static_cast<uint64_t>(QuicHttp3ErrorCode::MISSING_SETTINGS): + return QUIC_STREAM_MISSING_SETTINGS; + case static_cast<uint64_t>(QuicHttp3ErrorCode::REQUEST_REJECTED): + return QUIC_STREAM_REQUEST_REJECTED; + case static_cast<uint64_t>(QuicHttp3ErrorCode::REQUEST_CANCELLED): + return QUIC_STREAM_CANCELLED; + case static_cast<uint64_t>(QuicHttp3ErrorCode::REQUEST_INCOMPLETE): + return QUIC_STREAM_REQUEST_INCOMPLETE; + case static_cast<uint64_t>(QuicHttp3ErrorCode::CONNECT_ERROR): + return QUIC_STREAM_CONNECT_ERROR; + case static_cast<uint64_t>(QuicHttp3ErrorCode::VERSION_FALLBACK): + return QUIC_STREAM_VERSION_FALLBACK; + case static_cast<uint64_t>(QuicHttpQpackErrorCode::DECOMPRESSION_FAILED): + return QUIC_STREAM_DECOMPRESSION_FAILED; + case static_cast<uint64_t>(QuicHttpQpackErrorCode::ENCODER_STREAM_ERROR): + return QUIC_STREAM_ENCODER_STREAM_ERROR; + case static_cast<uint64_t>(QuicHttpQpackErrorCode::DECODER_STREAM_ERROR): + return QUIC_STREAM_DECODER_STREAM_ERROR; + } + return QUIC_STREAM_UNKNOWN_APPLICATION_ERROR_CODE; +} + #undef RETURN_STRING_LITERAL // undef for jumbo builds + } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_error_codes.h b/chromium/net/third_party/quiche/src/quic/core/quic_error_codes.h index 0548e9b0fe0..f057fea1028 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_error_codes.h +++ b/chromium/net/third_party/quiche/src/quic/core/quic_error_codes.h @@ -56,6 +56,53 @@ enum QuicRstStreamErrorCode { QUIC_STREAM_TTL_EXPIRED, // The stream received data that goes beyond its close offset. QUIC_DATA_AFTER_CLOSE_OFFSET, + // Peer violated protocol requirements in a way which does not match a more + // specific error code, or endpoint declines to use the more specific error + // code. + QUIC_STREAM_GENERAL_PROTOCOL_ERROR, + // An internal error has occurred. + QUIC_STREAM_INTERNAL_ERROR, + // Peer created a stream that will not be accepted. + QUIC_STREAM_STREAM_CREATION_ERROR, + // A stream required by the connection was closed or reset. + QUIC_STREAM_CLOSED_CRITICAL_STREAM, + // A frame was received which was not permitted in the current state or on the + // current stream. + QUIC_STREAM_FRAME_UNEXPECTED, + // A frame that fails to satisfy layout requirements or with an invalid size + // was received. + QUIC_STREAM_FRAME_ERROR, + // Peer exhibits a behavior that might be generating excessive load. + QUIC_STREAM_EXCESSIVE_LOAD, + // A Stream ID or Push ID was used incorrectly, such as exceeding a limit, + // reducing a limit, or being reused. + QUIC_STREAM_ID_ERROR, + // Error in the payload of a SETTINGS frame. + QUIC_STREAM_SETTINGS_ERROR, + // No SETTINGS frame was received at the beginning of the control stream. + QUIC_STREAM_MISSING_SETTINGS, + // A server rejected a request without performing any application processing. + QUIC_STREAM_REQUEST_REJECTED, + // The client's stream terminated without containing a fully-formed request. + QUIC_STREAM_REQUEST_INCOMPLETE, + // The connection established in response to a CONNECT request was reset or + // abnormally closed. + QUIC_STREAM_CONNECT_ERROR, + // The requested operation cannot be served over HTTP/3. + // The peer should retry over HTTP/1.1. + QUIC_STREAM_VERSION_FALLBACK, + // The QPACK decoder failed to interpret a header block and is not able to + // continue decoding that header block. + QUIC_STREAM_DECOMPRESSION_FAILED, + // The QPACK decoder failed to interpret an encoder instruction received on + // the encoder stream. + QUIC_STREAM_ENCODER_STREAM_ERROR, + // The QPACK encoder failed to interpret a decoder instruction received on the + // decoder stream. + QUIC_STREAM_DECODER_STREAM_ERROR, + // IETF RESET_FRAME application error code not matching any HTTP/3 or QPACK + // error codes. + QUIC_STREAM_UNKNOWN_APPLICATION_ERROR_CODE, // No error. Used as bound while iterating. QUIC_STREAM_LAST_ERROR, }; @@ -379,6 +426,11 @@ enum QuicErrorCode { QUIC_HTTP_MISSING_SETTINGS_FRAME = 157, // The received SETTINGS frame contains duplicate setting identifiers. QUIC_HTTP_DUPLICATE_SETTING_IDENTIFIER = 158, + // MAX_PUSH_ID frame received with push ID value smaller than a previously + // received value. + QUIC_HTTP_INVALID_MAX_PUSH_ID = 159, + // Received unidirectional stream limit is lower than required by HTTP/3. + QUIC_HTTP_STREAM_LIMIT_TOO_LOW = 160, // HPACK header block decoding errors. // Index varint beyond implementation limit. @@ -415,7 +467,7 @@ enum QuicErrorCode { QUIC_HPACK_COMPRESSED_HEADER_SIZE_EXCEEDS_LIMIT = 150, // No error. Used as bound while iterating. - QUIC_LAST_ERROR = 159, + QUIC_LAST_ERROR = 161, }; // QuicErrorCodes is encoded as four octets on-the-wire when doing Google QUIC, // or a varint62 when doing IETF QUIC. Ensure that its value does not exceed @@ -431,35 +483,85 @@ QUIC_EXPORT_PRIVATE const char* QuicRstStreamErrorCodeToString( // Returns the name of the QuicErrorCode as a char* QUIC_EXPORT_PRIVATE const char* QuicErrorCodeToString(QuicErrorCode error); +// Wire values for QUIC transport errors. +// https://quicwg.org/base-drafts/draft-ietf-quic-transport.html#name-transport-error-codes +enum QuicIetfTransportErrorCodes : uint64_t { + NO_IETF_QUIC_ERROR = 0x0, + INTERNAL_ERROR = 0x1, + SERVER_BUSY_ERROR = 0x2, + FLOW_CONTROL_ERROR = 0x3, + STREAM_LIMIT_ERROR = 0x4, + STREAM_STATE_ERROR = 0x5, + FINAL_SIZE_ERROR = 0x6, + FRAME_ENCODING_ERROR = 0x7, + TRANSPORT_PARAMETER_ERROR = 0x8, + CONNECTION_ID_LIMIT_ERROR = 0x9, + PROTOCOL_VIOLATION = 0xA, + INVALID_TOKEN = 0xB, + CRYPTO_BUFFER_EXCEEDED = 0xD, + CRYPTO_ERROR_FIRST = 0x100, + CRYPTO_ERROR_LAST = 0x1FF, +}; + +QUIC_EXPORT_PRIVATE std::string QuicIetfTransportErrorCodeString( + QuicIetfTransportErrorCodes c); + +QUIC_EXPORT_PRIVATE std::ostream& operator<<( + std::ostream& os, + const QuicIetfTransportErrorCodes& c); + +// A transport error code (if is_transport_close is true) or application error +// code (if is_transport_close is false) to be used in CONNECTION_CLOSE frames. +struct QUIC_EXPORT_PRIVATE QuicErrorCodeToIetfMapping { + bool is_transport_close; + uint64_t error_code; +}; + +// Convert QuicErrorCode to transport or application IETF error code +// to be used in CONNECTION_CLOSE frames. +QUIC_EXPORT_PRIVATE QuicErrorCodeToIetfMapping +QuicErrorCodeToTransportErrorCode(QuicErrorCode error); + // Wire values for HTTP/3 errors. // https://quicwg.org/base-drafts/draft-ietf-quic-http.html#http-error-codes enum class QuicHttp3ErrorCode { - IETF_QUIC_HTTP3_NO_ERROR = 0x100, - IETF_QUIC_HTTP3_GENERAL_PROTOCOL_ERROR = 0x101, - IETF_QUIC_HTTP3_INTERNAL_ERROR = 0x102, - IETF_QUIC_HTTP3_STREAM_CREATION_ERROR = 0x103, - IETF_QUIC_HTTP3_CLOSED_CRITICAL_STREAM = 0x104, - IETF_QUIC_HTTP3_FRAME_UNEXPECTED = 0x105, - IETF_QUIC_HTTP3_FRAME_ERROR = 0x106, - IETF_QUIC_HTTP3_EXCESSIVE_LOAD = 0x107, - IETF_QUIC_HTTP3_ID_ERROR = 0x108, - IETF_QUIC_HTTP3_SETTINGS_ERROR = 0x109, - IETF_QUIC_HTTP3_MISSING_SETTINGS = 0x10A, - IETF_QUIC_HTTP3_REQUEST_REJECTED = 0x10B, - IETF_QUIC_HTTP3_REQUEST_CANCELLED = 0x10C, - IETF_QUIC_HTTP3_REQUEST_INCOMPLETE = 0x10D, - IETF_QUIC_HTTP3_CONNECT_ERROR = 0x10F, - IETF_QUIC_HTTP3_VERSION_FALLBACK = 0x110, + // NO_ERROR is defined as a C preprocessor macro on Windows. + HTTP3_NO_ERROR = 0x100, + GENERAL_PROTOCOL_ERROR = 0x101, + INTERNAL_ERROR = 0x102, + STREAM_CREATION_ERROR = 0x103, + CLOSED_CRITICAL_STREAM = 0x104, + FRAME_UNEXPECTED = 0x105, + FRAME_ERROR = 0x106, + EXCESSIVE_LOAD = 0x107, + ID_ERROR = 0x108, + SETTINGS_ERROR = 0x109, + MISSING_SETTINGS = 0x10A, + REQUEST_REJECTED = 0x10B, + REQUEST_CANCELLED = 0x10C, + REQUEST_INCOMPLETE = 0x10D, + CONNECT_ERROR = 0x10F, + VERSION_FALLBACK = 0x110, }; // Wire values for QPACK errors. // https://quicwg.org/base-drafts/draft-ietf-quic-qpack.html#error-code-registration -enum QuicHttpQpackErrorCode { - IETF_QUIC_HTTP_QPACK_DECOMPRESSION_FAILED = 0x200, - IETF_QUIC_HTTP_QPACK_ENCODER_STREAM_ERROR = 0x201, - IETF_QUIC_HTTP_QPACK_DECODER_STREAM_ERROR = 0x202 +enum class QuicHttpQpackErrorCode { + DECOMPRESSION_FAILED = 0x200, + ENCODER_STREAM_ERROR = 0x201, + DECODER_STREAM_ERROR = 0x202 }; +// Convert a QuicRstStreamErrorCode to an application error code to be used in +// an IETF QUIC RESET_STREAM frame +uint64_t RstStreamErrorCodeToIetfResetStreamErrorCode( + QuicRstStreamErrorCode rst_stream_error_code); + +// Convert the application error code of an IETF QUIC RESET_STREAM frame +// to QuicRstStreamErrorCode. +QuicRstStreamErrorCode IetfResetStreamErrorCodeToRstStreamErrorCode( + uint64_t ietf_error_code); + QUIC_EXPORT_PRIVATE inline std::string HistogramEnumString( QuicErrorCode enum_value) { return QuicErrorCodeToString(enum_value); diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_error_codes_test.cc b/chromium/net/third_party/quiche/src/quic/core/quic_error_codes_test.cc index f9928bd2b39..e57a3e57cd0 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_error_codes_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_error_codes_test.cc @@ -4,6 +4,9 @@ #include "net/third_party/quiche/src/quic/core/quic_error_codes.h" +#include <cstdint> + +#include "third_party/boringssl/src/include/openssl/ssl.h" #include "net/third_party/quiche/src/quic/platform/api/quic_test.h" namespace quic { @@ -21,6 +24,76 @@ TEST_F(QuicErrorCodesTest, QuicErrorCodeToString) { EXPECT_STREQ("QUIC_NO_ERROR", QuicErrorCodeToString(QUIC_NO_ERROR)); } +TEST_F(QuicErrorCodesTest, QuicIetfTransportErrorCodeString) { + EXPECT_EQ("Private(65280)", + QuicIetfTransportErrorCodeString( + static_cast<quic::QuicIetfTransportErrorCodes>(0xff00u))); + + EXPECT_EQ("CRYPTO_ERROR(missing extension)", + QuicIetfTransportErrorCodeString( + static_cast<quic::QuicIetfTransportErrorCodes>( + CRYPTO_ERROR_FIRST + SSL_AD_MISSING_EXTENSION))); + + EXPECT_EQ("NO_IETF_QUIC_ERROR", + QuicIetfTransportErrorCodeString(NO_IETF_QUIC_ERROR)); + EXPECT_EQ("INTERNAL_ERROR", QuicIetfTransportErrorCodeString(INTERNAL_ERROR)); + EXPECT_EQ("SERVER_BUSY_ERROR", + QuicIetfTransportErrorCodeString(SERVER_BUSY_ERROR)); + EXPECT_EQ("FLOW_CONTROL_ERROR", + QuicIetfTransportErrorCodeString(FLOW_CONTROL_ERROR)); + EXPECT_EQ("STREAM_LIMIT_ERROR", + QuicIetfTransportErrorCodeString(STREAM_LIMIT_ERROR)); + EXPECT_EQ("STREAM_STATE_ERROR", + QuicIetfTransportErrorCodeString(STREAM_STATE_ERROR)); + EXPECT_EQ("FINAL_SIZE_ERROR", + QuicIetfTransportErrorCodeString(FINAL_SIZE_ERROR)); + EXPECT_EQ("FRAME_ENCODING_ERROR", + QuicIetfTransportErrorCodeString(FRAME_ENCODING_ERROR)); + EXPECT_EQ("TRANSPORT_PARAMETER_ERROR", + QuicIetfTransportErrorCodeString(TRANSPORT_PARAMETER_ERROR)); + EXPECT_EQ("CONNECTION_ID_LIMIT_ERROR", + QuicIetfTransportErrorCodeString(CONNECTION_ID_LIMIT_ERROR)); + EXPECT_EQ("PROTOCOL_VIOLATION", + QuicIetfTransportErrorCodeString(PROTOCOL_VIOLATION)); + EXPECT_EQ("INVALID_TOKEN", QuicIetfTransportErrorCodeString(INVALID_TOKEN)); + EXPECT_EQ("CRYPTO_BUFFER_EXCEEDED", + QuicIetfTransportErrorCodeString(CRYPTO_BUFFER_EXCEEDED)); + + EXPECT_EQ("Unknown(1024)", + QuicIetfTransportErrorCodeString( + static_cast<quic::QuicIetfTransportErrorCodes>(0x400))); +} + +TEST_F(QuicErrorCodesTest, QuicErrorCodeToTransportErrorCode) { + for (int internal_error_code = 0; internal_error_code < QUIC_LAST_ERROR; + ++internal_error_code) { + std::string internal_error_code_string = + QuicErrorCodeToString(static_cast<QuicErrorCode>(internal_error_code)); + if (internal_error_code_string == "INVALID_ERROR_CODE") { + // Not a valid QuicErrorCode. + continue; + } + QuicErrorCodeToIetfMapping ietf_error_code = + QuicErrorCodeToTransportErrorCode( + static_cast<QuicErrorCode>(internal_error_code)); + if (ietf_error_code.is_transport_close) { + QuicIetfTransportErrorCodes transport_error_code = + static_cast<QuicIetfTransportErrorCodes>(ietf_error_code.error_code); + bool is_valid_transport_error_code = transport_error_code <= 0x0d; + EXPECT_TRUE(is_valid_transport_error_code) << internal_error_code_string; + } else { + // Non-transport errors are application errors, either HTTP/3 or QPACK. + uint64_t application_error_code = ietf_error_code.error_code; + bool is_valid_http3_error_code = + application_error_code >= 0x100 && application_error_code <= 0x110; + bool is_valid_qpack_error_code = + application_error_code >= 0x200 && application_error_code <= 0x202; + EXPECT_TRUE(is_valid_http3_error_code || is_valid_qpack_error_code) + << internal_error_code_string; + } + } +} + } // namespace } // namespace test } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_flow_controller.h b/chromium/net/third_party/quiche/src/quic/core/quic_flow_controller.h index e627c8c4d31..29c3c02d1a3 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_flow_controller.h +++ b/chromium/net/third_party/quiche/src/quic/core/quic_flow_controller.h @@ -91,6 +91,8 @@ class QUIC_EXPORT_PRIVATE QuicFlowController QuicByteCount bytes_consumed() const { return bytes_consumed_; } + QuicStreamOffset send_window_offset() const { return send_window_offset_; } + QuicStreamOffset highest_received_byte_offset() const { return highest_received_byte_offset_; } diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_flow_controller_test.cc b/chromium/net/third_party/quiche/src/quic/core/quic_flow_controller_test.cc index 8f4cdf7849e..29a9ba37649 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_flow_controller_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_flow_controller_test.cc @@ -31,7 +31,7 @@ class MockFlowController : public QuicFlowControllerInterface { MockFlowController& operator=(const MockFlowController&) = delete; ~MockFlowController() override {} - MOCK_METHOD1(EnsureWindowAtLeast, void(QuicByteCount)); + MOCK_METHOD(void, EnsureWindowAtLeast, (QuicByteCount), (override)); }; class QuicFlowControllerTest : public QuicTest { diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_framer.cc b/chromium/net/third_party/quiche/src/quic/core/quic_framer.cc index f90019176aa..b05b4576d8e 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_framer.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_framer.cc @@ -466,11 +466,9 @@ size_t QuicFramer::GetMessageFrameSize(QuicTransportVersion version, } // static -size_t QuicFramer::GetMinAckFrameSize( - QuicTransportVersion version, - const QuicAckFrame& ack_frame, - uint32_t local_ack_delay_exponent, - QuicPacketNumberLength largest_observed_length) { +size_t QuicFramer::GetMinAckFrameSize(QuicTransportVersion version, + const QuicAckFrame& ack_frame, + uint32_t local_ack_delay_exponent) { if (VersionHasIetfQuicFrames(version)) { // The minimal ack frame consists of the following fields: Largest // Acknowledged, ACK Delay, 0 ACK Block Count, First ACK Block and ECN @@ -498,13 +496,9 @@ size_t QuicFramer::GetMinAckFrameSize( } return min_size; } - if (GetQuicReloadableFlag(quic_use_ack_frame_to_get_min_size)) { - QUIC_RELOADABLE_FLAG_COUNT(quic_use_ack_frame_to_get_min_size); - largest_observed_length = GetMinPacketNumberLength(LargestAcked(ack_frame)); - } - size_t min_size = kQuicFrameTypeSize + largest_observed_length + - kQuicDeltaTimeLargestObservedSize; - return min_size + kQuicNumTimestampsSize; + return kQuicFrameTypeSize + + GetMinPacketNumberLength(LargestAcked(ack_frame)) + + kQuicDeltaTimeLargestObservedSize + kQuicNumTimestampsSize; } // static @@ -541,16 +535,13 @@ size_t QuicFramer::GetConnectionCloseFrameSize( // Prepend the extra error information to the string and get the result's // length. const size_t truncated_error_string_size = TruncatedErrorStringSize( - GenerateErrorString(frame.error_details, frame.extracted_error_code)); + GenerateErrorString(frame.error_details, frame.quic_error_code)); const size_t frame_size = truncated_error_string_size + QuicDataWriter::GetVarInt62Len(truncated_error_string_size) + kQuicFrameTypeSize + - QuicDataWriter::GetVarInt62Len( - (frame.close_type == IETF_QUIC_TRANSPORT_CONNECTION_CLOSE) - ? frame.transport_error_code - : frame.application_error_code); + QuicDataWriter::GetVarInt62Len(frame.wire_error_code); if (frame.close_type == IETF_QUIC_APPLICATION_CONNECTION_CLOSE) { return frame_size; } @@ -819,9 +810,9 @@ size_t QuicFramer::GetSerializedFrameLength( } bool can_truncate = frame.type == ACK_FRAME && - free_bytes >= GetMinAckFrameSize( - version_.transport_version, *frame.ack_frame, - local_ack_delay_exponent_, PACKET_6BYTE_PACKET_NUMBER); + free_bytes >= GetMinAckFrameSize(version_.transport_version, + *frame.ack_frame, + local_ack_delay_exponent_); if (can_truncate) { // Truncate the frame so the packet will not exceed kMaxOutgoingPacketSize. // Note that we may not use every byte of the writer in this case. @@ -1621,26 +1612,14 @@ void QuicFramer::MaybeProcessCoalescedPacket( return; } - if (GetQuicReloadableFlag(quic_minimum_validation_of_coalesced_packets)) { - QUIC_RELOADABLE_FLAG_COUNT(quic_minimum_validation_of_coalesced_packets); - if (coalesced_header.destination_connection_id != - header.destination_connection_id) { - // Drop coalesced packets with mismatched connection IDs. - QUIC_DLOG(INFO) << ENDPOINT << "Received mismatched coalesced header " - << coalesced_header << " previous header was " << header; - QUIC_CODE_COUNT( - quic_received_coalesced_packets_with_mismatched_connection_id); - return; - } - } else { - if (coalesced_header.destination_connection_id != - header.destination_connection_id || - (coalesced_header.form != IETF_QUIC_SHORT_HEADER_PACKET && - coalesced_header.version != header.version)) { - QUIC_PEER_BUG << ENDPOINT << "Received mismatched coalesced header " + if (coalesced_header.destination_connection_id != + header.destination_connection_id) { + // Drop coalesced packets with mismatched connection IDs. + QUIC_DLOG(INFO) << ENDPOINT << "Received mismatched coalesced header " << coalesced_header << " previous header was " << header; - return; - } + QUIC_CODE_COUNT( + quic_received_coalesced_packets_with_mismatched_connection_id); + return; } QuicEncryptedPacket coalesced_packet(coalesced_data, coalesced_data_length, @@ -1758,6 +1737,7 @@ bool QuicFramer::ProcessIetfDataPacket(QuicDataReader* encrypted_reader, visitor_->OnUndecryptablePacket( QuicEncryptedPacket(encrypted_reader->FullPayload()), decryption_level, has_decryption_key); + RecordDroppedPacketReason(DroppedPacketReason::DECRYPTION_FAILURE); set_detailed_error(quiche::QuicheStrCat( "Unable to decrypt ", EncryptionLevelToString(decryption_level), " header protection", has_decryption_key ? "" : " (missing key)", @@ -3469,12 +3449,12 @@ bool QuicFramer::ProcessIetfStreamFrame(QuicDataReader* reader, // If we have a data length, read it. If not, set to 0. if (frame_type & IETF_STREAM_FRAME_LEN_BIT) { - QuicIetfStreamDataLength length; + uint64_t length; if (!reader->ReadVarInt62(&length)) { set_detailed_error("Unable to read stream data length."); return false; } - if (length > 0xffff) { + if (length > std::numeric_limits<decltype(frame->data_length)>::max()) { set_detailed_error("Stream data length is too large."); return false; } @@ -3498,7 +3478,7 @@ bool QuicFramer::ProcessIetfStreamFrame(QuicDataReader* reader, return false; } frame->data_buffer = data.data(); - frame->data_length = static_cast<QuicIetfStreamDataLength>(data.length()); + DCHECK_EQ(frame->data_length, data.length()); return true; } @@ -3975,13 +3955,11 @@ bool QuicFramer::ProcessConnectionCloseFrame(QuicDataReader* reader, error_code = QUIC_LAST_ERROR; } + // For Google QUIC connection closes, |wire_error_code| and |quic_error_code| + // must have the same value. + frame->wire_error_code = error_code; frame->quic_error_code = static_cast<QuicErrorCode>(error_code); - // For Google QUIC connection closes, copy the Google QUIC error code to - // the extracted error code field so that the Google QUIC error code is always - // available in extracted_error_code. - frame->extracted_error_code = frame->quic_error_code; - quiche::QuicheStringPiece error_details; if (!reader->ReadStringPiece16(&error_details)) { set_detailed_error("Unable to read connection close error details."); @@ -4680,14 +4658,11 @@ size_t QuicFramer::GetAckFrameSize( return GetIetfAckFrameSize(ack); } AckFrameInfo ack_info = GetAckFrameInfo(ack); - QuicPacketNumberLength largest_acked_length = - GetMinPacketNumberLength(LargestAcked(ack)); QuicPacketNumberLength ack_block_length = GetMinPacketNumberLength(QuicPacketNumber(ack_info.max_block_length)); - ack_size = - GetMinAckFrameSize(version_.transport_version, ack, - local_ack_delay_exponent_, largest_acked_length); + ack_size = GetMinAckFrameSize(version_.transport_version, ack, + local_ack_delay_exponent_); // First ack block length. ack_size += ack_block_length; if (ack_info.num_ack_blocks != 0) { @@ -5153,7 +5128,7 @@ bool QuicFramer::AppendAckFrameAndTypeByte(const QuicAckFrame& frame, int32_t available_timestamp_and_ack_block_bytes = writer->capacity() - writer->length() - ack_block_length - GetMinAckFrameSize(version_.transport_version, frame, - local_ack_delay_exponent_, largest_acked_length) - + local_ack_delay_exponent_) - (new_ack_info.num_ack_blocks != 0 ? kNumberOfAckBlocksSize : 0); DCHECK_LE(0, available_timestamp_and_ack_block_bytes); @@ -5441,7 +5416,7 @@ bool QuicFramer::AppendIetfAckFrameAndTypeByte(const QuicAckFrame& frame, const uint64_t ack_range = iter->Length() - 1; if (writer->remaining() < ecn_size || - writer->remaining() - ecn_size < + static_cast<size_t>(writer->remaining() - ecn_size) < QuicDataWriter::GetVarInt62Len(gap) + QuicDataWriter::GetVarInt62Len(ack_range)) { // ACK range does not fit, truncate it. @@ -5517,7 +5492,7 @@ bool QuicFramer::AppendConnectionCloseFrame( if (VersionHasIetfQuicFrames(version_.transport_version)) { return AppendIetfConnectionCloseFrame(frame, writer); } - uint32_t error_code = static_cast<uint32_t>(frame.quic_error_code); + uint32_t error_code = static_cast<uint32_t>(frame.wire_error_code); if (!writer->WriteUInt32(error_code)) { return false; } @@ -5642,10 +5617,7 @@ bool QuicFramer::AppendIetfConnectionCloseFrame( return false; } - if (!writer->WriteVarInt62( - (frame.close_type == IETF_QUIC_TRANSPORT_CONNECTION_CLOSE) - ? frame.transport_error_code - : frame.application_error_code)) { + if (!writer->WriteVarInt62(frame.wire_error_code)) { set_detailed_error("Can not write connection close frame error code"); return false; } @@ -5663,7 +5635,7 @@ bool QuicFramer::AppendIetfConnectionCloseFrame( // code. Encode the error information in the reason phrase and serialize the // result. std::string final_error_string = - GenerateErrorString(frame.error_details, frame.extracted_error_code); + GenerateErrorString(frame.error_details, frame.quic_error_code); if (!writer->WriteStringPieceVarInt62( TruncateErrorString(final_error_string))) { set_detailed_error("Can not write connection close phrase"); @@ -5684,12 +5656,7 @@ bool QuicFramer::ProcessIetfConnectionCloseFrame( return false; } - if (frame->close_type == IETF_QUIC_TRANSPORT_CONNECTION_CLOSE) { - frame->transport_error_code = - static_cast<QuicIetfTransportErrorCodes>(error_code); - } else if (frame->close_type == IETF_QUIC_APPLICATION_CONNECTION_CLOSE) { - frame->application_error_code = error_code; - } + frame->wire_error_code = error_code; if (type == IETF_QUIC_TRANSPORT_CONNECTION_CLOSE) { // The frame-type of the frame causing the error is present only @@ -5790,18 +5757,13 @@ bool QuicFramer::ProcessIetfResetStreamFrame(QuicDataReader* reader, return false; } - uint64_t error_code; - if (!reader->ReadVarInt62(&error_code)) { + if (!reader->ReadVarInt62(&frame->ietf_error_code)) { set_detailed_error("Unable to read rst stream error code."); return false; } - if (error_code > 0xffff) { - frame->ietf_error_code = 0xffff; - QUIC_DLOG(ERROR) << "Reset stream error code (" << error_code - << ") > 0xffff"; - } else { - frame->ietf_error_code = static_cast<uint16_t>(error_code); - } + + frame->error_code = + IetfResetStreamErrorCodeToRstStreamErrorCode(frame->ietf_error_code); if (!reader->ReadVarInt62(&frame->byte_offset)) { set_detailed_error("Unable to read rst stream sent byte offset."); @@ -6626,10 +6588,10 @@ void MaybeExtractQuicErrorCode(QuicConnectionCloseFrame* frame) { if (ed.size() < 2 || !quiche::QuicheTextUtils::IsAllDigits(ed[0]) || !quiche::QuicheTextUtils::StringToUint64(ed[0], &extracted_error_code)) { if (frame->close_type == IETF_QUIC_TRANSPORT_CONNECTION_CLOSE && - frame->transport_error_code == NO_IETF_QUIC_ERROR) { - frame->extracted_error_code = QUIC_NO_ERROR; + frame->wire_error_code == NO_IETF_QUIC_ERROR) { + frame->quic_error_code = QUIC_NO_ERROR; } else { - frame->extracted_error_code = QUIC_IETF_GQUIC_ERROR_MISSING; + frame->quic_error_code = QUIC_IETF_GQUIC_ERROR_MISSING; } return; } @@ -6641,8 +6603,7 @@ void MaybeExtractQuicErrorCode(QuicConnectionCloseFrame* frame) { quiche::QuicheStringPiece x = quiche::QuicheStringPiece(frame->error_details); x.remove_prefix(ed[0].length() + 1); frame->error_details = std::string(x); - frame->extracted_error_code = - static_cast<QuicErrorCode>(extracted_error_code); + frame->quic_error_code = static_cast<QuicErrorCode>(extracted_error_code); } #undef ENDPOINT // undef for jumbo builds diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_framer.h b/chromium/net/third_party/quiche/src/quic/core/quic_framer.h index 746e6a1dacc..8ace715d285 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_framer.h +++ b/chromium/net/third_party/quiche/src/quic/core/quic_framer.h @@ -312,13 +312,9 @@ class QUIC_EXPORT_PRIVATE QuicFramer { QuicByteCount length); // Size in bytes of all ack frame fields without the missing packets or ack // blocks. - // TODO(fayang): Remove |largest_observed_length| when deprecating - // quic_use_ack_frame_to_get_min_size. - static size_t GetMinAckFrameSize( - QuicTransportVersion version, - const QuicAckFrame& ack_frame, - uint32_t local_ack_delay_exponent, - QuicPacketNumberLength largest_observed_length); + static size_t GetMinAckFrameSize(QuicTransportVersion version, + const QuicAckFrame& ack_frame, + uint32_t local_ack_delay_exponent); // Size in bytes of a stop waiting frame. static size_t GetStopWaitingFrameSize( QuicPacketNumberLength packet_number_length); @@ -1097,9 +1093,10 @@ class QUIC_EXPORT_PRIVATE QuicFramer { // This text, inserted by the peer if it's using Google's QUIC implementation, // contains additional error information that narrows down the exact error. The // extracted error code and (possibly updated) error_details string are returned -// in |*frame|. If an error code is not found in the error details then the -// extracted_error_code is set to QuicErrorCode::QUIC_IETF_GQUIC_ERROR_MISSING. -// If there is an error code in the string then it is removed from the string. +// in |*frame|. If an error code is not found in the error details, then +// frame->quic_error_code is set to +// QuicErrorCode::QUIC_IETF_GQUIC_ERROR_MISSING. If there is an error code in +// the string then it is removed from the string. QUIC_EXPORT_PRIVATE void MaybeExtractQuicErrorCode( QuicConnectionCloseFrame* frame); diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_framer_test.cc b/chromium/net/third_party/quiche/src/quic/core/quic_framer_test.cc index 813d4f6c270..fb9c2eb87bc 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_framer_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_framer_test.cc @@ -4259,9 +4259,9 @@ TEST_P(QuicFramerTest, RstStreamFrame) { {"Unable to read rst stream sent byte offset.", {0x3A, 0x98, 0xFE, 0xDC, 0x32, 0x10, 0x76, 0x54}}, - // error code + // error code QUIC_STREAM_CANCELLED {"Unable to read rst stream error code.", - {0x00, 0x00, 0x00, 0x01}} + {0x00, 0x00, 0x00, 0x06}} }; PacketFragments packet46 = { @@ -4284,9 +4284,9 @@ TEST_P(QuicFramerTest, RstStreamFrame) { {"Unable to read rst stream sent byte offset.", {0x3A, 0x98, 0xFE, 0xDC, 0x32, 0x10, 0x76, 0x54}}, - // error code + // error code QUIC_STREAM_CANCELLED {"Unable to read rst stream error code.", - {0x00, 0x00, 0x00, 0x01}} + {0x00, 0x00, 0x00, 0x06}} }; PacketFragments packet99 = { @@ -4305,9 +4305,10 @@ TEST_P(QuicFramerTest, RstStreamFrame) { // stream id {"Unable to read IETF_RST_STREAM frame stream id/count.", {kVarInt62FourBytes + 0x01, 0x02, 0x03, 0x04}}, - // application error code + // application error code H3_REQUEST_CANCELLED gets translated to + // QuicRstStreamErrorCode::QUIC_STREAM_CANCELLED. {"Unable to read rst stream error code.", - {kVarInt62OneByte + 0x01}}, + {kVarInt62TwoBytes + 0x01, 0x0c}}, // Final Offset {"Unable to read rst stream sent byte offset.", {kVarInt62EightBytes + 0x3a, 0x98, 0xFE, 0xDC, 0x32, 0x10, 0x76, 0x54}} @@ -4330,7 +4331,7 @@ TEST_P(QuicFramerTest, RstStreamFrame) { PACKET_8BYTE_CONNECTION_ID, PACKET_0BYTE_CONNECTION_ID)); EXPECT_EQ(kStreamId, visitor_.rst_stream_frame_.stream_id); - EXPECT_EQ(0x01, visitor_.rst_stream_frame_.error_code); + EXPECT_EQ(QUIC_STREAM_CANCELLED, visitor_.rst_stream_frame_.error_code); EXPECT_EQ(kStreamOffset, visitor_.rst_stream_frame_.byte_offset); CheckFramingBoundaries(fragments, QUIC_INVALID_RST_STREAM_DATA); } @@ -4442,19 +4443,18 @@ TEST_P(QuicFramerTest, ConnectionCloseFrame) { EXPECT_EQ(0u, visitor_.stream_frames_.size()); EXPECT_EQ(0x11u, static_cast<unsigned>( - visitor_.connection_close_frame_.quic_error_code)); + visitor_.connection_close_frame_.wire_error_code)); EXPECT_EQ("because I can", visitor_.connection_close_frame_.error_details); if (VersionHasIetfQuicFrames(framer_.transport_version())) { EXPECT_EQ(0x1234u, visitor_.connection_close_frame_.transport_close_frame_type); - EXPECT_THAT(visitor_.connection_close_frame_.extracted_error_code, + EXPECT_THAT(visitor_.connection_close_frame_.quic_error_code, IsError(QUIC_IETF_GQUIC_ERROR_MISSING)); } else { - // For Google QUIC closes, the error code is copied into - // extracted_error_code. - EXPECT_EQ(0x11u, - static_cast<unsigned>( - visitor_.connection_close_frame_.extracted_error_code)); + // For Google QUIC frame, |quic_error_code| and |wire_error_code| has the + // same value. + EXPECT_EQ(0x11u, static_cast<unsigned>( + visitor_.connection_close_frame_.quic_error_code)); } ASSERT_EQ(0u, visitor_.ack_frames_.size()); @@ -4576,15 +4576,15 @@ TEST_P(QuicFramerTest, ConnectionCloseFrameWithExtractedInfoIgnoreGCuic) { EXPECT_EQ(0u, visitor_.stream_frames_.size()); EXPECT_EQ(0x11u, static_cast<unsigned>( - visitor_.connection_close_frame_.quic_error_code)); + visitor_.connection_close_frame_.wire_error_code)); if (VersionHasIetfQuicFrames(framer_.transport_version())) { EXPECT_EQ(0x1234u, visitor_.connection_close_frame_.transport_close_frame_type); - EXPECT_EQ(17767u, visitor_.connection_close_frame_.extracted_error_code); + EXPECT_EQ(17767u, visitor_.connection_close_frame_.quic_error_code); EXPECT_EQ("because I can", visitor_.connection_close_frame_.error_details); } else { - EXPECT_EQ(0x11u, visitor_.connection_close_frame_.extracted_error_code); + EXPECT_EQ(0x11u, visitor_.connection_close_frame_.quic_error_code); // Error code is not prepended in GQUIC, so it is not removed and should // remain in the reason phrase. EXPECT_EQ("17767:because I can", @@ -4648,8 +4648,8 @@ TEST_P(QuicFramerTest, ApplicationCloseFrame) { EXPECT_EQ(IETF_QUIC_APPLICATION_CONNECTION_CLOSE, visitor_.connection_close_frame_.close_type); - EXPECT_EQ(122u, visitor_.connection_close_frame_.extracted_error_code); - EXPECT_EQ(0x11u, visitor_.connection_close_frame_.quic_error_code); + EXPECT_EQ(122u, visitor_.connection_close_frame_.quic_error_code); + EXPECT_EQ(0x11u, visitor_.connection_close_frame_.wire_error_code); EXPECT_EQ("because I can", visitor_.connection_close_frame_.error_details); ASSERT_EQ(0u, visitor_.ack_frames_.size()); @@ -4710,8 +4710,8 @@ TEST_P(QuicFramerTest, ApplicationCloseFrameExtract) { EXPECT_EQ(IETF_QUIC_APPLICATION_CONNECTION_CLOSE, visitor_.connection_close_frame_.close_type); - EXPECT_EQ(17767u, visitor_.connection_close_frame_.extracted_error_code); - EXPECT_EQ(0x11u, visitor_.connection_close_frame_.quic_error_code); + EXPECT_EQ(17767u, visitor_.connection_close_frame_.quic_error_code); + EXPECT_EQ(0x11u, visitor_.connection_close_frame_.wire_error_code); EXPECT_EQ("because I can", visitor_.connection_close_frame_.error_details); ASSERT_EQ(0u, visitor_.ack_frames_.size()); @@ -7528,12 +7528,7 @@ TEST_P(QuicFramerTest, BuildCloseFramePacket) { header.packet_number = kPacketNumber; QuicConnectionCloseFrame close_frame( - framer_.transport_version(), - static_cast<QuicErrorCode>( - VersionHasIetfQuicFrames(framer_.transport_version()) ? 0x11 - : 0x05060708), - "because I can", 0x05); - close_frame.extracted_error_code = QUIC_IETF_GQUIC_ERROR_MISSING; + framer_.transport_version(), QUIC_INTERNAL_ERROR, "because I can", 0x05); QuicFrames frames = {QuicFrame(&close_frame)}; // clang-format off @@ -7548,7 +7543,7 @@ TEST_P(QuicFramerTest, BuildCloseFramePacket) { // frame type (connection close frame) 0x02, // error code - 0x05, 0x06, 0x07, 0x08, + 0x00, 0x00, 0x00, 0x01, // error details length 0x00, 0x0d, // error details @@ -7569,7 +7564,7 @@ TEST_P(QuicFramerTest, BuildCloseFramePacket) { // frame type (connection close frame) 0x02, // error code - 0x05, 0x06, 0x07, 0x08, + 0x00, 0x00, 0x00, 0x01, // error details length 0x00, 0x0d, // error details @@ -7590,16 +7585,16 @@ TEST_P(QuicFramerTest, BuildCloseFramePacket) { // frame type (IETF_CONNECTION_CLOSE frame) 0x1c, // error code - kVarInt62OneByte + 0x11, + kVarInt62OneByte + 0x01, // Frame type within the CONNECTION_CLOSE frame kVarInt62OneByte + 0x05, // error details length - kVarInt62OneByte + 0x0d, + kVarInt62OneByte + 0x0f, // error details - 'b', 'e', 'c', 'a', - 'u', 's', 'e', ' ', - 'I', ' ', 'c', 'a', - 'n', + '1', ':', 'b', 'e', + 'c', 'a', 'u', 's', + 'e', ' ', 'I', ' ', + 'c', 'a', 'n', }; // clang-format on @@ -7631,12 +7626,12 @@ TEST_P(QuicFramerTest, BuildCloseFramePacketExtendedInfo) { QuicConnectionCloseFrame close_frame( framer_.transport_version(), static_cast<QuicErrorCode>( - VersionHasIetfQuicFrames(framer_.transport_version()) ? 0x11 + VersionHasIetfQuicFrames(framer_.transport_version()) ? 0x01 : 0x05060708), "because I can", 0x05); // Set this so that it is "there" for both Google QUIC and IETF QUIC // framing. It better not show up for Google QUIC! - close_frame.extracted_error_code = static_cast<QuicErrorCode>(0x4567); + close_frame.quic_error_code = static_cast<QuicErrorCode>(0x4567); QuicFrames frames = {QuicFrame(&close_frame)}; @@ -7693,8 +7688,9 @@ TEST_P(QuicFramerTest, BuildCloseFramePacketExtendedInfo) { // frame type (IETF_CONNECTION_CLOSE frame) 0x1c, - // error code - kVarInt62OneByte + 0x11, + // IETF error code INTERNAL_ERROR = 0x01 corresponding to + // QuicErrorCode::QUIC_INTERNAL_ERROR = 0x01. + kVarInt62OneByte + 0x01, // Frame type within the CONNECTION_CLOSE frame kVarInt62OneByte + 0x05, // error details length @@ -7733,13 +7729,9 @@ TEST_P(QuicFramerTest, BuildTruncatedCloseFramePacket) { header.version_flag = false; header.packet_number = kPacketNumber; - QuicConnectionCloseFrame close_frame( - framer_.transport_version(), - static_cast<QuicErrorCode>( - VersionHasIetfQuicFrames(framer_.transport_version()) ? 0xa - : 0x05060708), - std::string(2048, 'A'), 0x05); - close_frame.extracted_error_code = QUIC_IETF_GQUIC_ERROR_MISSING; + QuicConnectionCloseFrame close_frame(framer_.transport_version(), + QUIC_INTERNAL_ERROR, + std::string(2048, 'A'), 0x05); QuicFrames frames = {QuicFrame(&close_frame)}; // clang-format off @@ -7754,7 +7746,7 @@ TEST_P(QuicFramerTest, BuildTruncatedCloseFramePacket) { // frame type (connection close frame) 0x02, // error code - 0x05, 0x06, 0x07, 0x08, + 0x00, 0x00, 0x00, 0x01, // error details length 0x01, 0x00, // error details (truncated to 256 bytes) @@ -7803,7 +7795,7 @@ TEST_P(QuicFramerTest, BuildTruncatedCloseFramePacket) { // frame type (connection close frame) 0x02, // error code - 0x05, 0x06, 0x07, 0x08, + 0x00, 0x00, 0x00, 0x01, // error details length 0x01, 0x00, // error details (truncated to 256 bytes) @@ -7852,13 +7844,13 @@ TEST_P(QuicFramerTest, BuildTruncatedCloseFramePacket) { // frame type (IETF_CONNECTION_CLOSE frame) 0x1c, // error code - kVarInt62OneByte + 0x0a, + kVarInt62OneByte + 0x01, // Frame type within the CONNECTION_CLOSE frame kVarInt62OneByte + 0x05, // error details length kVarInt62TwoBytes + 0x01, 0x00, // error details (truncated to 256 bytes) - 'A', 'A', 'A', 'A', 'A', 'A', 'A', 'A', + '1', ':', 'A', 'A', 'A', 'A', 'A', 'A', 'A', 'A', 'A', 'A', 'A', 'A', 'A', 'A', 'A', 'A', 'A', 'A', 'A', 'A', 'A', 'A', 'A', 'A', 'A', 'A', 'A', 'A', 'A', 'A', @@ -7923,8 +7915,7 @@ TEST_P(QuicFramerTest, BuildApplicationCloseFramePacket) { header.packet_number = kPacketNumber; QuicConnectionCloseFrame app_close_frame; - app_close_frame.application_error_code = - static_cast<uint64_t>(QUIC_INVALID_STREAM_ID); + app_close_frame.wire_error_code = 0x11; app_close_frame.error_details = "because I can"; app_close_frame.close_type = IETF_QUIC_APPLICATION_CONNECTION_CLOSE; @@ -7975,13 +7966,12 @@ TEST_P(QuicFramerTest, BuildTruncatedApplicationCloseFramePacket) { header.packet_number = kPacketNumber; QuicConnectionCloseFrame app_close_frame; - app_close_frame.application_error_code = - static_cast<uint64_t>(QUIC_INVALID_STREAM_ID); + app_close_frame.wire_error_code = 0x11; app_close_frame.error_details = std::string(2048, 'A'); app_close_frame.close_type = IETF_QUIC_APPLICATION_CONNECTION_CLOSE; // Setting to missing ensures that if it is missing, the extended // code is not added to the text message. - app_close_frame.extracted_error_code = QUIC_IETF_GQUIC_ERROR_MISSING; + app_close_frame.quic_error_code = QUIC_IETF_GQUIC_ERROR_MISSING; QuicFrames frames = {QuicFrame(&app_close_frame)}; @@ -12451,7 +12441,6 @@ TEST_P(QuicFramerTest, CoalescedPacketWithDifferentVersion) { if (!QuicVersionHasLongHeaderLengths(framer_.transport_version())) { return; } - SetQuicReloadableFlag(quic_minimum_validation_of_coalesced_packets, true); SetDecrypterLevel(ENCRYPTION_ZERO_RTT); // clang-format off unsigned char packet[] = { @@ -13123,12 +13112,7 @@ TEST_P(QuicFramerTest, MismatchedCoalescedPacket) { QuicEncryptedPacket encrypted(AsChars(p), p_length, false); - if (GetQuicReloadableFlag(quic_minimum_validation_of_coalesced_packets)) { - EXPECT_TRUE(framer_.ProcessPacket(encrypted)); - } else { - EXPECT_QUIC_PEER_BUG(EXPECT_TRUE(framer_.ProcessPacket(encrypted)), - "Server: Received mismatched coalesced header.*"); - } + EXPECT_TRUE(framer_.ProcessPacket(encrypted)); EXPECT_THAT(framer_.error(), IsQuicNoError()); ASSERT_TRUE(visitor_.header_.get()); @@ -14254,84 +14238,77 @@ TEST_P(QuicFramerTest, TestExtendedErrorCodeParser) { frame.error_details = "this has no error code info in it"; MaybeExtractQuicErrorCode(&frame); - EXPECT_THAT(frame.extracted_error_code, - IsError(QUIC_IETF_GQUIC_ERROR_MISSING)); + EXPECT_THAT(frame.quic_error_code, IsError(QUIC_IETF_GQUIC_ERROR_MISSING)); EXPECT_EQ("this has no error code info in it", frame.error_details); frame.error_details = "1234this does not have the colon in it"; MaybeExtractQuicErrorCode(&frame); - EXPECT_THAT(frame.extracted_error_code, - IsError(QUIC_IETF_GQUIC_ERROR_MISSING)); + EXPECT_THAT(frame.quic_error_code, IsError(QUIC_IETF_GQUIC_ERROR_MISSING)); EXPECT_EQ("1234this does not have the colon in it", frame.error_details); frame.error_details = "1a234:this has a colon, but a malformed error number"; MaybeExtractQuicErrorCode(&frame); - EXPECT_THAT(frame.extracted_error_code, - IsError(QUIC_IETF_GQUIC_ERROR_MISSING)); + EXPECT_THAT(frame.quic_error_code, IsError(QUIC_IETF_GQUIC_ERROR_MISSING)); EXPECT_EQ("1a234:this has a colon, but a malformed error number", frame.error_details); frame.error_details = "1234:this is good"; MaybeExtractQuicErrorCode(&frame); - EXPECT_EQ(1234u, frame.extracted_error_code); + EXPECT_EQ(1234u, frame.quic_error_code); EXPECT_EQ("this is good", frame.error_details); frame.error_details = "1234 :this is not good, space between last digit and colon"; MaybeExtractQuicErrorCode(&frame); - EXPECT_THAT(frame.extracted_error_code, - IsError(QUIC_IETF_GQUIC_ERROR_MISSING)); + EXPECT_THAT(frame.quic_error_code, IsError(QUIC_IETF_GQUIC_ERROR_MISSING)); EXPECT_EQ("1234 :this is not good, space between last digit and colon", frame.error_details); frame.error_details = "123456789"; MaybeExtractQuicErrorCode(&frame); EXPECT_THAT( - frame.extracted_error_code, + frame.quic_error_code, IsError(QUIC_IETF_GQUIC_ERROR_MISSING)); // Not good, all numbers, no : EXPECT_EQ("123456789", frame.error_details); frame.error_details = "1234:"; MaybeExtractQuicErrorCode(&frame); EXPECT_EQ(1234u, - frame.extracted_error_code); // corner case. + frame.quic_error_code); // corner case. EXPECT_EQ("", frame.error_details); frame.error_details = "1234:5678"; MaybeExtractQuicErrorCode(&frame); EXPECT_EQ(1234u, - frame.extracted_error_code); // another corner case. + frame.quic_error_code); // another corner case. EXPECT_EQ("5678", frame.error_details); frame.error_details = "12345 6789:"; MaybeExtractQuicErrorCode(&frame); - EXPECT_THAT(frame.extracted_error_code, + EXPECT_THAT(frame.quic_error_code, IsError(QUIC_IETF_GQUIC_ERROR_MISSING)); // Not good EXPECT_EQ("12345 6789:", frame.error_details); frame.error_details = ":no numbers, is not good"; MaybeExtractQuicErrorCode(&frame); - EXPECT_THAT(frame.extracted_error_code, - IsError(QUIC_IETF_GQUIC_ERROR_MISSING)); + EXPECT_THAT(frame.quic_error_code, IsError(QUIC_IETF_GQUIC_ERROR_MISSING)); EXPECT_EQ(":no numbers, is not good", frame.error_details); frame.error_details = "qwer:also no numbers, is not good"; MaybeExtractQuicErrorCode(&frame); - EXPECT_THAT(frame.extracted_error_code, - IsError(QUIC_IETF_GQUIC_ERROR_MISSING)); + EXPECT_THAT(frame.quic_error_code, IsError(QUIC_IETF_GQUIC_ERROR_MISSING)); EXPECT_EQ("qwer:also no numbers, is not good", frame.error_details); frame.error_details = " 1234:this is not good, space before first digit"; MaybeExtractQuicErrorCode(&frame); - EXPECT_THAT(frame.extracted_error_code, - IsError(QUIC_IETF_GQUIC_ERROR_MISSING)); + EXPECT_THAT(frame.quic_error_code, IsError(QUIC_IETF_GQUIC_ERROR_MISSING)); EXPECT_EQ(" 1234:this is not good, space before first digit", frame.error_details); frame.error_details = "1234:"; MaybeExtractQuicErrorCode(&frame); EXPECT_EQ(1234u, - frame.extracted_error_code); // this is good + frame.quic_error_code); // this is good EXPECT_EQ("", frame.error_details); } diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_idle_network_detector_test.cc b/chromium/net/third_party/quiche/src/quic/core/quic_idle_network_detector_test.cc index 16941ef7a82..0d40d640417 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_idle_network_detector_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_idle_network_detector_test.cc @@ -22,8 +22,8 @@ namespace { class MockDelegate : public QuicIdleNetworkDetector::Delegate { public: - MOCK_METHOD0(OnHandshakeTimeout, void()); - MOCK_METHOD0(OnIdleNetworkDetected, void()); + MOCK_METHOD(void, OnHandshakeTimeout, (), (override)); + MOCK_METHOD(void, OnIdleNetworkDetected, (), (override)); }; class QuicIdleNetworkDetectorTest : public QuicTest { diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_network_blackhole_detector_test.cc b/chromium/net/third_party/quiche/src/quic/core/quic_network_blackhole_detector_test.cc index eca50e3c1f3..0178887c2f8 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_network_blackhole_detector_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_network_blackhole_detector_test.cc @@ -21,8 +21,8 @@ class QuicNetworkBlackholeDetectorPeer { namespace { class MockDelegate : public QuicNetworkBlackholeDetector::Delegate { public: - MOCK_METHOD0(OnPathDegradingDetected, void()); - MOCK_METHOD0(OnBlackholeDetected, void()); + MOCK_METHOD(void, OnPathDegradingDetected, (), (override)); + MOCK_METHOD(void, OnBlackholeDetected, (), (override)); }; const size_t kPathDegradingDelayInSeconds = 5; diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_one_block_arena.h b/chromium/net/third_party/quiche/src/quic/core/quic_one_block_arena.h index d6b7ee99b55..41842f35963 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_one_block_arena.h +++ b/chromium/net/third_party/quiche/src/quic/core/quic_one_block_arena.h @@ -75,10 +75,7 @@ QuicArenaScopedPtr<T> QuicOneBlockArena<ArenaSize>::New(Args&&... args) { // QuicConnections currently use around 1KB of polymorphic types which would // ordinarily be on the heap. Instead, store them inline in an arena. -// TODO(fayang): Switch this and 1200 used in quic_arena_scoped_ptr_test and -// quic_one_block_arena_test back to 1024 when deprecating -// quic_use_blackhole_detector or quic_use_idle_network_detector. -using QuicConnectionArena = QuicOneBlockArena<1200>; +using QuicConnectionArena = QuicOneBlockArena<1024>; } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_one_block_arena_test.cc b/chromium/net/third_party/quiche/src/quic/core/quic_one_block_arena_test.cc index 11b12de410a..3175ac54abf 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_one_block_arena_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_one_block_arena_test.cc @@ -23,14 +23,14 @@ struct TestObject { class QuicOneBlockArenaTest : public QuicTest {}; TEST_F(QuicOneBlockArenaTest, AllocateSuccess) { - QuicOneBlockArena<1200> arena; + QuicOneBlockArena<1024> arena; QuicArenaScopedPtr<TestObject> ptr = arena.New<TestObject>(); EXPECT_TRUE(ptr.is_from_arena()); } TEST_F(QuicOneBlockArenaTest, Exhaust) { - QuicOneBlockArena<1200> arena; - for (size_t i = 0; i < 1200 / kMaxAlign; ++i) { + QuicOneBlockArena<1024> arena; + for (size_t i = 0; i < 1024 / kMaxAlign; ++i) { QuicArenaScopedPtr<TestObject> ptr = arena.New<TestObject>(); EXPECT_TRUE(ptr.is_from_arena()); } @@ -41,10 +41,10 @@ TEST_F(QuicOneBlockArenaTest, Exhaust) { } TEST_F(QuicOneBlockArenaTest, NoOverlaps) { - QuicOneBlockArena<1200> arena; + QuicOneBlockArena<1024> arena; std::vector<QuicArenaScopedPtr<TestObject>> objects; QuicIntervalSet<uintptr_t> used; - for (size_t i = 0; i < 1200 / kMaxAlign; ++i) { + for (size_t i = 0; i < 1024 / kMaxAlign; ++i) { QuicArenaScopedPtr<TestObject> ptr = arena.New<TestObject>(); EXPECT_TRUE(ptr.is_from_arena()); diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_packet_creator.cc b/chromium/net/third_party/quiche/src/quic/core/quic_packet_creator.cc index cea1a1be9cf..0ae78d22fa6 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_packet_creator.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_packet_creator.cc @@ -7,6 +7,7 @@ #include <algorithm> #include <cstddef> #include <cstdint> +#include <limits> #include <string> #include <utility> @@ -130,8 +131,15 @@ QuicPacketCreator::QuicPacketCreator(QuicConnectionId server_connection_id, next_transmission_type_(NOT_RETRANSMISSION), flusher_attached_(false), fully_pad_crypto_handshake_packets_(true), - latched_hard_max_packet_length_(0) { + latched_hard_max_packet_length_(0), + max_datagram_frame_size_(0) { SetMaxPacketLength(kDefaultMaxPacketSize); + if (!framer_->version().UsesTls()) { + // QUIC+TLS negotiates the maximum datagram frame size via the + // IETF QUIC max_datagram_frame_size transport parameter. + // QUIC_CRYPTO however does not negotiate this so we set its value here. + SetMaxDatagramFrameSize(kMaxAcceptedDatagramFrameSize); + } } QuicPacketCreator::~QuicPacketCreator() { @@ -165,6 +173,21 @@ void QuicPacketCreator::SetMaxPacketLength(QuicByteCount length) { << "Attempted to set max packet length too small"; } +void QuicPacketCreator::SetMaxDatagramFrameSize( + QuicByteCount max_datagram_frame_size) { + constexpr QuicByteCount upper_bound = + std::min<QuicByteCount>(std::numeric_limits<QuicPacketLength>::max(), + std::numeric_limits<size_t>::max()); + if (max_datagram_frame_size > upper_bound) { + // A value of |max_datagram_frame_size| that is equal or greater than + // 2^16-1 is effectively infinite because QUIC packets cannot be that large. + // We therefore clamp the value here to allow us to safely cast + // |max_datagram_frame_size_| to QuicPacketLength or size_t. + max_datagram_frame_size = upper_bound; + } + max_datagram_frame_size_ = max_datagram_frame_size; +} + void QuicPacketCreator::SetSoftMaxPacketLength(QuicByteCount length) { DCHECK(CanSetMaxPacketLength()); if (length > max_packet_length_) { @@ -326,6 +349,10 @@ bool QuicPacketCreator::HasRoomForStreamFrame(QuicStreamId id, bool QuicPacketCreator::HasRoomForMessageFrame(QuicByteCount length) { const size_t message_frame_size = QuicFramer::GetMessageFrameSize( framer_->transport_version(), /*last_frame_in_packet=*/true, length); + if (static_cast<QuicByteCount>(message_frame_size) > + max_datagram_frame_size_) { + return false; + } if (BytesFree() >= message_frame_size) { return true; } @@ -433,7 +460,7 @@ void QuicPacketCreator::OnSerializedPacket() { SerializedPacket packet(std::move(packet_)); ClearPacket(); RemoveSoftMaxPacketLength(); - delegate_->OnSerializedPacket(&packet); + delegate_->OnSerializedPacket(std::move(packet)); } void QuicPacketCreator::ClearPacket() { @@ -741,7 +768,7 @@ QuicPacketCreator::SerializeVersionNegotiationPacket( return encrypted; } -OwningSerializedPacketPointer +std::unique_ptr<SerializedPacket> QuicPacketCreator::SerializeConnectivityProbingPacket() { QUIC_BUG_IF(VersionHasIetfQuicFrames(framer_->transport_version())) << "Must not be version 99 to serialize padded ping connectivity probe"; @@ -764,17 +791,20 @@ QuicPacketCreator::SerializeConnectivityProbingPacket() { kMaxOutgoingPacketSize, buffer.get()); DCHECK(encrypted_length); - OwningSerializedPacketPointer serialize_packet(new SerializedPacket( + std::unique_ptr<SerializedPacket> serialize_packet(new SerializedPacket( header.packet_number, header.packet_number_length, buffer.release(), encrypted_length, /*has_ack=*/false, /*has_stop_waiting=*/false)); + serialize_packet->release_encrypted_buffer = [](const char* p) { + delete[] p; + }; serialize_packet->encryption_level = packet_.encryption_level; serialize_packet->transmission_type = NOT_RETRANSMISSION; return serialize_packet; } -OwningSerializedPacketPointer +std::unique_ptr<SerializedPacket> QuicPacketCreator::SerializePathChallengeConnectivityProbingPacket( QuicPathFrameBuffer* payload) { QUIC_BUG_IF(!VersionHasIetfQuicFrames(framer_->transport_version())) @@ -800,17 +830,21 @@ QuicPacketCreator::SerializePathChallengeConnectivityProbingPacket( kMaxOutgoingPacketSize, buffer.get()); DCHECK(encrypted_length); - OwningSerializedPacketPointer serialize_packet(new SerializedPacket( - header.packet_number, header.packet_number_length, buffer.release(), - encrypted_length, /*has_ack=*/false, /*has_stop_waiting=*/false)); + std::unique_ptr<SerializedPacket> serialize_packet( + new SerializedPacket(header.packet_number, header.packet_number_length, + buffer.release(), encrypted_length, + /*has_ack=*/false, /*has_stop_waiting=*/false)); + serialize_packet->release_encrypted_buffer = [](const char* p) { + delete[] p; + }; serialize_packet->encryption_level = packet_.encryption_level; serialize_packet->transmission_type = NOT_RETRANSMISSION; return serialize_packet; } -OwningSerializedPacketPointer +std::unique_ptr<SerializedPacket> QuicPacketCreator::SerializePathResponseConnectivityProbingPacket( const QuicCircularDeque<QuicPathFrameBuffer>& payloads, const bool is_padded) { @@ -837,10 +871,14 @@ QuicPacketCreator::SerializePathResponseConnectivityProbingPacket( kMaxOutgoingPacketSize, buffer.get()); DCHECK(encrypted_length); - OwningSerializedPacketPointer serialize_packet(new SerializedPacket( - header.packet_number, header.packet_number_length, buffer.release(), - encrypted_length, /*has_ack=*/false, /*has_stop_waiting=*/false)); + std::unique_ptr<SerializedPacket> serialize_packet( + new SerializedPacket(header.packet_number, header.packet_number_length, + buffer.release(), encrypted_length, + /*has_ack=*/false, /*has_stop_waiting=*/false)); + serialize_packet->release_encrypted_buffer = [](const char* p) { + delete[] p; + }; serialize_packet->encryption_level = packet_.encryption_level; serialize_packet->transmission_type = NOT_RETRANSMISSION; @@ -1705,8 +1743,12 @@ QuicPacketLength QuicPacketCreator::GetCurrentLargestMessagePayload() const { latched_hard_max_packet_length_ == 0 ? max_plaintext_size_ : framer_->GetMaxPlaintextSize(latched_hard_max_packet_length_); - return max_plaintext_size - - std::min(max_plaintext_size, packet_header_size + kQuicFrameTypeSize); + size_t largest_frame = + max_plaintext_size - std::min(max_plaintext_size, packet_header_size); + if (static_cast<QuicByteCount>(largest_frame) > max_datagram_frame_size_) { + largest_frame = static_cast<size_t>(max_datagram_frame_size_); + } + return largest_frame - std::min(largest_frame, kQuicFrameTypeSize); } QuicPacketLength QuicPacketCreator::GetGuaranteedLargestMessagePayload() const { @@ -1739,9 +1781,13 @@ QuicPacketLength QuicPacketCreator::GetGuaranteedLargestMessagePayload() const { latched_hard_max_packet_length_ == 0 ? max_plaintext_size_ : framer_->GetMaxPlaintextSize(latched_hard_max_packet_length_); + size_t largest_frame = + max_plaintext_size - std::min(max_plaintext_size, packet_header_size); + if (static_cast<QuicByteCount>(largest_frame) > max_datagram_frame_size_) { + largest_frame = static_cast<size_t>(max_datagram_frame_size_); + } const QuicPacketLength largest_payload = - max_plaintext_size - - std::min(max_plaintext_size, packet_header_size + kQuicFrameTypeSize); + largest_frame - std::min(largest_frame, kQuicFrameTypeSize); // This must always be less than or equal to GetCurrentLargestMessagePayload. DCHECK_LE(largest_payload, GetCurrentLargestMessagePayload()); return largest_payload; diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_packet_creator.h b/chromium/net/third_party/quiche/src/quic/core/quic_packet_creator.h index 508cd56256f..7695587f9f5 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_packet_creator.h +++ b/chromium/net/third_party/quiche/src/quic/core/quic_packet_creator.h @@ -44,10 +44,9 @@ class QUIC_EXPORT_PRIVATE QuicPacketCreator { // packet. If return nullptr, QuicPacketCreator will serialize on a stack // buffer. virtual char* GetPacketBuffer() = 0; - // Called when a packet is serialized. Delegate does not take the ownership - // of |serialized_packet|, but takes ownership of any frames it removes - // from |packet.retransmittable_frames|. - virtual void OnSerializedPacket(SerializedPacket* serialized_packet) = 0; + // Called when a packet is serialized. Delegate take the ownership of + // |serialized_packet|. + virtual void OnSerializedPacket(SerializedPacket serialized_packet) = 0; // Called when an unrecoverable error is encountered. virtual void OnUnrecoverableError(QuicErrorCode error, @@ -210,19 +209,20 @@ class QUIC_EXPORT_PRIVATE QuicPacketCreator { const ParsedQuicVersionVector& supported_versions); // Creates a connectivity probing packet for versions prior to version 99. - OwningSerializedPacketPointer SerializeConnectivityProbingPacket(); + std::unique_ptr<SerializedPacket> SerializeConnectivityProbingPacket(); // Create connectivity probing request and response packets using PATH // CHALLENGE and PATH RESPONSE frames, respectively, for version 99/IETF QUIC. // SerializePathChallengeConnectivityProbingPacket will pad the packet to be // MTU bytes long. - OwningSerializedPacketPointer SerializePathChallengeConnectivityProbingPacket( - QuicPathFrameBuffer* payload); + std::unique_ptr<SerializedPacket> + SerializePathChallengeConnectivityProbingPacket(QuicPathFrameBuffer* payload); // If |is_padded| is true then SerializePathResponseConnectivityProbingPacket // will pad the packet to be MTU bytes long, else it will not pad the packet. // |payloads| is cleared. - OwningSerializedPacketPointer SerializePathResponseConnectivityProbingPacket( + std::unique_ptr<SerializedPacket> + SerializePathResponseConnectivityProbingPacket( const QuicCircularDeque<QuicPathFrameBuffer>& payloads, const bool is_padded); @@ -278,6 +278,9 @@ class QUIC_EXPORT_PRIVATE QuicPacketCreator { // Sets the maximum packet length. void SetMaxPacketLength(QuicByteCount length); + // Sets the maximum DATAGRAM/MESSAGE frame size we can send. + void SetMaxDatagramFrameSize(QuicByteCount max_datagram_frame_size); + // Set a soft maximum packet length in the creator. If a packet cannot be // successfully created, creator will remove the soft limit and use the actual // max packet length. @@ -455,8 +458,8 @@ class QUIC_EXPORT_PRIVATE QuicPacketCreator { // Serializes all frames which have been added and adds any which should be // retransmitted to packet_.retransmittable_frames. All frames must fit into // a single packet. - // Fails if |buffer_len| isn't long enough for the encrypted packet. - void SerializePacket(char* encrypted_buffer, size_t buffer_len); + // Fails if |encrypted_buffer_len| isn't long enough for the encrypted packet. + void SerializePacket(char* encrypted_buffer, size_t encrypted_buffer_len); // Called after a new SerialiedPacket is created to call the delegate's // OnSerializedPacket and reset state. @@ -589,6 +592,11 @@ class QUIC_EXPORT_PRIVATE QuicPacketCreator { // SetSoftMaxPacketLength is called and max_packet_length_ gets // set to a soft value. QuicByteCount latched_hard_max_packet_length_; + + // The maximum length of a MESSAGE/DATAGRAM frame that our peer is willing to + // accept. There is no limit for QUIC_CRYPTO connections, but QUIC+TLS + // negotiates this during the handshake. + QuicByteCount max_datagram_frame_size_; }; } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_packet_creator_test.cc b/chromium/net/third_party/quiche/src/quic/core/quic_packet_creator_test.cc index 1507ae5f34d..d1beea7c01d 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_packet_creator_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_packet_creator_test.cc @@ -86,9 +86,12 @@ class MockDebugDelegate : public QuicPacketCreator::DebugDelegate { public: ~MockDebugDelegate() override = default; - MOCK_METHOD1(OnFrameAddedToPacket, void(const QuicFrame& frame)); + MOCK_METHOD(void, OnFrameAddedToPacket, (const QuicFrame& frame), (override)); - MOCK_METHOD1(OnStreamFrameCoalesced, void(const QuicStreamFrame& frame)); + MOCK_METHOD(void, + OnStreamFrameCoalesced, + (const QuicStreamFrame& frame), + (override)); }; class TestPacketCreator : public QuicPacketCreator { @@ -135,28 +138,16 @@ class TestPacketCreator : public QuicPacketCreator { class QuicPacketCreatorTest : public QuicTestWithParam<TestParams> { public: - void ClearSerializedPacketForTests(SerializedPacket* serialized_packet) { - if (serialized_packet == nullptr) { - return; - } - ClearSerializedPacket(serialized_packet); + void ClearSerializedPacketForTests(SerializedPacket /*serialized_packet*/) { + // serialized packet self-clears on destruction. } - void SaveSerializedPacket(SerializedPacket* serialized_packet) { - if (serialized_packet == nullptr) { - return; - } - delete[] serialized_packet_.encrypted_buffer; - serialized_packet_ = *serialized_packet; - serialized_packet_.encrypted_buffer = CopyBuffer(*serialized_packet); - serialized_packet->retransmittable_frames.clear(); + void SaveSerializedPacket(SerializedPacket serialized_packet) { + serialized_packet_.reset(CopySerializedPacket( + serialized_packet, &allocator_, /*copy_buffer=*/true)); } - void DeleteSerializedPacket() { - delete[] serialized_packet_.encrypted_buffer; - serialized_packet_.encrypted_buffer = nullptr; - ClearSerializedPacket(&serialized_packet_); - } + void DeleteSerializedPacket() { serialized_packet_ = nullptr; } protected: QuicPacketCreatorTest() @@ -170,8 +161,7 @@ class QuicPacketCreatorTest : public QuicTestWithParam<TestParams> { Perspective::IS_CLIENT, connection_id_.length()), data_("foo"), - creator_(connection_id_, &client_framer_, &delegate_, &producer_), - serialized_packet_(creator_.NoPacket()) { + creator_(connection_id_, &client_framer_, &delegate_, &producer_) { EXPECT_CALL(delegate_, GetPacketBuffer()).WillRepeatedly(Return(nullptr)); creator_.SetEncrypter(ENCRYPTION_INITIAL, std::make_unique<NullEncrypter>( Perspective::IS_CLIENT)); @@ -205,10 +195,7 @@ class QuicPacketCreatorTest : public QuicTestWithParam<TestParams> { } } - ~QuicPacketCreatorTest() override { - delete[] serialized_packet_.encrypted_buffer; - ClearSerializedPacket(&serialized_packet_); - } + ~QuicPacketCreatorTest() override {} SerializedPacket SerializeAllFrames(const QuicFrames& frames) { SerializedPacket packet = QuicPacketCreatorPeer::SerializeAllFrames( @@ -282,7 +269,7 @@ class QuicPacketCreatorTest : public QuicTestWithParam<TestParams> { n * 2; } - static const QuicStreamOffset kOffset = 0u; + static constexpr QuicStreamOffset kOffset = 0u; char buffer_[kMaxOutgoingPacketSize]; QuicConnectionId connection_id_; @@ -294,7 +281,7 @@ class QuicPacketCreatorTest : public QuicTestWithParam<TestParams> { std::string data_; struct iovec iov_; TestPacketCreator creator_; - SerializedPacket serialized_packet_; + std::unique_ptr<SerializedPacket> serialized_packet_; SimpleDataProducer producer_; SimpleBufferAllocator allocator_; }; @@ -351,12 +338,12 @@ TEST_P(QuicPacketCreatorTest, SerializeFrames) { } TEST_P(QuicPacketCreatorTest, SerializeConnectionClose) { - QuicConnectionCloseFrame frame(creator_.transport_version(), QUIC_NO_ERROR, - "error", - /*transport_close_frame_type=*/0); + QuicConnectionCloseFrame* frame = new QuicConnectionCloseFrame( + creator_.transport_version(), QUIC_NO_ERROR, "error", + /*transport_close_frame_type=*/0); QuicFrames frames; - frames.push_back(QuicFrame(&frame)); + frames.push_back(QuicFrame(frame)); SerializedPacket serialized = SerializeAllFrames(frames); EXPECT_EQ(ENCRYPTION_INITIAL, serialized.encryption_level); ASSERT_EQ(QuicPacketNumber(1u), serialized.packet_number); @@ -486,7 +473,7 @@ TEST_P(QuicPacketCreatorTest, StreamFrameConsumption) { EXPECT_CALL(delegate_, OnSerializedPacket(_)) .WillOnce(Invoke(this, &QuicPacketCreatorTest::SaveSerializedPacket)); creator_.FlushCurrentPacket(); - ASSERT_TRUE(serialized_packet_.encrypted_buffer); + ASSERT_TRUE(serialized_packet_->encrypted_buffer); DeleteSerializedPacket(); } } @@ -534,7 +521,7 @@ TEST_P(QuicPacketCreatorTest, CryptoStreamFramePacketPadding) { EXPECT_LT(0u, bytes_consumed); } creator_.FlushCurrentPacket(); - ASSERT_TRUE(serialized_packet_.encrypted_buffer); + ASSERT_TRUE(serialized_packet_->encrypted_buffer); // If there is not enough space in the packet to fit a padding frame // (1 byte) and to expand the stream frame (another 2 bytes) the packet // will not be padded. @@ -543,9 +530,9 @@ TEST_P(QuicPacketCreatorTest, CryptoStreamFramePacketPadding) { !QuicVersionUsesCryptoFrames(client_framer_.transport_version())) || client_framer_.version().CanSendCoalescedPackets()) { EXPECT_EQ(kDefaultMaxPacketSize - bytes_free, - serialized_packet_.encrypted_length); + serialized_packet_->encrypted_length); } else { - EXPECT_EQ(kDefaultMaxPacketSize, serialized_packet_.encrypted_length); + EXPECT_EQ(kDefaultMaxPacketSize, serialized_packet_->encrypted_length); } DeleteSerializedPacket(); } @@ -575,12 +562,12 @@ TEST_P(QuicPacketCreatorTest, NonCryptoStreamFramePacketNonPadding) { size_t bytes_consumed = frame.stream_frame.data_length; EXPECT_LT(0u, bytes_consumed); creator_.FlushCurrentPacket(); - ASSERT_TRUE(serialized_packet_.encrypted_buffer); + ASSERT_TRUE(serialized_packet_->encrypted_buffer); if (bytes_free > 0) { EXPECT_EQ(kDefaultMaxPacketSize - bytes_free, - serialized_packet_.encrypted_length); + serialized_packet_->encrypted_length); } else { - EXPECT_EQ(kDefaultMaxPacketSize, serialized_packet_.encrypted_length); + EXPECT_EQ(kDefaultMaxPacketSize, serialized_packet_->encrypted_length); } DeleteSerializedPacket(); } @@ -948,7 +935,7 @@ TEST_P(QuicPacketCreatorTest, SerializeConnectivityProbingPacket) { creator_.set_encryption_level(level); - OwningSerializedPacketPointer encrypted; + std::unique_ptr<SerializedPacket> encrypted; if (VersionHasIetfQuicFrames(creator_.transport_version())) { QuicPathFrameBuffer payload = { {0xde, 0xad, 0xbe, 0xef, 0xba, 0xdc, 0x0f, 0xfe}}; @@ -991,7 +978,7 @@ TEST_P(QuicPacketCreatorTest, SerializePathChallengeProbePacket) { creator_.set_encryption_level(level); - OwningSerializedPacketPointer encrypted( + std::unique_ptr<SerializedPacket> encrypted( creator_.SerializePathChallengeConnectivityProbingPacket(&payload)); { InSequence s; @@ -1024,7 +1011,7 @@ TEST_P(QuicPacketCreatorTest, SerializePathResponseProbePacket1PayloadPadded) { QuicCircularDeque<QuicPathFrameBuffer> payloads; payloads.push_back(payload0); - OwningSerializedPacketPointer encrypted( + std::unique_ptr<SerializedPacket> encrypted( creator_.SerializePathResponseConnectivityProbingPacket(payloads, true)); { @@ -1058,7 +1045,7 @@ TEST_P(QuicPacketCreatorTest, QuicCircularDeque<QuicPathFrameBuffer> payloads; payloads.push_back(payload0); - OwningSerializedPacketPointer encrypted( + std::unique_ptr<SerializedPacket> encrypted( creator_.SerializePathResponseConnectivityProbingPacket(payloads, false)); { @@ -1093,7 +1080,7 @@ TEST_P(QuicPacketCreatorTest, SerializePathResponseProbePacket2PayloadsPadded) { payloads.push_back(payload0); payloads.push_back(payload1); - OwningSerializedPacketPointer encrypted( + std::unique_ptr<SerializedPacket> encrypted( creator_.SerializePathResponseConnectivityProbingPacket(payloads, true)); { @@ -1130,7 +1117,7 @@ TEST_P(QuicPacketCreatorTest, payloads.push_back(payload0); payloads.push_back(payload1); - OwningSerializedPacketPointer encrypted( + std::unique_ptr<SerializedPacket> encrypted( creator_.SerializePathResponseConnectivityProbingPacket(payloads, false)); { @@ -1168,7 +1155,7 @@ TEST_P(QuicPacketCreatorTest, SerializePathResponseProbePacket3PayloadsPadded) { payloads.push_back(payload1); payloads.push_back(payload2); - OwningSerializedPacketPointer encrypted( + std::unique_ptr<SerializedPacket> encrypted( creator_.SerializePathResponseConnectivityProbingPacket(payloads, true)); { @@ -1208,7 +1195,7 @@ TEST_P(QuicPacketCreatorTest, payloads.push_back(payload1); payloads.push_back(payload2); - OwningSerializedPacketPointer encrypted( + std::unique_ptr<SerializedPacket> encrypted( creator_.SerializePathResponseConnectivityProbingPacket(payloads, false)); InSequence s; @@ -1361,7 +1348,6 @@ TEST_P(QuicPacketCreatorTest, SerializeFrame) { } ProcessPacket(serialized); EXPECT_EQ(GetParam().version_serialization, header.version_flag); - DeleteFrames(&frames_); } TEST_P(QuicPacketCreatorTest, SerializeFrameShortData) { @@ -1402,7 +1388,6 @@ TEST_P(QuicPacketCreatorTest, SerializeFrameShortData) { } ProcessPacket(serialized); EXPECT_EQ(GetParam().version_serialization, header.version_flag); - DeleteFrames(&frames_); } TEST_P(QuicPacketCreatorTest, ConsumeDataLargerThanOneStreamFrame) { @@ -1488,13 +1473,14 @@ TEST_P(QuicPacketCreatorTest, AddFrameAndFlush) { EXPECT_FALSE(creator_.AddFrame(QuicFrame(&ack_frame), NOT_RETRANSMISSION)); // Ensure the packet is successfully created. - ASSERT_TRUE(serialized_packet_.encrypted_buffer); - ASSERT_FALSE(serialized_packet_.retransmittable_frames.empty()); - const QuicFrames& retransmittable = serialized_packet_.retransmittable_frames; + ASSERT_TRUE(serialized_packet_->encrypted_buffer); + ASSERT_FALSE(serialized_packet_->retransmittable_frames.empty()); + const QuicFrames& retransmittable = + serialized_packet_->retransmittable_frames; ASSERT_EQ(1u, retransmittable.size()); EXPECT_EQ(STREAM_FRAME, retransmittable[0].type); - EXPECT_TRUE(serialized_packet_.has_ack); - EXPECT_EQ(QuicPacketNumber(10u), serialized_packet_.largest_acked); + EXPECT_TRUE(serialized_packet_->has_ack); + EXPECT_EQ(QuicPacketNumber(10u), serialized_packet_->largest_acked); DeleteSerializedPacket(); EXPECT_FALSE(creator_.HasPendingFrames()); @@ -1533,9 +1519,10 @@ TEST_P(QuicPacketCreatorTest, SerializeAndSendStreamFrame) { EXPECT_EQ(4u, num_bytes_consumed); // Ensure the packet is successfully created. - ASSERT_TRUE(serialized_packet_.encrypted_buffer); - ASSERT_FALSE(serialized_packet_.retransmittable_frames.empty()); - const QuicFrames& retransmittable = serialized_packet_.retransmittable_frames; + ASSERT_TRUE(serialized_packet_->encrypted_buffer); + ASSERT_FALSE(serialized_packet_->retransmittable_frames.empty()); + const QuicFrames& retransmittable = + serialized_packet_->retransmittable_frames; ASSERT_EQ(1u, retransmittable.size()); EXPECT_EQ(STREAM_FRAME, retransmittable[0].type); DeleteSerializedPacket(); @@ -1565,8 +1552,8 @@ TEST_P(QuicPacketCreatorTest, SerializeStreamFrameWithPadding) { EXPECT_EQ(1u, num_bytes_consumed); // Check that a packet is created. - ASSERT_TRUE(serialized_packet_.encrypted_buffer); - ASSERT_FALSE(serialized_packet_.retransmittable_frames.empty()); + ASSERT_TRUE(serialized_packet_->encrypted_buffer); + ASSERT_FALSE(serialized_packet_->retransmittable_frames.empty()); { InSequence s; EXPECT_CALL(framer_visitor_, OnPacket()); @@ -1580,7 +1567,7 @@ TEST_P(QuicPacketCreatorTest, SerializeStreamFrameWithPadding) { } EXPECT_CALL(framer_visitor_, OnPacketComplete()); } - ProcessPacket(serialized_packet_); + ProcessPacket(*serialized_packet_); } TEST_P(QuicPacketCreatorTest, AddUnencryptedStreamDataClosesConnection) { @@ -1669,7 +1656,7 @@ TEST_P(QuicPacketCreatorTest, PendingPadding) { EXPECT_CALL(framer_visitor_, OnPacketComplete()); } // Packet only contains padding. - ProcessPacket(serialized_packet_); + ProcessPacket(*serialized_packet_); } EXPECT_EQ(0u, creator_.pending_padding_bytes()); } @@ -1751,9 +1738,8 @@ TEST_P(QuicPacketCreatorTest, FlushWithExternalBuffer) { /*needs_full_padding=*/true, NOT_RETRANSMISSION, &frame)); EXPECT_CALL(delegate_, OnSerializedPacket(_)) - .WillOnce(Invoke([expected_buffer](SerializedPacket* serialized_packet) { - EXPECT_EQ(expected_buffer, serialized_packet->encrypted_buffer); - ClearSerializedPacket(serialized_packet); + .WillOnce(Invoke([expected_buffer](SerializedPacket serialized_packet) { + EXPECT_EQ(expected_buffer, serialized_packet.encrypted_buffer); })); creator_.FlushCurrentPacket(); } @@ -1775,6 +1761,9 @@ TEST_P(QuicPacketCreatorTest, AddMessageFrame) { if (!VersionSupportsMessageFrames(client_framer_.transport_version())) { return; } + if (client_framer_.version().UsesTls()) { + creator_.SetMaxDatagramFrameSize(kMaxAcceptedDatagramFrameSize); + } creator_.set_encryption_level(ENCRYPTION_FORWARD_SECURE); EXPECT_CALL(delegate_, OnSerializedPacket(_)) .Times(3) @@ -1827,6 +1816,9 @@ TEST_P(QuicPacketCreatorTest, MessageFrameConsumption) { if (!VersionSupportsMessageFrames(client_framer_.transport_version())) { return; } + if (client_framer_.version().UsesTls()) { + creator_.SetMaxDatagramFrameSize(kMaxAcceptedDatagramFrameSize); + } std::string message_data(kDefaultMaxPacketSize, 'a'); quiche::QuicheStringPiece message_buffer(message_data); QuicMemSliceStorage storage(nullptr, 0, nullptr, 0); @@ -1862,27 +1854,99 @@ TEST_P(QuicPacketCreatorTest, MessageFrameConsumption) { EXPECT_CALL(delegate_, OnSerializedPacket(_)) .WillOnce(Invoke(this, &QuicPacketCreatorTest::SaveSerializedPacket)); creator_.FlushCurrentPacket(); - ASSERT_TRUE(serialized_packet_.encrypted_buffer); + ASSERT_TRUE(serialized_packet_->encrypted_buffer); DeleteSerializedPacket(); } } } -// Regression test for bugfix of GetPacketHeaderSize. TEST_P(QuicPacketCreatorTest, GetGuaranteedLargestMessagePayload) { - QuicTransportVersion version = creator_.transport_version(); - if (!VersionSupportsMessageFrames(version)) { + ParsedQuicVersion version = GetParam().version; + if (!version.SupportsMessageFrames()) { return; } + if (version.UsesTls()) { + creator_.SetMaxDatagramFrameSize(kMaxAcceptedDatagramFrameSize); + } QuicPacketLength expected_largest_payload = 1319; - if (QuicVersionHasLongHeaderLengths(version)) { + if (version.HasLongHeaderLengths()) { expected_largest_payload -= 2; } - if (GetParam().version.HasLengthPrefixedConnectionIds()) { + if (version.HasLengthPrefixedConnectionIds()) { expected_largest_payload -= 1; } EXPECT_EQ(expected_largest_payload, creator_.GetGuaranteedLargestMessagePayload()); + EXPECT_TRUE(creator_.HasRoomForMessageFrame( + creator_.GetGuaranteedLargestMessagePayload())); + + // Now test whether SetMaxDatagramFrameSize works. + creator_.SetMaxDatagramFrameSize(expected_largest_payload + 1 + + kQuicFrameTypeSize); + EXPECT_EQ(expected_largest_payload, + creator_.GetGuaranteedLargestMessagePayload()); + EXPECT_TRUE(creator_.HasRoomForMessageFrame( + creator_.GetGuaranteedLargestMessagePayload())); + + creator_.SetMaxDatagramFrameSize(expected_largest_payload + + kQuicFrameTypeSize); + EXPECT_EQ(expected_largest_payload, + creator_.GetGuaranteedLargestMessagePayload()); + EXPECT_TRUE(creator_.HasRoomForMessageFrame( + creator_.GetGuaranteedLargestMessagePayload())); + + creator_.SetMaxDatagramFrameSize(expected_largest_payload - 1 + + kQuicFrameTypeSize); + EXPECT_EQ(expected_largest_payload - 1, + creator_.GetGuaranteedLargestMessagePayload()); + EXPECT_TRUE(creator_.HasRoomForMessageFrame( + creator_.GetGuaranteedLargestMessagePayload())); + + constexpr QuicPacketLength kFrameSizeLimit = 1000; + constexpr QuicPacketLength kPayloadSizeLimit = + kFrameSizeLimit - kQuicFrameTypeSize; + creator_.SetMaxDatagramFrameSize(kFrameSizeLimit); + EXPECT_EQ(creator_.GetGuaranteedLargestMessagePayload(), kPayloadSizeLimit); + EXPECT_TRUE(creator_.HasRoomForMessageFrame(kPayloadSizeLimit)); + EXPECT_FALSE(creator_.HasRoomForMessageFrame(kPayloadSizeLimit + 1)); +} + +TEST_P(QuicPacketCreatorTest, GetCurrentLargestMessagePayload) { + ParsedQuicVersion version = GetParam().version; + if (!version.SupportsMessageFrames()) { + return; + } + if (version.UsesTls()) { + creator_.SetMaxDatagramFrameSize(kMaxAcceptedDatagramFrameSize); + } + QuicPacketLength expected_largest_payload = 1319; + if (version.SendsVariableLengthPacketNumberInLongHeader()) { + expected_largest_payload += 3; + } + if (version.HasLongHeaderLengths()) { + expected_largest_payload -= 2; + } + if (version.HasLengthPrefixedConnectionIds()) { + expected_largest_payload -= 1; + } + EXPECT_EQ(expected_largest_payload, + creator_.GetCurrentLargestMessagePayload()); + + // Now test whether SetMaxDatagramFrameSize works. + creator_.SetMaxDatagramFrameSize(expected_largest_payload + 1 + + kQuicFrameTypeSize); + EXPECT_EQ(expected_largest_payload, + creator_.GetCurrentLargestMessagePayload()); + + creator_.SetMaxDatagramFrameSize(expected_largest_payload + + kQuicFrameTypeSize); + EXPECT_EQ(expected_largest_payload, + creator_.GetCurrentLargestMessagePayload()); + + creator_.SetMaxDatagramFrameSize(expected_largest_payload - 1 + + kQuicFrameTypeSize); + EXPECT_EQ(expected_largest_payload - 1, + creator_.GetCurrentLargestMessagePayload()); } TEST_P(QuicPacketCreatorTest, PacketTransmissionType) { @@ -1906,18 +1970,18 @@ TEST_P(QuicPacketCreatorTest, PacketTransmissionType) { .WillOnce(Invoke(this, &QuicPacketCreatorTest::SaveSerializedPacket)); EXPECT_TRUE(creator_.AddFrame(ack_frame, LOSS_RETRANSMISSION)); - ASSERT_FALSE(serialized_packet_.encrypted_buffer); + ASSERT_EQ(serialized_packet_, nullptr); EXPECT_TRUE(creator_.AddFrame(stream_frame, RTO_RETRANSMISSION)); - ASSERT_FALSE(serialized_packet_.encrypted_buffer); + ASSERT_EQ(serialized_packet_, nullptr); EXPECT_TRUE(creator_.AddFrame(padding_frame, TLP_RETRANSMISSION)); creator_.FlushCurrentPacket(); - ASSERT_TRUE(serialized_packet_.encrypted_buffer); + ASSERT_TRUE(serialized_packet_->encrypted_buffer); // The last retransmittable frame on packet is a stream frame, the packet's // transmission type should be the same as the stream frame's. - EXPECT_EQ(serialized_packet_.transmission_type, RTO_RETRANSMISSION); + EXPECT_EQ(serialized_packet_->transmission_type, RTO_RETRANSMISSION); DeleteSerializedPacket(); } @@ -1972,7 +2036,6 @@ TEST_P(QuicPacketCreatorTest, RetryToken) { quiche::test::CompareCharArraysWithHexError( "retry token", header.retry_token.data(), header.retry_token.length(), retry_token_bytes, sizeof(retry_token_bytes)); - DeleteFrames(&frames_); } TEST_P(QuicPacketCreatorTest, GetConnectionId) { @@ -2068,7 +2131,7 @@ TEST_P(QuicPacketCreatorTest, CoalesceStreamFrames) { EXPECT_CALL(framer_visitor_, OnStreamFrame(_)); EXPECT_CALL(framer_visitor_, OnStreamFrame(_)); EXPECT_CALL(framer_visitor_, OnPacketComplete()); - ProcessPacket(serialized_packet_); + ProcessPacket(*serialized_packet_); } TEST_P(QuicPacketCreatorTest, SaveNonRetransmittableFrames) { @@ -2186,6 +2249,9 @@ TEST_P(QuicPacketCreatorTest, SoftMaxPacketLength) { // Same for message frame. if (VersionSupportsMessageFrames(client_framer_.transport_version())) { creator_.SetSoftMaxPacketLength(overhead); + if (client_framer_.version().UsesTls()) { + creator_.SetMaxDatagramFrameSize(kMaxAcceptedDatagramFrameSize); + } // Verify GetCurrentLargestMessagePayload is based on the actual // max_packet_length. EXPECT_LT(1u, creator_.GetCurrentLargestMessagePayload()); @@ -2237,13 +2303,20 @@ class MockDelegate : public QuicPacketCreator::DelegateInterface { MockDelegate& operator=(const MockDelegate&) = delete; ~MockDelegate() override {} - MOCK_METHOD2(ShouldGeneratePacket, - bool(HasRetransmittableData retransmittable, - IsHandshake handshake)); - MOCK_METHOD0(MaybeBundleAckOpportunistically, const QuicFrames()); - MOCK_METHOD0(GetPacketBuffer, char*()); - MOCK_METHOD1(OnSerializedPacket, void(SerializedPacket* packet)); - MOCK_METHOD2(OnUnrecoverableError, void(QuicErrorCode, const std::string&)); + MOCK_METHOD(bool, + ShouldGeneratePacket, + (HasRetransmittableData retransmittable, IsHandshake handshake), + (override)); + MOCK_METHOD(const QuicFrames, + MaybeBundleAckOpportunistically, + (), + (override)); + MOCK_METHOD(char*, GetPacketBuffer, (), (override)); + MOCK_METHOD(void, OnSerializedPacket, (SerializedPacket), (override)); + MOCK_METHOD(void, + OnUnrecoverableError, + (QuicErrorCode, const std::string&), + (override)); void SetCanWriteAnything() { EXPECT_CALL(*this, ShouldGeneratePacket(_, _)).WillRepeatedly(Return(true)); @@ -2407,18 +2480,13 @@ class QuicPacketCreatorMultiplePacketsTest : public QuicTest { creator_.AttachPacketFlusher(); } - ~QuicPacketCreatorMultiplePacketsTest() override { - for (SerializedPacket& packet : packets_) { - delete[] packet.encrypted_buffer; - ClearSerializedPacket(&packet); - } - } + ~QuicPacketCreatorMultiplePacketsTest() override {} - void SavePacket(SerializedPacket* packet) { - packet->encrypted_buffer = CopyBuffer(*packet); - packets_.push_back(*packet); - packet->encrypted_buffer = nullptr; - packet->retransmittable_frames.clear(); + void SavePacket(SerializedPacket packet) { + DCHECK(packet.release_encrypted_buffer == nullptr); + packet.encrypted_buffer = CopyBuffer(packet); + packet.release_encrypted_buffer = [](const char* p) { delete[] p; }; + packets_.push_back(std::move(packet)); } protected: @@ -2903,7 +2971,7 @@ TEST_F(QuicPacketCreatorMultiplePacketsTest, ConsumeDataFastPath) { contents.num_stream_frames = 1; CheckPacketContains(contents, 0); EXPECT_FALSE(packets_.empty()); - SerializedPacket packet = packets_.back(); + SerializedPacket& packet = packets_.back(); EXPECT_TRUE(!packet.retransmittable_frames.empty()); EXPECT_EQ(LOSS_RETRANSMISSION, packet.transmission_type); EXPECT_EQ(STREAM_FRAME, packet.retransmittable_frames.front().type); @@ -2933,7 +3001,7 @@ TEST_F(QuicPacketCreatorMultiplePacketsTest, ConsumeDataLarge) { contents.num_stream_frames = 1; CheckPacketContains(contents, 0); EXPECT_FALSE(packets_.empty()); - SerializedPacket packet = packets_.back(); + SerializedPacket& packet = packets_.back(); EXPECT_TRUE(!packet.retransmittable_frames.empty()); EXPECT_EQ(STREAM_FRAME, packet.retransmittable_frames.front().type); const QuicStreamFrame& stream_frame = @@ -2976,7 +3044,7 @@ TEST_F(QuicPacketCreatorMultiplePacketsTest, ConsumeDataLargeSendAckFalse) { EXPECT_FALSE(creator_.HasPendingRetransmittableFrames()); EXPECT_FALSE(packets_.empty()); - SerializedPacket packet = packets_.back(); + SerializedPacket& packet = packets_.back(); EXPECT_TRUE(!packet.retransmittable_frames.empty()); EXPECT_EQ(STREAM_FRAME, packet.retransmittable_frames.front().type); const QuicStreamFrame& stream_frame = @@ -3005,7 +3073,7 @@ TEST_F(QuicPacketCreatorMultiplePacketsTest, ConsumeDataLargeSendAckTrue) { EXPECT_FALSE(creator_.HasPendingRetransmittableFrames()); EXPECT_FALSE(packets_.empty()); - SerializedPacket packet = packets_.back(); + SerializedPacket& packet = packets_.back(); EXPECT_TRUE(!packet.retransmittable_frames.empty()); EXPECT_EQ(STREAM_FRAME, packet.retransmittable_frames.front().type); const QuicStreamFrame& stream_frame = @@ -3352,7 +3420,7 @@ TEST_F(QuicPacketCreatorMultiplePacketsTest, GenerateConnectivityProbingPacket) { delegate_.SetCanWriteAnything(); - OwningSerializedPacketPointer probing_packet; + std::unique_ptr<SerializedPacket> probing_packet; if (VersionHasIetfQuicFrames(framer_.transport_version())) { QuicPathFrameBuffer payload = { {0xde, 0xad, 0xbe, 0xef, 0xba, 0xdc, 0x0f, 0xfe}}; @@ -3667,6 +3735,9 @@ TEST_F(QuicPacketCreatorMultiplePacketsTest, AddMessageFrame) { if (!VersionSupportsMessageFrames(framer_.transport_version())) { return; } + if (framer_.version().UsesTls()) { + creator_.SetMaxDatagramFrameSize(kMaxAcceptedDatagramFrameSize); + } quic::QuicMemSliceStorage storage(nullptr, 0, nullptr, 0); delegate_.SetCanWriteAnything(); EXPECT_CALL(delegate_, OnSerializedPacket(_)) diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_packet_writer.h b/chromium/net/third_party/quiche/src/quic/core/quic_packet_writer.h index bd10523e16a..ab29e15aa88 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_packet_writer.h +++ b/chromium/net/third_party/quiche/src/quic/core/quic_packet_writer.h @@ -28,8 +28,10 @@ struct QUIC_EXPORT_PRIVATE PerPacketOptions { // would not forget to override it. virtual std::unique_ptr<PerPacketOptions> Clone() const = 0; - // Specifies release time delay for this packet. + // Specifies ideal release time delay for this packet. QuicTime::Delta release_time_delay = QuicTime::Delta::Zero(); + // Whether it is allowed to send this packet without |release_time_delay|. + bool allow_burst = false; }; // An interface between writers and the entity managing the diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_packets.cc b/chromium/net/third_party/quiche/src/quic/core/quic_packets.cc index 4123c27f94c..69575b99935 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_packets.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_packets.cc @@ -465,15 +465,8 @@ SerializedPacket::SerializedPacket(QuicPacketNumber packet_number, transmission_type(NOT_RETRANSMISSION), has_ack_frame_copy(false) {} -SerializedPacket::SerializedPacket(const SerializedPacket& other) = default; - -SerializedPacket& SerializedPacket::operator=(const SerializedPacket& other) = - default; - SerializedPacket::SerializedPacket(SerializedPacket&& other) - : encrypted_buffer(other.encrypted_buffer), - encrypted_length(other.encrypted_length), - has_crypto_handshake(other.has_crypto_handshake), + : has_crypto_handshake(other.has_crypto_handshake), num_padding_bytes(other.num_padding_bytes), packet_number(other.packet_number), packet_number_length(other.packet_number_length), @@ -483,23 +476,58 @@ SerializedPacket::SerializedPacket(SerializedPacket&& other) transmission_type(other.transmission_type), largest_acked(other.largest_acked), has_ack_frame_copy(other.has_ack_frame_copy) { - retransmittable_frames.swap(other.retransmittable_frames); - nonretransmittable_frames.swap(other.nonretransmittable_frames); + if (this != &other) { + if (release_encrypted_buffer && encrypted_buffer != nullptr) { + release_encrypted_buffer(encrypted_buffer); + } + encrypted_buffer = other.encrypted_buffer; + encrypted_length = other.encrypted_length; + release_encrypted_buffer = std::move(other.release_encrypted_buffer); + other.release_encrypted_buffer = nullptr; + + retransmittable_frames.swap(other.retransmittable_frames); + nonretransmittable_frames.swap(other.nonretransmittable_frames); + } } -SerializedPacket::~SerializedPacket() {} +SerializedPacket::~SerializedPacket() { + if (release_encrypted_buffer && encrypted_buffer != nullptr) { + release_encrypted_buffer(encrypted_buffer); + } + + if (!retransmittable_frames.empty()) { + DeleteFrames(&retransmittable_frames); + } + for (auto& frame : nonretransmittable_frames) { + if (!has_ack_frame_copy && frame.type == ACK_FRAME) { + // Do not delete ack frame if the packet does not own a copy of it. + continue; + } + DeleteFrame(&frame); + } +} SerializedPacket* CopySerializedPacket(const SerializedPacket& serialized, QuicBufferAllocator* allocator, bool copy_buffer) { - SerializedPacket* copy = new SerializedPacket(serialized); + SerializedPacket* copy = new SerializedPacket( + serialized.packet_number, serialized.packet_number_length, + serialized.encrypted_buffer, serialized.encrypted_length, + serialized.has_ack, serialized.has_stop_waiting); + copy->has_crypto_handshake = serialized.has_crypto_handshake; + copy->num_padding_bytes = serialized.num_padding_bytes; + copy->encryption_level = serialized.encryption_level; + copy->transmission_type = serialized.transmission_type; + copy->largest_acked = serialized.largest_acked; + if (copy_buffer) { copy->encrypted_buffer = CopyBuffer(serialized); + copy->release_encrypted_buffer = [](const char* p) { delete[] p; }; } // Copy underlying frames. copy->retransmittable_frames = CopyQuicFrames(allocator, serialized.retransmittable_frames); - copy->nonretransmittable_frames.clear(); + DCHECK(copy->nonretransmittable_frames.empty()); for (const auto& frame : serialized.nonretransmittable_frames) { if (frame.type == ACK_FRAME) { copy->has_ack_frame_copy = true; @@ -509,27 +537,8 @@ SerializedPacket* CopySerializedPacket(const SerializedPacket& serialized, return copy; } -void ClearSerializedPacket(SerializedPacket* serialized_packet) { - if (!serialized_packet->retransmittable_frames.empty()) { - DeleteFrames(&serialized_packet->retransmittable_frames); - } - for (auto& frame : serialized_packet->nonretransmittable_frames) { - if (!serialized_packet->has_ack_frame_copy && frame.type == ACK_FRAME) { - // Do not delete ack frame if the packet does not own a copy of it. - continue; - } - DeleteFrame(&frame); - } - serialized_packet->nonretransmittable_frames.clear(); - serialized_packet->encrypted_buffer = nullptr; - serialized_packet->encrypted_length = 0; - serialized_packet->largest_acked.Clear(); -} - char* CopyBuffer(const SerializedPacket& packet) { - char* dst_buffer = new char[packet.encrypted_length]; - memcpy(dst_buffer, packet.encrypted_buffer, packet.encrypted_length); - return dst_buffer; + return CopyBuffer(packet.encrypted_buffer, packet.encrypted_length); } char* CopyBuffer(const char* encrypted_buffer, diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_packets.h b/chromium/net/third_party/quiche/src/quic/core/quic_packets.h index e8e1931b975..04522e8538b 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_packets.h +++ b/chromium/net/third_party/quiche/src/quic/core/quic_packets.h @@ -357,6 +357,13 @@ class QUIC_EXPORT_PRIVATE QuicReceivedPacket : public QuicEncryptedPacket { bool owns_header_buffer_; }; +// SerializedPacket contains information of a serialized(encrypted) packet. +// +// WARNING: +// +// If you add a member field to this class, please make sure it is properly +// copied in |CopySerializedPacket|. +// struct QUIC_EXPORT_PRIVATE SerializedPacket { SerializedPacket(QuicPacketNumber packet_number, QuicPacketNumberLength packet_number_length, @@ -364,14 +371,20 @@ struct QUIC_EXPORT_PRIVATE SerializedPacket { QuicPacketLength encrypted_length, bool has_ack, bool has_stop_waiting); - SerializedPacket(const SerializedPacket& other); - SerializedPacket& operator=(const SerializedPacket& other); + + // Copy constructor & assignment are deleted. Use |CopySerializedPacket| to + // make a copy. + SerializedPacket(const SerializedPacket& other) = delete; + SerializedPacket& operator=(const SerializedPacket& other) = delete; SerializedPacket(SerializedPacket&& other); ~SerializedPacket(); - // Not owned. + // Not owned if |release_encrypted_buffer| is nullptr. Otherwise it is + // released by |release_encrypted_buffer| on destruction. const char* encrypted_buffer; QuicPacketLength encrypted_length; + std::function<void(const char*)> release_encrypted_buffer; + QuicFrames retransmittable_frames; QuicFrames nonretransmittable_frames; IsHandshake has_crypto_handshake; @@ -401,10 +414,6 @@ QUIC_EXPORT_PRIVATE SerializedPacket* CopySerializedPacket( QuicBufferAllocator* allocator, bool copy_buffer); -// Deletes and clears all the frames and the packet from serialized packet. -QUIC_EXPORT_PRIVATE void ClearSerializedPacket( - SerializedPacket* serialized_packet); - // Allocates a new char[] of size |packet.encrypted_length| and copies in // |packet.encrypted_buffer|. QUIC_EXPORT_PRIVATE char* CopyBuffer(const SerializedPacket& packet); @@ -413,21 +422,6 @@ QUIC_EXPORT_PRIVATE char* CopyBuffer(const SerializedPacket& packet); QUIC_EXPORT_PRIVATE char* CopyBuffer(const char* encrypted_buffer, QuicPacketLength encrypted_length); -struct QUIC_EXPORT_PRIVATE SerializedPacketDeleter { - void operator()(SerializedPacket* packet) { - if (packet->encrypted_buffer != nullptr) { - delete[] packet->encrypted_buffer; - } - delete packet; - } -}; - -// On destruction, OwningSerializedPacketPointer deletes a packet's (on-heap) -// encrypted_buffer before deleting the (also on-heap) packet itself. -// TODO(wub): Maybe delete retransmittable_frames too? -typedef std::unique_ptr<SerializedPacket, SerializedPacketDeleter> - OwningSerializedPacketPointer; - // Context for an incoming packet. struct QUIC_EXPORT_PRIVATE QuicPerPacketContext { virtual ~QuicPerPacketContext() {} diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_packets_test.cc b/chromium/net/third_party/quiche/src/quic/core/quic_packets_test.cc index 1ccaabc0a32..b2bccbeeb72 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_packets_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_packets_test.cc @@ -106,10 +106,6 @@ TEST_F(QuicPacketsTest, CopySerializedPacket) { CopySerializedPacket(packet, &allocator, /*copy_buffer=*/false)); EXPECT_EQ(packet.encrypted_buffer, copy2->encrypted_buffer); EXPECT_EQ(1000u, copy2->encrypted_length); - ClearSerializedPacket(&packet); - delete[] copy->encrypted_buffer; - ClearSerializedPacket(copy.get()); - ClearSerializedPacket(copy2.get()); } } // namespace diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_sent_packet_manager.cc b/chromium/net/third_party/quiche/src/quic/core/quic_sent_packet_manager.cc index 0de1dadf17c..92401b0db72 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_sent_packet_manager.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_sent_packet_manager.cc @@ -77,7 +77,7 @@ QuicSentPacketManager::QuicSentPacketManager( debug_delegate_(nullptr), network_change_visitor_(nullptr), initial_congestion_window_(kInitialCongestionWindow), - loss_algorithm_(GetInitialLossAlgorithm()), + loss_algorithm_(&uber_loss_algorithm_), consecutive_rto_count_(0), consecutive_tlp_count_(0), consecutive_crypto_retransmission_count_(0), @@ -98,7 +98,7 @@ QuicSentPacketManager::QuicSentPacketManager( QuicTime::Delta::FromMilliseconds(kDefaultDelayedAckTimeMs)), rtt_updated_(false), acked_packets_iter_(last_ack_frame_.packets.rbegin()), - pto_enabled_(false), + pto_enabled_(GetQuicReloadableFlag(quic_default_on_pto)), max_probe_packets_per_pto_(2), consecutive_pto_count_(0), handshake_mode_disabled_(false), @@ -112,10 +112,13 @@ QuicSentPacketManager::QuicSentPacketManager( first_pto_srtt_multiplier_(0), use_standard_deviation_for_pto_(false) { SetSendAlgorithm(congestion_control_type); -} - -LossDetectionInterface* QuicSentPacketManager::GetInitialLossAlgorithm() { - return &uber_loss_algorithm_; + if (pto_enabled_) { + QUIC_RELOADABLE_FLAG_COUNT_N(quic_default_on_pto, 1, 2); + // TODO(fayang): change the default values when deprecating + // quic_default_on_pto. + first_pto_srtt_multiplier_ = 1.5; + pto_rttvar_multiplier_ = 2; + } } QuicSentPacketManager::~QuicSentPacketManager() {} @@ -191,21 +194,13 @@ void QuicSentPacketManager::SetFromConfig(const QuicConfig& config) { QUIC_CODE_COUNT(two_aggressive_ptos); num_tlp_timeout_ptos_ = 2; } - if (GetQuicReloadableFlag(quic_arm_pto_with_earliest_sent_time)) { - if (config.HasClientSentConnectionOption(kPLE1, perspective) || - config.HasClientSentConnectionOption(kTLPR, perspective)) { - QUIC_RELOADABLE_FLAG_COUNT_N(quic_arm_pto_with_earliest_sent_time, 1, - 2); - first_pto_srtt_multiplier_ = 0.5; - } else if (config.HasClientSentConnectionOption(kPLE2, perspective)) { - QUIC_RELOADABLE_FLAG_COUNT_N(quic_arm_pto_with_earliest_sent_time, 2, - 2); - first_pto_srtt_multiplier_ = 1.5; - } + if (config.HasClientSentConnectionOption(kPLE1, perspective) || + config.HasClientSentConnectionOption(kTLPR, perspective)) { + first_pto_srtt_multiplier_ = 0.5; + } else if (config.HasClientSentConnectionOption(kPLE2, perspective)) { + first_pto_srtt_multiplier_ = 1.5; } - if (GetQuicReloadableFlag(quic_use_standard_deviation_for_pto) && - config.HasClientSentConnectionOption(kPSDA, perspective)) { - QUIC_RELOADABLE_FLAG_COUNT(quic_use_standard_deviation_for_pto); + if (config.HasClientSentConnectionOption(kPSDA, perspective)) { use_standard_deviation_for_pto_ = true; rtt_stats_.EnableStandardDeviationCalculation(); } @@ -227,9 +222,6 @@ void QuicSentPacketManager::SetFromConfig(const QuicConfig& config) { (GetQuicReloadableFlag(quic_default_to_bbr) && config.HasClientRequestedIndependentOption(kQBIC, perspective))) { SetSendAlgorithm(kCubicBytes); - } else if (GetQuicReloadableFlag(quic_enable_pcc3) && - config.HasClientRequestedIndependentOption(kTPCC, perspective)) { - SetSendAlgorithm(kPCC); } // Initial window. @@ -296,23 +288,25 @@ void QuicSentPacketManager::SetFromConfig(const QuicConfig& config) { uber_loss_algorithm_.EnableAdaptiveReorderingThreshold(); uber_loss_algorithm_.EnableAdaptiveTimeThreshold(); } - if (GetQuicReloadableFlag( - quic_skip_packet_threshold_loss_detection_with_runt) && - config.HasClientRequestedIndependentOption(kRUNT, perspective)) { - QUIC_RELOADABLE_FLAG_COUNT_N( - quic_skip_packet_threshold_loss_detection_with_runt, 1, 2); + if (config.HasClientRequestedIndependentOption(kRUNT, perspective)) { uber_loss_algorithm_.DisablePacketThresholdForRuntPackets(); } if (config.HasClientSentConnectionOption(kCONH, perspective)) { conservative_handshake_retransmits_ = true; } send_algorithm_->SetFromConfig(config, perspective); + loss_algorithm_->SetFromConfig(config, perspective); if (network_change_visitor_ != nullptr) { network_change_visitor_->OnCongestionChange(); } } +void QuicSentPacketManager::ApplyConnectionOptions( + const QuicTagVector& connection_options) { + send_algorithm_->ApplyConnectionOptions(connection_options); +} + void QuicSentPacketManager::ResumeConnectionState( const CachedNetworkParameters& cached_network_params, bool max_bandwidth_resumption) { @@ -345,8 +339,8 @@ void QuicSentPacketManager::AdjustNetworkParameters( send_algorithm_->AdjustNetworkParameters(params); if (debug_delegate_ != nullptr) { debug_delegate_->OnAdjustNetworkParameters( - bandwidth, rtt.IsZero() ? rtt_stats_.SmoothedOrInitialRtt() : rtt, - old_cwnd, send_algorithm_->GetCongestionWindow()); + bandwidth, rtt.IsZero() ? rtt_stats_.MinOrInitialRtt() : rtt, old_cwnd, + send_algorithm_->GetCongestionWindow()); } } @@ -862,8 +856,9 @@ void QuicSentPacketManager::MaybeSendProbePackets() { // Find out the packet number space to send probe packets. if (!GetEarliestPacketSentTimeForPto(&packet_number_space) .IsInitialized()) { - QUIC_BUG << "earlist_sent_time not initialized when trying to send PTO " - "retransmissions"; + QUIC_BUG_IF(unacked_packets_.perspective() == Perspective::IS_SERVER) + << "earlist_sent_time not initialized when trying to send PTO " + "retransmissions"; return; } } @@ -903,6 +898,12 @@ void QuicSentPacketManager::AdjustPendingTimerTransmissions() { } void QuicSentPacketManager::EnableIetfPtoAndLossDetection() { + if (pto_enabled_) { + QUIC_RELOADABLE_FLAG_COUNT_N(quic_default_on_pto, 2, 2); + // Disable handshake mode. + handshake_mode_disabled_ = true; + return; + } pto_enabled_ = true; handshake_mode_disabled_ = true; // Default to 1 packet per PTO and skip a packet number. Arm the 1st PTO with @@ -946,9 +947,17 @@ void QuicSentPacketManager::InvokeLossDetection(QuicTime time) { packets_acked_.back().packet_number); largest_newly_acked_ = packets_acked_.back().packet_number; } - loss_algorithm_->DetectLosses(unacked_packets_, time, rtt_stats_, - largest_newly_acked_, packets_acked_, - &packets_lost_); + LossDetectionInterface::DetectionStats detection_stats = + loss_algorithm_->DetectLosses(unacked_packets_, time, rtt_stats_, + largest_newly_acked_, packets_acked_, + &packets_lost_); + + if (detection_stats.sent_packets_max_sequence_reordering > + stats_->sent_packets_max_sequence_reordering) { + stats_->sent_packets_max_sequence_reordering = + detection_stats.sent_packets_max_sequence_reordering; + } + for (const LostPacket& packet : packets_lost_) { QuicTransmissionInfo* info = unacked_packets_.GetMutableTransmissionInfo(packet.packet_number); @@ -1085,8 +1094,12 @@ const QuicTime QuicSentPacketManager::GetRetransmissionTime() const { PacketNumberSpace packet_number_space = NUM_PACKET_NUMBER_SPACES; // earliest_right_edge is the earliest sent time of the last in flight // packet of all packet number spaces. - const QuicTime earliest_right_edge = + QuicTime earliest_right_edge = GetEarliestPacketSentTimeForPto(&packet_number_space); + if (!earliest_right_edge.IsInitialized()) { + // Arm PTO from now if there is no in flight packets. + earliest_right_edge = clock_->ApproximateNow(); + } if (first_pto_srtt_multiplier_ > 0 && packet_number_space == APPLICATION_DATA && consecutive_pto_count_ == 0) { @@ -1187,10 +1200,11 @@ const QuicTime::Delta QuicSentPacketManager::GetRetransmissionDelay() const { const QuicTime::Delta QuicSentPacketManager::GetProbeTimeoutDelay() const { DCHECK(pto_enabled_); if (rtt_stats_.smoothed_rtt().IsZero()) { - if (rtt_stats_.initial_rtt().IsZero()) { - return QuicTime::Delta::FromSeconds(1); - } - return 2 * rtt_stats_.initial_rtt(); + // Respect kMinHandshakeTimeoutMs to avoid a potential amplification attack. + QUIC_BUG_IF(rtt_stats_.initial_rtt().IsZero()); + return std::max(3 * rtt_stats_.initial_rtt(), + QuicTime::Delta::FromMilliseconds(kMinHandshakeTimeoutMs)) * + (1 << consecutive_pto_count_); } const QuicTime::Delta rtt_var = use_standard_deviation_for_pto_ ? rtt_stats_.GetStandardOrMeanDeviation() @@ -1411,9 +1425,12 @@ void QuicSentPacketManager::OnApplicationLimited() { } } -QuicTime QuicSentPacketManager::GetNextReleaseTime() const { - return using_pacing_ ? pacing_sender_.ideal_next_packet_send_time() - : QuicTime::Zero(); +NextReleaseTimeResult QuicSentPacketManager::GetNextReleaseTime() const { + if (!using_pacing_) { + return {QuicTime::Zero(), false}; + } + + return pacing_sender_.GetNextReleaseTime(); } void QuicSentPacketManager::SetInitialRtt(QuicTime::Delta rtt) { diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_sent_packet_manager.h b/chromium/net/third_party/quiche/src/quic/core/quic_sent_packet_manager.h index 5f1de705bb3..371fa814537 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_sent_packet_manager.h +++ b/chromium/net/third_party/quiche/src/quic/core/quic_sent_packet_manager.h @@ -120,6 +120,8 @@ class QUIC_EXPORT_PRIVATE QuicSentPacketManager { virtual void SetFromConfig(const QuicConfig& config); + void ApplyConnectionOptions(const QuicTagVector& connection_options); + // Pass the CachedNetworkParameters to the send algorithm. void ResumeConnectionState( const CachedNetworkParameters& cached_network_params, @@ -339,7 +341,7 @@ class QUIC_EXPORT_PRIVATE QuicSentPacketManager { unacked_packets_.SetSessionNotifier(session_notifier); } - QuicTime GetNextReleaseTime() const; + NextReleaseTimeResult GetNextReleaseTime() const; QuicPacketCount initial_congestion_window() const { return initial_congestion_window_; @@ -366,6 +368,10 @@ class QUIC_EXPORT_PRIVATE QuicSentPacketManager { return unacked_packets_; } + const UberLossAlgorithm* uber_loss_algorithm() const { + return &uber_loss_algorithm_; + } + // Sets the send algorithm to the given congestion control type and points the // pacing sender at |send_algorithm_|. Can be called any number of times. void SetSendAlgorithm(CongestionControlType congestion_control_type); @@ -490,9 +496,6 @@ class QUIC_EXPORT_PRIVATE QuicSentPacketManager { // Sets the initial RTT of the connection. void SetInitialRtt(QuicTime::Delta rtt); - // Should only be called from constructor. - LossDetectionInterface* GetInitialLossAlgorithm(); - // Called when handshake is confirmed to remove the retransmittable frames // from all packets of HANDSHAKE_DATA packet number space to ensure they don't // get retransmitted and will eventually be removed from unacked packets map. diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_sent_packet_manager_test.cc b/chromium/net/third_party/quiche/src/quic/core/quic_sent_packet_manager_test.cc index 98e6af0cfea..79fc798568b 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_sent_packet_manager_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_sent_packet_manager_test.cc @@ -43,14 +43,17 @@ MATCHER(PacketNumberEq, "") { class MockDebugDelegate : public QuicSentPacketManager::DebugDelegate { public: - MOCK_METHOD2(OnSpuriousPacketRetransmission, - void(TransmissionType transmission_type, - QuicByteCount byte_size)); - MOCK_METHOD4(OnPacketLoss, - void(QuicPacketNumber lost_packet_number, - EncryptionLevel encryption_level, - TransmissionType transmission_type, - QuicTime detection_time)); + MOCK_METHOD(void, + OnSpuriousPacketRetransmission, + (TransmissionType transmission_type, QuicByteCount byte_size), + (override)); + MOCK_METHOD(void, + OnPacketLoss, + (QuicPacketNumber lost_packet_number, + EncryptionLevel encryption_level, + TransmissionType transmission_type, + QuicTime detection_time), + (override)); }; class QuicSentPacketManagerTest : public QuicTest { @@ -105,8 +108,6 @@ class QuicSentPacketManagerTest : public QuicTest { EXPECT_CALL(*send_algorithm_, GetCongestionControlType()) .WillRepeatedly(Return(kInitialCongestionControlType)); - EXPECT_CALL(*send_algorithm_, HasReliableBandwidthEstimate()) - .Times(AnyNumber()); EXPECT_CALL(*send_algorithm_, BandwidthEstimate()) .Times(AnyNumber()) .WillRepeatedly(Return(QuicBandwidth::Zero())); @@ -526,7 +527,6 @@ TEST_F(QuicSentPacketManagerTest, // Since 1 has been retransmitted, it has already been lost, and so the // send algorithm is not informed that it has been ACK'd. ExpectUpdatedRtt(1); - EXPECT_CALL(*send_algorithm_, RevertRetransmissionTimeout()); manager_.OnAckFrameStart(QuicPacketNumber(1), QuicTime::Delta::Infinite(), clock_.Now()); manager_.OnAckRange(QuicPacketNumber(1), QuicPacketNumber(2)); @@ -622,6 +622,7 @@ TEST_F(QuicSentPacketManagerTest, RetransmitTwiceThenAckFirst) { EXPECT_EQ(1u, stats_.packets_spuriously_retransmitted); EXPECT_EQ(1u, stats_.packets_lost); EXPECT_LT(QuicTime::Delta::Zero(), stats_.total_loss_detection_time); + EXPECT_LE(1u, stats_.sent_packets_max_sequence_reordering); } TEST_F(QuicSentPacketManagerTest, AckOriginalTransmission) { @@ -826,6 +827,9 @@ TEST_F(QuicSentPacketManagerTest, RttZeroDelta) { } TEST_F(QuicSentPacketManagerTest, TailLossProbeTimeout) { + if (GetQuicReloadableFlag(quic_default_on_pto)) { + return; + } QuicSentPacketManagerPeer::SetMaxTailLossProbes(&manager_, 2); // Send 1 packet. @@ -886,6 +890,9 @@ TEST_F(QuicSentPacketManagerTest, TailLossProbeTimeout) { } TEST_F(QuicSentPacketManagerTest, TailLossProbeThenRTO) { + if (GetQuicReloadableFlag(quic_default_on_pto)) { + return; + } QuicSentPacketManagerPeer::SetMaxTailLossProbes(&manager_, 2); // Send 100 packets. @@ -1178,6 +1185,9 @@ TEST_F(QuicSentPacketManagerTest, } TEST_F(QuicSentPacketManagerTest, RetransmissionTimeout) { + if (GetQuicReloadableFlag(quic_default_on_pto)) { + return; + } StrictMock<MockDebugDelegate> debug_delegate; manager_.SetDebugDelegate(&debug_delegate); @@ -1225,6 +1235,9 @@ TEST_F(QuicSentPacketManagerTest, RetransmissionTimeout) { } TEST_F(QuicSentPacketManagerTest, RetransmissionTimeoutOnePacket) { + if (GetQuicReloadableFlag(quic_default_on_pto)) { + return; + } // Set the 1RTO connection option. QuicConfig client_config; QuicTagVector options; @@ -1259,6 +1272,9 @@ TEST_F(QuicSentPacketManagerTest, RetransmissionTimeoutOnePacket) { } TEST_F(QuicSentPacketManagerTest, NewRetransmissionTimeout) { + if (GetQuicReloadableFlag(quic_default_on_pto)) { + return; + } QuicConfig client_config; QuicTagVector options; options.push_back(kNRTO); @@ -1311,6 +1327,9 @@ TEST_F(QuicSentPacketManagerTest, NewRetransmissionTimeout) { } TEST_F(QuicSentPacketManagerTest, TwoRetransmissionTimeoutsAckSecond) { + if (GetQuicReloadableFlag(quic_default_on_pto)) { + return; + } // Send 1 packet. SendDataPacket(1); @@ -1342,6 +1361,9 @@ TEST_F(QuicSentPacketManagerTest, TwoRetransmissionTimeoutsAckSecond) { } TEST_F(QuicSentPacketManagerTest, TwoRetransmissionTimeoutsAckFirst) { + if (GetQuicReloadableFlag(quic_default_on_pto)) { + return; + } // Send 1 packet. SendDataPacket(1); @@ -1462,6 +1484,9 @@ TEST_F(QuicSentPacketManagerTest, } TEST_F(QuicSentPacketManagerTest, GetTransmissionTimeTailLossProbe) { + if (GetQuicReloadableFlag(quic_default_on_pto)) { + return; + } QuicSentPacketManagerPeer::SetMaxTailLossProbes(&manager_, 2); SendDataPacket(1); SendDataPacket(2); @@ -1495,6 +1520,9 @@ TEST_F(QuicSentPacketManagerTest, GetTransmissionTimeTailLossProbe) { } TEST_F(QuicSentPacketManagerTest, TLPRWithPendingStreamData) { + if (GetQuicReloadableFlag(quic_default_on_pto)) { + return; + } QuicConfig config; QuicTagVector options; @@ -1545,6 +1573,9 @@ TEST_F(QuicSentPacketManagerTest, TLPRWithPendingStreamData) { } TEST_F(QuicSentPacketManagerTest, TLPRWithoutPendingStreamData) { + if (GetQuicReloadableFlag(quic_default_on_pto)) { + return; + } QuicConfig config; QuicTagVector options; @@ -1593,6 +1624,9 @@ TEST_F(QuicSentPacketManagerTest, TLPRWithoutPendingStreamData) { } TEST_F(QuicSentPacketManagerTest, GetTransmissionTimeSpuriousRTO) { + if (GetQuicReloadableFlag(quic_default_on_pto)) { + return; + } RttStats* rtt_stats = const_cast<RttStats*>(manager_.GetRttStats()); rtt_stats->UpdateRtt(QuicTime::Delta::FromMilliseconds(100), QuicTime::Delta::Zero(), QuicTime::Zero()); @@ -1648,6 +1682,9 @@ TEST_F(QuicSentPacketManagerTest, GetTransmissionTimeSpuriousRTO) { } TEST_F(QuicSentPacketManagerTest, GetTransmissionDelayMin) { + if (GetQuicReloadableFlag(quic_default_on_pto)) { + return; + } SendDataPacket(1); // Provide a 1ms RTT sample. const_cast<RttStats*>(manager_.GetRttStats()) @@ -1670,6 +1707,9 @@ TEST_F(QuicSentPacketManagerTest, GetTransmissionDelayMin) { } TEST_F(QuicSentPacketManagerTest, GetTransmissionDelayMax) { + if (GetQuicReloadableFlag(quic_default_on_pto)) { + return; + } SendDataPacket(1); // Provide a 60s RTT sample. const_cast<RttStats*>(manager_.GetRttStats()) @@ -1681,6 +1721,9 @@ TEST_F(QuicSentPacketManagerTest, GetTransmissionDelayMax) { } TEST_F(QuicSentPacketManagerTest, GetTransmissionDelayExponentialBackoff) { + if (GetQuicReloadableFlag(quic_default_on_pto)) { + return; + } SendDataPacket(1); QuicTime::Delta delay = QuicTime::Delta::FromMilliseconds(500); @@ -1698,6 +1741,9 @@ TEST_F(QuicSentPacketManagerTest, GetTransmissionDelayExponentialBackoff) { } TEST_F(QuicSentPacketManagerTest, RetransmissionDelay) { + if (GetQuicReloadableFlag(quic_default_on_pto)) { + return; + } RttStats* rtt_stats = const_cast<RttStats*>(manager_.GetRttStats()); const int64_t kRttMs = 250; const int64_t kDeviationMs = 5; @@ -1959,6 +2005,9 @@ TEST_F(QuicSentPacketManagerTest, NegotiateClientCongestionControlFromOptions) { } TEST_F(QuicSentPacketManagerTest, NegotiateNoMinTLPFromOptionsAtServer) { + if (GetQuicReloadableFlag(quic_default_on_pto)) { + return; + } QuicConfig config; QuicTagVector options; @@ -1987,6 +2036,9 @@ TEST_F(QuicSentPacketManagerTest, NegotiateNoMinTLPFromOptionsAtServer) { } TEST_F(QuicSentPacketManagerTest, NegotiateNoMinTLPFromOptionsAtClient) { + if (GetQuicReloadableFlag(quic_default_on_pto)) { + return; + } QuicConfig client_config; QuicTagVector options; @@ -2015,6 +2067,9 @@ TEST_F(QuicSentPacketManagerTest, NegotiateNoMinTLPFromOptionsAtClient) { } TEST_F(QuicSentPacketManagerTest, NegotiateNoMinRTOFromOptionsAtServer) { + if (GetQuicReloadableFlag(quic_default_on_pto)) { + return; + } QuicConfig config; QuicTagVector options; @@ -2037,6 +2092,9 @@ TEST_F(QuicSentPacketManagerTest, NegotiateNoMinRTOFromOptionsAtServer) { } TEST_F(QuicSentPacketManagerTest, NegotiateNoMinRTOFromOptionsAtClient) { + if (GetQuicReloadableFlag(quic_default_on_pto)) { + return; + } QuicConfig client_config; QuicTagVector options; @@ -2060,6 +2118,9 @@ TEST_F(QuicSentPacketManagerTest, NegotiateNoMinRTOFromOptionsAtClient) { } TEST_F(QuicSentPacketManagerTest, NegotiateNoTLPFromOptionsAtServer) { + if (GetQuicReloadableFlag(quic_default_on_pto)) { + return; + } QuicConfig config; QuicTagVector options; @@ -2072,6 +2133,9 @@ TEST_F(QuicSentPacketManagerTest, NegotiateNoTLPFromOptionsAtServer) { } TEST_F(QuicSentPacketManagerTest, NegotiateNoTLPFromOptionsAtClient) { + if (GetQuicReloadableFlag(quic_default_on_pto)) { + return; + } QuicConfig client_config; QuicTagVector options; @@ -2085,6 +2149,9 @@ TEST_F(QuicSentPacketManagerTest, NegotiateNoTLPFromOptionsAtClient) { } TEST_F(QuicSentPacketManagerTest, Negotiate1TLPFromOptionsAtServer) { + if (GetQuicReloadableFlag(quic_default_on_pto)) { + return; + } QuicConfig config; QuicTagVector options; @@ -2097,6 +2164,9 @@ TEST_F(QuicSentPacketManagerTest, Negotiate1TLPFromOptionsAtServer) { } TEST_F(QuicSentPacketManagerTest, Negotiate1TLPFromOptionsAtClient) { + if (GetQuicReloadableFlag(quic_default_on_pto)) { + return; + } QuicConfig client_config; QuicTagVector options; @@ -2110,6 +2180,9 @@ TEST_F(QuicSentPacketManagerTest, Negotiate1TLPFromOptionsAtClient) { } TEST_F(QuicSentPacketManagerTest, NegotiateTLPRttFromOptionsAtServer) { + if (GetQuicReloadableFlag(quic_default_on_pto)) { + return; + } QuicConfig config; QuicTagVector options; @@ -2123,6 +2196,9 @@ TEST_F(QuicSentPacketManagerTest, NegotiateTLPRttFromOptionsAtServer) { } TEST_F(QuicSentPacketManagerTest, NegotiateTLPRttFromOptionsAtClient) { + if (GetQuicReloadableFlag(quic_default_on_pto)) { + return; + } QuicConfig client_config; QuicTagVector options; @@ -2137,6 +2213,9 @@ TEST_F(QuicSentPacketManagerTest, NegotiateTLPRttFromOptionsAtClient) { } TEST_F(QuicSentPacketManagerTest, NegotiateNewRTOFromOptionsAtServer) { + if (GetQuicReloadableFlag(quic_default_on_pto)) { + return; + } EXPECT_FALSE(QuicSentPacketManagerPeer::GetUseNewRto(&manager_)); QuicConfig config; QuicTagVector options; @@ -2150,6 +2229,9 @@ TEST_F(QuicSentPacketManagerTest, NegotiateNewRTOFromOptionsAtServer) { } TEST_F(QuicSentPacketManagerTest, NegotiateNewRTOFromOptionsAtClient) { + if (GetQuicReloadableFlag(quic_default_on_pto)) { + return; + } EXPECT_FALSE(QuicSentPacketManagerPeer::GetUseNewRto(&manager_)); QuicConfig client_config; QuicTagVector options; @@ -2531,6 +2613,9 @@ TEST_F(QuicSentPacketManagerTest, // Regression test for b/133771183. TEST_F(QuicSentPacketManagerTest, PacketInLimbo) { + if (GetQuicReloadableFlag(quic_default_on_pto)) { + return; + } QuicSentPacketManagerPeer::SetMaxTailLossProbes(&manager_, 2); // Send SHLO. SendCryptoPacket(1); @@ -2583,6 +2668,9 @@ TEST_F(QuicSentPacketManagerTest, PacketInLimbo) { } TEST_F(QuicSentPacketManagerTest, RtoFiresNoPacketToRetransmit) { + if (GetQuicReloadableFlag(quic_default_on_pto)) { + return; + } // Send 10 packets. for (size_t i = 1; i <= 10; ++i) { SendDataPacket(i); @@ -2619,21 +2707,28 @@ TEST_F(QuicSentPacketManagerTest, ComputingProbeTimeout) { SendDataPacket(1, ENCRYPTION_FORWARD_SECURE); // Verify PTO is correctly set. + int pto_rttvar_multiplier = + GetQuicReloadableFlag(quic_default_on_pto) ? 2 : 4; QuicTime::Delta expected_pto_delay = - srtt + 4 * rtt_stats->mean_deviation() + + srtt + pto_rttvar_multiplier * rtt_stats->mean_deviation() + QuicTime::Delta::FromMilliseconds(kDefaultDelayedAckTimeMs); + QuicTime packet1_sent_time = clock_.Now(); EXPECT_EQ(clock_.Now() + expected_pto_delay, manager_.GetRetransmissionTime()); clock_.AdvanceTime(QuicTime::Delta::FromMilliseconds(10)); SendDataPacket(2, ENCRYPTION_FORWARD_SECURE); // Verify PTO is correctly set based on sent time of packet 2. - EXPECT_EQ(clock_.Now() + expected_pto_delay, - manager_.GetRetransmissionTime()); + QuicTime deadline = clock_.Now() + expected_pto_delay; + if (GetQuicReloadableFlag(quic_default_on_pto)) { + // Verify PTO is set based on left edge. + deadline = packet1_sent_time + expected_pto_delay; + } + EXPECT_EQ(deadline, manager_.GetRetransmissionTime()); EXPECT_EQ(0u, stats_.pto_count); // Invoke PTO. - clock_.AdvanceTime(expected_pto_delay); + clock_.AdvanceTime(deadline - clock_.Now()); manager_.OnRetransmissionTimeout(); EXPECT_EQ(QuicTime::Delta::Zero(), manager_.TimeUntilSend(clock_.Now())); EXPECT_EQ(1u, stats_.pto_count); @@ -2664,7 +2759,7 @@ TEST_F(QuicSentPacketManagerTest, ComputingProbeTimeout) { ENCRYPTION_FORWARD_SECURE)); expected_pto_delay = rtt_stats->SmoothedOrInitialRtt() + - std::max(4 * rtt_stats->mean_deviation(), + std::max(pto_rttvar_multiplier * rtt_stats->mean_deviation(), QuicTime::Delta::FromMilliseconds(1)) + QuicTime::Delta::FromMilliseconds(kDefaultDelayedAckTimeMs); @@ -2680,6 +2775,7 @@ TEST_F(QuicSentPacketManagerTest, SendOneProbePacket) { .WillRepeatedly(Return(10 * kDefaultTCPMSS)); SendDataPacket(1, ENCRYPTION_FORWARD_SECURE); + QuicTime packet1_sent_time = clock_.Now(); clock_.AdvanceTime(QuicTime::Delta::FromMilliseconds(10)); SendDataPacket(2, ENCRYPTION_FORWARD_SECURE); @@ -2688,14 +2784,20 @@ TEST_F(QuicSentPacketManagerTest, SendOneProbePacket) { QuicTime::Delta::Zero(), QuicTime::Zero()); QuicTime::Delta srtt = rtt_stats->smoothed_rtt(); // Verify PTO period is correctly set. + int pto_rttvar_multiplier = + GetQuicReloadableFlag(quic_default_on_pto) ? 2 : 4; QuicTime::Delta expected_pto_delay = - srtt + 4 * rtt_stats->mean_deviation() + + srtt + pto_rttvar_multiplier * rtt_stats->mean_deviation() + QuicTime::Delta::FromMilliseconds(kDefaultDelayedAckTimeMs); - EXPECT_EQ(clock_.Now() + expected_pto_delay, - manager_.GetRetransmissionTime()); + QuicTime deadline = clock_.Now() + expected_pto_delay; + if (GetQuicReloadableFlag(quic_default_on_pto)) { + // Verify PTO is set based on left edge. + deadline = packet1_sent_time + expected_pto_delay; + } + EXPECT_EQ(deadline, manager_.GetRetransmissionTime()); // Invoke PTO. - clock_.AdvanceTime(expected_pto_delay); + clock_.AdvanceTime(deadline - clock_.Now()); manager_.OnRetransmissionTimeout(); EXPECT_EQ(QuicTime::Delta::Zero(), manager_.TimeUntilSend(clock_.Now())); @@ -2773,9 +2875,12 @@ TEST_F(QuicSentPacketManagerTest, PtoTimeoutIncludesMaxAckDelay) { QuicTime::Delta srtt = rtt_stats->smoothed_rtt(); SendDataPacket(1, ENCRYPTION_FORWARD_SECURE); + QuicTime packet1_sent_time = clock_.Now(); // Verify PTO is correctly set and ack delay is included. + int pto_rttvar_multiplier = + GetQuicReloadableFlag(quic_default_on_pto) ? 2 : 4; QuicTime::Delta expected_pto_delay = - srtt + 4 * rtt_stats->mean_deviation() + + srtt + pto_rttvar_multiplier * rtt_stats->mean_deviation() + QuicTime::Delta::FromMilliseconds(kDefaultDelayedAckTimeMs); EXPECT_EQ(clock_.Now() + expected_pto_delay, manager_.GetRetransmissionTime()); @@ -2786,12 +2891,15 @@ TEST_F(QuicSentPacketManagerTest, PtoTimeoutIncludesMaxAckDelay) { // not included as an immediate ACK is expected. expected_pto_delay = expected_pto_delay - QuicTime::Delta::FromMilliseconds( kDefaultDelayedAckTimeMs); - EXPECT_EQ(clock_.Now() + expected_pto_delay, - manager_.GetRetransmissionTime()); + QuicTime deadline = clock_.Now() + expected_pto_delay; + if (GetQuicReloadableFlag(quic_default_on_pto)) { + deadline = packet1_sent_time + expected_pto_delay; + } + EXPECT_EQ(deadline, manager_.GetRetransmissionTime()); EXPECT_EQ(0u, stats_.pto_count); // Invoke PTO. - clock_.AdvanceTime(expected_pto_delay); + clock_.AdvanceTime(deadline - clock_.Now()); manager_.OnRetransmissionTimeout(); EXPECT_EQ(QuicTime::Delta::Zero(), manager_.TimeUntilSend(clock_.Now())); EXPECT_EQ(1u, stats_.pto_count); @@ -2819,7 +2927,7 @@ TEST_F(QuicSentPacketManagerTest, PtoTimeoutIncludesMaxAckDelay) { ENCRYPTION_FORWARD_SECURE)); expected_pto_delay = rtt_stats->SmoothedOrInitialRtt() + - std::max(4 * rtt_stats->mean_deviation(), + std::max(pto_rttvar_multiplier * rtt_stats->mean_deviation(), QuicTime::Delta::FromMilliseconds(1)) + QuicTime::Delta::FromMilliseconds(kDefaultDelayedAckTimeMs); @@ -2853,7 +2961,7 @@ TEST_F(QuicSentPacketManagerTest, PtoTimeoutIncludesMaxAckDelay) { expected_pto_delay = rtt_stats->SmoothedOrInitialRtt() + - std::max(4 * rtt_stats->mean_deviation(), + std::max(pto_rttvar_multiplier * rtt_stats->mean_deviation(), QuicTime::Delta::FromMilliseconds(1)) + QuicTime::Delta::FromMilliseconds(kDefaultDelayedAckTimeMs); for (size_t i = 101; i < 110; i++) { @@ -2891,22 +2999,29 @@ TEST_F(QuicSentPacketManagerTest, StartExponentialBackoffSince2ndPto) { QuicTime::Delta srtt = rtt_stats->smoothed_rtt(); SendDataPacket(1, ENCRYPTION_FORWARD_SECURE); + QuicTime packet1_sent_time = clock_.Now(); // Verify PTO is correctly set. + int pto_rttvar_multiplier = + GetQuicReloadableFlag(quic_default_on_pto) ? 2 : 4; QuicTime::Delta expected_pto_delay = - srtt + 4 * rtt_stats->mean_deviation() + + srtt + pto_rttvar_multiplier * rtt_stats->mean_deviation() + QuicTime::Delta::FromMilliseconds(kDefaultDelayedAckTimeMs); - EXPECT_EQ(clock_.Now() + expected_pto_delay, + EXPECT_EQ(packet1_sent_time + expected_pto_delay, manager_.GetRetransmissionTime()); clock_.AdvanceTime(QuicTime::Delta::FromMilliseconds(10)); SendDataPacket(2, ENCRYPTION_FORWARD_SECURE); // Verify PTO is correctly set based on sent time of packet 2. - EXPECT_EQ(clock_.Now() + expected_pto_delay, - manager_.GetRetransmissionTime()); + QuicTime deadline = clock_.Now() + expected_pto_delay; + if (GetQuicReloadableFlag(quic_default_on_pto)) { + // Verify PTO is set based on left edge. + deadline = packet1_sent_time + expected_pto_delay; + } + EXPECT_EQ(deadline, manager_.GetRetransmissionTime()); EXPECT_EQ(0u, stats_.pto_count); // Invoke PTO. - clock_.AdvanceTime(expected_pto_delay); + clock_.AdvanceTime(deadline - clock_.Now()); manager_.OnRetransmissionTimeout(); EXPECT_EQ(QuicTime::Delta::Zero(), manager_.TimeUntilSend(clock_.Now())); EXPECT_EQ(1u, stats_.pto_count); @@ -3017,6 +3132,9 @@ TEST_F(QuicSentPacketManagerTest, PtoTimeoutRttVarMultiple) { // Regression test for b/143962153 TEST_F(QuicSentPacketManagerTest, RtoNotInFlightPacket) { + if (GetQuicReloadableFlag(quic_default_on_pto)) { + return; + } QuicSentPacketManagerPeer::SetMaxTailLossProbes(&manager_, 2); // Send SHLO. QuicStreamFrame crypto_frame(1, false, 0, quiche::QuicheStringPiece()); @@ -3094,8 +3212,10 @@ TEST_F(QuicSentPacketManagerTest, Aggressive1Pto) { // Verify PTO period gets set correctly. QuicTime sent_time = clock_.Now(); + int pto_rttvar_multiplier = + GetQuicReloadableFlag(quic_default_on_pto) ? 2 : 4; expected_pto_delay = - srtt + 4 * rtt_stats->mean_deviation() + + srtt + pto_rttvar_multiplier * rtt_stats->mean_deviation() + QuicTime::Delta::FromMilliseconds(kDefaultDelayedAckTimeMs); EXPECT_EQ(sent_time + expected_pto_delay * 2, manager_.GetRetransmissionTime()); @@ -3156,8 +3276,10 @@ TEST_F(QuicSentPacketManagerTest, Aggressive2Ptos) { RetransmitDataPacket(5, type, ENCRYPTION_FORWARD_SECURE); }))); manager_.MaybeSendProbePackets(); + int pto_rttvar_multiplier = + GetQuicReloadableFlag(quic_default_on_pto) ? 2 : 4; expected_pto_delay = - srtt + 4 * rtt_stats->mean_deviation() + + srtt + pto_rttvar_multiplier * rtt_stats->mean_deviation() + QuicTime::Delta::FromMilliseconds(kDefaultDelayedAckTimeMs); // Verify PTO period gets set correctly. @@ -3195,8 +3317,10 @@ TEST_F(QuicSentPacketManagerTest, ClientMultiplePacketNumberSpacePtoTimeout) { // Send packet 1. SendDataPacket(1, ENCRYPTION_INITIAL); // Verify PTO is correctly set. + int pto_rttvar_multiplier = + GetQuicReloadableFlag(quic_default_on_pto) ? 2 : 4; QuicTime::Delta expected_pto_delay = - srtt + 4 * rtt_stats->mean_deviation() + + srtt + pto_rttvar_multiplier * rtt_stats->mean_deviation() + QuicTime::Delta::FromMilliseconds(kDefaultDelayedAckTimeMs); EXPECT_EQ(clock_.Now() + expected_pto_delay, manager_.GetRetransmissionTime()); @@ -3284,8 +3408,10 @@ TEST_F(QuicSentPacketManagerTest, ServerMultiplePacketNumberSpacePtoTimeout) { SendDataPacket(1, ENCRYPTION_INITIAL); const QuicTime packet1_sent_time = clock_.Now(); // Verify PTO is correctly set. + int pto_rttvar_multiplier = + GetQuicReloadableFlag(quic_default_on_pto) ? 2 : 4; QuicTime::Delta expected_pto_delay = - srtt + 4 * rtt_stats->mean_deviation() + + srtt + pto_rttvar_multiplier * rtt_stats->mean_deviation() + QuicTime::Delta::FromMilliseconds(kDefaultDelayedAckTimeMs); EXPECT_EQ(packet1_sent_time + expected_pto_delay, manager_.GetRetransmissionTime()); @@ -3326,7 +3452,6 @@ TEST_F(QuicSentPacketManagerTest, ServerMultiplePacketNumberSpacePtoTimeout) { } TEST_F(QuicSentPacketManagerTest, ComputingProbeTimeoutByLeftEdge) { - SetQuicReloadableFlag(quic_arm_pto_with_earliest_sent_time, true); EnablePto(k1PTO); // Use PTOS and PLE1. QuicConfig config; @@ -3350,8 +3475,10 @@ TEST_F(QuicSentPacketManagerTest, ComputingProbeTimeoutByLeftEdge) { SendDataPacket(1, ENCRYPTION_FORWARD_SECURE); // Verify PTO is correctly set. + int pto_rttvar_multiplier = + GetQuicReloadableFlag(quic_default_on_pto) ? 2 : 4; QuicTime::Delta expected_pto_delay = - srtt + 4 * rtt_stats->mean_deviation() + + srtt + pto_rttvar_multiplier * rtt_stats->mean_deviation() + QuicTime::Delta::FromMilliseconds(kDefaultDelayedAckTimeMs); const QuicTime packet1_sent_time = clock_.Now(); EXPECT_EQ(packet1_sent_time + expected_pto_delay, @@ -3391,7 +3518,7 @@ TEST_F(QuicSentPacketManagerTest, ComputingProbeTimeoutByLeftEdge) { ENCRYPTION_FORWARD_SECURE)); expected_pto_delay = rtt_stats->SmoothedOrInitialRtt() + - std::max(4 * rtt_stats->mean_deviation(), + std::max(pto_rttvar_multiplier * rtt_stats->mean_deviation(), QuicTime::Delta::FromMilliseconds(1)) + QuicTime::Delta::FromMilliseconds(kDefaultDelayedAckTimeMs); @@ -3401,7 +3528,6 @@ TEST_F(QuicSentPacketManagerTest, ComputingProbeTimeoutByLeftEdge) { } TEST_F(QuicSentPacketManagerTest, ComputingProbeTimeoutByLeftEdge2) { - SetQuicReloadableFlag(quic_arm_pto_with_earliest_sent_time, true); EnablePto(k1PTO); // Use PTOS and PLE2. QuicConfig config; @@ -3425,8 +3551,10 @@ TEST_F(QuicSentPacketManagerTest, ComputingProbeTimeoutByLeftEdge2) { SendDataPacket(1, ENCRYPTION_FORWARD_SECURE); // Verify PTO is correctly set. + int pto_rttvar_multiplier = + GetQuicReloadableFlag(quic_default_on_pto) ? 2 : 4; QuicTime::Delta expected_pto_delay = - srtt + 4 * rtt_stats->mean_deviation() + + srtt + pto_rttvar_multiplier * rtt_stats->mean_deviation() + QuicTime::Delta::FromMilliseconds(kDefaultDelayedAckTimeMs); const QuicTime packet1_sent_time = clock_.Now(); EXPECT_EQ(packet1_sent_time + expected_pto_delay, @@ -3456,7 +3584,7 @@ TEST_F(QuicSentPacketManagerTest, ComputingProbeTimeoutByLeftEdge2) { // Verify PTO period gets set to twice the expected value and based on // packet3 (right edge). expected_pto_delay = - srtt + 4 * rtt_stats->mean_deviation() + + srtt + pto_rttvar_multiplier * rtt_stats->mean_deviation() + QuicTime::Delta::FromMilliseconds(kDefaultDelayedAckTimeMs); QuicTime packet3_sent_time = clock_.Now(); EXPECT_EQ(packet3_sent_time + expected_pto_delay * 2, @@ -3473,7 +3601,7 @@ TEST_F(QuicSentPacketManagerTest, ComputingProbeTimeoutByLeftEdge2) { ENCRYPTION_FORWARD_SECURE)); expected_pto_delay = rtt_stats->SmoothedOrInitialRtt() + - std::max(4 * rtt_stats->mean_deviation(), + std::max(pto_rttvar_multiplier * rtt_stats->mean_deviation(), QuicTime::Delta::FromMilliseconds(1)) + QuicTime::Delta::FromMilliseconds(kDefaultDelayedAckTimeMs); @@ -3484,7 +3612,6 @@ TEST_F(QuicSentPacketManagerTest, ComputingProbeTimeoutByLeftEdge2) { } TEST_F(QuicSentPacketManagerTest, ComputingProbeTimeoutUsingStandardDeviation) { - SetQuicReloadableFlag(quic_use_standard_deviation_for_pto, true); EnablePto(k1PTO); // Use PTOS and PSDA. QuicConfig config; @@ -3514,8 +3641,10 @@ TEST_F(QuicSentPacketManagerTest, ComputingProbeTimeoutUsingStandardDeviation) { SendDataPacket(1, ENCRYPTION_FORWARD_SECURE); // Verify PTO is correctly set using standard deviation. + int pto_rttvar_multiplier = + GetQuicReloadableFlag(quic_default_on_pto) ? 2 : 4; QuicTime::Delta expected_pto_delay = - srtt + 4 * rtt_stats->GetStandardOrMeanDeviation() + + srtt + pto_rttvar_multiplier * rtt_stats->GetStandardOrMeanDeviation() + QuicTime::Delta::FromMilliseconds(kDefaultDelayedAckTimeMs); EXPECT_EQ(clock_.Now() + expected_pto_delay, manager_.GetRetransmissionTime()); @@ -3523,7 +3652,6 @@ TEST_F(QuicSentPacketManagerTest, ComputingProbeTimeoutUsingStandardDeviation) { TEST_F(QuicSentPacketManagerTest, ComputingProbeTimeoutByLeftEdgeMultiplePacketNumberSpaces) { - SetQuicReloadableFlag(quic_arm_pto_with_earliest_sent_time, true); manager_.EnableMultiplePacketNumberSpacesSupport(); EnablePto(k1PTO); // Use PTOS and PLE1. @@ -3550,8 +3678,10 @@ TEST_F(QuicSentPacketManagerTest, SendDataPacket(1, ENCRYPTION_INITIAL); const QuicTime packet1_sent_time = clock_.Now(); // Verify PTO is correctly set. + int pto_rttvar_multiplier = + GetQuicReloadableFlag(quic_default_on_pto) ? 2 : 4; QuicTime::Delta expected_pto_delay = - srtt + 4 * rtt_stats->mean_deviation() + + srtt + pto_rttvar_multiplier * rtt_stats->mean_deviation() + QuicTime::Delta::FromMilliseconds(kDefaultDelayedAckTimeMs); EXPECT_EQ(packet1_sent_time + expected_pto_delay, manager_.GetRetransmissionTime()); @@ -3599,7 +3729,6 @@ TEST_F(QuicSentPacketManagerTest, TEST_F(QuicSentPacketManagerTest, ComputingProbeTimeoutByLeftEdge2MultiplePacketNumberSpaces) { - SetQuicReloadableFlag(quic_arm_pto_with_earliest_sent_time, true); manager_.EnableMultiplePacketNumberSpacesSupport(); EnablePto(k1PTO); // Use PTOS and PLE2. @@ -3626,8 +3755,10 @@ TEST_F(QuicSentPacketManagerTest, SendDataPacket(1, ENCRYPTION_INITIAL); const QuicTime packet1_sent_time = clock_.Now(); // Verify PTO is correctly set. + int pto_rttvar_multiplier = + GetQuicReloadableFlag(quic_default_on_pto) ? 2 : 4; QuicTime::Delta expected_pto_delay = - srtt + 4 * rtt_stats->mean_deviation() + + srtt + pto_rttvar_multiplier * rtt_stats->mean_deviation() + QuicTime::Delta::FromMilliseconds(kDefaultDelayedAckTimeMs); EXPECT_EQ(packet1_sent_time + expected_pto_delay, manager_.GetRetransmissionTime()); @@ -3722,8 +3853,6 @@ TEST_F(QuicSentPacketManagerTest, NoPacketThresholdDetectionForRuntPackets) { EXPECT_TRUE( QuicSentPacketManagerPeer::UsePacketThresholdForRuntPackets(&manager_)); - SetQuicReloadableFlag(quic_skip_packet_threshold_loss_detection_with_runt, - true); QuicConfig config; QuicTagVector options; options.push_back(kRUNT); @@ -3779,6 +3908,96 @@ TEST_F(QuicSentPacketManagerTest, GetPathDegradingDelay) { EXPECT_EQ(expected_delay, manager_.GetPathDegradingDelay()); } +// Regression test for b/154050235. +TEST_F(QuicSentPacketManagerTest, ExponentialBackoffWithNoRttMeasurement) { + QuicSentPacketManagerPeer::SetPerspective(&manager_, Perspective::IS_CLIENT); + manager_.EnableIetfPtoAndLossDetection(); + RttStats* rtt_stats = const_cast<RttStats*>(manager_.GetRttStats()); + EXPECT_EQ(QuicTime::Delta::FromMilliseconds(kInitialRttMs), + rtt_stats->initial_rtt()); + EXPECT_TRUE(rtt_stats->smoothed_rtt().IsZero()); + + SendCryptoPacket(1); + QuicTime::Delta expected_pto_delay = + QuicTime::Delta::FromMilliseconds(3 * kInitialRttMs); + EXPECT_EQ(clock_.Now() + expected_pto_delay, + manager_.GetRetransmissionTime()); + + // Invoke PTO. + clock_.AdvanceTime(expected_pto_delay); + manager_.OnRetransmissionTimeout(); + + EXPECT_CALL(notifier_, RetransmitFrames(_, _)) + .WillOnce(WithArgs<1>(Invoke([this]() { RetransmitCryptoPacket(3); }))); + manager_.MaybeSendProbePackets(); + if (GetQuicReloadableFlag(quic_default_on_pto)) { + manager_.AdjustPendingTimerTransmissions(); + } + // Verify exponential backoff of the PTO timeout. + EXPECT_EQ(clock_.Now() + 2 * expected_pto_delay, + manager_.GetRetransmissionTime()); +} + +TEST_F(QuicSentPacketManagerTest, PtoDelayWithTinyInitialRtt) { + manager_.EnableIetfPtoAndLossDetection(); + RttStats* rtt_stats = const_cast<RttStats*>(manager_.GetRttStats()); + // Assume client provided a tiny initial RTT. + rtt_stats->set_initial_rtt(QuicTime::Delta::FromMicroseconds(1)); + EXPECT_EQ(QuicTime::Delta::FromMicroseconds(1), rtt_stats->initial_rtt()); + EXPECT_TRUE(rtt_stats->smoothed_rtt().IsZero()); + + SendCryptoPacket(1); + QuicTime::Delta expected_pto_delay = QuicTime::Delta::FromMilliseconds(10); + // Verify kMinHandshakeTimeoutMs is respected. + EXPECT_EQ(clock_.Now() + expected_pto_delay, + manager_.GetRetransmissionTime()); + + // Invoke PTO. + clock_.AdvanceTime(expected_pto_delay); + manager_.OnRetransmissionTimeout(); + + EXPECT_CALL(notifier_, RetransmitFrames(_, _)) + .WillOnce(WithArgs<1>(Invoke([this]() { RetransmitCryptoPacket(3); }))); + manager_.MaybeSendProbePackets(); + if (GetQuicReloadableFlag(quic_default_on_pto)) { + manager_.AdjustPendingTimerTransmissions(); + } + // Verify exponential backoff of the PTO timeout. + EXPECT_EQ(clock_.Now() + 2 * expected_pto_delay, + manager_.GetRetransmissionTime()); +} + +TEST_F(QuicSentPacketManagerTest, HandshakeAckCausesInitialKeyDropping) { + manager_.EnableMultiplePacketNumberSpacesSupport(); + QuicSentPacketManagerPeer::SetPerspective(&manager_, Perspective::IS_CLIENT); + // Send INITIAL packet 1. + SendDataPacket(1, ENCRYPTION_INITIAL); + QuicTime::Delta expected_pto_delay = + QuicTime::Delta::FromMilliseconds(3 * kInitialRttMs); + EXPECT_EQ(clock_.Now() + expected_pto_delay, + manager_.GetRetransmissionTime()); + // Send HANDSHAKE ack. + clock_.AdvanceTime(QuicTime::Delta::FromMilliseconds(10)); + SendAckPacket(2, /*largest_acked=*/1, ENCRYPTION_HANDSHAKE); + // Sending HANDSHAKE packet causes dropping of INITIAL key. + EXPECT_CALL(notifier_, HasUnackedCryptoData()).WillRepeatedly(Return(false)); + EXPECT_CALL(notifier_, IsFrameOutstanding(_)).WillRepeatedly(Return(false)); + manager_.NeuterUnencryptedPackets(); + // There is no in flight packets. + EXPECT_FALSE(manager_.HasInFlightPackets()); + // Verify PTO timer gets rearmed from now because of anti-amplification. + EXPECT_EQ(clock_.Now() + expected_pto_delay, + manager_.GetRetransmissionTime()); + + // Invoke PTO. + clock_.AdvanceTime(expected_pto_delay); + manager_.OnRetransmissionTimeout(); + // Verify nothing to probe (and connection will send PING for current + // encryption level). + EXPECT_CALL(notifier_, RetransmitFrames(_, _)).Times(0); + manager_.MaybeSendProbePackets(); +} + } // namespace } // namespace test } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_session.cc b/chromium/net/third_party/quiche/src/quic/core/quic_session.cc index 5376bfdddde..0f00ff3843d 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_session.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_session.cc @@ -45,24 +45,6 @@ class ClosedStreamsCleanUpDelegate : public QuicAlarm::Delegate { QuicSession* session_; }; -// TODO(renjietang): remove this function once -// gfe2_reloadable_flag_quic_write_with_transmission is deprecated. -void CountTransmissionTypeFlag(TransmissionType type) { - switch (type) { - case NOT_RETRANSMISSION: - QUIC_RELOADABLE_FLAG_COUNT_N(quic_write_with_transmission, 1, 4); - break; - case HANDSHAKE_RETRANSMISSION: - QUIC_RELOADABLE_FLAG_COUNT_N(quic_write_with_transmission, 2, 4); - break; - case LOSS_RETRANSMISSION: - QUIC_RELOADABLE_FLAG_COUNT_N(quic_write_with_transmission, 3, 4); - break; - default: - QUIC_RELOADABLE_FLAG_COUNT_N(quic_write_with_transmission, 4, 4); - } -} - } // namespace #define ENDPOINT \ @@ -93,6 +75,7 @@ QuicSession::QuicSession( num_expected_unidirectional_static_streams), num_dynamic_incoming_streams_(0), num_draining_incoming_streams_(0), + num_draining_outgoing_streams_(0), num_outgoing_static_streams_(0), num_incoming_static_streams_(0), num_locally_closed_incoming_streams_highest_offset_(0), @@ -117,11 +100,11 @@ QuicSession::QuicSession( supported_versions_(supported_versions), use_http2_priority_write_scheduler_(false), is_configured_(false), - num_expected_unidirectional_static_streams_( - num_expected_unidirectional_static_streams), enable_round_robin_scheduling_(false), - write_with_transmission_( - GetQuicReloadableFlag(quic_write_with_transmission)) { + deprecate_draining_streams_( + GetQuicReloadableFlag(quic_deprecate_draining_streams)), + break_close_loop_( + GetQuicReloadableFlag(quic_break_session_stream_close_loop)) { closed_streams_clean_up_alarm_ = QuicWrapUnique<QuicAlarm>(connection_->alarm_factory()->CreateAlarm( new ClosedStreamsCleanUpDelegate(this))); @@ -129,6 +112,14 @@ QuicSession::QuicSession( connection_->version().handshake_protocol == PROTOCOL_TLS1_3) { config_.SetStatelessResetTokenToSend(GetStatelessResetToken()); } + if (VersionHasIetfQuicFrames(transport_version())) { + config_.SetMaxUnidirectionalStreamsToSend( + config_.GetMaxUnidirectionalStreamsToSend() + + num_expected_unidirectional_static_streams); + } + if (break_close_loop_) { + QUIC_RELOADABLE_FLAG_COUNT(quic_break_session_stream_close_loop); + } } void QuicSession::Initialize() { @@ -301,6 +292,10 @@ void QuicSession::OnOneRttPacketAcknowledged() { GetMutableCryptoStream()->OnOneRttPacketAcknowledged(); } +void QuicSession::OnHandshakePacketSent() { + GetMutableCryptoStream()->OnHandshakePacketSent(); +} + void QuicSession::PendingStreamOnRstStream(const QuicRstStreamFrame& frame) { DCHECK(VersionUsesHttp3(transport_version())); QuicStreamId stream_id = frame.stream_id; @@ -398,11 +393,16 @@ void QuicSession::OnConnectionClosed(const QuicConnectionCloseFrame& frame, RecordConnectionCloseAtServer(frame.quic_error_code, source); } - if (on_closed_frame_.extracted_error_code == QUIC_NO_ERROR) { + if (on_closed_frame_.quic_error_code == QUIC_NO_ERROR) { // Save all of the connection close information on_closed_frame_ = frame; } + if (GetQuicReloadableFlag(quic_notify_handshaker_on_connection_close)) { + QUIC_RELOADABLE_FLAG_COUNT(quic_notify_handshaker_on_connection_close); + GetMutableCryptoStream()->OnConnectionClosed(frame.quic_error_code, source); + } + // Copy all non static streams in a new map for the ease of deleting. QuicSmallMap<QuicStreamId, QuicStream*, 10> non_static_streams; for (const auto& it : stream_map_) { @@ -431,8 +431,8 @@ void QuicSession::OnConnectionClosed(const QuicConnectionCloseFrame& frame, if (visitor_) { visitor_->OnConnectionClosed(connection_->connection_id(), - frame.extracted_error_code, - frame.error_details, source); + frame.quic_error_code, frame.error_details, + source); } } @@ -558,9 +558,6 @@ void QuicSession::OnCanWrite() { "write blocked."; return; } - if (!write_with_transmission_) { - SetTransmissionType(NOT_RETRANSMISSION); - } // We limit the number of writes to the number of pending streams. If more // streams become pending, WillingAndAbleToWrite will be true, which will // cause the connection to request resumption before yielding to other @@ -685,7 +682,7 @@ bool QuicSession::HasPendingHandshake() const { } uint64_t QuicSession::GetNumOpenDynamicStreams() const { - return stream_map_.size() - draining_streams_.size() + + return stream_map_.size() - GetNumDrainingStreams() + locally_closed_streams_highest_offset_.size() - num_incoming_static_streams_ - num_outgoing_static_streams_; } @@ -714,10 +711,7 @@ QuicConsumedData QuicSession::WritevData( return QuicConsumedData(0, false); } - if (write_with_transmission_) { - SetTransmissionType(type); - CountTransmissionTypeFlag(type); - } + SetTransmissionType(type); const auto current_level = connection()->encryption_level(); if (level.has_value()) { connection()->SetDefaultEncryptionLevel(level.value()); @@ -743,10 +737,7 @@ size_t QuicSession::SendCryptoData(EncryptionLevel level, QuicStreamOffset offset, TransmissionType type) { DCHECK(QuicVersionUsesCryptoFrames(transport_version())); - if (write_with_transmission_) { - SetTransmissionType(type); - CountTransmissionTypeFlag(type); - } + SetTransmissionType(type); const auto current_level = connection()->encryption_level(); connection_->SetDefaultEncryptionLevel(level); const auto bytes_consumed = @@ -758,10 +749,7 @@ size_t QuicSession::SendCryptoData(EncryptionLevel level, bool QuicSession::WriteControlFrame(const QuicFrame& frame, TransmissionType type) { - if (write_with_transmission_) { - SetTransmissionType(type); - CountTransmissionTypeFlag(type); - } + SetTransmissionType(type); return connection_->SendControlFrame(frame); } @@ -776,6 +764,10 @@ void QuicSession::SendRstStream(QuicStreamId id, connection_->OnStreamReset(id, error); } + if (break_close_loop_) { + return; + } + if (error != QUIC_STREAM_NO_ERROR && QuicContainsKey(zombie_streams_, id)) { OnStreamDoneWaitingForAcks(id); return; @@ -783,6 +775,26 @@ void QuicSession::SendRstStream(QuicStreamId id, CloseStreamInner(id, true); } +void QuicSession::ResetStream(QuicStreamId id, + QuicRstStreamErrorCode error, + QuicStreamOffset bytes_written) { + DCHECK(break_close_loop_); + QuicStream* stream = GetStream(id); + if (stream != nullptr && stream->is_static()) { + connection()->CloseConnection( + QUIC_INVALID_STREAM_ID, "Try to reset a static stream", + ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET); + return; + } + + if (stream != nullptr) { + stream->Reset(error); + return; + } + + SendRstStream(id, error, bytes_written); +} + void QuicSession::MaybeSendRstStreamFrame(QuicStreamId id, QuicRstStreamErrorCode error, QuicStreamOffset bytes_written) { @@ -875,6 +887,11 @@ void QuicSession::CloseStreamInner(QuicStreamId stream_id, bool rst_sent) { ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET); return; } + if (break_close_loop_) { + stream->CloseReadSide(); + stream->CloseWriteSide(); + return; + } StreamType type = stream->type(); // Tell the stream that a RST has been sent. @@ -904,16 +921,27 @@ void QuicSession::CloseStreamInner(QuicStreamId stream_id, bool rst_sent) { InsertLocallyClosedStreamsHighestOffset( stream_id, stream->flow_controller()->highest_received_byte_offset()); } + bool stream_was_draining = false; + if (deprecate_draining_streams_) { + stream_was_draining = stream->was_draining(); + QUIC_DVLOG_IF(1, stream_was_draining) + << ENDPOINT << "Stream " << stream_id << " was draining"; + } stream_map_.erase(it); if (IsIncomingStream(stream_id)) { --num_dynamic_incoming_streams_; } - - const bool stream_was_draining = - draining_streams_.find(stream_id) != draining_streams_.end(); + if (!deprecate_draining_streams_) { + stream_was_draining = + draining_streams_.find(stream_id) != draining_streams_.end(); + } if (stream_was_draining) { if (IsIncomingStream(stream_id)) { + QUIC_BUG_IF(num_draining_incoming_streams_ == 0); --num_draining_incoming_streams_; + } else if (deprecate_draining_streams_) { + QUIC_BUG_IF(num_draining_outgoing_streams_ == 0); + --num_draining_outgoing_streams_; } draining_streams_.erase(stream_id); } else if (VersionHasIetfQuicFrames(transport_version())) { @@ -923,6 +951,10 @@ void QuicSession::CloseStreamInner(QuicStreamId stream_id, bool rst_sent) { // Do not bother informing stream ID manager if connection is closed. v99_streamid_manager_.OnStreamClosed(stream_id); } + } else if (stream_id_manager_.handles_accounting() && had_fin_or_rst && + connection_->connected()) { + stream_id_manager_.OnStreamClosed( + /*is_incoming=*/IsIncomingStream(stream_id)); } stream->OnClose(); @@ -935,12 +967,100 @@ void QuicSession::CloseStreamInner(QuicStreamId stream_id, bool rst_sent) { } } +void QuicSession::OnStreamClosed(QuicStreamId stream_id) { + QUIC_DVLOG(1) << ENDPOINT << "Closing stream: " << stream_id; + DCHECK(break_close_loop_); + StreamMap::iterator it = stream_map_.find(stream_id); + if (it == stream_map_.end()) { + QUIC_DVLOG(1) << ENDPOINT << "Stream is already closed: " << stream_id; + return; + } + QuicStream* stream = it->second.get(); + StreamType type = stream->type(); + + if (stream->IsWaitingForAcks()) { + zombie_streams_[stream->id()] = std::move(it->second); + } else { + // Clean up the stream since it is no longer waiting for acks. + streams_waiting_for_acks_.erase(stream->id()); + closed_streams_.push_back(std::move(it->second)); + // Do not retransmit data of a closed stream. + streams_with_pending_retransmission_.erase(stream_id); + if (!closed_streams_clean_up_alarm_->IsSet()) { + closed_streams_clean_up_alarm_->Set( + connection_->clock()->ApproximateNow()); + } + } + + if (!stream->HasReceivedFinalOffset()) { + // If we haven't received a FIN or RST for this stream, we need to keep + // track of the how many bytes the stream's flow controller believes it has + // received, for accurate connection level flow control accounting. + // If this is an outgoing stream, it is technically open from peer's + // perspective. Do not inform stream Id manager yet. + DCHECK(!stream->was_draining()); + InsertLocallyClosedStreamsHighestOffset( + stream_id, stream->flow_controller()->highest_received_byte_offset()); + stream_map_.erase(it); + if (IsIncomingStream(stream_id)) { + --num_dynamic_incoming_streams_; + } + return; + } + + bool stream_was_draining = false; + if (deprecate_draining_streams_) { + stream_was_draining = stream->was_draining(); + QUIC_DVLOG_IF(1, stream_was_draining) + << ENDPOINT << "Stream " << stream_id << " was draining"; + } + stream_map_.erase(it); + if (IsIncomingStream(stream_id)) { + --num_dynamic_incoming_streams_; + } + if (!deprecate_draining_streams_) { + stream_was_draining = + draining_streams_.find(stream_id) != draining_streams_.end(); + } + if (stream_was_draining) { + if (IsIncomingStream(stream_id)) { + QUIC_BUG_IF(num_draining_incoming_streams_ == 0); + --num_draining_incoming_streams_; + } else if (deprecate_draining_streams_) { + QUIC_BUG_IF(num_draining_outgoing_streams_ == 0); + --num_draining_outgoing_streams_; + } + draining_streams_.erase(stream_id); + // Stream Id manager has been informed with draining streams. + return; + } + if (!connection_->connected()) { + // Do not bother informing stream ID manager if connection has been + // disconnected. + return; + } + if (stream_id_manager_.handles_accounting() && + !VersionHasIetfQuicFrames(transport_version())) { + stream_id_manager_.OnStreamClosed( + /*is_incoming=*/IsIncomingStream(stream_id)); + } + if (IsIncomingStream(stream_id)) { + // Stream Id manager is only interested in peer initiated stream IDs. + if (VersionHasIetfQuicFrames(transport_version())) { + v99_streamid_manager_.OnStreamClosed(stream_id); + } + return; + } + if (!VersionHasIetfQuicFrames(transport_version())) { + OnCanCreateNewOutgoingStream(type != BIDIRECTIONAL); + } +} + void QuicSession::ClosePendingStream(QuicStreamId stream_id) { QUIC_DVLOG(1) << ENDPOINT << "Closing stream " << stream_id; - + DCHECK(VersionHasIetfQuicFrames(transport_version())); pending_stream_map_.erase(stream_id); - if (VersionHasIetfQuicFrames(transport_version()) && - connection_->connected()) { + if (connection_->connected()) { v99_streamid_manager_.OnStreamClosed(stream_id); } } @@ -970,6 +1090,11 @@ void QuicSession::OnFinalByteOffsetReceived( flow_controller_.AddBytesConsumed(offset_diff); locally_closed_streams_highest_offset_.erase(it); + if (stream_id_manager_.handles_accounting() && + !VersionHasIetfQuicFrames(transport_version())) { + stream_id_manager_.OnStreamClosed( + /*is_incoming=*/IsIncomingStream(stream_id)); + } if (IsIncomingStream(stream_id)) { --num_locally_closed_incoming_streams_highest_offset_; if (VersionHasIetfQuicFrames(transport_version())) { @@ -1006,6 +1131,18 @@ void QuicSession::OnConfigNegotiated() { QUIC_DVLOG(1) << ENDPOINT << "Setting Bidirectional outgoing_max_streams_ to " << max_streams; + if (perspective_ == Perspective::IS_CLIENT && + max_streams < + v99_streamid_manager_.max_outgoing_bidirectional_streams()) { + connection_->CloseConnection( + QUIC_MAX_STREAMS_ERROR, + quiche::QuicheStrCat( + "new bidirectional limit ", max_streams, + " decreases the current limit: ", + v99_streamid_manager_.max_outgoing_bidirectional_streams()), + ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET); + return; + } if (v99_streamid_manager_.MaybeAllowNewOutgoingBidirectionalStreams( max_streams)) { OnCanCreateNewOutgoingStream(/*unidirectional = */ false); @@ -1015,14 +1152,16 @@ void QuicSession::OnConfigNegotiated() { if (config_.HasReceivedMaxUnidirectionalStreams()) { max_streams = config_.ReceivedMaxUnidirectionalStreams(); } - if (max_streams < num_expected_unidirectional_static_streams_) { - // TODO(ianswett): Change this to an application error for HTTP/3. - QUIC_DLOG(ERROR) << "Received unidirectional stream limit of " - << max_streams << " < " - << num_expected_unidirectional_static_streams_; + if (max_streams < + v99_streamid_manager_.max_outgoing_unidirectional_streams()) { connection_->CloseConnection( - QUIC_MAX_STREAMS_ERROR, "New unidirectional stream limit is too low.", + QUIC_MAX_STREAMS_ERROR, + quiche::QuicheStrCat( + "new unidirectional limit ", max_streams, + " decreases the current limit: ", + v99_streamid_manager_.max_outgoing_unidirectional_streams()), ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET); + return; } QUIC_DVLOG(1) << ENDPOINT << "Setting Unidirectional outgoing_max_streams_ to " @@ -1196,6 +1335,7 @@ void QuicSession::HandleRstOnValidNonexistentStream( } void QuicSession::OnNewStreamFlowControlWindow(QuicStreamOffset new_window) { + DCHECK_EQ(connection_->version().handshake_protocol, PROTOCOL_QUIC_CRYPTO); QUIC_DVLOG(1) << ENDPOINT << "OnNewStreamFlowControlWindow " << new_window; if (new_window < kMinimumFlowControlSendWindow && !connection_->version().AllowsLowFlowControlLimits()) { @@ -1212,19 +1352,22 @@ void QuicSession::OnNewStreamFlowControlWindow(QuicStreamOffset new_window) { for (auto const& kv : stream_map_) { QUIC_DVLOG(1) << ENDPOINT << "Informing stream " << kv.first << " of new stream flow control window " << new_window; - kv.second->UpdateSendWindowOffset(new_window); + if (!kv.second->ConfigSendWindowOffset(new_window)) { + return; + } } if (!QuicVersionUsesCryptoFrames(transport_version())) { QUIC_DVLOG(1) << ENDPOINT << "Informing crypto stream of new stream flow control window " << new_window; - GetMutableCryptoStream()->UpdateSendWindowOffset(new_window); + GetMutableCryptoStream()->ConfigSendWindowOffset(new_window); } } void QuicSession::OnNewStreamUnidirectionalFlowControlWindow( QuicStreamOffset new_window) { + DCHECK_EQ(connection_->version().handshake_protocol, PROTOCOL_TLS1_3); QUIC_DVLOG(1) << ENDPOINT << "OnNewStreamUnidirectionalFlowControlWindow " << new_window; // Inform all existing outgoing unidirectional streams about the new window. @@ -1239,12 +1382,15 @@ void QuicSession::OnNewStreamUnidirectionalFlowControlWindow( } QUIC_DVLOG(1) << ENDPOINT << "Informing unidirectional stream " << id << " of new stream flow control window " << new_window; - kv.second->UpdateSendWindowOffset(new_window); + if (!kv.second->ConfigSendWindowOffset(new_window)) { + return; + } } } void QuicSession::OnNewStreamOutgoingBidirectionalFlowControlWindow( QuicStreamOffset new_window) { + DCHECK_EQ(connection_->version().handshake_protocol, PROTOCOL_TLS1_3); QUIC_DVLOG(1) << ENDPOINT << "OnNewStreamOutgoingBidirectionalFlowControlWindow " << new_window; @@ -1260,12 +1406,15 @@ void QuicSession::OnNewStreamOutgoingBidirectionalFlowControlWindow( } QUIC_DVLOG(1) << ENDPOINT << "Informing outgoing bidirectional stream " << id << " of new stream flow control window " << new_window; - kv.second->UpdateSendWindowOffset(new_window); + if (!kv.second->ConfigSendWindowOffset(new_window)) { + return; + } } } void QuicSession::OnNewStreamIncomingBidirectionalFlowControlWindow( QuicStreamOffset new_window) { + DCHECK_EQ(connection_->version().handshake_protocol, PROTOCOL_TLS1_3); QUIC_DVLOG(1) << ENDPOINT << "OnNewStreamIncomingBidirectionalFlowControlWindow " << new_window; @@ -1281,19 +1430,36 @@ void QuicSession::OnNewStreamIncomingBidirectionalFlowControlWindow( } QUIC_DVLOG(1) << ENDPOINT << "Informing incoming bidirectional stream " << id << " of new stream flow control window " << new_window; - kv.second->UpdateSendWindowOffset(new_window); + if (!kv.second->ConfigSendWindowOffset(new_window)) { + return; + } } } void QuicSession::OnNewSessionFlowControlWindow(QuicStreamOffset new_window) { QUIC_DVLOG(1) << ENDPOINT << "OnNewSessionFlowControlWindow " << new_window; - if (new_window < kMinimumFlowControlSendWindow && - !connection_->version().AllowsLowFlowControlLimits()) { + bool close_connection = false; + if (!connection_->version().AllowsLowFlowControlLimits()) { + if (new_window < kMinimumFlowControlSendWindow) { + close_connection = true; + QUIC_LOG_FIRST_N(ERROR, 1) + << "Peer sent us an invalid session flow control send window: " + << new_window << ", below default: " << kMinimumFlowControlSendWindow; + } + } else if (perspective_ == Perspective::IS_CLIENT && + new_window < flow_controller_.send_window_offset()) { + // The client receives a lower limit than remembered, violating + // https://tools.ietf.org/html/draft-ietf-quic-transport-27#section-7.3.1 QUIC_LOG_FIRST_N(ERROR, 1) << "Peer sent us an invalid session flow control send window: " - << new_window << ", below default: " << kMinimumFlowControlSendWindow; + << new_window + << ", below current: " << flow_controller_.send_window_offset(); + close_connection = true; + } + if (close_connection) { connection_->CloseConnection( - QUIC_FLOW_CONTROL_INVALID_WINDOW, "New connection window too low", + QUIC_FLOW_CONTROL_INVALID_WINDOW, + quiche::QuicheStrCat("New connection window too low: ", new_window), ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET); return; } @@ -1332,12 +1498,20 @@ void QuicSession::OnNewEncryptionKeyAvailable( std::unique_ptr<QuicEncrypter> encrypter) { connection()->SetEncrypter(level, std::move(encrypter)); - if (GetQuicRestartFlag(quic_send_settings_on_write_key_available) && - connection_->version().handshake_protocol == PROTOCOL_TLS1_3 && + if (connection_->version().handshake_protocol == PROTOCOL_TLS1_3 && + (perspective() == Perspective::IS_CLIENT || + GetQuicReloadableFlag(quic_change_default_encryption_level))) { + QUIC_DVLOG(1) << ENDPOINT << "Set default encryption level to " + << EncryptionLevelToString(level); + QUIC_RELOADABLE_FLAG_COUNT(quic_change_default_encryption_level); + connection()->SetDefaultEncryptionLevel(level); + return; + } + + if (connection_->version().handshake_protocol == PROTOCOL_TLS1_3 && level == ENCRYPTION_FORWARD_SECURE) { // Set connection's default encryption level once 1-RTT write key is // available. - QUIC_RESTART_FLAG_COUNT_N(quic_send_settings_on_write_key_available, 1, 2); QUIC_DVLOG(1) << ENDPOINT << "Set default encryption level to " << EncryptionLevelToString(level); connection()->SetDefaultEncryptionLevel(level); @@ -1379,12 +1553,6 @@ void QuicSession::SetDefaultEncryptionLevel(EncryptionLevel level) { void QuicSession::OnOneRttKeysAvailable() { DCHECK_EQ(PROTOCOL_TLS1_3, connection_->version().handshake_protocol); - if (!GetQuicRestartFlag(quic_send_settings_on_write_key_available)) { - QUIC_DVLOG(1) << ENDPOINT << "Set default encryption level to " - << EncryptionLevelToString(ENCRYPTION_FORWARD_SECURE); - connection()->SetDefaultEncryptionLevel(ENCRYPTION_FORWARD_SECURE); - } - QUIC_BUG_IF(!GetCryptoStream()->crypto_negotiated_params().cipher_suite) << ENDPOINT << "Handshake completes without cipher suite negotiation."; QUIC_BUG_IF(!config_.negotiated()) @@ -1477,7 +1645,7 @@ void QuicSession::ActivateStream(std::unique_ptr<QuicStream> stream) { QuicStreamId stream_id = stream->id(); bool is_static = stream->is_static(); QUIC_DVLOG(1) << ENDPOINT << "num_streams: " << stream_map_.size() - << ". activating " << stream_id; + << ". activating stream " << stream_id; DCHECK(!QuicContainsKey(stream_map_, stream_id)); stream_map_[stream_id] = std::move(stream); if (IsIncomingStream(stream_id)) { @@ -1486,13 +1654,11 @@ void QuicSession::ActivateStream(std::unique_ptr<QuicStream> stream) { } else if (is_static) { ++num_outgoing_static_streams_; } - - if (VersionHasIetfQuicFrames(transport_version()) && - !QuicUtils::IsBidirectionalStreamId(stream_id) && is_static) { - DCHECK_LE(num_incoming_static_streams_, - num_expected_unidirectional_static_streams_); - DCHECK_LE(num_outgoing_static_streams_, - num_expected_unidirectional_static_streams_); + if (stream_id_manager_.handles_accounting() && !is_static && + !VersionHasIetfQuicFrames(transport_version())) { + // Do not inform stream ID manager of static streams. + stream_id_manager_.ActivateStream( + /*is_incoming=*/IsIncomingStream(stream_id)); } } @@ -1585,7 +1751,11 @@ QuicStream* QuicSession::GetOrCreateStream(const QuicStreamId stream_id) { if (!stream_id_manager_.CanOpenIncomingStream( GetNumOpenIncomingStreams())) { // Refuse to open the stream. - SendRstStream(stream_id, QUIC_REFUSED_STREAM, 0); + if (break_close_loop_) { + ResetStream(stream_id, QUIC_REFUSED_STREAM, 0); + } else { + SendRstStream(stream_id, QUIC_REFUSED_STREAM, 0); + } return nullptr; } } @@ -1593,8 +1763,25 @@ QuicStream* QuicSession::GetOrCreateStream(const QuicStreamId stream_id) { return CreateIncomingStream(stream_id); } -void QuicSession::StreamDraining(QuicStreamId stream_id) { +void QuicSession::StreamDraining(QuicStreamId stream_id, bool unidirectional) { DCHECK(QuicContainsKey(stream_map_, stream_id)); + if (deprecate_draining_streams_) { + QUIC_RELOADABLE_FLAG_COUNT(quic_deprecate_draining_streams); + QUIC_DVLOG(1) << ENDPOINT << "Stream " << stream_id << " is draining"; + if (VersionHasIetfQuicFrames(transport_version())) { + v99_streamid_manager_.OnStreamClosed(stream_id); + } else if (stream_id_manager_.handles_accounting()) { + stream_id_manager_.OnStreamClosed( + /*is_incoming=*/IsIncomingStream(stream_id)); + } + if (IsIncomingStream(stream_id)) { + ++num_draining_incoming_streams_; + return; + } + ++num_draining_outgoing_streams_; + OnCanCreateNewOutgoingStream(unidirectional); + return; + } if (!QuicContainsKey(draining_streams_, stream_id)) { draining_streams_.insert(stream_id); if (IsIncomingStream(stream_id)) { @@ -1602,6 +1789,9 @@ void QuicSession::StreamDraining(QuicStreamId stream_id) { } if (VersionHasIetfQuicFrames(transport_version())) { v99_streamid_manager_.OnStreamClosed(stream_id); + } else if (stream_id_manager_.handles_accounting()) { + stream_id_manager_.OnStreamClosed( + /*is_incoming=*/IsIncomingStream(stream_id)); } } if (!IsIncomingStream(stream_id)) { @@ -1735,11 +1925,19 @@ bool QuicSession::IsStaticStream(QuicStreamId id) const { } size_t QuicSession::GetNumOpenIncomingStreams() const { + DCHECK(!VersionHasIetfQuicFrames(transport_version())); + if (stream_id_manager_.handles_accounting()) { + return stream_id_manager_.num_open_incoming_streams(); + } return num_dynamic_incoming_streams_ - num_draining_incoming_streams_ + num_locally_closed_incoming_streams_highest_offset_; } size_t QuicSession::GetNumOpenOutgoingStreams() const { + DCHECK(!VersionHasIetfQuicFrames(transport_version())); + if (stream_id_manager_.handles_accounting()) { + return stream_id_manager_.num_open_outgoing_streams(); + } DCHECK_GE(GetNumDynamicOutgoingStreams() + GetNumLocallyClosedOutgoingStreamsHighestOffset(), GetNumDrainingOutgoingStreams()); @@ -1749,11 +1947,22 @@ size_t QuicSession::GetNumOpenOutgoingStreams() const { } size_t QuicSession::GetNumActiveStreams() const { - return stream_map_.size() - draining_streams_.size() - + if (!VersionHasIetfQuicFrames(transport_version()) && + stream_id_manager_.handles_accounting()) { + // Exclude locally_closed_streams when determine whether to keep connection + // alive. + return stream_id_manager_.num_open_incoming_streams() + + stream_id_manager_.num_open_outgoing_streams() - + locally_closed_streams_highest_offset_.size(); + } + return stream_map_.size() - GetNumDrainingStreams() - num_incoming_static_streams_ - num_outgoing_static_streams_; } size_t QuicSession::GetNumDrainingStreams() const { + if (deprecate_draining_streams_) { + return num_draining_incoming_streams_ + num_draining_outgoing_streams_; + } return draining_streams_.size(); } @@ -1796,6 +2005,9 @@ size_t QuicSession::GetNumDynamicOutgoingStreams() const { } size_t QuicSession::GetNumDrainingOutgoingStreams() const { + if (deprecate_draining_streams_) { + return num_draining_outgoing_streams_; + } DCHECK_GE(draining_streams_.size(), num_draining_incoming_streams_); return draining_streams_.size() - num_draining_incoming_streams_; } @@ -1840,7 +2052,7 @@ size_t QuicSession::MaxAvailableUnidirectionalStreams() const { bool QuicSession::IsIncomingStream(QuicStreamId id) const { if (VersionHasIetfQuicFrames(transport_version())) { - return v99_streamid_manager_.IsIncomingStream(id); + return !QuicUtils::IsOutgoingStreamId(version(), id, perspective_); } return stream_id_manager_.IsIncomingStream(id); } @@ -1974,9 +2186,6 @@ void QuicSession::OnFrameLost(const QuicFrame& frame) { void QuicSession::RetransmitFrames(const QuicFrames& frames, TransmissionType type) { QuicConnection::ScopedPacketFlusher retransmission_flusher(connection_); - if (!write_with_transmission_) { - SetTransmissionType(type); - } for (const QuicFrame& frame : frames) { if (frame.type == MESSAGE_FRAME) { // Do not retransmit MESSAGE frames. @@ -2070,18 +2279,12 @@ bool QuicSession::RetransmitLostData() { bool uses_crypto_frames = QuicVersionUsesCryptoFrames(transport_version()); QuicCryptoStream* crypto_stream = GetMutableCryptoStream(); if (uses_crypto_frames && crypto_stream->HasPendingCryptoRetransmission()) { - if (!write_with_transmission_) { - SetTransmissionType(HANDSHAKE_RETRANSMISSION); - } crypto_stream->WritePendingCryptoRetransmission(); } // Retransmit crypto data in stream 1 frames (version < 47). if (!uses_crypto_frames && QuicContainsKey(streams_with_pending_retransmission_, QuicUtils::GetCryptoStreamId(transport_version()))) { - if (!write_with_transmission_) { - SetTransmissionType(HANDSHAKE_RETRANSMISSION); - } // Retransmit crypto data first. QuicStream* crypto_stream = GetStream(QuicUtils::GetCryptoStreamId(transport_version())); @@ -2096,9 +2299,6 @@ bool QuicSession::RetransmitLostData() { } } if (control_frame_manager_.HasPendingRetransmission()) { - if (!write_with_transmission_) { - SetTransmissionType(LOSS_RETRANSMISSION); - } control_frame_manager_.OnCanWrite(); if (control_frame_manager_.HasPendingRetransmission()) { return false; @@ -2112,9 +2312,6 @@ bool QuicSession::RetransmitLostData() { const QuicStreamId id = streams_with_pending_retransmission_.begin()->first; QuicStream* stream = GetStream(id); if (stream != nullptr) { - if (!write_with_transmission_) { - SetTransmissionType(LOSS_RETRANSMISSION); - } stream->OnCanWrite(); DCHECK(CheckStreamWriteBlocked(stream)); if (stream->HasPendingRetransmission()) { @@ -2260,5 +2457,9 @@ void QuicSession::OnAlpnSelected(quiche::QuicheStringPiece alpn) { << "ALPN selected: " << alpn; } +void QuicSession::NeuterCryptoDataOfEncryptionLevel(EncryptionLevel level) { + GetMutableCryptoStream()->NeuterStreamDataOfEncryptionLevel(level); +} + #undef ENDPOINT // undef for jumbo builds } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_session.h b/chromium/net/third_party/quiche/src/quic/core/quic_session.h index ac99a3f7584..5a1ebbc602c 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_session.h +++ b/chromium/net/third_party/quiche/src/quic/core/quic_session.h @@ -126,6 +126,7 @@ class QUIC_EXPORT_PRIVATE QuicSession void OnStopSendingFrame(const QuicStopSendingFrame& frame) override; void OnPacketDecrypted(EncryptionLevel level) override; void OnOneRttPacketAcknowledged() override; + void OnHandshakePacketSent() override; // QuicStreamFrameDataProducer WriteStreamDataResult WriteStreamData(QuicStreamId id, @@ -198,13 +199,17 @@ class QUIC_EXPORT_PRIVATE QuicSession // will be sent in specified transmission |type|. bool WriteControlFrame(const QuicFrame& frame, TransmissionType type); - // Close the stream in both directions. - // TODO(renjietang): rename this method as it sends both RST_STREAM and - // STOP_SENDING in IETF QUIC. + // Called by stream to send RST_STREAM (and STOP_SENDING). virtual void SendRstStream(QuicStreamId id, QuicRstStreamErrorCode error, QuicStreamOffset bytes_written); + // Called to send RST_STREAM (and STOP_SENDING) and close stream. If stream + // |id| does not exist, just send RST_STREAM (and STOP_SENDING). + virtual void ResetStream(QuicStreamId id, + QuicRstStreamErrorCode error, + QuicStreamOffset bytes_written); + // Called when the session wants to go away and not accept any new streams. virtual void SendGoAway(QuicErrorCode error_code, const std::string& reason); @@ -217,9 +222,15 @@ class QUIC_EXPORT_PRIVATE QuicSession // Create and transmit a STOP_SENDING frame virtual void SendStopSending(uint16_t code, QuicStreamId stream_id); - // Removes the stream associated with 'stream_id' from the active stream map. + // Close stream |stream_id|. Whether sending RST_STREAM (and STOP_SENDING) + // depends on the sending and receiving states. + // TODO(fayang): Deprecate CloseStream, instead always use ResetStream to + // close a stream from session. virtual void CloseStream(QuicStreamId stream_id); + // Called by stream |stream_id| when it gets closed. + virtual void OnStreamClosed(QuicStreamId stream_id); + // Returns true if outgoing packets will be encrypted, even if the server // hasn't confirmed the handshake yet. virtual bool IsEncryptionEstablished() const; @@ -316,10 +327,16 @@ class QUIC_EXPORT_PRIVATE QuicSession // Returns the number of currently open peer initiated streams, excluding // static streams. + // TODO(fayang): remove this and instead use + // LegacyStreamIdManager::num_open_incoming_streams() in tests when + // deprecating quic_stream_id_manager_handles_accounting. size_t GetNumOpenIncomingStreams() const; // Returns the number of currently open self initiated streams, excluding // static streams. + // TODO(fayang): remove this and instead use + // LegacyStreamIdManager::num_open_outgoing_streams() in tests when + // deprecating quic_stream_id_manager_handles_accounting. size_t GetNumOpenOutgoingStreams() const; // Returns the number of open peer initiated static streams. @@ -365,7 +382,7 @@ class QUIC_EXPORT_PRIVATE QuicSession bool goaway_received() const { return goaway_received_; } // Returns the Google QUIC error code - QuicErrorCode error() const { return on_closed_frame_.extracted_error_code; } + QuicErrorCode error() const { return on_closed_frame_.quic_error_code; } const std::string& error_details() const { return on_closed_frame_.error_details; } @@ -375,12 +392,6 @@ class QUIC_EXPORT_PRIVATE QuicSession QuicConnectionCloseType close_type() const { return on_closed_frame_.close_type; } - QuicIetfTransportErrorCodes transport_error_code() const { - return on_closed_frame_.transport_error_code; - } - uint16_t application_error_code() const { - return on_closed_frame_.application_error_code; - } Perspective perspective() const { return perspective_; } @@ -406,16 +417,11 @@ class QUIC_EXPORT_PRIVATE QuicSession QuicStream* GetOrCreateStream(const QuicStreamId stream_id); // Mark a stream as draining. - virtual void StreamDraining(QuicStreamId id); + void StreamDraining(QuicStreamId id, bool unidirectional); // Returns true if this stream should yield writes to another blocked stream. virtual bool ShouldYield(QuicStreamId stream_id); - // Set transmission type of next sending packets. - // TODO(b/136274541): Remove this method or or make it private after - // gfe2_reloadable_flag_quic_write_with_transmission is deprecated. - void SetTransmissionType(TransmissionType type); - // Clean up closed_streams_. void CleanUpClosedStreams(); @@ -453,16 +459,8 @@ class QUIC_EXPORT_PRIVATE QuicSession bool is_configured() const { return is_configured_; } - QuicStreamCount num_expected_unidirectional_static_streams() const { - return num_expected_unidirectional_static_streams_; - } - - // Set the number of unidirectional stream that the peer is allowed to open to - // be |max_stream| + |num_expected_static_streams_|. - void ConfigureMaxDynamicStreamsToSend(QuicStreamCount max_stream) { - config_.SetMaxUnidirectionalStreamsToSend( - max_stream + num_expected_unidirectional_static_streams_); - } + // Called to neuter crypto data of encryption |level|. + void NeuterCryptoDataOfEncryptionLevel(EncryptionLevel level); // Returns the ALPN values to negotiate on this session. virtual std::vector<std::string> GetAlpnsToOffer() const { @@ -480,7 +478,26 @@ class QUIC_EXPORT_PRIVATE QuicSession // uses TLS handshake. virtual void OnAlpnSelected(quiche::QuicheStringPiece alpn); - bool write_with_transmission() const { return write_with_transmission_; } + bool deprecate_draining_streams() const { + return deprecate_draining_streams_; + } + + bool break_close_loop() const { return break_close_loop_; } + + // Called on clients by the crypto handshaker to provide application state + // necessary for sending application data in 0-RTT. The state provided here is + // the same state that was provided to the crypto handshaker in + // QuicCryptoClientStream::OnApplicationState on a previous connection. + // Application protocols that require state to be carried over from the + // previous connection to support 0-RTT data must implement this method to + // ingest this state. For example, an HTTP/3 QuicSession would implement this + // function to process the remembered server SETTINGS frame and apply those + // SETTINGS to 0-RTT data. This function returns true if the application state + // has been successfully processed, and false if there was an error processing + // the cached state and the connection should be closed. + virtual bool SetApplicationState(ApplicationState* /*cached_state*/) { + return true; + } protected: using StreamMap = QuicSmallMap<QuicStreamId, std::unique_ptr<QuicStream>, 10>; @@ -508,6 +525,9 @@ class QUIC_EXPORT_PRIVATE QuicSession // Adds |stream| to the stream map. virtual void ActivateStream(std::unique_ptr<QuicStream> stream); + // Set transmission type of next sending packets. + void SetTransmissionType(TransmissionType type); + // Returns the stream ID for a new outgoing bidirectional/unidirectional // stream, and increments the underlying counter. QuicStreamId GetNextOutgoingBidirectionalStreamId(); @@ -530,6 +550,7 @@ class QUIC_EXPORT_PRIVATE QuicSession // Performs the work required to close |stream_id|. If |rst_sent| then a // Reset Stream frame has already been sent for this stream. + // TODO(fayang): Remove CloseStreamInner. virtual void CloseStreamInner(QuicStreamId stream_id, bool rst_sent); // When a stream is closed locally, it may not yet know how many bytes the @@ -546,6 +567,10 @@ class QUIC_EXPORT_PRIVATE QuicSession // ProcessPendingStream(). virtual bool UsesPendingStreams() const { return false; } + spdy::SpdyPriority GetSpdyPriorityofStream(QuicStreamId stream_id) const { + return write_blocked_streams_.GetSpdyPriorityofStream(stream_id); + } + StreamMap& stream_map() { return stream_map_; } const StreamMap& stream_map() const { return stream_map_; } @@ -734,10 +759,12 @@ class QUIC_EXPORT_PRIVATE QuicSession // Set of stream ids that are "draining" -- a FIN has been sent and received, // but the stream object still exists because not all the received data has // been consumed. - QuicUnorderedSet<QuicStreamId> draining_streams_; + // TODO(fayang): Remove draining_streams_ when deprecate + // quic_deprecate_draining_streams. + QuicHashSet<QuicStreamId> draining_streams_; // Set of stream ids that are waiting for acks excluding crypto stream id. - QuicUnorderedSet<QuicStreamId> streams_waiting_for_acks_; + QuicHashSet<QuicStreamId> streams_waiting_for_acks_; // TODO(fayang): Consider moving LegacyQuicStreamIdManager into // UberQuicStreamIdManager. @@ -748,11 +775,23 @@ class QUIC_EXPORT_PRIVATE QuicSession UberQuicStreamIdManager v99_streamid_manager_; // A counter for peer initiated dynamic streams which are in the stream_map_. + // TODO(fayang): Remove this when deprecating + // quic_stream_id_manager_handles_accounting. size_t num_dynamic_incoming_streams_; - // A counter for peer initiated streams which are in the draining_streams_. + // A counter for peer initiated streams which have sent and received FIN but + // waiting for application to consume data. + // TODO(fayang): Remove this when deprecating + // quic_stream_id_manager_handles_accounting. size_t num_draining_incoming_streams_; + // A counter for self initiated streams which have sent and received FIN but + // waiting for application to consume data. Only used when + // deprecate_draining_streams_ is true. + // TODO(fayang): Remove this when deprecating + // quic_stream_id_manager_handles_accounting. + size_t num_draining_outgoing_streams_; + // A counter for self initiated static streams which are in // stream_map_. size_t num_outgoing_static_streams_; @@ -763,6 +802,8 @@ class QUIC_EXPORT_PRIVATE QuicSession // A counter for peer initiated streams which are in the // locally_closed_streams_highest_offset_. + // TODO(fayang): Remove this when deprecating + // quic_stream_id_manager_handles_accounting. size_t num_locally_closed_incoming_streams_highest_offset_; // Received information for a connection close. @@ -809,14 +850,14 @@ class QUIC_EXPORT_PRIVATE QuicSession // configured and is ready for general operation. bool is_configured_; - // The number of expected static streams. - QuicStreamCount num_expected_unidirectional_static_streams_; - // If true, enables round robin scheduling. bool enable_round_robin_scheduling_; - // Latched value of gfe2_reloadable_flag_quic_write_with_transmission. - const bool write_with_transmission_; + // Latched value of quic_deprecate_draining_streams. + const bool deprecate_draining_streams_; + + // Latched value of quic_break_session_stream_close_loop. + const bool break_close_loop_; }; } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_session_test.cc b/chromium/net/third_party/quiche/src/quic/core/quic_session_test.cc index 4da502dc422..9d5e977d0a6 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_session_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_session_test.cc @@ -83,7 +83,8 @@ class TestCryptoStream : public QuicCryptoStream, public QuicCryptoHandshaker { EXPECT_TRUE( session()->config()->FillTransportParameters(&transport_parameters)); error = session()->config()->ProcessTransportParameters( - transport_parameters, CLIENT, &error_details); + transport_parameters, CLIENT, /* is_resumption = */ false, + &error_details); } else { CryptoHandshakeMessage msg; session()->config()->ToHandshakeMessage(&msg, transport_version()); @@ -117,15 +118,16 @@ class TestCryptoStream : public QuicCryptoStream, public QuicCryptoHandshaker { } void OnPacketDecrypted(EncryptionLevel /*level*/) override {} void OnOneRttPacketAcknowledged() override {} + void OnHandshakePacketSent() override {} void OnHandshakeDoneReceived() override {} HandshakeState GetHandshakeState() const override { return one_rtt_keys_available() ? HANDSHAKE_COMPLETE : HANDSHAKE_START; } - MOCK_METHOD0(OnCanWrite, void()); + MOCK_METHOD(void, OnCanWrite, (), (override)); bool HasPendingCryptoRetransmission() const override { return false; } - MOCK_CONST_METHOD0(HasPendingRetransmission, bool()); + MOCK_METHOD(bool, HasPendingRetransmission, (), (const, override)); private: using QuicCryptoStream::session; @@ -155,11 +157,13 @@ class TestStream : public QuicStream { void OnDataAvailable() override {} - MOCK_METHOD0(OnCanWrite, void()); - MOCK_METHOD4(RetransmitStreamData, - bool(QuicStreamOffset, QuicByteCount, bool, TransmissionType)); + MOCK_METHOD(void, OnCanWrite, (), (override)); + MOCK_METHOD(bool, + RetransmitStreamData, + (QuicStreamOffset, QuicByteCount, bool, TransmissionType), + (override)); - MOCK_CONST_METHOD0(HasPendingRetransmission, bool()); + MOCK_METHOD(bool, HasPendingRetransmission, (), (const, override)); }; class TestSession : public QuicSession { @@ -211,9 +215,9 @@ class TestSession : public QuicSession { TestStream* CreateIncomingStream(QuicStreamId id) override { // Enforce the limit on the number of open streams. - if (GetNumOpenIncomingStreams() + 1 > - max_open_incoming_bidirectional_streams() && - !VersionHasIetfQuicFrames(connection()->transport_version())) { + if (!VersionHasIetfQuicFrames(connection()->transport_version()) && + GetNumOpenIncomingStreams() + 1 > + max_open_incoming_bidirectional_streams()) { // No need to do this test for version 99; it's done by // QuicSession::GetOrCreateStream. connection()->CloseConnection( @@ -286,7 +290,10 @@ class TestSession : public QuicSession { return consumed; } - MOCK_METHOD1(OnCanCreateNewOutgoingStream, void(bool unidirectional)); + MOCK_METHOD(void, + OnCanCreateNewOutgoingStream, + (bool unidirectional), + (override)); void set_writev_consumes_all_data(bool val) { writev_consumes_all_data_ = val; @@ -1771,21 +1778,6 @@ TEST_P(QuicSessionTestServer, InvalidStreamFlowControlWindowInHandshake) { session_.OnConfigNegotiated(); } -TEST_P(QuicSessionTestServer, InvalidSessionFlowControlWindowInHandshake) { - // Test that receipt of an invalid (< default) session flow control window - // from the peer results in the connection being torn down. - const uint32_t kInvalidWindow = kMinimumFlowControlSendWindow - 1; - QuicConfigPeer::SetReceivedInitialSessionFlowControlWindow(session_.config(), - kInvalidWindow); - if (!connection_->version().AllowsLowFlowControlLimits()) { - EXPECT_CALL(*connection_, - CloseConnection(QUIC_FLOW_CONTROL_INVALID_WINDOW, _, _)); - } else { - EXPECT_CALL(*connection_, CloseConnection(_, _, _)).Times(0); - } - session_.OnConfigNegotiated(); -} - // Test negotiation of custom server initial flow control window. TEST_P(QuicSessionTestServer, CustomFlowControlWindow) { QuicTagVector copt; @@ -1883,7 +1875,7 @@ TEST_P(QuicSessionTestServer, DrainingStreamsDoNotCountAsOpenedOutgoing) { QuicStreamFrame data1(stream_id, true, 0, quiche::QuicheStringPiece("HT")); session_.OnStreamFrame(data1); EXPECT_CALL(session_, OnCanCreateNewOutgoingStream(false)).Times(1); - session_.StreamDraining(stream_id); + session_.StreamDraining(stream_id, /*unidirectional=*/false); } TEST_P(QuicSessionTestServer, NoPendingStreams) { @@ -1931,20 +1923,20 @@ TEST_P(QuicSessionTestServer, RstPendingStreams) { session_.OnStreamFrame(data1); EXPECT_TRUE(QuicSessionPeer::GetPendingStream(&session_, stream_id)); EXPECT_EQ(0, session_.num_incoming_streams_created()); - EXPECT_EQ(0u, session_.GetNumOpenIncomingStreams()); + EXPECT_EQ(0u, QuicSessionPeer::GetNumOpenDynamicStreams(&session_)); QuicRstStreamFrame rst1(kInvalidControlFrameId, stream_id, QUIC_ERROR_PROCESSING_STREAM, 12); session_.OnRstStream(rst1); EXPECT_FALSE(QuicSessionPeer::GetPendingStream(&session_, stream_id)); EXPECT_EQ(0, session_.num_incoming_streams_created()); - EXPECT_EQ(0u, session_.GetNumOpenIncomingStreams()); + EXPECT_EQ(0u, QuicSessionPeer::GetNumOpenDynamicStreams(&session_)); QuicStreamFrame data2(stream_id, false, 0, quiche::QuicheStringPiece("HT")); session_.OnStreamFrame(data2); EXPECT_FALSE(QuicSessionPeer::GetPendingStream(&session_, stream_id)); EXPECT_EQ(0, session_.num_incoming_streams_created()); - EXPECT_EQ(0u, session_.GetNumOpenIncomingStreams()); + EXPECT_EQ(0u, QuicSessionPeer::GetNumOpenDynamicStreams(&session_)); } TEST_P(QuicSessionTestServer, OnFinPendingStreams) { @@ -1960,7 +1952,7 @@ TEST_P(QuicSessionTestServer, OnFinPendingStreams) { EXPECT_FALSE(QuicSessionPeer::GetPendingStream(&session_, stream_id)); EXPECT_EQ(0, session_.num_incoming_streams_created()); - EXPECT_EQ(0u, session_.GetNumOpenIncomingStreams()); + EXPECT_EQ(0u, QuicSessionPeer::GetNumOpenDynamicStreams(&session_)); } TEST_P(QuicSessionTestServer, PendingStreamOnWindowUpdate) { @@ -2013,9 +2005,9 @@ TEST_P(QuicSessionTestServer, DrainingStreamsDoNotCountAsOpened) { i += QuicUtils::StreamIdDelta(connection_->transport_version())) { QuicStreamFrame data1(i, true, 0, quiche::QuicheStringPiece("HT")); session_.OnStreamFrame(data1); - EXPECT_EQ(1u, session_.GetNumOpenIncomingStreams()); - session_.StreamDraining(i); - EXPECT_EQ(0u, session_.GetNumOpenIncomingStreams()); + EXPECT_EQ(1u, QuicSessionPeer::GetNumOpenDynamicStreams(&session_)); + session_.StreamDraining(i, /*unidirectional=*/false); + EXPECT_EQ(0u, QuicSessionPeer::GetNumOpenDynamicStreams(&session_)); } } @@ -2048,6 +2040,57 @@ TEST_P(QuicSessionTestClient, AvailableBidirectionalStreamsClient) { &session_, GetNthClientInitiatedBidirectionalId(1))); } +TEST_P(QuicSessionTestClient, InvalidSessionFlowControlWindowInHandshake) { + // Test that receipt of an invalid (< default for gQUIC, < current for TLS) + // session flow control window from the peer results in the connection being + // torn down. + const uint32_t kInvalidWindow = kMinimumFlowControlSendWindow - 1; + QuicConfigPeer::SetReceivedInitialSessionFlowControlWindow(session_.config(), + kInvalidWindow); + EXPECT_CALL(*connection_, + CloseConnection(QUIC_FLOW_CONTROL_INVALID_WINDOW, _, _)); + session_.OnConfigNegotiated(); +} + +TEST_P(QuicSessionTestClient, InvalidBidiStreamLimitInHandshake) { + // IETF QUIC only feature. + if (!VersionHasIetfQuicFrames(transport_version())) { + return; + } + QuicConfigPeer::SetReceivedMaxBidirectionalStreams( + session_.config(), kDefaultMaxStreamsPerConnection - 1); + EXPECT_CALL(*connection_, CloseConnection(QUIC_MAX_STREAMS_ERROR, _, _)); + session_.OnConfigNegotiated(); +} + +TEST_P(QuicSessionTestClient, InvalidUniStreamLimitInHandshake) { + // IETF QUIC only feature. + if (!VersionHasIetfQuicFrames(transport_version())) { + return; + } + QuicConfigPeer::SetReceivedMaxUnidirectionalStreams( + session_.config(), kDefaultMaxStreamsPerConnection - 1); + EXPECT_CALL(*connection_, CloseConnection(QUIC_MAX_STREAMS_ERROR, _, _)); + session_.OnConfigNegotiated(); +} + +TEST_P(QuicSessionTestClient, InvalidStreamFlowControlWindowInHandshake) { + // IETF QUIC only feature. + if (!VersionHasIetfQuicFrames(transport_version())) { + return; + } + session_.CreateOutgoingBidirectionalStream(); + session_.CreateOutgoingBidirectionalStream(); + QuicConfigPeer::SetReceivedInitialMaxStreamDataBytesOutgoingBidirectional( + session_.config(), kMinimumFlowControlSendWindow - 1); + + EXPECT_CALL(*connection_, CloseConnection(_, _, _)) + .WillOnce( + Invoke(connection_, &MockQuicConnection::ReallyCloseConnection)); + EXPECT_CALL(*connection_, SendConnectionClosePacket(_, _)); + session_.OnConfigNegotiated(); +} + TEST_P(QuicSessionTestClient, OnMaxStreamFrame) { if (!VersionUsesHttp3(transport_version())) { return; @@ -2387,8 +2430,14 @@ TEST_P(QuicSessionTestServer, RetransmitLostDataCausesConnectionClose) { session_.OnFrameLost(QuicFrame(frame)); // Retransmit stream data causes connection close. Stream has not sent fin // yet, so an RST is sent. - EXPECT_CALL(*stream, OnCanWrite()) - .WillOnce(Invoke(stream, &QuicStream::OnClose)); + if (session_.break_close_loop()) { + EXPECT_CALL(*stream, OnCanWrite()).WillOnce(Invoke([this, stream]() { + session_.CloseStream(stream->id()); + })); + } else { + EXPECT_CALL(*stream, OnCanWrite()) + .WillOnce(Invoke(stream, &QuicStream::OnClose)); + } if (VersionHasIetfQuicFrames(transport_version())) { // Once for the RST_STREAM, once for the STOP_SENDING EXPECT_CALL(*connection_, SendControlFrame(_)) @@ -2746,6 +2795,7 @@ TEST_P(QuicSessionTestServer, OnStopSendingForWriteClosedStream) { TestStream* stream = session_.CreateOutgoingBidirectionalStream(); QuicStreamId stream_id = stream->id(); + QuicStreamPeer::SetFinSent(stream); stream->CloseWriteSide(); EXPECT_TRUE(stream->write_side_closed()); QuicStopSendingFrame frame(1, stream_id, 123); diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_stream.cc b/chromium/net/third_party/quiche/src/quic/core/quic_stream.cc index 86beaef0f7b..40a67bba21c 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_stream.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_stream.cc @@ -4,6 +4,7 @@ #include "net/third_party/quiche/src/quic/core/quic_stream.h" +#include <limits> #include <string> #include "net/third_party/quiche/src/quic/core/quic_error_codes.h" @@ -29,15 +30,15 @@ namespace quic { namespace { -size_t DefaultFlowControlWindow(ParsedQuicVersion version) { +QuicByteCount DefaultFlowControlWindow(ParsedQuicVersion version) { if (!version.AllowsLowFlowControlLimits()) { return kDefaultFlowControlSendWindow; } return 0; } -size_t GetInitialStreamFlowControlWindowToSend(QuicSession* session, - QuicStreamId stream_id) { +QuicByteCount GetInitialStreamFlowControlWindowToSend(QuicSession* session, + QuicStreamId stream_id) { ParsedQuicVersion version = session->connection()->version(); if (version.handshake_protocol != PROTOCOL_TLS1_3) { return session->config()->GetInitialStreamFlowControlWindowToSend(); @@ -60,8 +61,8 @@ size_t GetInitialStreamFlowControlWindowToSend(QuicSession* session, ->GetInitialMaxStreamDataBytesIncomingBidirectionalToSend(); } -size_t GetReceivedFlowControlWindow(QuicSession* session, - QuicStreamId stream_id) { +QuicByteCount GetReceivedFlowControlWindow(QuicSession* session, + QuicStreamId stream_id) { ParsedQuicVersion version = session->connection()->version(); if (version.handshake_protocol != PROTOCOL_TLS1_3) { if (session->config()->HasReceivedInitialStreamFlowControlWindowBytes()) { @@ -189,7 +190,7 @@ void PendingStream::OnStreamFrame(const QuicStreamFrame& frame) { } // This count includes duplicate data received. - size_t frame_payload_size = frame.data_length; + QuicByteCount frame_payload_size = frame.data_length; stream_bytes_read_ += frame_payload_size; // Flow control is interested in tracking highest received offset. @@ -257,7 +258,7 @@ bool PendingStream::MaybeIncreaseHighestReceivedOffset( return true; } -void PendingStream::MarkConsumed(size_t num_bytes) { +void PendingStream::MarkConsumed(QuicByteCount num_bytes) { sequencer_.MarkConsumed(num_bytes); } @@ -353,6 +354,7 @@ QuicStream::QuicStream(QuicStreamId id, buffered_data_threshold_(GetQuicFlag(FLAGS_quic_buffered_data_threshold)), is_static_(is_static), deadline_(QuicTime::Zero()), + was_draining_(false), type_(VersionHasIetfQuicFrames(session->transport_version()) && type != CRYPTO ? QuicUtils::GetStreamType(id_, @@ -361,10 +363,10 @@ QuicStream::QuicStream(QuicStreamId id, : type), perspective_(session->perspective()) { if (type_ == WRITE_UNIDIRECTIONAL) { - set_fin_received(true); + fin_received_ = true; CloseReadSide(); } else if (type_ == READ_UNIDIRECTIONAL) { - set_fin_sent(true); + fin_sent_ = true; CloseWriteSide(); } if (type_ != CRYPTO) { @@ -431,9 +433,14 @@ void QuicStream::OnStreamFrame(const QuicStreamFrame& frame) { } if (frame.fin) { - fin_received_ = true; - if (fin_sent_) { - session_->StreamDraining(id_); + if (!session_->deprecate_draining_streams() || !fin_received_) { + fin_received_ = true; + if (fin_sent_) { + DCHECK(!was_draining_ || !session_->deprecate_draining_streams()); + session_->StreamDraining(id_, + /*unidirectional=*/type_ != BIDIRECTIONAL); + was_draining_ = true; + } } } @@ -446,7 +453,7 @@ void QuicStream::OnStreamFrame(const QuicStreamFrame& frame) { } // This count includes duplicate data received. - size_t frame_payload_size = frame.data_length; + QuicByteCount frame_payload_size = frame.data_length; stream_bytes_read_ += frame_payload_size; // Flow control is interested in tracking highest received offset. @@ -455,7 +462,10 @@ void QuicStream::OnStreamFrame(const QuicStreamFrame& frame) { MaybeIncreaseHighestReceivedOffset(frame.offset + frame_payload_size)) { // As the highest received offset has changed, check to see if this is a // violation of flow control. - if (flow_controller_->FlowControlViolation() || + QUIC_BUG_IF(!flow_controller_.has_value()) + << ENDPOINT << "OnStreamFrame called on stream without flow control"; + if ((flow_controller_.has_value() && + flow_controller_->FlowControlViolation()) || connection_flow_controller_->FlowControlViolation()) { OnUnrecoverableError(QUIC_FLOW_CONTROL_RECEIVED_TOO_MUCH_DATA, "Flow control violation after increasing offset"); @@ -519,7 +529,10 @@ void QuicStream::OnStreamReset(const QuicRstStreamFrame& frame) { } MaybeIncreaseHighestReceivedOffset(frame.byte_offset); - if (flow_controller_->FlowControlViolation() || + QUIC_BUG_IF(!flow_controller_.has_value()) + << ENDPOINT << "OnStreamReset called on stream without flow control"; + if ((flow_controller_.has_value() && + flow_controller_->FlowControlViolation()) || connection_flow_controller_->FlowControlViolation()) { OnUnrecoverableError(QUIC_FLOW_CONTROL_RECEIVED_TOO_MUCH_DATA, "Flow control violation after increasing offset"); @@ -560,11 +573,23 @@ void QuicStream::OnFinRead() { CloseReadSide(); } +void QuicStream::SetFinSent() { + DCHECK(!VersionUsesHttp3(transport_version())); + fin_sent_ = true; +} + void QuicStream::Reset(QuicRstStreamErrorCode error) { stream_error_ = error; - // Sending a RstStream results in calling CloseStream. session()->SendRstStream(id(), error, stream_bytes_written()); rst_sent_ = true; + if (session_->break_close_loop()) { + if (read_side_closed_ && write_side_closed_ && !IsWaitingForAcks()) { + session()->OnStreamDoneWaitingForAcks(id_); + return; + } + CloseReadSide(); + CloseWriteSide(); + } } void QuicStream::OnUnrecoverableError(QuicErrorCode error, @@ -660,6 +685,11 @@ void QuicStream::OnCanWrite() { } void QuicStream::MaybeSendBlocked() { + if (!flow_controller_.has_value()) { + QUIC_BUG << ENDPOINT + << "MaybeSendBlocked called on stream without flow control"; + return; + } if (flow_controller_->ShouldSendBlocked()) { session_->SendBlocked(id_); } @@ -751,7 +781,12 @@ void QuicStream::CloseReadSide() { if (write_side_closed_) { QUIC_DVLOG(1) << ENDPOINT << "Closing stream " << id(); - session_->CloseStream(id()); + if (session_->break_close_loop()) { + session_->OnStreamClosed(id()); + OnClose(); + } else { + session_->CloseStream(id()); + } } } @@ -764,7 +799,12 @@ void QuicStream::CloseWriteSide() { write_side_closed_ = true; if (read_side_closed_) { QUIC_DVLOG(1) << ENDPOINT << "Closing stream " << id(); - session_->CloseStream(id()); + if (session_->break_close_loop()) { + session_->OnStreamClosed(id()); + OnClose(); + } else { + session_->CloseStream(id()); + } } } @@ -787,8 +827,12 @@ void QuicStream::StopReading() { } void QuicStream::OnClose() { - CloseReadSide(); - CloseWriteSide(); + if (session()->break_close_loop()) { + DCHECK(read_side_closed_ && write_side_closed_); + } else { + CloseReadSide(); + CloseWriteSide(); + } if (!fin_sent_ && !rst_sent_) { // For flow control accounting, tell the peer how many bytes have been @@ -801,7 +845,8 @@ void QuicStream::OnClose() { rst_sent_ = true; } - if (flow_controller_->FlowControlViolation() || + if (!flow_controller_.has_value() || + flow_controller_->FlowControlViolation() || connection_flow_controller_->FlowControlViolation()) { return; } @@ -823,6 +868,12 @@ void QuicStream::OnWindowUpdateFrame(const QuicWindowUpdateFrame& frame) { return; } + if (!flow_controller_.has_value()) { + QUIC_BUG << ENDPOINT + << "OnWindowUpdateFrame called on stream without flow control"; + return; + } + if (flow_controller_->UpdateSendWindowOffset(frame.max_data)) { // Let session unblock this stream. session_->MarkConnectionLevelWriteBlocked(id_); @@ -831,6 +882,12 @@ void QuicStream::OnWindowUpdateFrame(const QuicWindowUpdateFrame& frame) { bool QuicStream::MaybeIncreaseHighestReceivedOffset( QuicStreamOffset new_offset) { + if (!flow_controller_.has_value()) { + QUIC_BUG << ENDPOINT + << "MaybeIncreaseHighestReceivedOffset called on stream without " + "flow control"; + return false; + } uint64_t increment = new_offset - flow_controller_->highest_received_byte_offset(); if (!flow_controller_->UpdateHighestReceivedOffset(new_offset)) { @@ -849,6 +906,11 @@ bool QuicStream::MaybeIncreaseHighestReceivedOffset( } void QuicStream::AddBytesSent(QuicByteCount bytes) { + if (!flow_controller_.has_value()) { + QUIC_BUG << ENDPOINT + << "AddBytesSent called on stream without flow control"; + return; + } flow_controller_->AddBytesSent(bytes); if (stream_contributes_to_connection_flow_control_) { connection_flow_controller_->AddBytesSent(bytes); @@ -862,6 +924,12 @@ void QuicStream::AddBytesConsumed(QuicByteCount bytes) { // QuicStreamSequencers used by QuicCryptoStream. return; } + if (!flow_controller_.has_value()) { + QUIC_BUG + << ENDPOINT + << "AddBytesConsumed called on non-crypto stream without flow control"; + return; + } // Only adjust stream level flow controller if still reading. if (!read_side_closed_) { flow_controller_->AddBytesConsumed(bytes); @@ -872,11 +940,27 @@ void QuicStream::AddBytesConsumed(QuicByteCount bytes) { } } -void QuicStream::UpdateSendWindowOffset(QuicStreamOffset new_window) { - if (flow_controller_->UpdateSendWindowOffset(new_window)) { +bool QuicStream::ConfigSendWindowOffset(QuicStreamOffset new_offset) { + if (!flow_controller_.has_value()) { + QUIC_BUG << ENDPOINT + << "ConfigSendWindowOffset called on stream without flow control"; + return false; + } + if (perspective_ == Perspective::IS_CLIENT && + session()->version().AllowsLowFlowControlLimits() && + new_offset < flow_controller_->send_window_offset()) { + OnUnrecoverableError( + QUIC_FLOW_CONTROL_INVALID_WINDOW, + quiche::QuicheStrCat("New stream max data ", new_offset, + " decreases current limit: ", + flow_controller_->send_window_offset())); + return false; + } + if (flow_controller_->UpdateSendWindowOffset(new_offset)) { // Let session unblock this stream. session_->MarkConnectionLevelWriteBlocked(id_); } + return true; } void QuicStream::AddRandomPaddingAfterFin() { @@ -999,7 +1083,7 @@ bool QuicStream::IsWaitingForAcks() const { (send_buffer_.stream_bytes_outstanding() || fin_outstanding_); } -size_t QuicStream::ReadableBytes() const { +QuicByteCount QuicStream::ReadableBytes() const { return sequencer_.ReadableBytes(); } @@ -1021,7 +1105,7 @@ void QuicStream::WriteBufferedData() { } // Size of buffered data. - size_t write_length = BufferedDataBytes(); + QuicByteCount write_length = BufferedDataBytes(); // A FIN with zero data payload should not be flow control blocked. bool fin_with_zero_data = (fin_buffered_ && write_length == 0); @@ -1029,7 +1113,14 @@ void QuicStream::WriteBufferedData() { bool fin = fin_buffered_; // How much data flow control permits to be written. - QuicByteCount send_window = flow_controller_->SendWindowSize(); + QuicByteCount send_window; + if (flow_controller_.has_value()) { + send_window = flow_controller_->SendWindowSize(); + } else { + send_window = std::numeric_limits<QuicByteCount>::max(); + QUIC_BUG << ENDPOINT + << "WriteBufferedData called on stream without flow control"; + } if (stream_contributes_to_connection_flow_control_) { send_window = std::min(send_window, connection_flow_controller_->SendWindowSize()); @@ -1046,13 +1137,10 @@ void QuicStream::WriteBufferedData() { fin = false; // Writing more data would be a violation of flow control. - write_length = static_cast<size_t>(send_window); + write_length = send_window; QUIC_DVLOG(1) << "stream " << id() << " shortens write length to " << write_length << " due to flow control"; } - if (!session_->write_with_transmission()) { - session_->SetTransmissionType(NOT_RETRANSMISSION); - } StreamSendingState state = fin ? FIN : NO_FIN; if (fin && add_random_padding_after_fin_) { @@ -1082,10 +1170,14 @@ void QuicStream::WriteBufferedData() { MaybeSendBlocked(); } if (fin && consumed_data.fin_consumed) { + DCHECK(!fin_sent_); fin_sent_ = true; fin_outstanding_ = true; if (fin_received_) { - session_->StreamDraining(id_); + DCHECK(!was_draining_); + session_->StreamDraining(id_, + /*unidirectional=*/type_ != BIDIRECTIONAL); + was_draining_ = true; } CloseWriteSide(); } else if (fin && !consumed_data.fin_consumed) { @@ -1124,7 +1216,7 @@ const QuicIntervalSet<QuicStreamOffset>& QuicStream::bytes_acked() const { return send_buffer_.bytes_acked(); } -void QuicStream::OnStreamDataConsumed(size_t bytes_consumed) { +void QuicStream::OnStreamDataConsumed(QuicByteCount bytes_consumed) { send_buffer_.OnStreamDataConsumed(bytes_consumed); } diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_stream.h b/chromium/net/third_party/quiche/src/quic/core/quic_stream.h index aa2e11d5a60..fe9d04c021f 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_stream.h +++ b/chromium/net/third_party/quiche/src/quic/core/quic_stream.h @@ -76,7 +76,7 @@ class QUIC_EXPORT_PRIVATE PendingStream const QuicStreamSequencer* sequencer() const { return &sequencer_; } - void MarkConsumed(size_t num_bytes); + void MarkConsumed(QuicByteCount num_bytes); // Tells the sequencer to ignore all incoming data itself and not call // OnDataAvailable(). @@ -165,10 +165,12 @@ class QUIC_EXPORT_PRIVATE QuicStream // stream to write any pending data. virtual void OnCanWrite(); - // Called by the session just before the object is destroyed. + // Called just before the object is destroyed. // The object should not be accessed after OnClose is called. // Sends a RST_STREAM with code QUIC_RST_ACKNOWLEDGEMENT if neither a FIN nor // a RST_STREAM has been sent. + // TODO(fayang): move this to protected when deprecating + // quic_break_session_stream_close_loop. virtual void OnClose(); // Called by the session when the endpoint receives a RST_STREAM from the @@ -199,7 +201,7 @@ class QUIC_EXPORT_PRIVATE QuicStream bool IsWaitingForAcks() const; // Number of bytes available to read. - size_t ReadableBytes() const; + QuicByteCount ReadableBytes() const; QuicRstStreamErrorCode stream_error() const { return stream_error_; } QuicErrorCode connection_error() const { return connection_error_; } @@ -224,8 +226,6 @@ class QUIC_EXPORT_PRIVATE QuicStream size_t busy_counter() const { return busy_counter_; } void set_busy_counter(size_t busy_counter) { busy_counter_ = busy_counter; } - void set_fin_sent(bool fin_sent) { fin_sent_ = fin_sent; } - void set_fin_received(bool fin_received) { fin_received_ = fin_received; } void set_rst_sent(bool rst_sent) { rst_sent_ = rst_sent; } void set_rst_received(bool rst_received) { rst_received_ = rst_received; } @@ -244,9 +244,8 @@ class QUIC_EXPORT_PRIVATE QuicStream // Returns true if the highest offset did increase. bool MaybeIncreaseHighestReceivedOffset(QuicStreamOffset new_offset); - // Updates the flow controller's send window offset and calls OnCanWrite if - // it was blocked before. - void UpdateSendWindowOffset(QuicStreamOffset new_offset); + // Set the flow controller's send window offset from session config. + bool ConfigSendWindowOffset(QuicStreamOffset new_offset); // Returns true if the stream has received either a RST_STREAM or a FIN - // either of which gives a definitive number of bytes which the peer has @@ -357,19 +356,23 @@ class QUIC_EXPORT_PRIVATE QuicStream // Does not send a FIN. May cause the stream to be closed. virtual void CloseWriteSide(); + // Close the read side of the stream. May cause the stream to be closed. + // Subclasses and consumers should use StopReading to terminate reading early + // if expecting a FIN. Can be used directly by subclasses if not expecting a + // FIN. + // TODO(fayang): move this to protected when removing + // QuicSession::CloseStream. + void CloseReadSide(); + // Returns true if the stream is static. bool is_static() const { return is_static_; } + bool was_draining() const { return was_draining_; } + static spdy::SpdyStreamPrecedence CalculateDefaultPriority( const QuicSession* session); protected: - // Close the read side of the socket. May cause the stream to be closed. - // Subclasses and consumers should use StopReading to terminate reading early - // if expecting a FIN. Can be used directly by subclasses if not expecting a - // FIN. - void CloseReadSide(); - // Called when data of [offset, offset + data_length] is buffered in send // buffer. virtual void OnDataBuffered( @@ -389,7 +392,7 @@ class QUIC_EXPORT_PRIVATE QuicStream virtual void OnCanWriteNewData() {} // Called when |bytes_consumed| bytes has been consumed. - virtual void OnStreamDataConsumed(size_t bytes_consumed); + virtual void OnStreamDataConsumed(QuicByteCount bytes_consumed); // Called by the stream sequencer as bytes are consumed from the buffer. // If the receive window has dropped below the threshold, then send a @@ -403,6 +406,10 @@ class QUIC_EXPORT_PRIVATE QuicStream // this virtual so that subclasses can implement their own logics. virtual void OnDeadlinePassed(); + // Called to set fin_sent_. This is only used by Google QUIC while body is + // empty. + void SetFinSent(); + StreamDelegateInterface* stream_delegate() { return stream_delegate_; } bool fin_buffered() const { return fin_buffered_; } @@ -532,6 +539,10 @@ class QUIC_EXPORT_PRIVATE QuicStream // If initialized, reset this stream at this deadline. QuicTime deadline_; + // True if this stream has entered draining state. Only used when + // quic_deprecate_draining_streams is true. + bool was_draining_; + // Indicates whether this stream is bidirectional, read unidirectional or // write unidirectional. const StreamType type_; diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_stream_id_manager.cc b/chromium/net/third_party/quiche/src/quic/core/quic_stream_id_manager.cc index c6869a23b12..ba31decd2b9 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_stream_id_manager.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_stream_id_manager.cc @@ -10,6 +10,7 @@ #include "net/third_party/quiche/src/quic/core/quic_constants.h" #include "net/third_party/quiche/src/quic/core/quic_session.h" #include "net/third_party/quiche/src/quic/core/quic_utils.h" +#include "net/third_party/quiche/src/quic/core/quic_versions.h" #include "net/third_party/quiche/src/quic/platform/api/quic_flag_utils.h" #include "net/third_party/quiche/src/quic/platform/api/quic_flags.h" #include "net/third_party/quiche/src/quic/platform/api/quic_logging.h" @@ -24,40 +25,31 @@ QuicStreamIdManager::QuicStreamIdManager( DelegateInterface* delegate, bool unidirectional, Perspective perspective, - QuicTransportVersion transport_version, + ParsedQuicVersion version, QuicStreamCount max_allowed_outgoing_streams, QuicStreamCount max_allowed_incoming_streams) : delegate_(delegate), unidirectional_(unidirectional), perspective_(perspective), - transport_version_(transport_version), + version_(version), outgoing_max_streams_(max_allowed_outgoing_streams), next_outgoing_stream_id_(GetFirstOutgoingStreamId()), outgoing_stream_count_(0), incoming_actual_max_streams_(max_allowed_incoming_streams), - // Advertised max starts at actual because it's communicated in the - // handshake. incoming_advertised_max_streams_(max_allowed_incoming_streams), incoming_initial_max_open_streams_(max_allowed_incoming_streams), incoming_stream_count_(0), largest_peer_created_stream_id_( - QuicUtils::GetInvalidStreamId(transport_version)), - max_streams_window_(0) { - CalculateIncomingMaxStreamsWindow(); -} + QuicUtils::GetInvalidStreamId(version.transport_version)) {} QuicStreamIdManager::~QuicStreamIdManager() {} -// The peer sends a streams blocked frame when it can not open any more -// streams because it has runs into the limit. bool QuicStreamIdManager::OnStreamsBlockedFrame( const QuicStreamsBlockedFrame& frame, std::string* error_details) { - // Ensure that the frame has the correct directionality. DCHECK_EQ(frame.unidirectional, unidirectional_); if (frame.stream_count > incoming_advertised_max_streams_) { // Peer thinks it can send more streams that we've told it. - // This is a protocol error. *error_details = quiche::QuicheStrCat( "StreamsBlockedFrame's stream count ", frame.stream_count, " exceeds incoming max stream ", incoming_advertised_max_streams_); @@ -65,8 +57,7 @@ bool QuicStreamIdManager::OnStreamsBlockedFrame( } if (frame.stream_count < incoming_actual_max_streams_) { // Peer thinks it's blocked on a stream count that is less than our current - // max. Inform the peer of the correct stream count. Sending a MAX_STREAMS - // frame in this case is not controlled by the window. + // max. Inform the peer of the correct stream count. SendMaxStreamsFrame(); } return true; @@ -90,8 +81,9 @@ bool QuicStreamIdManager::MaybeAllowNewOutgoingStreams( void QuicStreamIdManager::SetMaxOpenIncomingStreams( QuicStreamCount max_open_streams) { QUIC_BUG_IF(incoming_stream_count_ > 0) - << "non-zero stream count when setting max incoming stream."; - QUIC_LOG_IF(WARNING, incoming_initial_max_open_streams_ != max_open_streams) + << "non-zero incoming stream count " << incoming_stream_count_ + << " when setting max incoming stream to " << max_open_streams; + QUIC_DLOG_IF(WARNING, incoming_initial_max_open_streams_ != max_open_streams) << quiche::QuicheStrCat( unidirectional_ ? "unidirectional " : "bidirectional: ", "incoming stream limit changed from ", @@ -99,12 +91,12 @@ void QuicStreamIdManager::SetMaxOpenIncomingStreams( incoming_actual_max_streams_ = max_open_streams; incoming_advertised_max_streams_ = max_open_streams; incoming_initial_max_open_streams_ = max_open_streams; - CalculateIncomingMaxStreamsWindow(); } void QuicStreamIdManager::MaybeSendMaxStreamsFrame() { if ((incoming_advertised_max_streams_ - incoming_stream_count_) > - max_streams_window_) { + (incoming_initial_max_open_streams_ / + GetQuicFlag(FLAGS_quic_max_streams_window_divisor))) { // window too large, no advertisement return; } @@ -118,39 +110,36 @@ void QuicStreamIdManager::SendMaxStreamsFrame() { void QuicStreamIdManager::OnStreamClosed(QuicStreamId stream_id) { DCHECK_NE(QuicUtils::IsBidirectionalStreamId(stream_id), unidirectional_); - if (!IsIncomingStream(stream_id)) { + if (QuicUtils::IsOutgoingStreamId(version_, stream_id, perspective_)) { // Nothing to do for outgoing streams. return; } // If the stream is inbound, we can increase the actual stream limit and maybe - // advertise the new limit to the peer. Have to check to make sure that we do - // not exceed the maximum. + // advertise the new limit to the peer. if (incoming_actual_max_streams_ == QuicUtils::GetMaxStreamCount()) { // Reached the maximum stream id value that the implementation // supports. Nothing can be done here. return; } - // One stream closed ... another can be opened. + // One stream closed, and another one can be opened. incoming_actual_max_streams_++; MaybeSendMaxStreamsFrame(); } QuicStreamId QuicStreamIdManager::GetNextOutgoingStreamId() { - // Applications should always consult CanOpenNextOutgoingStream() first. - // If they ask for stream ids that violate the limit, it's an implementation - // bug. QUIC_BUG_IF(outgoing_stream_count_ >= outgoing_max_streams_) << "Attempt to allocate a new outgoing stream that would exceed the " "limit (" << outgoing_max_streams_ << ")"; QuicStreamId id = next_outgoing_stream_id_; - next_outgoing_stream_id_ += QuicUtils::StreamIdDelta(transport_version_); + next_outgoing_stream_id_ += + QuicUtils::StreamIdDelta(version_.transport_version); outgoing_stream_count_++; return id; } bool QuicStreamIdManager::CanOpenNextOutgoingStream() const { - DCHECK(VersionHasIetfQuicFrames(transport_version_)); + DCHECK(VersionHasIetfQuicFrames(version_.transport_version)); return outgoing_stream_count_ < outgoing_max_streams_; } @@ -159,23 +148,25 @@ bool QuicStreamIdManager::MaybeIncreaseLargestPeerStreamId( std::string* error_details) { // |stream_id| must be an incoming stream of the right directionality. DCHECK_NE(QuicUtils::IsBidirectionalStreamId(stream_id), unidirectional_); - DCHECK_NE(QuicUtils::IsServerInitiatedStreamId(transport_version_, stream_id), - perspective() == Perspective::IS_SERVER); + DCHECK_NE(QuicUtils::IsServerInitiatedStreamId(version_.transport_version, + stream_id), + perspective_ == Perspective::IS_SERVER); if (available_streams_.erase(stream_id) == 1) { // stream_id is available. return true; } if (largest_peer_created_stream_id_ != - QuicUtils::GetInvalidStreamId(transport_version_)) { + QuicUtils::GetInvalidStreamId(version_.transport_version)) { DCHECK_GT(stream_id, largest_peer_created_stream_id_); } // Calculate increment of incoming_stream_count_ by creating stream_id. - const QuicStreamCount delta = QuicUtils::StreamIdDelta(transport_version_); + const QuicStreamCount delta = + QuicUtils::StreamIdDelta(version_.transport_version); const QuicStreamId least_new_stream_id = largest_peer_created_stream_id_ == - QuicUtils::GetInvalidStreamId(transport_version_) + QuicUtils::GetInvalidStreamId(version_.transport_version) ? GetFirstIncomingStreamId() : largest_peer_created_stream_id_ + delta; const QuicStreamCount stream_count_increment = @@ -203,59 +194,36 @@ bool QuicStreamIdManager::MaybeIncreaseLargestPeerStreamId( bool QuicStreamIdManager::IsAvailableStream(QuicStreamId id) const { DCHECK_NE(QuicUtils::IsBidirectionalStreamId(id), unidirectional_); - if (!IsIncomingStream(id)) { + if (QuicUtils::IsOutgoingStreamId(version_, id, perspective_)) { // Stream IDs under next_ougoing_stream_id_ are either open or previously // open but now closed. return id >= next_outgoing_stream_id_; } // For peer created streams, we also need to consider available streams. return largest_peer_created_stream_id_ == - QuicUtils::GetInvalidStreamId(transport_version_) || + QuicUtils::GetInvalidStreamId(version_.transport_version) || id > largest_peer_created_stream_id_ || QuicContainsKey(available_streams_, id); } -bool QuicStreamIdManager::IsIncomingStream(QuicStreamId id) const { - DCHECK_NE(QuicUtils::IsBidirectionalStreamId(id), unidirectional_); - // The 0x1 bit in the stream id indicates whether the stream id is - // server- or client- initiated. Next_OUTGOING_stream_id_ has that bit - // set based on whether this node is a server or client. Thus, if the stream - // id in question has the 0x1 bit set opposite of next_OUTGOING_stream_id_, - // then that stream id is incoming -- it is for streams initiated by the peer. - return (id & 0x1) != (next_outgoing_stream_id_ & 0x1); -} - QuicStreamId QuicStreamIdManager::GetFirstOutgoingStreamId() const { return (unidirectional_) ? QuicUtils::GetFirstUnidirectionalStreamId( - transport_version_, perspective()) + version_.transport_version, perspective_) : QuicUtils::GetFirstBidirectionalStreamId( - transport_version_, perspective()); + version_.transport_version, perspective_); } QuicStreamId QuicStreamIdManager::GetFirstIncomingStreamId() const { return (unidirectional_) ? QuicUtils::GetFirstUnidirectionalStreamId( - transport_version_, peer_perspective()) + version_.transport_version, + QuicUtils::InvertPerspective(perspective_)) : QuicUtils::GetFirstBidirectionalStreamId( - transport_version_, peer_perspective()); -} - -Perspective QuicStreamIdManager::perspective() const { - return perspective_; + version_.transport_version, + QuicUtils::InvertPerspective(perspective_)); } -Perspective QuicStreamIdManager::peer_perspective() const { - return QuicUtils::InvertPerspective(perspective()); -} - -QuicStreamCount QuicStreamIdManager::available_incoming_streams() { +QuicStreamCount QuicStreamIdManager::available_incoming_streams() const { return incoming_advertised_max_streams_ - incoming_stream_count_; } -void QuicStreamIdManager::CalculateIncomingMaxStreamsWindow() { - max_streams_window_ = incoming_actual_max_streams_ / kMaxStreamsWindowDivisor; - if (max_streams_window_ == 0) { - max_streams_window_ = 1; - } -} - } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_stream_id_manager.h b/chromium/net/third_party/quiche/src/quic/core/quic_stream_id_manager.h index fa4b1a06b47..9e6ef20112a 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_stream_id_manager.h +++ b/chromium/net/third_party/quiche/src/quic/core/quic_stream_id_manager.h @@ -17,16 +17,7 @@ class QuicSessionPeer; class QuicStreamIdManagerPeer; } // namespace test -// Amount to increment a stream ID value to get the next stream ID in -// the stream ID space. -const QuicStreamId kV99StreamIdIncrement = 4; - -// This constant controls the size of the window when deciding whether -// to generate a MAX_STREAMS frame or not. See the discussion of the -// window, below, for more details. -const int kMaxStreamsWindowDivisor = 2; - -// This class manages the stream ids for Version 99/IETF QUIC. +// This class manages the stream ids for IETF QUIC. class QUIC_EXPORT_PRIVATE QuicStreamIdManager { public: class QUIC_EXPORT_PRIVATE DelegateInterface { @@ -41,7 +32,7 @@ class QUIC_EXPORT_PRIVATE QuicStreamIdManager { QuicStreamIdManager(DelegateInterface* delegate, bool unidirectional, Perspective perspective, - QuicTransportVersion transport_version, + ParsedQuicVersion version, QuicStreamCount max_allowed_outgoing_streams, QuicStreamCount max_allowed_incoming_streams); @@ -52,7 +43,7 @@ class QUIC_EXPORT_PRIVATE QuicStreamIdManager { std::string DebugString() const { return quiche::QuicheStrCat( " { unidirectional_: ", unidirectional_, - ", perspective: ", perspective(), + ", perspective: ", perspective_, ", outgoing_max_streams_: ", outgoing_max_streams_, ", next_outgoing_stream_id_: ", next_outgoing_stream_id_, ", outgoing_stream_count_: ", outgoing_stream_count_, @@ -62,7 +53,7 @@ class QUIC_EXPORT_PRIVATE QuicStreamIdManager { ", incoming_stream_count_: ", incoming_stream_count_, ", available_streams_.size(): ", available_streams_.size(), ", largest_peer_created_stream_id_: ", largest_peer_created_stream_id_, - ", max_streams_window_: ", max_streams_window_, " }"); + " }"); } // Processes the STREAMS_BLOCKED frame. If error is encountered, populates @@ -70,7 +61,7 @@ class QUIC_EXPORT_PRIVATE QuicStreamIdManager { bool OnStreamsBlockedFrame(const QuicStreamsBlockedFrame& frame, std::string* error_details); - // Indicates whether the next outgoing stream ID can be allocated or not. + // Returns whether the next outgoing stream ID can be allocated or not. bool CanOpenNextOutgoingStream() const; // Generate and send a MAX_STREAMS frame. @@ -83,8 +74,7 @@ class QUIC_EXPORT_PRIVATE QuicStreamIdManager { void OnStreamClosed(QuicStreamId stream_id); // Returns the next outgoing stream id. Applications must call - // CanOpenNextOutgoingStream() first. A QUIC_BUG is logged if this method - // allocates a stream ID past the peer specified limit. + // CanOpenNextOutgoingStream() first. QuicStreamId GetNextOutgoingStreamId(); void SetMaxOpenIncomingStreams(QuicStreamCount max_open_streams); @@ -95,42 +85,28 @@ class QUIC_EXPORT_PRIVATE QuicStreamIdManager { bool MaybeAllowNewOutgoingStreams(QuicStreamCount max_open_streams); // Checks if the incoming stream ID exceeds the MAX_STREAMS limit. If the - // limit is exceeded, populates |error_detials| and returns false. Uses the - // actual maximium, not the most recently advertised value, in order to - // enforce the Google-QUIC number of open streams behavior. - // This method should be called exactly once for each incoming stream - // creation. + // limit is exceeded, populates |error_detials| and returns false. bool MaybeIncreaseLargestPeerStreamId(const QuicStreamId stream_id, std::string* error_details); // Returns true if |id| is still available. bool IsAvailableStream(QuicStreamId id) const; - // Return true if given stream is peer initiated. - bool IsIncomingStream(QuicStreamId id) const; - QuicStreamCount incoming_initial_max_open_streams() const { return incoming_initial_max_open_streams_; } - QuicStreamCount max_streams_window() const { return max_streams_window_; } - QuicStreamId next_outgoing_stream_id() const { return next_outgoing_stream_id_; } // Number of streams that the peer believes that it can still create. - QuicStreamCount available_incoming_streams(); + QuicStreamCount available_incoming_streams() const; QuicStreamId largest_peer_created_stream_id() const { return largest_peer_created_stream_id_; } - // These are the limits for outgoing and incoming streams, - // respectively. For incoming there are two limits, what has - // been advertised to the peer and what is actually available. - // The advertised incoming amount should never be more than the actual - // incoming one. QuicStreamCount outgoing_max_streams() const { return outgoing_max_streams_; } QuicStreamCount incoming_actual_max_streams() const { return incoming_actual_max_streams_; @@ -138,13 +114,9 @@ class QUIC_EXPORT_PRIVATE QuicStreamIdManager { QuicStreamCount incoming_advertised_max_streams() const { return incoming_advertised_max_streams_; } - // Number of streams that have been opened (including those that have been - // opened and then closed. Must never exceed outgoing_max_streams - QuicStreamCount outgoing_stream_count() { return outgoing_stream_count_; } - - // Perspective (CLIENT/SERVER) of this node and the peer, respectively. - Perspective perspective() const; - Perspective peer_perspective() const; + QuicStreamCount outgoing_stream_count() const { + return outgoing_stream_count_; + } private: friend class test::QuicSessionPeer; @@ -160,10 +132,7 @@ class QUIC_EXPORT_PRIVATE QuicStreamIdManager { QuicStreamId GetFirstOutgoingStreamId() const; QuicStreamId GetFirstIncomingStreamId() const; - void CalculateIncomingMaxStreamsWindow(); - // Back reference to the session containing this Stream ID Manager. - // needed to access various session methods, such as perspective() DelegateInterface* delegate_; // Whether this stream id manager is for unidrectional (true) or bidirectional @@ -173,14 +142,12 @@ class QUIC_EXPORT_PRIVATE QuicStreamIdManager { // Is this manager a client or a server. const Perspective perspective_; - // Transport version used for this manager. - const QuicTransportVersion transport_version_; + // QUIC version used for this manager. + const ParsedQuicVersion version_; - // This is the number of streams that this node can initiate. - // This limit is: - // - Initiated to a value specified in the constructor - // - May be updated when the config is received. - // - Is updated whenever a MAX STREAMS frame is received. + // The number of streams that this node can initiate. + // This limit is first set when config is negotiated, but may be updated upon + // receiving MAX_STREAMS frame. QuicStreamCount outgoing_max_streams_; // The ID to use for the next outgoing stream. @@ -193,31 +160,25 @@ class QUIC_EXPORT_PRIVATE QuicStreamIdManager { // FOR INCOMING STREAMS - // The maximum number of streams that can be opened by the peer. + // The actual maximum number of streams that can be opened by the peer. QuicStreamCount incoming_actual_max_streams_; + // Max incoming stream number that has been advertised to the peer and is <= + // incoming_actual_max_streams_. It is set to incoming_actual_max_streams_ + // when a MAX_STREAMS is sent. QuicStreamCount incoming_advertised_max_streams_; // Initial maximum on the number of open streams allowed. QuicStreamCount incoming_initial_max_open_streams_; - // This is the number of streams that have been created -- some are still - // open, the others have been closed. It is the number that is compared - // against MAX_STREAMS when deciding whether to accept a new stream or not. + // The number of streams that have been created, including open ones and + // closed ones. QuicStreamCount incoming_stream_count_; // Set of stream ids that are less than the largest stream id that has been // received, but are nonetheless available to be created. - QuicUnorderedSet<QuicStreamId> available_streams_; + QuicHashSet<QuicStreamId> available_streams_; QuicStreamId largest_peer_created_stream_id_; - - // When incoming streams close the local node sends MAX_STREAMS frames. It - // does so only when the peer can open fewer than |max_stream_id_window_| - // streams. That is, when |incoming_actual_max_streams_| - - // |incoming_advertised_max_streams_| is less than the window. - // max_streams_window_ is set to 1/2 of the initial number of incoming streams - // that are allowed (as set in the constructor). - QuicStreamId max_streams_window_; }; } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_stream_id_manager_test.cc b/chromium/net/third_party/quiche/src/quic/core/quic_stream_id_manager_test.cc index 3207e59558b..2179ba2c860 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_stream_id_manager_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_stream_id_manager_test.cc @@ -24,8 +24,10 @@ namespace { class MockDelegate : public QuicStreamIdManager::DelegateInterface { public: - MOCK_METHOD2(SendMaxStreams, - void(QuicStreamCount stream_count, bool unidirectional)); + MOCK_METHOD(void, + SendMaxStreams, + (QuicStreamCount stream_count, bool unidirectional), + (override)); }; struct TestParams { @@ -71,7 +73,7 @@ class QuicStreamIdManagerTest : public QuicTestWithParam<TestParams> { : stream_id_manager_(&delegate_, IsUnidirectional(), perspective(), - transport_version(), + GetParam().version, 0, kDefaultMaxStreamsPerConnection) { DCHECK(VersionHasIetfQuicFrames(transport_version())); @@ -84,7 +86,7 @@ class QuicStreamIdManagerTest : public QuicTestWithParam<TestParams> { // Returns the stream ID for the Nth incoming stream (created by the peer) // of the corresponding directionality of this manager. QuicStreamId GetNthIncomingStreamId(int n) { - return kV99StreamIdIncrement * n + + return QuicUtils::StreamIdDelta(transport_version()) * n + (IsUnidirectional() ? QuicUtils::GetFirstUnidirectionalStreamId( transport_version(), @@ -115,11 +117,6 @@ TEST_P(QuicStreamIdManagerTest, Initialization) { stream_id_manager_.incoming_advertised_max_streams()); EXPECT_EQ(kDefaultMaxStreamsPerConnection, stream_id_manager_.incoming_initial_max_open_streams()); - - // The window for advertising updates to the MAX STREAM ID is half the number - // of streams allowed. - EXPECT_EQ(kDefaultMaxStreamsPerConnection / 2, - stream_id_manager_.max_streams_window()); } // This test checks that the stream advertisement window is set to 1 @@ -128,7 +125,6 @@ TEST_P(QuicStreamIdManagerTest, CheckMaxStreamsWindowForSingleStream) { stream_id_manager_.SetMaxOpenIncomingStreams(1); EXPECT_EQ(1u, stream_id_manager_.incoming_initial_max_open_streams()); EXPECT_EQ(1u, stream_id_manager_.incoming_actual_max_streams()); - EXPECT_EQ(1u, stream_id_manager_.max_streams_window()); } TEST_P(QuicStreamIdManagerTest, CheckMaxStreamsBadValuesOverMaxFailsOutgoing) { @@ -279,18 +275,17 @@ TEST_P(QuicStreamIdManagerTest, GetNextOutgoingStream) { EXPECT_TRUE( stream_id_manager_.MaybeAllowNewOutgoingStreams(number_of_streams)); - QuicStreamId stream_id = - IsUnidirectional() - ? QuicUtils::GetFirstUnidirectionalStreamId( - transport_version(), stream_id_manager_.perspective()) - : QuicUtils::GetFirstBidirectionalStreamId( - transport_version(), stream_id_manager_.perspective()); + QuicStreamId stream_id = IsUnidirectional() + ? QuicUtils::GetFirstUnidirectionalStreamId( + transport_version(), perspective()) + : QuicUtils::GetFirstBidirectionalStreamId( + transport_version(), perspective()); EXPECT_EQ(number_of_streams, stream_id_manager_.outgoing_max_streams()); while (number_of_streams) { EXPECT_TRUE(stream_id_manager_.CanOpenNextOutgoingStream()); EXPECT_EQ(stream_id, stream_id_manager_.GetNextOutgoingStreamId()); - stream_id += kV99StreamIdIncrement; + stream_id += QuicUtils::StreamIdDelta(transport_version()); number_of_streams--; } @@ -316,23 +311,21 @@ TEST_P(QuicStreamIdManagerTest, MaybeIncreaseLargestPeerStreamId) { // A bad stream ID results in a closed connection. std::string error_details; EXPECT_FALSE(stream_id_manager_.MaybeIncreaseLargestPeerStreamId( - max_stream_id + kV99StreamIdIncrement, &error_details)); - EXPECT_EQ( - error_details, - quiche::QuicheStrCat("Stream id ", max_stream_id + kV99StreamIdIncrement, - " would exceed stream count limit 100")); + max_stream_id + QuicUtils::StreamIdDelta(transport_version()), + &error_details)); + EXPECT_EQ(error_details, + quiche::QuicheStrCat( + "Stream id ", + max_stream_id + QuicUtils::StreamIdDelta(transport_version()), + " would exceed stream count limit 100")); } TEST_P(QuicStreamIdManagerTest, MaxStreamsWindow) { - // Test that a MAX_STREAMS frame is generated when the peer has less than - // |max_streams_window_| streams left that it can initiate. - - // First, open, and then close, max_streams_window_ streams. This will - // max_streams_window_ streams available for the peer -- no MAX_STREAMS - // should be sent. The -1 is because the check in - // QuicStreamIdManager::MaybeSendMaxStreamsFrame sends a MAX_STREAMS if the - // number of available streams at the peer is <= |max_streams_window_| - int stream_count = stream_id_manager_.max_streams_window() - 1; + // Open and then close a number of streams to get close to the threshold of + // sending a MAX_STREAM_FRAME. + int stream_count = stream_id_manager_.incoming_initial_max_open_streams() / + GetQuicFlag(FLAGS_quic_max_streams_window_divisor) - + 1; // Should not get a control-frame transmission since the peer should have // "plenty" of stream IDs to use. @@ -342,7 +335,8 @@ TEST_P(QuicStreamIdManagerTest, MaxStreamsWindow) { QuicStreamId stream_id = GetNthIncomingStreamId(0); size_t old_available_incoming_streams = stream_id_manager_.available_incoming_streams(); - while (stream_count) { + auto i = stream_count; + while (i) { EXPECT_TRUE(stream_id_manager_.MaybeIncreaseLargestPeerStreamId(stream_id, nullptr)); @@ -352,12 +346,11 @@ TEST_P(QuicStreamIdManagerTest, MaxStreamsWindow) { EXPECT_EQ(old_available_incoming_streams, stream_id_manager_.available_incoming_streams()); - stream_count--; - stream_id += kV99StreamIdIncrement; + i--; + stream_id += QuicUtils::StreamIdDelta(transport_version()); } // Now close them, still should get no MAX_STREAMS - stream_count = stream_id_manager_.max_streams_window(); stream_id = GetNthIncomingStreamId(0); QuicStreamCount expected_actual_max = stream_id_manager_.incoming_actual_max_streams(); @@ -366,7 +359,7 @@ TEST_P(QuicStreamIdManagerTest, MaxStreamsWindow) { while (stream_count) { stream_id_manager_.OnStreamClosed(stream_id); stream_count--; - stream_id += kV99StreamIdIncrement; + stream_id += QuicUtils::StreamIdDelta(transport_version()); expected_actual_max++; EXPECT_EQ(expected_actual_max, stream_id_manager_.incoming_actual_max_streams()); @@ -418,24 +411,21 @@ TEST_P(QuicStreamIdManagerTest, MaxStreamsSlidingWindow) { stream_id_manager_.incoming_advertised_max_streams(); // Open/close enough streams to shrink the window without causing a MAX - // STREAMS to be generated. The window will open (and a MAX STREAMS generated) - // when max_streams_window() stream IDs have been made available. The loop + // STREAMS to be generated. The loop // will make that many stream IDs available, so the last CloseStream should - // cause a MAX STREAMS frame to be generated. - int i = static_cast<int>(stream_id_manager_.max_streams_window()); + int i = + static_cast<int>(stream_id_manager_.incoming_initial_max_open_streams() / + GetQuicFlag(FLAGS_quic_max_streams_window_divisor)); QuicStreamId id = QuicStreamIdManagerPeer::GetFirstIncomingStreamId(&stream_id_manager_); - EXPECT_CALL( - delegate_, - SendMaxStreams(first_advert + stream_id_manager_.max_streams_window(), - IsUnidirectional())); + EXPECT_CALL(delegate_, SendMaxStreams(first_advert + i, IsUnidirectional())); while (i) { EXPECT_TRUE( stream_id_manager_.MaybeIncreaseLargestPeerStreamId(id, nullptr)); stream_id_manager_.OnStreamClosed(id); i--; - id += kV99StreamIdIncrement; + id += QuicUtils::StreamIdDelta(transport_version()); } } diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_stream_sequencer.h b/chromium/net/third_party/quiche/src/quic/core/quic_stream_sequencer.h index 50b5b68eaed..a74526b949e 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_stream_sequencer.h +++ b/chromium/net/third_party/quiche/src/quic/core/quic_stream_sequencer.h @@ -50,6 +50,7 @@ class QUIC_EXPORT_PRIVATE QuicStreamSequencer { QuicStreamSequencer(const QuicStreamSequencer&) = delete; QuicStreamSequencer(QuicStreamSequencer&&) = default; QuicStreamSequencer& operator=(const QuicStreamSequencer&) = delete; + QuicStreamSequencer& operator=(QuicStreamSequencer&&) = default; virtual ~QuicStreamSequencer(); // If the frame is the next one we need in order to process in-order data, diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_stream_sequencer_buffer.h b/chromium/net/third_party/quiche/src/quic/core/quic_stream_sequencer_buffer.h index 356b62fccc9..0ad984117de 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_stream_sequencer_buffer.h +++ b/chromium/net/third_party/quiche/src/quic/core/quic_stream_sequencer_buffer.h @@ -94,6 +94,7 @@ class QUIC_EXPORT_PRIVATE QuicStreamSequencerBuffer { QuicStreamSequencerBuffer(QuicStreamSequencerBuffer&&) = default; QuicStreamSequencerBuffer& operator=(const QuicStreamSequencerBuffer&) = delete; + QuicStreamSequencerBuffer& operator=(QuicStreamSequencerBuffer&&) = default; ~QuicStreamSequencerBuffer(); // Free the space used to buffer data. @@ -212,10 +213,10 @@ class QUIC_EXPORT_PRIVATE QuicStreamSequencerBuffer { std::string ReceivedFramesDebugString() const; // The maximum total capacity of this buffer in byte, as constructed. - const size_t max_buffer_capacity_bytes_; + size_t max_buffer_capacity_bytes_; // How many blocks this buffer would need when it reaches full capacity. - const size_t blocks_count_; + size_t blocks_count_; // Number of bytes read out of buffer. QuicStreamOffset total_bytes_read_; diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_stream_sequencer_test.cc b/chromium/net/third_party/quiche/src/quic/core/quic_stream_sequencer_test.cc index 188eb86f6fe..bdf141267a7 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_stream_sequencer_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_stream_sequencer_test.cc @@ -31,13 +31,14 @@ namespace test { class MockStream : public QuicStreamSequencer::StreamInterface { public: - MOCK_METHOD0(OnFinRead, void()); - MOCK_METHOD0(OnDataAvailable, void()); - MOCK_METHOD2(OnUnrecoverableError, - void(QuicErrorCode error, const std::string& details)); - MOCK_METHOD1(Reset, void(QuicRstStreamErrorCode error)); - MOCK_METHOD0(OnCanWrite, void()); - MOCK_METHOD1(AddBytesConsumed, void(QuicByteCount bytes)); + MOCK_METHOD(void, OnFinRead, (), (override)); + MOCK_METHOD(void, OnDataAvailable, (), (override)); + MOCK_METHOD(void, + OnUnrecoverableError, + (QuicErrorCode error, const std::string& details), + (override)); + MOCK_METHOD(void, Reset, (QuicRstStreamErrorCode error), (override)); + MOCK_METHOD(void, AddBytesConsumed, (QuicByteCount bytes), (override)); QuicStreamId id() const override { return 1; } }; diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_stream_test.cc b/chromium/net/third_party/quiche/src/quic/core/quic_stream_test.cc index eea7b15113e..f30a3be7216 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_stream_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_stream_test.cc @@ -49,7 +49,7 @@ namespace { const char kData1[] = "FooAndBar"; const char kData2[] = "EepAndBaz"; -const size_t kDataLen = 9; +const QuicByteCount kDataLen = 9; class TestStream : public QuicStream { public: @@ -61,9 +61,9 @@ class TestStream : public QuicStream { TestStream(PendingStream* pending, StreamType type, bool is_static) : QuicStream(pending, type, is_static) {} - MOCK_METHOD0(OnDataAvailable, void()); + MOCK_METHOD(void, OnDataAvailable, (), (override)); - MOCK_METHOD0(OnCanWriteNewData, void()); + MOCK_METHOD(void, OnCanWriteNewData, (), (override)); using QuicStream::CanWriteNewData; using QuicStream::CanWriteNewDataAfterData; @@ -125,7 +125,7 @@ class QuicStreamTest : public QuicTestWithParam<ParsedQuicVersion> { QuicConsumedData CloseStreamOnWriteError( QuicStreamId id, - size_t /*write_length*/, + QuicByteCount /*write_length*/, QuicStreamOffset /*offset*/, StreamSendingState /*state*/, TransmissionType /*type*/, @@ -271,7 +271,7 @@ TEST_P(QuicStreamTest, FromPendingStreamThenData) { TEST_P(QuicStreamTest, WriteAllData) { Initialize(); - size_t length = + QuicByteCount length = 1 + QuicPacketCreator::StreamFramePacketOverhead( connection_->transport_version(), PACKET_8BYTE_CONNECTION_ID, PACKET_0BYTE_CONNECTION_ID, !kIncludeVersion, @@ -360,7 +360,7 @@ TEST_P(QuicStreamTest, WriteOrBufferData) { Initialize(); EXPECT_FALSE(HasWriteBlockedStreams()); - size_t length = + QuicByteCount length = 1 + QuicPacketCreator::StreamFramePacketOverhead( connection_->transport_version(), PACKET_8BYTE_CONNECTION_ID, PACKET_0BYTE_CONNECTION_ID, !kIncludeVersion, @@ -455,7 +455,12 @@ TEST_P(QuicStreamTest, RstAlwaysSentIfNoFinSent) { // Now close the stream, and expect that we send a RST. EXPECT_CALL(*session_, SendRstStream(_, _, _)); - stream_->OnClose(); + if (session_->break_close_loop()) { + stream_->CloseReadSide(); + stream_->CloseWriteSide(); + } else { + stream_->OnClose(); + } EXPECT_FALSE(session_->HasUnackedStreamData()); EXPECT_FALSE(fin_sent()); EXPECT_TRUE(rst_sent()); @@ -482,7 +487,12 @@ TEST_P(QuicStreamTest, RstNotSentIfFinSent) { EXPECT_FALSE(rst_sent()); // Now close the stream, and expect that we do not send a RST. - stream_->OnClose(); + if (session_->break_close_loop()) { + stream_->CloseReadSide(); + stream_->CloseWriteSide(); + } else { + stream_->OnClose(); + } EXPECT_TRUE(fin_sent()); EXPECT_FALSE(rst_sent()); } @@ -506,7 +516,12 @@ TEST_P(QuicStreamTest, OnlySendOneRst) { // Now close the stream (any further resets being sent would break the // expectation above). - stream_->OnClose(); + if (session_->break_close_loop()) { + stream_->CloseReadSide(); + stream_->CloseWriteSide(); + } else { + stream_->OnClose(); + } EXPECT_FALSE(fin_sent()); EXPECT_TRUE(rst_sent()); } @@ -642,7 +657,12 @@ TEST_P(QuicStreamTest, InvalidFinalByteOffsetFromRst) { CloseConnection(QUIC_FLOW_CONTROL_RECEIVED_TOO_MUCH_DATA, _, _)); stream_->OnStreamReset(rst_frame); EXPECT_TRUE(stream_->HasReceivedFinalOffset()); - stream_->OnClose(); + if (session_->break_close_loop()) { + stream_->CloseReadSide(); + stream_->CloseWriteSide(); + } else { + stream_->OnClose(); + } } TEST_P(QuicStreamTest, FinalByteOffsetFromZeroLengthStreamFrame) { @@ -734,7 +754,7 @@ TEST_P(QuicStreamTest, SetDrainingIncomingOutgoing) { EXPECT_FALSE(QuicStreamPeer::read_side_closed(stream_)); EXPECT_FALSE(stream_->reading_stopped()); - EXPECT_EQ(1u, session_->GetNumOpenIncomingStreams()); + EXPECT_EQ(1u, QuicSessionPeer::GetNumOpenDynamicStreams(session_.get())); // Outgoing data with FIN. EXPECT_CALL(*session_, WritevData(kTestStreamId, _, _, _, _, _)) @@ -746,9 +766,8 @@ TEST_P(QuicStreamTest, SetDrainingIncomingOutgoing) { nullptr); EXPECT_TRUE(stream_->write_side_closed()); - EXPECT_EQ(1u, QuicSessionPeer::GetDrainingStreams(session_.get()) - ->count(kTestStreamId)); - EXPECT_EQ(0u, session_->GetNumOpenIncomingStreams()); + EXPECT_EQ(1u, session_->GetNumDrainingStreams()); + EXPECT_EQ(0u, QuicSessionPeer::GetNumOpenDynamicStreams(session_.get())); } TEST_P(QuicStreamTest, SetDrainingOutgoingIncoming) { @@ -765,7 +784,7 @@ TEST_P(QuicStreamTest, SetDrainingOutgoingIncoming) { nullptr); EXPECT_TRUE(stream_->write_side_closed()); - EXPECT_EQ(1u, session_->GetNumOpenIncomingStreams()); + EXPECT_EQ(1u, QuicSessionPeer::GetNumOpenDynamicStreams(session_.get())); // Incoming data with FIN. QuicStreamFrame stream_frame_with_fin(stream_->id(), true, 1234, "."); @@ -775,9 +794,8 @@ TEST_P(QuicStreamTest, SetDrainingOutgoingIncoming) { EXPECT_FALSE(QuicStreamPeer::read_side_closed(stream_)); EXPECT_FALSE(stream_->reading_stopped()); - EXPECT_EQ(1u, QuicSessionPeer::GetDrainingStreams(session_.get()) - ->count(kTestStreamId)); - EXPECT_EQ(0u, session_->GetNumOpenIncomingStreams()); + EXPECT_EQ(1u, session_->GetNumDrainingStreams()); + EXPECT_EQ(0u, QuicSessionPeer::GetNumOpenDynamicStreams(session_.get())); } TEST_P(QuicStreamTest, EarlyResponseFinHandling) { @@ -1058,8 +1076,9 @@ TEST_P(QuicStreamTest, WriteBufferedData) { EXPECT_FALSE(stream_->CanWriteNewData()); // Send buffered data to make buffered data size < threshold. - size_t data_to_write = 3 * data.length() - 200 - - GetQuicFlag(FLAGS_quic_buffered_data_threshold) + 1; + QuicByteCount data_to_write = + 3 * data.length() - 200 - + GetQuicFlag(FLAGS_quic_buffered_data_threshold) + 1; EXPECT_CALL(*session_, WritevData(_, _, _, _, _, _)) .WillOnce(InvokeWithoutArgs([this, data_to_write]() { return session_->ConsumeData(stream_->id(), data_to_write, 200u, NO_FIN, @@ -1192,8 +1211,9 @@ TEST_P(QuicStreamTest, WriteMemSlices) { EXPECT_EQ(2 * QUICHE_ARRAYSIZE(data) - 100, stream_->BufferedDataBytes()); EXPECT_FALSE(stream_->fin_buffered()); - size_t data_to_write = 2 * QUICHE_ARRAYSIZE(data) - 100 - - GetQuicFlag(FLAGS_quic_buffered_data_threshold) + 1; + QuicByteCount data_to_write = + 2 * QUICHE_ARRAYSIZE(data) - 100 - + GetQuicFlag(FLAGS_quic_buffered_data_threshold) + 1; EXPECT_CALL(*session_, WritevData(_, _, _, _, _, _)) .WillOnce(InvokeWithoutArgs([this, data_to_write]() { return session_->ConsumeData(stream_->id(), data_to_write, 100u, NO_FIN, diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_time.h b/chromium/net/third_party/quiche/src/quic/core/quic_time.h index d4429e34ceb..adecbcd1514 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_time.h +++ b/chromium/net/third_party/quiche/src/quic/core/quic_time.h @@ -254,8 +254,8 @@ inline QuicTime::Delta operator*(QuicTime::Delta lhs, int rhs) { return QuicTime::Delta(lhs.time_offset_ * rhs); } inline QuicTime::Delta operator*(QuicTime::Delta lhs, double rhs) { - return QuicTime::Delta( - static_cast<int64_t>(std::llround(lhs.time_offset_ * rhs))); + return QuicTime::Delta(static_cast<int64_t>( + std::llround(static_cast<double>(lhs.time_offset_) * rhs))); } inline QuicTime::Delta operator*(int lhs, QuicTime::Delta rhs) { return rhs * lhs; diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_time_wait_list_manager.cc b/chromium/net/third_party/quiche/src/quic/core/quic_time_wait_list_manager.cc index 2b0c267f626..433a3ab3285 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_time_wait_list_manager.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_time_wait_list_manager.cc @@ -162,12 +162,13 @@ void QuicTimeWaitListManager::ProcessPacket( if (!connection_data->ietf_quic) { QUIC_CODE_COUNT(quic_received_short_header_packet_for_gquic); } - if (connection_data->encryption_level == ENCRYPTION_INITIAL) { + if (GetQuicRestartFlag( + quic_replace_time_wait_list_encryption_level) || + connection_data->encryption_level == ENCRYPTION_INITIAL) { + // TODO(b/153096082) Rename this code count. QUIC_CODE_COUNT( quic_encryption_none_termination_packets_for_short_header); - // Send stateless reset in response to short header packets, - // because ENCRYPTION_INITIAL termination packets will not be - // processed by clients. + // Send stateless reset in response to short header packets. SendPublicReset(self_address, peer_address, connection_id, connection_data->ietf_quic, std::move(packet_context)); @@ -190,6 +191,19 @@ void QuicTimeWaitListManager::ProcessPacket( packet_context.get()); } return; + + case SEND_CONNECTION_CLOSE_PACKETS: + if (connection_data->termination_packets.empty()) { + QUIC_BUG << "There are no termination packets."; + return; + } + for (const auto& packet : connection_data->termination_packets) { + SendOrQueuePacket(std::make_unique<QueuedPacket>( + self_address, peer_address, packet->Clone()), + packet_context.get()); + } + return; + case SEND_STATELESS_RESET: if (header_format == IETF_QUIC_LONG_HEADER_PACKET) { QUIC_CODE_COUNT(quic_stateless_reset_long_header_packet); diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_time_wait_list_manager.h b/chromium/net/third_party/quiche/src/quic/core/quic_time_wait_list_manager.h index c9a5261d62f..64138de14bb 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_time_wait_list_manager.h +++ b/chromium/net/third_party/quiche/src/quic/core/quic_time_wait_list_manager.h @@ -44,6 +44,9 @@ class QUIC_NO_EXPORT QuicTimeWaitListManager // Send specified termination packets, error if termination packet is // unavailable. SEND_TERMINATION_PACKETS, + // The same as SEND_TERMINATION_PACKETS except that the corresponding + // termination packets are provided by the connection. + SEND_CONNECTION_CLOSE_PACKETS, // Send stateless reset (public reset for GQUIC). SEND_STATELESS_RESET, @@ -244,6 +247,7 @@ class QUIC_NO_EXPORT QuicTimeWaitListManager int num_packets; bool ietf_quic; QuicTime time_added; + // TODO(b/153096082) Remove this field. // Encryption level of termination_packets. EncryptionLevel encryption_level; // These packets may contain CONNECTION_CLOSE frames, or SREJ messages. diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_time_wait_list_manager_test.cc b/chromium/net/third_party/quiche/src/quic/core/quic_time_wait_list_manager_test.cc index b07c83ea44f..468b21bf78f 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_time_wait_list_manager_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_time_wait_list_manager_test.cc @@ -113,8 +113,8 @@ class MockAlarmFactory : public QuicAlarmFactory { return QuicArenaScopedPtr<MockAlarm>( new MockAlarm(std::move(delegate), alarm_index_++, this)); } - MOCK_METHOD2(OnAlarmSet, void(int, QuicTime)); - MOCK_METHOD1(OnAlarmCancelled, void(int)); + MOCK_METHOD(void, OnAlarmSet, (int, QuicTime), ()); + MOCK_METHOD(void, OnAlarmCancelled, (int), ()); private: int alarm_index_ = 0; @@ -322,9 +322,12 @@ TEST_F(QuicTimeWaitListManagerTest, SendConnectionClose) { termination_packets.push_back( std::unique_ptr<QuicEncryptedPacket>(new QuicEncryptedPacket( new char[kConnectionCloseLength], kConnectionCloseLength, true))); - AddConnectionId(connection_id_, QuicVersionMax(), - QuicTimeWaitListManager::SEND_TERMINATION_PACKETS, - &termination_packets); + AddConnectionId( + connection_id_, QuicVersionMax(), + GetQuicRestartFlag(quic_replace_time_wait_list_encryption_level) + ? QuicTimeWaitListManager::SEND_CONNECTION_CLOSE_PACKETS + : QuicTimeWaitListManager::SEND_TERMINATION_PACKETS, + &termination_packets); EXPECT_CALL(writer_, WritePacket(_, kConnectionCloseLength, self_address_.host(), peer_address_, _)) .WillOnce(Return(WriteResult(WRITE_STATUS_OK, 1))); @@ -342,9 +345,12 @@ TEST_F(QuicTimeWaitListManagerTest, SendTwoConnectionCloses) { termination_packets.push_back( std::unique_ptr<QuicEncryptedPacket>(new QuicEncryptedPacket( new char[kConnectionCloseLength], kConnectionCloseLength, true))); - AddConnectionId(connection_id_, QuicVersionMax(), - QuicTimeWaitListManager::SEND_TERMINATION_PACKETS, - &termination_packets); + AddConnectionId( + connection_id_, QuicVersionMax(), + GetQuicRestartFlag(quic_replace_time_wait_list_encryption_level) + ? QuicTimeWaitListManager::SEND_CONNECTION_CLOSE_PACKETS + : QuicTimeWaitListManager::SEND_TERMINATION_PACKETS, + &termination_packets); EXPECT_CALL(writer_, WritePacket(_, kConnectionCloseLength, self_address_.host(), peer_address_, _)) .Times(2) @@ -646,6 +652,30 @@ TEST_F(QuicTimeWaitListManagerTest, IETF_QUIC_SHORT_HEADER_PACKET, std::make_unique<QuicPerPacketContext>()); } +TEST_F(QuicTimeWaitListManagerTest, + SendConnectionClosePacketsInResponseToShortHeaders) { + SetQuicRestartFlag(quic_replace_time_wait_list_encryption_level, true); + const size_t kConnectionCloseLength = 100; + EXPECT_CALL(visitor_, OnConnectionAddedToTimeWaitList(connection_id_)); + std::vector<std::unique_ptr<QuicEncryptedPacket>> termination_packets; + termination_packets.push_back( + std::unique_ptr<QuicEncryptedPacket>(new QuicEncryptedPacket( + new char[kConnectionCloseLength], kConnectionCloseLength, true))); + // Add a CONNECTION_CLOSE termination packet. + time_wait_list_manager_.AddConnectionIdToTimeWait( + connection_id_, /*ietf_quic=*/true, + QuicTimeWaitListManager::SEND_CONNECTION_CLOSE_PACKETS, + ENCRYPTION_INITIAL, &termination_packets); + EXPECT_CALL(writer_, WritePacket(_, kConnectionCloseLength, + self_address_.host(), peer_address_, _)) + .WillOnce(Return(WriteResult(WRITE_STATUS_OK, 1))); + + // Processes IETF short header packet. + time_wait_list_manager_.ProcessPacket( + self_address_, peer_address_, connection_id_, + IETF_QUIC_SHORT_HEADER_PACKET, std::make_unique<QuicPerPacketContext>()); +} + } // namespace } // namespace test } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_types.cc b/chromium/net/third_party/quiche/src/quic/core/quic_types.cc index ce24d57113d..36614cd8f0a 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_types.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_types.cc @@ -6,7 +6,6 @@ #include <cstdint> -#include "third_party/boringssl/src/include/openssl/ssl.h" #include "net/third_party/quiche/src/quic/core/quic_error_codes.h" #include "net/third_party/quiche/src/common/platform/api/quiche_str_cat.h" @@ -18,12 +17,56 @@ std::ostream& operator<<(std::ostream& os, const QuicConsumedData& s) { return os; } -std::ostream& operator<<(std::ostream& os, const Perspective& s) { - if (s == Perspective::IS_SERVER) { - os << "IS_SERVER"; - } else { - os << "IS_CLIENT"; +std::string PerspectiveToString(Perspective perspective) { + if (perspective == Perspective::IS_SERVER) { + return "IS_SERVER"; + } + if (perspective == Perspective::IS_CLIENT) { + return "IS_CLIENT"; + } + return quiche::QuicheStrCat("Unknown(", static_cast<int>(perspective), ")"); +} + +std::ostream& operator<<(std::ostream& os, const Perspective& perspective) { + os << PerspectiveToString(perspective); + return os; +} + +std::string ConnectionCloseSourceToString( + ConnectionCloseSource connection_close_source) { + if (connection_close_source == ConnectionCloseSource::FROM_PEER) { + return "FROM_PEER"; + } + if (connection_close_source == ConnectionCloseSource::FROM_SELF) { + return "FROM_SELF"; } + return quiche::QuicheStrCat("Unknown(", + static_cast<int>(connection_close_source), ")"); +} + +std::ostream& operator<<(std::ostream& os, + const ConnectionCloseSource& connection_close_source) { + os << ConnectionCloseSourceToString(connection_close_source); + return os; +} + +std::string ConnectionCloseBehaviorToString( + ConnectionCloseBehavior connection_close_behavior) { + if (connection_close_behavior == ConnectionCloseBehavior::SILENT_CLOSE) { + return "SILENT_CLOSE"; + } + if (connection_close_behavior == + ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET) { + return "SEND_CONNECTION_CLOSE_PACKET"; + } + return quiche::QuicheStrCat("Unknown(", + static_cast<int>(connection_close_behavior), ")"); +} + +std::ostream& operator<<( + std::ostream& os, + const ConnectionCloseBehavior& connection_close_behavior) { + os << ConnectionCloseBehaviorToString(connection_close_behavior); return os; } @@ -85,465 +128,6 @@ MessageResult::MessageResult(MessageStatus status, QuicMessageId message_id) case x: \ return #x; -std::string QuicIetfTransportErrorCodeString(QuicIetfTransportErrorCodes c) { - if (static_cast<uint64_t>(c) >= 0xff00u) { - return quiche::QuicheStrCat("Private(", static_cast<uint64_t>(c), ")"); - } - if (c >= CRYPTO_ERROR_FIRST && c <= CRYPTO_ERROR_LAST) { - const int tls_error = static_cast<int>(c - CRYPTO_ERROR_FIRST); - const char* tls_error_description = SSL_alert_desc_string_long(tls_error); - if (strcmp("unknown", tls_error_description) != 0) { - return quiche::QuicheStrCat("CRYPTO_ERROR(", tls_error_description, ")"); - } - return quiche::QuicheStrCat("CRYPTO_ERROR(unknown(", tls_error, "))"); - } - - switch (c) { - RETURN_STRING_LITERAL(NO_IETF_QUIC_ERROR); - RETURN_STRING_LITERAL(INTERNAL_ERROR); - RETURN_STRING_LITERAL(SERVER_BUSY_ERROR); - RETURN_STRING_LITERAL(FLOW_CONTROL_ERROR); - RETURN_STRING_LITERAL(STREAM_LIMIT_ERROR); - RETURN_STRING_LITERAL(STREAM_STATE_ERROR); - RETURN_STRING_LITERAL(FINAL_SIZE_ERROR); - RETURN_STRING_LITERAL(FRAME_ENCODING_ERROR); - RETURN_STRING_LITERAL(TRANSPORT_PARAMETER_ERROR); - RETURN_STRING_LITERAL(CONNECTION_ID_LIMIT_ERROR); - RETURN_STRING_LITERAL(PROTOCOL_VIOLATION); - RETURN_STRING_LITERAL(INVALID_TOKEN); - RETURN_STRING_LITERAL(CRYPTO_BUFFER_EXCEEDED); - // CRYPTO_ERROR is handled in the if before this switch, these cases do not - // change behavior and are only here to make the compiler happy. - case CRYPTO_ERROR_FIRST: - case CRYPTO_ERROR_LAST: - DCHECK(false) << "Unexpected error " << static_cast<uint64_t>(c); - break; - } - - return quiche::QuicheStrCat("Unknown(", static_cast<uint64_t>(c), ")"); -} - -std::ostream& operator<<(std::ostream& os, - const QuicIetfTransportErrorCodes& c) { - os << QuicIetfTransportErrorCodeString(c); - return os; -} - -QuicErrorCodeToIetfMapping QuicErrorCodeToTransportErrorCode( - QuicErrorCode error) { - switch (error) { - // TODO(fkastenholz): Currently, all QuicError codes will map - // to application error codes and the original Google QUIC error - // code. This will change over time as we go through all calls to - // CloseConnection() and see whether the call is a Transport or an - // Application close and what the translated code should be. - case QUIC_NO_ERROR: - return {true, {static_cast<uint64_t>(QUIC_NO_ERROR)}}; - case QUIC_INTERNAL_ERROR: - return {true, {static_cast<uint64_t>(QUIC_INTERNAL_ERROR)}}; - case QUIC_STREAM_DATA_AFTER_TERMINATION: - return {true, - {static_cast<uint64_t>(QUIC_STREAM_DATA_AFTER_TERMINATION)}}; - case QUIC_INVALID_PACKET_HEADER: - return {true, {static_cast<uint64_t>(QUIC_INVALID_PACKET_HEADER)}}; - case QUIC_INVALID_FRAME_DATA: - return {true, {static_cast<uint64_t>(QUIC_INVALID_FRAME_DATA)}}; - case QUIC_MISSING_PAYLOAD: - return {true, {static_cast<uint64_t>(QUIC_MISSING_PAYLOAD)}}; - case QUIC_INVALID_FEC_DATA: - return {true, {static_cast<uint64_t>(QUIC_INVALID_FEC_DATA)}}; - case QUIC_INVALID_STREAM_DATA: - return {true, {static_cast<uint64_t>(QUIC_INVALID_STREAM_DATA)}}; - case QUIC_OVERLAPPING_STREAM_DATA: - return {true, {static_cast<uint64_t>(QUIC_OVERLAPPING_STREAM_DATA)}}; - case QUIC_UNENCRYPTED_STREAM_DATA: - return {true, {static_cast<uint64_t>(QUIC_UNENCRYPTED_STREAM_DATA)}}; - case QUIC_ATTEMPT_TO_SEND_UNENCRYPTED_STREAM_DATA: - return {true, - {static_cast<uint64_t>( - QUIC_ATTEMPT_TO_SEND_UNENCRYPTED_STREAM_DATA)}}; - case QUIC_MAYBE_CORRUPTED_MEMORY: - return {true, {static_cast<uint64_t>(QUIC_MAYBE_CORRUPTED_MEMORY)}}; - case QUIC_UNENCRYPTED_FEC_DATA: - return {true, {static_cast<uint64_t>(QUIC_UNENCRYPTED_FEC_DATA)}}; - case QUIC_INVALID_RST_STREAM_DATA: - return {true, {static_cast<uint64_t>(QUIC_INVALID_RST_STREAM_DATA)}}; - case QUIC_INVALID_CONNECTION_CLOSE_DATA: - return {true, - {static_cast<uint64_t>(QUIC_INVALID_CONNECTION_CLOSE_DATA)}}; - case QUIC_INVALID_GOAWAY_DATA: - return {true, {static_cast<uint64_t>(QUIC_INVALID_GOAWAY_DATA)}}; - case QUIC_INVALID_WINDOW_UPDATE_DATA: - return {true, {static_cast<uint64_t>(QUIC_INVALID_WINDOW_UPDATE_DATA)}}; - case QUIC_INVALID_BLOCKED_DATA: - return {true, {static_cast<uint64_t>(QUIC_INVALID_BLOCKED_DATA)}}; - case QUIC_INVALID_STOP_WAITING_DATA: - return {true, {static_cast<uint64_t>(QUIC_INVALID_STOP_WAITING_DATA)}}; - case QUIC_INVALID_PATH_CLOSE_DATA: - return {true, {static_cast<uint64_t>(QUIC_INVALID_PATH_CLOSE_DATA)}}; - case QUIC_INVALID_ACK_DATA: - return {true, {static_cast<uint64_t>(QUIC_INVALID_ACK_DATA)}}; - case QUIC_INVALID_MESSAGE_DATA: - return {true, {static_cast<uint64_t>(QUIC_INVALID_MESSAGE_DATA)}}; - case QUIC_INVALID_VERSION_NEGOTIATION_PACKET: - return {true, - {static_cast<uint64_t>(QUIC_INVALID_VERSION_NEGOTIATION_PACKET)}}; - case QUIC_INVALID_PUBLIC_RST_PACKET: - return {true, {static_cast<uint64_t>(QUIC_INVALID_PUBLIC_RST_PACKET)}}; - case QUIC_DECRYPTION_FAILURE: - return {true, {static_cast<uint64_t>(QUIC_DECRYPTION_FAILURE)}}; - case QUIC_ENCRYPTION_FAILURE: - return {true, {static_cast<uint64_t>(QUIC_ENCRYPTION_FAILURE)}}; - case QUIC_PACKET_TOO_LARGE: - return {true, {static_cast<uint64_t>(QUIC_PACKET_TOO_LARGE)}}; - case QUIC_PEER_GOING_AWAY: - return {true, {static_cast<uint64_t>(QUIC_PEER_GOING_AWAY)}}; - case QUIC_INVALID_STREAM_ID: - return {true, {static_cast<uint64_t>(QUIC_INVALID_STREAM_ID)}}; - case QUIC_INVALID_PRIORITY: - return {true, {static_cast<uint64_t>(QUIC_INVALID_PRIORITY)}}; - case QUIC_TOO_MANY_OPEN_STREAMS: - return {true, {static_cast<uint64_t>(QUIC_TOO_MANY_OPEN_STREAMS)}}; - case QUIC_TOO_MANY_AVAILABLE_STREAMS: - return {true, {static_cast<uint64_t>(QUIC_TOO_MANY_AVAILABLE_STREAMS)}}; - case QUIC_PUBLIC_RESET: - return {true, {static_cast<uint64_t>(QUIC_PUBLIC_RESET)}}; - case QUIC_INVALID_VERSION: - return {true, {static_cast<uint64_t>(QUIC_INVALID_VERSION)}}; - case QUIC_INVALID_HEADER_ID: - return {true, {static_cast<uint64_t>(QUIC_INVALID_HEADER_ID)}}; - case QUIC_INVALID_NEGOTIATED_VALUE: - return {true, {static_cast<uint64_t>(QUIC_INVALID_NEGOTIATED_VALUE)}}; - case QUIC_DECOMPRESSION_FAILURE: - return {true, {static_cast<uint64_t>(QUIC_DECOMPRESSION_FAILURE)}}; - case QUIC_NETWORK_IDLE_TIMEOUT: - return {true, {static_cast<uint64_t>(QUIC_NETWORK_IDLE_TIMEOUT)}}; - case QUIC_HANDSHAKE_TIMEOUT: - return {true, {static_cast<uint64_t>(QUIC_HANDSHAKE_TIMEOUT)}}; - case QUIC_ERROR_MIGRATING_ADDRESS: - return {true, {static_cast<uint64_t>(QUIC_ERROR_MIGRATING_ADDRESS)}}; - case QUIC_ERROR_MIGRATING_PORT: - return {true, {static_cast<uint64_t>(QUIC_ERROR_MIGRATING_PORT)}}; - case QUIC_PACKET_WRITE_ERROR: - return {true, {static_cast<uint64_t>(QUIC_PACKET_WRITE_ERROR)}}; - case QUIC_PACKET_READ_ERROR: - return {true, {static_cast<uint64_t>(QUIC_PACKET_READ_ERROR)}}; - case QUIC_EMPTY_STREAM_FRAME_NO_FIN: - return {true, {static_cast<uint64_t>(QUIC_EMPTY_STREAM_FRAME_NO_FIN)}}; - case QUIC_INVALID_HEADERS_STREAM_DATA: - return {true, {static_cast<uint64_t>(QUIC_INVALID_HEADERS_STREAM_DATA)}}; - case QUIC_HEADERS_STREAM_DATA_DECOMPRESS_FAILURE: - return { - true, - {static_cast<uint64_t>(QUIC_HEADERS_STREAM_DATA_DECOMPRESS_FAILURE)}}; - case QUIC_FLOW_CONTROL_RECEIVED_TOO_MUCH_DATA: - return { - true, - {static_cast<uint64_t>(QUIC_FLOW_CONTROL_RECEIVED_TOO_MUCH_DATA)}}; - case QUIC_FLOW_CONTROL_SENT_TOO_MUCH_DATA: - return {true, - {static_cast<uint64_t>(QUIC_FLOW_CONTROL_SENT_TOO_MUCH_DATA)}}; - case QUIC_FLOW_CONTROL_INVALID_WINDOW: - return {true, {static_cast<uint64_t>(QUIC_FLOW_CONTROL_INVALID_WINDOW)}}; - case QUIC_CONNECTION_IP_POOLED: - return {true, {static_cast<uint64_t>(QUIC_CONNECTION_IP_POOLED)}}; - case QUIC_TOO_MANY_OUTSTANDING_SENT_PACKETS: - return {true, - {static_cast<uint64_t>(QUIC_TOO_MANY_OUTSTANDING_SENT_PACKETS)}}; - case QUIC_TOO_MANY_OUTSTANDING_RECEIVED_PACKETS: - return { - true, - {static_cast<uint64_t>(QUIC_TOO_MANY_OUTSTANDING_RECEIVED_PACKETS)}}; - case QUIC_CONNECTION_CANCELLED: - return {true, {static_cast<uint64_t>(QUIC_CONNECTION_CANCELLED)}}; - case QUIC_BAD_PACKET_LOSS_RATE: - return {true, {static_cast<uint64_t>(QUIC_BAD_PACKET_LOSS_RATE)}}; - case QUIC_PUBLIC_RESETS_POST_HANDSHAKE: - return {true, {static_cast<uint64_t>(QUIC_PUBLIC_RESETS_POST_HANDSHAKE)}}; - case QUIC_FAILED_TO_SERIALIZE_PACKET: - return {true, {static_cast<uint64_t>(QUIC_FAILED_TO_SERIALIZE_PACKET)}}; - case QUIC_TOO_MANY_RTOS: - return {true, {static_cast<uint64_t>(QUIC_TOO_MANY_RTOS)}}; - case QUIC_HANDSHAKE_FAILED: - return {true, {static_cast<uint64_t>(QUIC_HANDSHAKE_FAILED)}}; - case QUIC_CRYPTO_TAGS_OUT_OF_ORDER: - return {true, {static_cast<uint64_t>(QUIC_CRYPTO_TAGS_OUT_OF_ORDER)}}; - case QUIC_CRYPTO_TOO_MANY_ENTRIES: - return {true, {static_cast<uint64_t>(QUIC_CRYPTO_TOO_MANY_ENTRIES)}}; - case QUIC_CRYPTO_INVALID_VALUE_LENGTH: - return {true, {static_cast<uint64_t>(QUIC_CRYPTO_INVALID_VALUE_LENGTH)}}; - case QUIC_CRYPTO_MESSAGE_AFTER_HANDSHAKE_COMPLETE: - return {true, - {static_cast<uint64_t>( - QUIC_CRYPTO_MESSAGE_AFTER_HANDSHAKE_COMPLETE)}}; - case QUIC_INVALID_CRYPTO_MESSAGE_TYPE: - return {true, {static_cast<uint64_t>(QUIC_INVALID_CRYPTO_MESSAGE_TYPE)}}; - case QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER: - return {true, - {static_cast<uint64_t>(QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER)}}; - case QUIC_INVALID_CHANNEL_ID_SIGNATURE: - return {true, {static_cast<uint64_t>(QUIC_INVALID_CHANNEL_ID_SIGNATURE)}}; - case QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND: - return {true, - {static_cast<uint64_t>(QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND)}}; - case QUIC_CRYPTO_MESSAGE_PARAMETER_NO_OVERLAP: - return { - true, - {static_cast<uint64_t>(QUIC_CRYPTO_MESSAGE_PARAMETER_NO_OVERLAP)}}; - case QUIC_CRYPTO_MESSAGE_INDEX_NOT_FOUND: - return {true, - {static_cast<uint64_t>(QUIC_CRYPTO_MESSAGE_INDEX_NOT_FOUND)}}; - case QUIC_UNSUPPORTED_PROOF_DEMAND: - return {true, {static_cast<uint64_t>(QUIC_UNSUPPORTED_PROOF_DEMAND)}}; - case QUIC_CRYPTO_INTERNAL_ERROR: - return {true, {static_cast<uint64_t>(QUIC_CRYPTO_INTERNAL_ERROR)}}; - case QUIC_CRYPTO_VERSION_NOT_SUPPORTED: - return {true, {static_cast<uint64_t>(QUIC_CRYPTO_VERSION_NOT_SUPPORTED)}}; - case QUIC_CRYPTO_NO_SUPPORT: - return {true, {static_cast<uint64_t>(QUIC_CRYPTO_NO_SUPPORT)}}; - case QUIC_CRYPTO_TOO_MANY_REJECTS: - return {true, {static_cast<uint64_t>(QUIC_CRYPTO_TOO_MANY_REJECTS)}}; - case QUIC_PROOF_INVALID: - return {true, {static_cast<uint64_t>(QUIC_PROOF_INVALID)}}; - case QUIC_CRYPTO_DUPLICATE_TAG: - return {true, {static_cast<uint64_t>(QUIC_CRYPTO_DUPLICATE_TAG)}}; - case QUIC_CRYPTO_ENCRYPTION_LEVEL_INCORRECT: - return {true, - {static_cast<uint64_t>(QUIC_CRYPTO_ENCRYPTION_LEVEL_INCORRECT)}}; - case QUIC_CRYPTO_SERVER_CONFIG_EXPIRED: - return {true, {static_cast<uint64_t>(QUIC_CRYPTO_SERVER_CONFIG_EXPIRED)}}; - case QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED: - return {true, - {static_cast<uint64_t>(QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED)}}; - case QUIC_CRYPTO_MESSAGE_WHILE_VALIDATING_CLIENT_HELLO: - return {true, - {static_cast<uint64_t>( - QUIC_CRYPTO_MESSAGE_WHILE_VALIDATING_CLIENT_HELLO)}}; - case QUIC_CRYPTO_UPDATE_BEFORE_HANDSHAKE_COMPLETE: - return {true, - {static_cast<uint64_t>( - QUIC_CRYPTO_UPDATE_BEFORE_HANDSHAKE_COMPLETE)}}; - case QUIC_CRYPTO_CHLO_TOO_LARGE: - return {true, {static_cast<uint64_t>(QUIC_CRYPTO_CHLO_TOO_LARGE)}}; - case QUIC_VERSION_NEGOTIATION_MISMATCH: - return {true, {static_cast<uint64_t>(QUIC_VERSION_NEGOTIATION_MISMATCH)}}; - case QUIC_BAD_MULTIPATH_FLAG: - return {true, {static_cast<uint64_t>(QUIC_BAD_MULTIPATH_FLAG)}}; - case QUIC_MULTIPATH_PATH_DOES_NOT_EXIST: - return {true, - {static_cast<uint64_t>(QUIC_MULTIPATH_PATH_DOES_NOT_EXIST)}}; - case QUIC_MULTIPATH_PATH_NOT_ACTIVE: - return {true, {static_cast<uint64_t>(QUIC_MULTIPATH_PATH_NOT_ACTIVE)}}; - case QUIC_IP_ADDRESS_CHANGED: - return {true, {static_cast<uint64_t>(QUIC_IP_ADDRESS_CHANGED)}}; - case QUIC_CONNECTION_MIGRATION_NO_MIGRATABLE_STREAMS: - return {true, - {static_cast<uint64_t>( - QUIC_CONNECTION_MIGRATION_NO_MIGRATABLE_STREAMS)}}; - case QUIC_CONNECTION_MIGRATION_TOO_MANY_CHANGES: - return { - true, - {static_cast<uint64_t>(QUIC_CONNECTION_MIGRATION_TOO_MANY_CHANGES)}}; - case QUIC_CONNECTION_MIGRATION_NO_NEW_NETWORK: - return { - true, - {static_cast<uint64_t>(QUIC_CONNECTION_MIGRATION_NO_NEW_NETWORK)}}; - case QUIC_CONNECTION_MIGRATION_NON_MIGRATABLE_STREAM: - return {true, - {static_cast<uint64_t>( - QUIC_CONNECTION_MIGRATION_NON_MIGRATABLE_STREAM)}}; - case QUIC_CONNECTION_MIGRATION_DISABLED_BY_CONFIG: - return {true, - {static_cast<uint64_t>( - QUIC_CONNECTION_MIGRATION_DISABLED_BY_CONFIG)}}; - case QUIC_CONNECTION_MIGRATION_INTERNAL_ERROR: - return { - true, - {static_cast<uint64_t>(QUIC_CONNECTION_MIGRATION_INTERNAL_ERROR)}}; - case QUIC_CONNECTION_MIGRATION_HANDSHAKE_UNCONFIRMED: - return {true, - {static_cast<uint64_t>( - QUIC_CONNECTION_MIGRATION_HANDSHAKE_UNCONFIRMED)}}; - case QUIC_TOO_MANY_STREAM_DATA_INTERVALS: - return {true, - {static_cast<uint64_t>(QUIC_TOO_MANY_STREAM_DATA_INTERVALS)}}; - case QUIC_STREAM_SEQUENCER_INVALID_STATE: - return {true, - {static_cast<uint64_t>(QUIC_STREAM_SEQUENCER_INVALID_STATE)}}; - case QUIC_TOO_MANY_SESSIONS_ON_SERVER: - return {true, {static_cast<uint64_t>(QUIC_TOO_MANY_SESSIONS_ON_SERVER)}}; - case QUIC_STREAM_LENGTH_OVERFLOW: - return {true, {static_cast<uint64_t>(QUIC_STREAM_LENGTH_OVERFLOW)}}; - case QUIC_INVALID_MAX_DATA_FRAME_DATA: - return {true, {static_cast<uint64_t>(QUIC_INVALID_MAX_DATA_FRAME_DATA)}}; - case QUIC_INVALID_MAX_STREAM_DATA_FRAME_DATA: - return {true, - {static_cast<uint64_t>(QUIC_INVALID_MAX_STREAM_DATA_FRAME_DATA)}}; - case QUIC_MAX_STREAMS_DATA: - return {true, {static_cast<uint64_t>(QUIC_MAX_STREAMS_DATA)}}; - case QUIC_STREAMS_BLOCKED_DATA: - return {true, {static_cast<uint64_t>(QUIC_STREAMS_BLOCKED_DATA)}}; - case QUIC_INVALID_STREAM_BLOCKED_DATA: - return {true, {static_cast<uint64_t>(QUIC_INVALID_STREAM_BLOCKED_DATA)}}; - case QUIC_INVALID_NEW_CONNECTION_ID_DATA: - return {true, - {static_cast<uint64_t>(QUIC_INVALID_NEW_CONNECTION_ID_DATA)}}; - case QUIC_INVALID_STOP_SENDING_FRAME_DATA: - return {true, - {static_cast<uint64_t>(QUIC_INVALID_STOP_SENDING_FRAME_DATA)}}; - case QUIC_INVALID_PATH_CHALLENGE_DATA: - return {true, {static_cast<uint64_t>(QUIC_INVALID_PATH_CHALLENGE_DATA)}}; - case QUIC_INVALID_PATH_RESPONSE_DATA: - return {true, {static_cast<uint64_t>(QUIC_INVALID_PATH_RESPONSE_DATA)}}; - case IETF_QUIC_PROTOCOL_VIOLATION: - return {true, {static_cast<uint64_t>(IETF_QUIC_PROTOCOL_VIOLATION)}}; - case QUIC_INVALID_NEW_TOKEN: - return {true, {static_cast<uint64_t>(QUIC_INVALID_NEW_TOKEN)}}; - case QUIC_DATA_RECEIVED_ON_WRITE_UNIDIRECTIONAL_STREAM: - return {true, - {static_cast<uint64_t>( - QUIC_DATA_RECEIVED_ON_WRITE_UNIDIRECTIONAL_STREAM)}}; - case QUIC_TRY_TO_WRITE_DATA_ON_READ_UNIDIRECTIONAL_STREAM: - return {true, - {static_cast<uint64_t>( - QUIC_TRY_TO_WRITE_DATA_ON_READ_UNIDIRECTIONAL_STREAM)}}; - case QUIC_INVALID_RETIRE_CONNECTION_ID_DATA: - return {true, - {static_cast<uint64_t>(QUIC_INVALID_RETIRE_CONNECTION_ID_DATA)}}; - case QUIC_STREAMS_BLOCKED_ERROR: - return {true, {static_cast<uint64_t>(QUIC_STREAMS_BLOCKED_ERROR)}}; - case QUIC_MAX_STREAMS_ERROR: - return {true, {static_cast<uint64_t>(QUIC_MAX_STREAMS_ERROR)}}; - case QUIC_HTTP_DECODER_ERROR: - return {true, {static_cast<uint64_t>(QUIC_HTTP_DECODER_ERROR)}}; - case QUIC_STALE_CONNECTION_CANCELLED: - return {true, {static_cast<uint64_t>(QUIC_STALE_CONNECTION_CANCELLED)}}; - case QUIC_IETF_GQUIC_ERROR_MISSING: - return {true, {static_cast<uint64_t>(QUIC_IETF_GQUIC_ERROR_MISSING)}}; - case QUIC_WINDOW_UPDATE_RECEIVED_ON_READ_UNIDIRECTIONAL_STREAM: - return {true, - {static_cast<uint64_t>( - QUIC_WINDOW_UPDATE_RECEIVED_ON_READ_UNIDIRECTIONAL_STREAM)}}; - case QUIC_TOO_MANY_BUFFERED_CONTROL_FRAMES: - return {true, - {static_cast<uint64_t>(QUIC_TOO_MANY_BUFFERED_CONTROL_FRAMES)}}; - case QUIC_TRANSPORT_INVALID_CLIENT_INDICATION: - return {false, {0u}}; - case QUIC_QPACK_DECOMPRESSION_FAILED: - return { - false, - {static_cast<uint64_t>(IETF_QUIC_HTTP_QPACK_DECOMPRESSION_FAILED)}}; - case QUIC_QPACK_ENCODER_STREAM_ERROR: - return { - false, - {static_cast<uint64_t>(IETF_QUIC_HTTP_QPACK_ENCODER_STREAM_ERROR)}}; - case QUIC_QPACK_DECODER_STREAM_ERROR: - return { - false, - {static_cast<uint64_t>(IETF_QUIC_HTTP_QPACK_DECODER_STREAM_ERROR)}}; - case QUIC_STREAM_DATA_BEYOND_CLOSE_OFFSET: - return {true, - {static_cast<uint64_t>(QUIC_STREAM_DATA_BEYOND_CLOSE_OFFSET)}}; - case QUIC_STREAM_MULTIPLE_OFFSET: - return {true, {static_cast<uint64_t>(QUIC_STREAM_MULTIPLE_OFFSET)}}; - case QUIC_HTTP_FRAME_TOO_LARGE: - return {false, - {static_cast<uint64_t>( - QuicHttp3ErrorCode::IETF_QUIC_HTTP3_EXCESSIVE_LOAD)}}; - case QUIC_HTTP_FRAME_ERROR: - return {false, - {static_cast<uint64_t>( - QuicHttp3ErrorCode::IETF_QUIC_HTTP3_FRAME_ERROR)}}; - case QUIC_HTTP_FRAME_UNEXPECTED_ON_SPDY_STREAM: - return {false, - {static_cast<uint64_t>( - QuicHttp3ErrorCode::IETF_QUIC_HTTP3_FRAME_UNEXPECTED)}}; - case QUIC_HTTP_FRAME_UNEXPECTED_ON_CONTROL_STREAM: - return {false, - {static_cast<uint64_t>( - QuicHttp3ErrorCode::IETF_QUIC_HTTP3_FRAME_UNEXPECTED)}}; - case QUIC_HTTP_INVALID_FRAME_SEQUENCE_ON_SPDY_STREAM: - return {false, - {static_cast<uint64_t>( - QuicHttp3ErrorCode::IETF_QUIC_HTTP3_FRAME_UNEXPECTED)}}; - case QUIC_HTTP_INVALID_FRAME_SEQUENCE_ON_CONTROL_STREAM: - return {false, - {static_cast<uint64_t>( - QuicHttp3ErrorCode::IETF_QUIC_HTTP3_FRAME_UNEXPECTED)}}; - case QUIC_HTTP_DUPLICATE_UNIDIRECTIONAL_STREAM: - return {false, - {static_cast<uint64_t>( - QuicHttp3ErrorCode::IETF_QUIC_HTTP3_STREAM_CREATION_ERROR)}}; - case QUIC_HTTP_SERVER_INITIATED_BIDIRECTIONAL_STREAM: - return {false, - {static_cast<uint64_t>( - QuicHttp3ErrorCode::IETF_QUIC_HTTP3_STREAM_CREATION_ERROR)}}; - case QUIC_HTTP_STREAM_WRONG_DIRECTION: - return {true, {static_cast<uint64_t>(STREAM_STATE_ERROR)}}; - case QUIC_HTTP_CLOSED_CRITICAL_STREAM: - return {false, - {static_cast<uint64_t>( - QuicHttp3ErrorCode::IETF_QUIC_HTTP3_CLOSED_CRITICAL_STREAM)}}; - case QUIC_HTTP_MISSING_SETTINGS_FRAME: - return {false, - {static_cast<uint64_t>( - QuicHttp3ErrorCode::IETF_QUIC_HTTP3_MISSING_SETTINGS)}}; - case QUIC_HTTP_DUPLICATE_SETTING_IDENTIFIER: - return {false, - {static_cast<uint64_t>( - QuicHttp3ErrorCode::IETF_QUIC_HTTP3_SETTINGS_ERROR)}}; - case QUIC_HPACK_INDEX_VARINT_ERROR: - return {false, {static_cast<uint64_t>(QUIC_HPACK_INDEX_VARINT_ERROR)}}; - case QUIC_HPACK_NAME_LENGTH_VARINT_ERROR: - return {false, - {static_cast<uint64_t>(QUIC_HPACK_NAME_LENGTH_VARINT_ERROR)}}; - case QUIC_HPACK_VALUE_LENGTH_VARINT_ERROR: - return {false, - {static_cast<uint64_t>(QUIC_HPACK_VALUE_LENGTH_VARINT_ERROR)}}; - case QUIC_HPACK_NAME_TOO_LONG: - return {false, {static_cast<uint64_t>(QUIC_HPACK_NAME_TOO_LONG)}}; - case QUIC_HPACK_VALUE_TOO_LONG: - return {false, {static_cast<uint64_t>(QUIC_HPACK_VALUE_TOO_LONG)}}; - case QUIC_HPACK_NAME_HUFFMAN_ERROR: - return {false, {static_cast<uint64_t>(QUIC_HPACK_NAME_HUFFMAN_ERROR)}}; - case QUIC_HPACK_VALUE_HUFFMAN_ERROR: - return {false, {static_cast<uint64_t>(QUIC_HPACK_VALUE_HUFFMAN_ERROR)}}; - case QUIC_HPACK_MISSING_DYNAMIC_TABLE_SIZE_UPDATE: - return {false, - {static_cast<uint64_t>( - QUIC_HPACK_MISSING_DYNAMIC_TABLE_SIZE_UPDATE)}}; - case QUIC_HPACK_INVALID_INDEX: - return {false, {static_cast<uint64_t>(QUIC_HPACK_INVALID_INDEX)}}; - case QUIC_HPACK_INVALID_NAME_INDEX: - return {false, {static_cast<uint64_t>(QUIC_HPACK_INVALID_NAME_INDEX)}}; - case QUIC_HPACK_DYNAMIC_TABLE_SIZE_UPDATE_NOT_ALLOWED: - return {false, - {static_cast<uint64_t>( - QUIC_HPACK_DYNAMIC_TABLE_SIZE_UPDATE_NOT_ALLOWED)}}; - case QUIC_HPACK_INITIAL_TABLE_SIZE_UPDATE_IS_ABOVE_LOW_WATER_MARK: - return { - false, - {static_cast<uint64_t>( - QUIC_HPACK_INITIAL_TABLE_SIZE_UPDATE_IS_ABOVE_LOW_WATER_MARK)}}; - case QUIC_HPACK_TABLE_SIZE_UPDATE_IS_ABOVE_ACKNOWLEDGED_SETTING: - return {false, - {static_cast<uint64_t>( - QUIC_HPACK_TABLE_SIZE_UPDATE_IS_ABOVE_ACKNOWLEDGED_SETTING)}}; - case QUIC_HPACK_TRUNCATED_BLOCK: - return {false, {static_cast<uint64_t>(QUIC_HPACK_TRUNCATED_BLOCK)}}; - case QUIC_HPACK_FRAGMENT_TOO_LONG: - return {false, {static_cast<uint64_t>(QUIC_HPACK_FRAGMENT_TOO_LONG)}}; - case QUIC_HPACK_COMPRESSED_HEADER_SIZE_EXCEEDS_LIMIT: - return {false, - {static_cast<uint64_t>( - QUIC_HPACK_COMPRESSED_HEADER_SIZE_EXCEEDS_LIMIT)}}; - case QUIC_LAST_ERROR: - return {false, {static_cast<uint64_t>(QUIC_LAST_ERROR)}}; - } - // If it's an unknown code, indicate it's an application error code. - return {false, {NO_IETF_QUIC_ERROR}}; -} - std::string QuicIetfFrameTypeString(QuicIetfFrameType t) { if (IS_IETF_STREAM_FRAME(t)) { return "IETF_STREAM"; @@ -730,4 +314,6 @@ std::ostream& operator<<(std::ostream& os, AddressChangeType type) { return os; } +#undef RETURN_STRING_LITERAL // undef for jumbo builds + } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_types.h b/chromium/net/third_party/quiche/src/quic/core/quic_types.h index 76d3bab90cc..f2919ef3766 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_types.h +++ b/chromium/net/third_party/quiche/src/quic/core/quic_types.h @@ -21,39 +21,42 @@ namespace quic { -typedef uint16_t QuicPacketLength; -typedef uint32_t QuicControlFrameId; -typedef uint32_t QuicHeaderId; -typedef uint32_t QuicMessageId; -typedef uint64_t QuicDatagramFlowId; - -typedef uint32_t QuicStreamId; - -// Count of stream IDs. Used in MAX_STREAMS and STREAMS_BLOCKED -// frames. -typedef uint32_t QuicStreamCount; - -typedef uint64_t QuicByteCount; -typedef uint64_t QuicPacketCount; -typedef uint64_t QuicPublicResetNonceProof; -typedef uint64_t QuicStreamOffset; -typedef std::array<char, 32> DiversificationNonce; -typedef std::vector<std::pair<QuicPacketNumber, QuicTime>> PacketTimeVector; - -typedef uint64_t QuicIetfStreamDataLength; -typedef uint64_t QuicIetfStreamId; -typedef uint64_t QuicIetfStreamOffset; - -const size_t kQuicPathFrameBufferSize = 8; -typedef std::array<uint8_t, kQuicPathFrameBufferSize> QuicPathFrameBuffer; +using QuicPacketLength = uint16_t; +using QuicControlFrameId = uint32_t; +using QuicMessageId = uint32_t; +using QuicDatagramFlowId = uint64_t; + +// IMPORTANT: IETF QUIC defines stream IDs and stream counts as being unsigned +// 62-bit numbers. However, we have decided to only support up to 2^32-1 streams +// in order to reduce the size of data structures such as QuicStreamFrame +// and QuicTransmissionInfo, as that allows them to fit in cache lines and has +// visible perfomance impact. +using QuicStreamId = uint32_t; + +// Count of stream IDs. Used in MAX_STREAMS and STREAMS_BLOCKED frames. +using QuicStreamCount = QuicStreamId; + +using QuicByteCount = uint64_t; +using QuicPacketCount = uint64_t; +using QuicPublicResetNonceProof = uint64_t; +using QuicStreamOffset = uint64_t; +using DiversificationNonce = std::array<char, 32>; +using PacketTimeVector = std::vector<std::pair<QuicPacketNumber, QuicTime>>; + +enum : size_t { kQuicPathFrameBufferSize = 8 }; +using QuicPathFrameBuffer = std::array<uint8_t, kQuicPathFrameBufferSize>; // Application error code used in the QUIC Stop Sending frame. -typedef uint16_t QuicApplicationErrorCode; +using QuicApplicationErrorCode = uint16_t; // The connection id sequence number specifies the order that connection // ids must be used in. This is also the sequence number carried in // the IETF QUIC NEW_CONNECTION_ID and RETIRE_CONNECTION_ID frames. -typedef uint64_t QuicConnectionIdSequenceNumber; +using QuicConnectionIdSequenceNumber = uint64_t; + +// A custom data that represents application-specific settings. +// In HTTP/3 for example, it includes the encoded SETTINGS. +using ApplicationState = std::vector<uint8_t>; // A struct for functions which consume data payloads and fins. struct QUIC_EXPORT_PRIVATE QuicConsumedData { @@ -183,18 +186,32 @@ enum HasRetransmittableData : uint8_t { enum IsHandshake : uint8_t { NOT_HANDSHAKE, IS_HANDSHAKE }; enum class Perspective : uint8_t { IS_SERVER, IS_CLIENT }; + +QUIC_EXPORT_PRIVATE std::string PerspectiveToString(Perspective perspective); QUIC_EXPORT_PRIVATE std::ostream& operator<<(std::ostream& os, - const Perspective& s); + const Perspective& perspective); // Describes whether a ConnectionClose was originated by the peer. enum class ConnectionCloseSource { FROM_PEER, FROM_SELF }; +QUIC_EXPORT_PRIVATE std::string ConnectionCloseSourceToString( + ConnectionCloseSource connection_close_source); +QUIC_EXPORT_PRIVATE std::ostream& operator<<( + std::ostream& os, + const ConnectionCloseSource& connection_close_source); + // Should a connection be closed silently or not. enum class ConnectionCloseBehavior { SILENT_CLOSE, SEND_CONNECTION_CLOSE_PACKET }; +QUIC_EXPORT_PRIVATE std::string ConnectionCloseBehaviorToString( + ConnectionCloseBehavior connection_close_behavior); +QUIC_EXPORT_PRIVATE std::ostream& operator<<( + std::ostream& os, + const ConnectionCloseBehavior& connection_close_behavior); + enum QuicFrameType : uint8_t { // Regular frame types. The values set here cannot change without the // introduction of a new QUIC version. @@ -313,13 +330,12 @@ enum QuicVariableLengthIntegerLength : uint8_t { VARIABLE_LENGTH_INTEGER_LENGTH_2 = 2, VARIABLE_LENGTH_INTEGER_LENGTH_4 = 4, VARIABLE_LENGTH_INTEGER_LENGTH_8 = 8, -}; -// By default we write the IETF long header length using the 2-byte encoding -// of variable length integers, even when the length is below 64, which allows -// us to fill in the length before knowing what the length actually is. -const QuicVariableLengthIntegerLength kQuicDefaultLongHeaderLengthLength = - VARIABLE_LENGTH_INTEGER_LENGTH_2; + // By default we write the IETF long header length using the 2-byte encoding + // of variable length integers, even when the length is below 64, which allows + // us to fill in the length before knowing what the length actually is. + kQuicDefaultLongHeaderLengthLength = VARIABLE_LENGTH_INTEGER_LENGTH_2, +}; enum QuicPacketNumberLength : uint8_t { PACKET_1BYTE_PACKET_NUMBER = 1, @@ -529,7 +545,7 @@ struct QUIC_EXPORT_PRIVATE AckedPacket { }; // A vector of acked packets. -typedef QuicInlinedVector<AckedPacket, 2> AckedPacketVector; +using AckedPacketVector = QuicInlinedVector<AckedPacket, 2>; // Information about a newly lost packet. struct QUIC_EXPORT_PRIVATE LostPacket { @@ -546,46 +562,7 @@ struct QUIC_EXPORT_PRIVATE LostPacket { }; // A vector of lost packets. -typedef QuicInlinedVector<LostPacket, 2> LostPacketVector; - -enum QuicIetfTransportErrorCodes : uint64_t { - NO_IETF_QUIC_ERROR = 0x0, - INTERNAL_ERROR = 0x1, - SERVER_BUSY_ERROR = 0x2, - FLOW_CONTROL_ERROR = 0x3, - STREAM_LIMIT_ERROR = 0x4, - STREAM_STATE_ERROR = 0x5, - FINAL_SIZE_ERROR = 0x6, - FRAME_ENCODING_ERROR = 0x7, - TRANSPORT_PARAMETER_ERROR = 0x8, - CONNECTION_ID_LIMIT_ERROR = 0x9, - PROTOCOL_VIOLATION = 0xA, - INVALID_TOKEN = 0xB, - CRYPTO_BUFFER_EXCEEDED = 0xD, - CRYPTO_ERROR_FIRST = 0x100, - CRYPTO_ERROR_LAST = 0x1FF, -}; -QUIC_EXPORT_PRIVATE std::string QuicIetfTransportErrorCodeString( - QuicIetfTransportErrorCodes c); - -QUIC_EXPORT_PRIVATE std::ostream& operator<<( - std::ostream& os, - const QuicIetfTransportErrorCodes& c); - -// Returns the mapping of the QuicErrorCode to an IETF TransportErrorCode. If -// first element of the pair is false, it means that an IETF Application Close -// should be done instead. - -struct QUIC_EXPORT_PRIVATE QuicErrorCodeToIetfMapping { - bool is_transport_close_; - union { - uint64_t application_error_code_; - QuicIetfTransportErrorCodes transport_error_code_; - }; -}; - -QUIC_EXPORT_PRIVATE QuicErrorCodeToIetfMapping -QuicErrorCodeToTransportErrorCode(QuicErrorCode error); +using LostPacketVector = QuicInlinedVector<LostPacket, 2>; // Please note, this value cannot used directly for packet serialization. enum QuicLongHeaderType : uint8_t { @@ -716,11 +693,11 @@ QUIC_EXPORT_PRIVATE std::string SerializedPacketFateToString( SerializedPacketFate fate); // There are three different forms of CONNECTION_CLOSE. -typedef enum QuicConnectionCloseType { +enum QuicConnectionCloseType { GOOGLE_QUIC_CONNECTION_CLOSE = 0, IETF_QUIC_TRANSPORT_CONNECTION_CLOSE = 1, IETF_QUIC_APPLICATION_CONNECTION_CLOSE = 2 -} QuicConnectionCloseType; +}; QUIC_EXPORT_PRIVATE std::ostream& operator<<( std::ostream& os, @@ -750,6 +727,13 @@ enum HandshakeState { HANDSHAKE_CONFIRMED, }; +struct QUIC_NO_EXPORT NextReleaseTimeResult { + // The ideal release time of the packet being sent. + QuicTime release_time; + // Whether it is allowed to send the packet before release_time. + bool allow_burst; +}; + } // namespace quic #endif // QUICHE_QUIC_CORE_QUIC_TYPES_H_ diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_types_test.cc b/chromium/net/third_party/quiche/src/quic/core/quic_types_test.cc deleted file mode 100644 index dc37c43e24e..00000000000 --- a/chromium/net/third_party/quiche/src/quic/core/quic_types_test.cc +++ /dev/null @@ -1,61 +0,0 @@ -// Copyright (c) 2019 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/third_party/quiche/src/quic/core/quic_types.h" - -#include <cstdint> - -#include "third_party/boringssl/src/include/openssl/ssl.h" -#include "net/third_party/quiche/src/quic/core/quic_error_codes.h" -#include "net/third_party/quiche/src/quic/platform/api/quic_test.h" - -namespace quic { -namespace test { -namespace { - -class QuicTypesTest : public QuicTest {}; - -TEST_F(QuicTypesTest, QuicIetfTransportErrorCodeString) { - EXPECT_EQ("Private(65280)", - QuicIetfTransportErrorCodeString( - static_cast<quic::QuicIetfTransportErrorCodes>(0xff00u))); - - EXPECT_EQ("CRYPTO_ERROR(missing extension)", - QuicIetfTransportErrorCodeString( - static_cast<quic::QuicIetfTransportErrorCodes>( - CRYPTO_ERROR_FIRST + SSL_AD_MISSING_EXTENSION))); - - EXPECT_EQ("NO_IETF_QUIC_ERROR", - QuicIetfTransportErrorCodeString(NO_IETF_QUIC_ERROR)); - EXPECT_EQ("INTERNAL_ERROR", QuicIetfTransportErrorCodeString(INTERNAL_ERROR)); - EXPECT_EQ("SERVER_BUSY_ERROR", - QuicIetfTransportErrorCodeString(SERVER_BUSY_ERROR)); - EXPECT_EQ("FLOW_CONTROL_ERROR", - QuicIetfTransportErrorCodeString(FLOW_CONTROL_ERROR)); - EXPECT_EQ("STREAM_LIMIT_ERROR", - QuicIetfTransportErrorCodeString(STREAM_LIMIT_ERROR)); - EXPECT_EQ("STREAM_STATE_ERROR", - QuicIetfTransportErrorCodeString(STREAM_STATE_ERROR)); - EXPECT_EQ("FINAL_SIZE_ERROR", - QuicIetfTransportErrorCodeString(FINAL_SIZE_ERROR)); - EXPECT_EQ("FRAME_ENCODING_ERROR", - QuicIetfTransportErrorCodeString(FRAME_ENCODING_ERROR)); - EXPECT_EQ("TRANSPORT_PARAMETER_ERROR", - QuicIetfTransportErrorCodeString(TRANSPORT_PARAMETER_ERROR)); - EXPECT_EQ("CONNECTION_ID_LIMIT_ERROR", - QuicIetfTransportErrorCodeString(CONNECTION_ID_LIMIT_ERROR)); - EXPECT_EQ("PROTOCOL_VIOLATION", - QuicIetfTransportErrorCodeString(PROTOCOL_VIOLATION)); - EXPECT_EQ("INVALID_TOKEN", QuicIetfTransportErrorCodeString(INVALID_TOKEN)); - EXPECT_EQ("CRYPTO_BUFFER_EXCEEDED", - QuicIetfTransportErrorCodeString(CRYPTO_BUFFER_EXCEEDED)); - - EXPECT_EQ("Unknown(1024)", - QuicIetfTransportErrorCodeString( - static_cast<quic::QuicIetfTransportErrorCodes>(0x400))); -} - -} // namespace -} // namespace test -} // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_version_manager.cc b/chromium/net/third_party/quiche/src/quic/core/quic_version_manager.cc index 1dda8881066..0a014bebe78 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_version_manager.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_version_manager.cc @@ -20,7 +20,7 @@ QuicVersionManager::QuicVersionManager( enable_version_draft_25_( GetQuicReloadableFlag(quic_enable_version_draft_25_v3)), disable_version_q050_(GetQuicReloadableFlag(quic_disable_version_q050)), - enable_version_t050_(GetQuicReloadableFlag(quic_enable_version_t050)), + enable_version_t050_(GetQuicReloadableFlag(quic_enable_version_t050_v2)), disable_version_q049_(GetQuicReloadableFlag(quic_disable_version_q049)), disable_version_q048_(GetQuicReloadableFlag(quic_disable_version_q048)), disable_version_q046_(GetQuicReloadableFlag(quic_disable_version_q046)), @@ -44,6 +44,17 @@ const ParsedQuicVersionVector& QuicVersionManager::GetSupportedVersions() { return filtered_supported_versions_; } +const ParsedQuicVersionVector& +QuicVersionManager::GetSupportedVersionsWithQuicCrypto() { + MaybeRefilterSupportedVersions(); + return filtered_supported_versions_with_quic_crypto_; +} + +const std::vector<std::string>& QuicVersionManager::GetSupportedAlpns() { + MaybeRefilterSupportedVersions(); + return filtered_supported_alpns_; +} + void QuicVersionManager::MaybeRefilterSupportedVersions() { static_assert(SupportedVersions().size() == 8u, "Supported versions out of sync"); @@ -53,7 +64,8 @@ void QuicVersionManager::MaybeRefilterSupportedVersions() { GetQuicReloadableFlag(quic_enable_version_draft_25_v3) || disable_version_q050_ != GetQuicReloadableFlag(quic_disable_version_q050) || - enable_version_t050_ != GetQuicReloadableFlag(quic_enable_version_t050) || + enable_version_t050_ != + GetQuicReloadableFlag(quic_enable_version_t050_v2) || disable_version_q049_ != GetQuicReloadableFlag(quic_disable_version_q049) || disable_version_q048_ != @@ -67,7 +79,7 @@ void QuicVersionManager::MaybeRefilterSupportedVersions() { enable_version_draft_25_ = GetQuicReloadableFlag(quic_enable_version_draft_25_v3); disable_version_q050_ = GetQuicReloadableFlag(quic_disable_version_q050); - enable_version_t050_ = GetQuicReloadableFlag(quic_enable_version_t050); + enable_version_t050_ = GetQuicReloadableFlag(quic_enable_version_t050_v2); disable_version_q049_ = GetQuicReloadableFlag(quic_disable_version_q049); disable_version_q048_ = GetQuicReloadableFlag(quic_disable_version_q048); disable_version_q046_ = GetQuicReloadableFlag(quic_disable_version_q046); @@ -80,15 +92,25 @@ void QuicVersionManager::MaybeRefilterSupportedVersions() { void QuicVersionManager::RefilterSupportedVersions() { filtered_supported_versions_ = FilterSupportedVersions(allowed_supported_versions_); + filtered_supported_versions_with_quic_crypto_.clear(); filtered_transport_versions_.clear(); - for (ParsedQuicVersion version : filtered_supported_versions_) { + filtered_supported_alpns_.clear(); + for (const ParsedQuicVersion& version : filtered_supported_versions_) { auto transport_version = version.transport_version; if (std::find(filtered_transport_versions_.begin(), filtered_transport_versions_.end(), transport_version) == filtered_transport_versions_.end()) { filtered_transport_versions_.push_back(transport_version); } + if (version.handshake_protocol == PROTOCOL_QUIC_CRYPTO) { + filtered_supported_versions_with_quic_crypto_.push_back(version); + } + filtered_supported_alpns_.emplace_back(AlpnForVersion(version)); } } +void QuicVersionManager::AddCustomAlpn(const std::string& alpn) { + filtered_supported_alpns_.push_back(alpn); +} + } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_version_manager.h b/chromium/net/third_party/quiche/src/quic/core/quic_version_manager.h index 4d683745bdc..c5111edf260 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_version_manager.h +++ b/chromium/net/third_party/quiche/src/quic/core/quic_version_manager.h @@ -26,6 +26,13 @@ class QUIC_EXPORT_PRIVATE QuicVersionManager { // as the versions passed to the constructor. const ParsedQuicVersionVector& GetSupportedVersions(); + // Returns currently supported versions using QUIC crypto. + const ParsedQuicVersionVector& GetSupportedVersionsWithQuicCrypto(); + + // Returns the list of supported ALPNs, based on the current supported + // versions and any custom additions by subclasses. + const std::vector<std::string>& GetSupportedAlpns(); + protected: // If the value of any reloadable flag is different from the cached value, // re-filter |filtered_supported_versions_| and update the cached flag values. @@ -39,6 +46,10 @@ class QUIC_EXPORT_PRIVATE QuicVersionManager { return filtered_transport_versions_; } + // Mechanism for subclasses to add custom ALPNs to the supported list. + // Should be called in constructor and RefilterSupportedVersions. + void AddCustomAlpn(const std::string& alpn); + private: // Cached value of reloadable flags. // quic_enable_version_draft_27 flag @@ -47,7 +58,7 @@ class QUIC_EXPORT_PRIVATE QuicVersionManager { bool enable_version_draft_25_; // quic_disable_version_q050 flag bool disable_version_q050_; - // quic_enable_version_t050 flag + // quic_enable_version_t050_v2 flag bool enable_version_t050_; // quic_disable_version_q049 flag bool disable_version_q049_; @@ -63,10 +74,15 @@ class QUIC_EXPORT_PRIVATE QuicVersionManager { // This vector contains QUIC versions which are currently supported based on // flags. ParsedQuicVersionVector filtered_supported_versions_; + // Currently supported versions using QUIC crypto. + ParsedQuicVersionVector filtered_supported_versions_with_quic_crypto_; // This vector contains the transport versions from // |filtered_supported_versions_|. No guarantees are made that the same // transport version isn't repeated. QuicTransportVersionVector filtered_transport_versions_; + // Contains the list of ALPNs corresponding to filtered_supported_versions_ + // with custom ALPNs added. + std::vector<std::string> filtered_supported_alpns_; }; } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_version_manager_test.cc b/chromium/net/third_party/quiche/src/quic/core/quic_version_manager_test.cc index 98dc4a348ec..3a8e98ff520 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_version_manager_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_version_manager_test.cc @@ -9,6 +9,8 @@ #include "net/third_party/quiche/src/quic/platform/api/quic_test.h" #include "net/third_party/quiche/src/common/platform/api/quiche_arraysize.h" +using ::testing::ElementsAre; + namespace quic { namespace test { namespace { @@ -20,7 +22,7 @@ TEST_F(QuicVersionManagerTest, QuicVersionManager) { "Supported versions out of sync"); SetQuicReloadableFlag(quic_enable_version_draft_27, false); SetQuicReloadableFlag(quic_enable_version_draft_25_v3, false); - SetQuicReloadableFlag(quic_enable_version_t050, false); + SetQuicReloadableFlag(quic_enable_version_t050_v2, false); SetQuicReloadableFlag(quic_disable_version_q050, false); SetQuicReloadableFlag(quic_disable_version_q049, false); SetQuicReloadableFlag(quic_disable_version_q048, false); @@ -41,30 +43,59 @@ TEST_F(QuicVersionManagerTest, QuicVersionManager) { ParsedQuicVersion(PROTOCOL_QUIC_CRYPTO, QUIC_VERSION_43)); EXPECT_EQ(expected_parsed_versions, manager.GetSupportedVersions()); + EXPECT_EQ(expected_parsed_versions, + manager.GetSupportedVersionsWithQuicCrypto()); EXPECT_EQ(FilterSupportedVersions(AllSupportedVersions()), manager.GetSupportedVersions()); + EXPECT_EQ(CurrentSupportedVersionsWithQuicCrypto(), + manager.GetSupportedVersionsWithQuicCrypto()); + EXPECT_THAT( + manager.GetSupportedAlpns(), + ElementsAre("h3-Q050", "h3-Q049", "h3-Q048", "h3-Q046", "h3-Q043")); SetQuicReloadableFlag(quic_enable_version_draft_27, true); - expected_parsed_versions.push_back( + expected_parsed_versions.insert( + expected_parsed_versions.begin(), ParsedQuicVersion(PROTOCOL_TLS1_3, QUIC_VERSION_IETF_DRAFT_27)); EXPECT_EQ(expected_parsed_versions, manager.GetSupportedVersions()); + EXPECT_EQ(expected_parsed_versions.size() - 1, + manager.GetSupportedVersionsWithQuicCrypto().size()); EXPECT_EQ(FilterSupportedVersions(AllSupportedVersions()), manager.GetSupportedVersions()); + EXPECT_EQ(CurrentSupportedVersionsWithQuicCrypto(), + manager.GetSupportedVersionsWithQuicCrypto()); + EXPECT_THAT(manager.GetSupportedAlpns(), + ElementsAre("h3-27", "h3-Q050", "h3-Q049", "h3-Q048", "h3-Q046", + "h3-Q043")); SetQuicReloadableFlag(quic_enable_version_draft_25_v3, true); - expected_parsed_versions.push_back( + expected_parsed_versions.insert( + expected_parsed_versions.begin() + 1, ParsedQuicVersion(PROTOCOL_TLS1_3, QUIC_VERSION_IETF_DRAFT_25)); EXPECT_EQ(expected_parsed_versions, manager.GetSupportedVersions()); - EXPECT_EQ(FilterSupportedVersions(AllSupportedVersions()), - manager.GetSupportedVersions()); + EXPECT_EQ(expected_parsed_versions.size() - 2, + manager.GetSupportedVersionsWithQuicCrypto().size()); + EXPECT_EQ(CurrentSupportedVersionsWithQuicCrypto(), + manager.GetSupportedVersionsWithQuicCrypto()); + EXPECT_THAT(manager.GetSupportedAlpns(), + ElementsAre("h3-27", "h3-25", "h3-Q050", "h3-Q049", "h3-Q048", + "h3-Q046", "h3-Q043")); - SetQuicReloadableFlag(quic_enable_version_t050, true); - expected_parsed_versions.push_back( + SetQuicReloadableFlag(quic_enable_version_t050_v2, true); + expected_parsed_versions.insert( + expected_parsed_versions.begin() + 2, ParsedQuicVersion(PROTOCOL_TLS1_3, QUIC_VERSION_50)); EXPECT_EQ(expected_parsed_versions, manager.GetSupportedVersions()); + EXPECT_EQ(expected_parsed_versions.size() - 3, + manager.GetSupportedVersionsWithQuicCrypto().size()); EXPECT_EQ(FilterSupportedVersions(AllSupportedVersions()), manager.GetSupportedVersions()); + EXPECT_EQ(CurrentSupportedVersionsWithQuicCrypto(), + manager.GetSupportedVersionsWithQuicCrypto()); + EXPECT_THAT(manager.GetSupportedAlpns(), + ElementsAre("h3-27", "h3-25", "h3-T050", "h3-Q050", "h3-Q049", + "h3-Q048", "h3-Q046", "h3-Q043")); } } // namespace diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_versions.cc b/chromium/net/third_party/quiche/src/quic/core/quic_versions.cc index 6dc67d92078..bf93e8383d2 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_versions.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_versions.cc @@ -158,6 +158,16 @@ bool ParsedQuicVersion::HasVarIntTransportParams() const { return transport_version >= QUIC_VERSION_IETF_DRAFT_27; } +bool ParsedQuicVersion::UsesTls() const { + DCHECK(IsKnown()); + return handshake_protocol == PROTOCOL_TLS1_3; +} + +bool ParsedQuicVersion::UsesQuicCrypto() const { + DCHECK(IsKnown()); + return handshake_protocol == PROTOCOL_QUIC_CRYPTO; +} + bool VersionHasLengthPrefixedConnectionIds( QuicTransportVersion transport_version) { DCHECK(transport_version != QUIC_VERSION_UNSUPPORTED); @@ -169,6 +179,24 @@ std::ostream& operator<<(std::ostream& os, const ParsedQuicVersion& version) { return os; } +std::ostream& operator<<(std::ostream& os, + const ParsedQuicVersionVector& versions) { + os << ParsedQuicVersionVectorToString(versions); + return os; +} + +std::ostream& operator<<(std::ostream& os, + const QuicVersionLabelVector& version_labels) { + os << QuicVersionLabelVectorToString(version_labels); + return os; +} + +std::ostream& operator<<(std::ostream& os, + const QuicTransportVersionVector& transport_versions) { + os << QuicTransportVersionVectorToString(transport_versions); + return os; +} + QuicVersionLabel CreateQuicVersionLabel(ParsedQuicVersion parsed_version) { char proto = 0; switch (parsed_version.handshake_protocol) { @@ -251,6 +279,17 @@ ParsedQuicVersionVector CurrentSupportedVersionsWithQuicCrypto() { return versions; } +ParsedQuicVersionVector AllSupportedVersionsWithTls() { + ParsedQuicVersionVector versions; + for (const ParsedQuicVersion& version : AllSupportedVersions()) { + if (version.handshake_protocol == PROTOCOL_TLS1_3) { + versions.push_back(version); + } + } + QUIC_BUG_IF(versions.empty()) << "No version with TLS handshake found."; + return versions; +} + ParsedQuicVersionVector CurrentSupportedVersionsWithTls() { ParsedQuicVersionVector versions; for (const ParsedQuicVersion& version : CurrentSupportedVersions()) { @@ -369,7 +408,7 @@ ParsedQuicVersionVector FilterSupportedVersions( filtered_versions.push_back(version); } } else { - if (GetQuicReloadableFlag(quic_enable_version_t050)) { + if (GetQuicReloadableFlag(quic_enable_version_t050_v2)) { filtered_versions.push_back(version); } } @@ -619,7 +658,7 @@ void QuicEnableVersion(ParsedQuicVersion parsed_version) { if (parsed_version.handshake_protocol == PROTOCOL_QUIC_CRYPTO) { SetQuicReloadableFlag(quic_disable_version_q050, false); } else { - SetQuicReloadableFlag(quic_enable_version_t050, true); + SetQuicReloadableFlag(quic_enable_version_t050_v2, true); } } else if (parsed_version.transport_version == QUIC_VERSION_49) { SetQuicReloadableFlag(quic_disable_version_q049, false); diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_versions.h b/chromium/net/third_party/quiche/src/quic/core/quic_versions.h index 7850b416fc9..5f3a9689198 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_versions.h +++ b/chromium/net/third_party/quiche/src/quic/core/quic_versions.h @@ -330,6 +330,12 @@ struct QUIC_EXPORT_PRIVATE ParsedQuicVersion { // Returns true if this version uses variable-length integers when // encoding transport parameter types and lengths. bool HasVarIntTransportParams() const; + + // Returns whether this version uses PROTOCOL_TLS1_3. + bool UsesTls() const; + + // Returns whether this version uses PROTOCOL_QUIC_CRYPTO. + bool UsesQuicCrypto() const; }; QUIC_EXPORT_PRIVATE ParsedQuicVersion UnsupportedQuicVersion(); @@ -341,31 +347,43 @@ QUIC_EXPORT_PRIVATE std::ostream& operator<<(std::ostream& os, using ParsedQuicVersionVector = std::vector<ParsedQuicVersion>; +QUIC_EXPORT_PRIVATE std::ostream& operator<<( + std::ostream& os, + const ParsedQuicVersionVector& versions); + // Representation of the on-the-wire QUIC version number. Will be written/read // to the wire in network-byte-order. using QuicVersionLabel = uint32_t; using QuicVersionLabelVector = std::vector<QuicVersionLabel>; +QUIC_EXPORT_PRIVATE std::ostream& operator<<( + std::ostream& os, + const QuicVersionLabelVector& version_labels); + // This vector contains all crypto handshake protocols that are supported. constexpr std::array<HandshakeProtocol, 2> SupportedHandshakeProtocols() { - return {PROTOCOL_QUIC_CRYPTO, PROTOCOL_TLS1_3}; + return {PROTOCOL_TLS1_3, PROTOCOL_QUIC_CRYPTO}; } constexpr std::array<ParsedQuicVersion, 8> SupportedVersions() { return { + ParsedQuicVersion(PROTOCOL_TLS1_3, QUIC_VERSION_IETF_DRAFT_27), + ParsedQuicVersion(PROTOCOL_TLS1_3, QUIC_VERSION_IETF_DRAFT_25), + ParsedQuicVersion(PROTOCOL_TLS1_3, QUIC_VERSION_50), ParsedQuicVersion(PROTOCOL_QUIC_CRYPTO, QUIC_VERSION_50), ParsedQuicVersion(PROTOCOL_QUIC_CRYPTO, QUIC_VERSION_49), ParsedQuicVersion(PROTOCOL_QUIC_CRYPTO, QUIC_VERSION_48), ParsedQuicVersion(PROTOCOL_QUIC_CRYPTO, QUIC_VERSION_46), ParsedQuicVersion(PROTOCOL_QUIC_CRYPTO, QUIC_VERSION_43), - ParsedQuicVersion(PROTOCOL_TLS1_3, QUIC_VERSION_IETF_DRAFT_27), - ParsedQuicVersion(PROTOCOL_TLS1_3, QUIC_VERSION_IETF_DRAFT_25), - ParsedQuicVersion(PROTOCOL_TLS1_3, QUIC_VERSION_50), }; } using QuicTransportVersionVector = std::vector<QuicTransportVersion>; +QUIC_EXPORT_PRIVATE std::ostream& operator<<( + std::ostream& os, + const QuicTransportVersionVector& transport_versions); + // Returns a vector of QUIC versions in kSupportedTransportVersions. QUIC_EXPORT_PRIVATE QuicTransportVersionVector AllSupportedTransportVersions(); @@ -395,6 +413,10 @@ AllSupportedVersionsWithQuicCrypto(); QUIC_EXPORT_PRIVATE ParsedQuicVersionVector CurrentSupportedVersionsWithQuicCrypto(); +// Returns a subset of AllSupportedVersions() with +// handshake_protocol == PROTOCOL_TLS1_3, in the same order. +QUIC_EXPORT_PRIVATE ParsedQuicVersionVector AllSupportedVersionsWithTls(); + // Returns a subset of CurrentSupportedVersions() with handshake_protocol == // PROTOCOL_TLS1_3. QUIC_EXPORT_PRIVATE ParsedQuicVersionVector CurrentSupportedVersionsWithTls(); diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_versions_test.cc b/chromium/net/third_party/quiche/src/quic/core/quic_versions_test.cc index 216b0800bbe..3a07221ab94 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_versions_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/quic_versions_test.cc @@ -83,6 +83,65 @@ TEST_F(QuicVersionsTest, KnownAndValid) { static_cast<QuicTransportVersion>(99))); } +TEST_F(QuicVersionsTest, Features) { + ParsedQuicVersion parsed_version_q043 = + ParsedQuicVersion(PROTOCOL_QUIC_CRYPTO, QUIC_VERSION_43); + ParsedQuicVersion parsed_version_draft_27 = + ParsedQuicVersion(PROTOCOL_TLS1_3, QUIC_VERSION_IETF_DRAFT_27); + + EXPECT_TRUE(parsed_version_q043.IsKnown()); + EXPECT_FALSE(parsed_version_q043.KnowsWhichDecrypterToUse()); + EXPECT_FALSE(parsed_version_q043.UsesInitialObfuscators()); + EXPECT_FALSE(parsed_version_q043.AllowsLowFlowControlLimits()); + EXPECT_FALSE(parsed_version_q043.HasHeaderProtection()); + EXPECT_FALSE(parsed_version_q043.SupportsRetry()); + EXPECT_FALSE(parsed_version_q043.HasRetryIntegrityTag()); + EXPECT_FALSE( + parsed_version_q043.SendsVariableLengthPacketNumberInLongHeader()); + EXPECT_FALSE(parsed_version_q043.AllowsVariableLengthConnectionIds()); + EXPECT_FALSE(parsed_version_q043.SupportsClientConnectionIds()); + EXPECT_FALSE(parsed_version_q043.HasLengthPrefixedConnectionIds()); + EXPECT_FALSE(parsed_version_q043.SupportsAntiAmplificationLimit()); + EXPECT_FALSE(parsed_version_q043.CanSendCoalescedPackets()); + EXPECT_TRUE(parsed_version_q043.SupportsGoogleAltSvcFormat()); + EXPECT_FALSE(parsed_version_q043.HasIetfInvariantHeader()); + EXPECT_FALSE(parsed_version_q043.SupportsMessageFrames()); + EXPECT_FALSE(parsed_version_q043.UsesHttp3()); + EXPECT_FALSE(parsed_version_q043.HasLongHeaderLengths()); + EXPECT_FALSE(parsed_version_q043.UsesCryptoFrames()); + EXPECT_FALSE(parsed_version_q043.HasIetfQuicFrames()); + EXPECT_FALSE(parsed_version_q043.HasHandshakeDone()); + EXPECT_FALSE(parsed_version_q043.HasVarIntTransportParams()); + EXPECT_FALSE(parsed_version_q043.UsesTls()); + EXPECT_TRUE(parsed_version_q043.UsesQuicCrypto()); + + EXPECT_TRUE(parsed_version_draft_27.IsKnown()); + EXPECT_TRUE(parsed_version_draft_27.KnowsWhichDecrypterToUse()); + EXPECT_TRUE(parsed_version_draft_27.UsesInitialObfuscators()); + EXPECT_TRUE(parsed_version_draft_27.AllowsLowFlowControlLimits()); + EXPECT_TRUE(parsed_version_draft_27.HasHeaderProtection()); + EXPECT_TRUE(parsed_version_draft_27.SupportsRetry()); + EXPECT_TRUE(parsed_version_draft_27.HasRetryIntegrityTag()); + EXPECT_TRUE( + parsed_version_draft_27.SendsVariableLengthPacketNumberInLongHeader()); + EXPECT_TRUE(parsed_version_draft_27.AllowsVariableLengthConnectionIds()); + EXPECT_TRUE(parsed_version_draft_27.SupportsClientConnectionIds()); + EXPECT_TRUE(parsed_version_draft_27.HasLengthPrefixedConnectionIds()); + EXPECT_TRUE(parsed_version_draft_27.SupportsAntiAmplificationLimit()); + EXPECT_TRUE(parsed_version_draft_27.CanSendCoalescedPackets()); + EXPECT_FALSE(parsed_version_draft_27.SupportsGoogleAltSvcFormat()); + EXPECT_TRUE(parsed_version_draft_27.HasIetfInvariantHeader()); + EXPECT_TRUE(parsed_version_draft_27.SupportsMessageFrames()); + EXPECT_TRUE(parsed_version_draft_27.UsesHttp3()); + EXPECT_TRUE(parsed_version_draft_27.HasLongHeaderLengths()); + EXPECT_TRUE(parsed_version_draft_27.UsesCryptoFrames()); + EXPECT_TRUE(parsed_version_draft_27.HasIetfQuicFrames()); + EXPECT_TRUE(parsed_version_draft_27.HasHandshakeDone()); + EXPECT_TRUE(parsed_version_draft_27.HasVarIntTransportParams()); + EXPECT_TRUE(parsed_version_draft_27.UsesTls()); + EXPECT_FALSE(parsed_version_draft_27.UsesQuicCrypto()); +} + TEST_F(QuicVersionsTest, QuicVersionLabelToQuicTransportVersion) { // If you add a new version to the QuicTransportVersion enum you will need to // add a new case to QuicVersionLabelToQuicTransportVersion, otherwise this @@ -318,6 +377,10 @@ TEST_F(QuicVersionsTest, QuicVersionLabelToString) { QuicVersionLabelVectorToString(version_labels, ":", 2)); EXPECT_EQ("Q035|Q037|...", QuicVersionLabelVectorToString(version_labels, "|", 1)); + + std::ostringstream os; + os << version_labels; + EXPECT_EQ("Q035,Q037,T038", os.str()); } TEST_F(QuicVersionsTest, QuicVersionToString) { @@ -346,6 +409,10 @@ TEST_F(QuicVersionsTest, QuicVersionToString) { EXPECT_NE("QUIC_VERSION_UNSUPPORTED", QuicVersionToString(transport_version)); } + + std::ostringstream os; + os << versions_vector; + EXPECT_EQ("QUIC_VERSION_UNSUPPORTED,QUIC_VERSION_43", os.str()); } TEST_F(QuicVersionsTest, ParsedQuicVersionToString) { @@ -368,6 +435,10 @@ TEST_F(QuicVersionsTest, ParsedQuicVersionToString) { for (const ParsedQuicVersion& version : AllSupportedVersions()) { EXPECT_NE("0", ParsedQuicVersionToString(version)); } + + std::ostringstream os; + os << versions_vector; + EXPECT_EQ("0,Q043", os.str()); } TEST_F(QuicVersionsTest, FilterSupportedVersionsAllVersions) { @@ -375,7 +446,7 @@ TEST_F(QuicVersionsTest, FilterSupportedVersionsAllVersions) { "Supported versions out of sync"); SetQuicReloadableFlag(quic_enable_version_draft_27, true); SetQuicReloadableFlag(quic_enable_version_draft_25_v3, true); - SetQuicReloadableFlag(quic_enable_version_t050, true); + SetQuicReloadableFlag(quic_enable_version_t050_v2, true); SetQuicReloadableFlag(quic_disable_version_q050, false); SetQuicReloadableFlag(quic_disable_version_q049, false); SetQuicReloadableFlag(quic_disable_version_q048, false); @@ -384,6 +455,12 @@ TEST_F(QuicVersionsTest, FilterSupportedVersionsAllVersions) { ParsedQuicVersionVector expected_parsed_versions; expected_parsed_versions.push_back( + ParsedQuicVersion(PROTOCOL_TLS1_3, QUIC_VERSION_IETF_DRAFT_27)); + expected_parsed_versions.push_back( + ParsedQuicVersion(PROTOCOL_TLS1_3, QUIC_VERSION_IETF_DRAFT_25)); + expected_parsed_versions.push_back( + ParsedQuicVersion(PROTOCOL_TLS1_3, QUIC_VERSION_50)); + expected_parsed_versions.push_back( ParsedQuicVersion(PROTOCOL_QUIC_CRYPTO, QUIC_VERSION_50)); expected_parsed_versions.push_back( ParsedQuicVersion(PROTOCOL_QUIC_CRYPTO, QUIC_VERSION_49)); @@ -393,12 +470,6 @@ TEST_F(QuicVersionsTest, FilterSupportedVersionsAllVersions) { ParsedQuicVersion(PROTOCOL_QUIC_CRYPTO, QUIC_VERSION_46)); expected_parsed_versions.push_back( ParsedQuicVersion(PROTOCOL_QUIC_CRYPTO, QUIC_VERSION_43)); - expected_parsed_versions.push_back( - ParsedQuicVersion(PROTOCOL_TLS1_3, QUIC_VERSION_IETF_DRAFT_27)); - expected_parsed_versions.push_back( - ParsedQuicVersion(PROTOCOL_TLS1_3, QUIC_VERSION_IETF_DRAFT_25)); - expected_parsed_versions.push_back( - ParsedQuicVersion(PROTOCOL_TLS1_3, QUIC_VERSION_50)); ASSERT_EQ(expected_parsed_versions, FilterSupportedVersions(AllSupportedVersions())); @@ -410,7 +481,7 @@ TEST_F(QuicVersionsTest, FilterSupportedVersionsNo99) { "Supported versions out of sync"); SetQuicReloadableFlag(quic_enable_version_draft_27, false); SetQuicReloadableFlag(quic_enable_version_draft_25_v3, true); - SetQuicReloadableFlag(quic_enable_version_t050, true); + SetQuicReloadableFlag(quic_enable_version_t050_v2, true); SetQuicReloadableFlag(quic_disable_version_q050, false); SetQuicReloadableFlag(quic_disable_version_q049, false); SetQuicReloadableFlag(quic_disable_version_q048, false); @@ -419,6 +490,10 @@ TEST_F(QuicVersionsTest, FilterSupportedVersionsNo99) { ParsedQuicVersionVector expected_parsed_versions; expected_parsed_versions.push_back( + ParsedQuicVersion(PROTOCOL_TLS1_3, QUIC_VERSION_IETF_DRAFT_25)); + expected_parsed_versions.push_back( + ParsedQuicVersion(PROTOCOL_TLS1_3, QUIC_VERSION_50)); + expected_parsed_versions.push_back( ParsedQuicVersion(PROTOCOL_QUIC_CRYPTO, QUIC_VERSION_50)); expected_parsed_versions.push_back( ParsedQuicVersion(PROTOCOL_QUIC_CRYPTO, QUIC_VERSION_49)); @@ -428,10 +503,6 @@ TEST_F(QuicVersionsTest, FilterSupportedVersionsNo99) { ParsedQuicVersion(PROTOCOL_QUIC_CRYPTO, QUIC_VERSION_46)); expected_parsed_versions.push_back( ParsedQuicVersion(PROTOCOL_QUIC_CRYPTO, QUIC_VERSION_43)); - expected_parsed_versions.push_back( - ParsedQuicVersion(PROTOCOL_TLS1_3, QUIC_VERSION_IETF_DRAFT_25)); - expected_parsed_versions.push_back( - ParsedQuicVersion(PROTOCOL_TLS1_3, QUIC_VERSION_50)); ASSERT_EQ(expected_parsed_versions, FilterSupportedVersions(AllSupportedVersions())); @@ -442,7 +513,7 @@ TEST_F(QuicVersionsTest, FilterSupportedVersionsNoFlags) { "Supported versions out of sync"); SetQuicReloadableFlag(quic_enable_version_draft_27, false); SetQuicReloadableFlag(quic_enable_version_draft_25_v3, false); - SetQuicReloadableFlag(quic_enable_version_t050, false); + SetQuicReloadableFlag(quic_enable_version_t050_v2, false); SetQuicReloadableFlag(quic_disable_version_q050, false); SetQuicReloadableFlag(quic_disable_version_q049, false); SetQuicReloadableFlag(quic_disable_version_q048, false); @@ -574,9 +645,9 @@ TEST_F(QuicVersionsTest, QuicEnableVersion) { { QuicFlagSaver flag_saver; - SetQuicReloadableFlag(quic_enable_version_t050, false); + SetQuicReloadableFlag(quic_enable_version_t050_v2, false); QuicEnableVersion(parsed_version_t050); - EXPECT_TRUE(GetQuicReloadableFlag(quic_enable_version_t050)); + EXPECT_TRUE(GetQuicReloadableFlag(quic_enable_version_t050_v2)); } { diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_write_blocked_list.h b/chromium/net/third_party/quiche/src/quic/core/quic_write_blocked_list.h index c98711292f3..4100df0fc96 100644 --- a/chromium/net/third_party/quiche/src/quic/core/quic_write_blocked_list.h +++ b/chromium/net/third_party/quiche/src/quic/core/quic_write_blocked_list.h @@ -66,6 +66,10 @@ class QUIC_EXPORT_PRIVATE QuicWriteBlockedList { return priority_write_scheduler_->ShouldYield(id); } + spdy::SpdyPriority GetSpdyPriorityofStream(QuicStreamId id) const { + return priority_write_scheduler_->GetStreamPrecedence(id).spdy3_priority(); + } + // Switches write scheduler. This can only be called before any stream is // registered. bool SwitchWriteScheduler(spdy::WriteSchedulerType type, @@ -145,7 +149,8 @@ class QUIC_EXPORT_PRIVATE QuicWriteBlockedList { void RegisterStream(QuicStreamId stream_id, bool is_static_stream, const spdy::SpdyStreamPrecedence& precedence) { - DCHECK(!priority_write_scheduler_->StreamRegistered(stream_id)); + DCHECK(!priority_write_scheduler_->StreamRegistered(stream_id)) + << "stream " << stream_id << " already registered"; DCHECK(PrecedenceMatchesSchedulerType(precedence)); if (is_static_stream) { static_stream_collection_.Register(stream_id); diff --git a/chromium/net/third_party/quiche/src/quic/core/tls_chlo_extractor.cc b/chromium/net/third_party/quiche/src/quic/core/tls_chlo_extractor.cc new file mode 100644 index 00000000000..7c10d2c8e0b --- /dev/null +++ b/chromium/net/third_party/quiche/src/quic/core/tls_chlo_extractor.cc @@ -0,0 +1,395 @@ +// Copyright (c) 2020 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/third_party/quiche/src/quic/core/tls_chlo_extractor.h" +#include <cstring> +#include <memory> + +#include "third_party/boringssl/src/include/openssl/ssl.h" +#include "net/third_party/quiche/src/quic/core/frames/quic_crypto_frame.h" +#include "net/third_party/quiche/src/quic/core/quic_data_reader.h" +#include "net/third_party/quiche/src/quic/core/quic_error_codes.h" +#include "net/third_party/quiche/src/quic/core/quic_framer.h" +#include "net/third_party/quiche/src/quic/core/quic_time.h" +#include "net/third_party/quiche/src/quic/core/quic_types.h" +#include "net/third_party/quiche/src/quic/core/quic_versions.h" +#include "net/third_party/quiche/src/quic/platform/api/quic_bug_tracker.h" +#include "net/third_party/quiche/src/common/platform/api/quiche_str_cat.h" +#include "net/third_party/quiche/src/common/platform/api/quiche_string_piece.h" +#include "net/third_party/quiche/src/common/platform/api/quiche_text_utils.h" + +namespace quic { + +TlsChloExtractor::TlsChloExtractor() + : crypto_stream_sequencer_(this), + state_(State::kInitial), + parsed_crypto_frame_in_this_packet_(false) {} + +TlsChloExtractor::TlsChloExtractor(TlsChloExtractor&& other) + : TlsChloExtractor() { + *this = std::move(other); +} + +TlsChloExtractor& TlsChloExtractor::operator=(TlsChloExtractor&& other) { + framer_ = std::move(other.framer_); + if (framer_) { + framer_->set_visitor(this); + } + crypto_stream_sequencer_ = std::move(other.crypto_stream_sequencer_); + crypto_stream_sequencer_.set_stream(this); + ssl_ = std::move(other.ssl_); + if (ssl_) { + std::pair<SSL_CTX*, int> shared_handles = GetSharedSslHandles(); + int ex_data_index = shared_handles.second; + const int rv = SSL_set_ex_data(ssl_.get(), ex_data_index, this); + CHECK_EQ(rv, 1) << "Internal allocation failure in SSL_set_ex_data"; + } + state_ = other.state_; + error_details_ = std::move(other.error_details_); + parsed_crypto_frame_in_this_packet_ = + other.parsed_crypto_frame_in_this_packet_; + alpns_ = std::move(other.alpns_); + server_name_ = std::move(other.server_name_); + return *this; +} + +void TlsChloExtractor::IngestPacket(const ParsedQuicVersion& version, + const QuicReceivedPacket& packet) { + if (state_ == State::kUnrecoverableFailure) { + QUIC_DLOG(ERROR) << "Not ingesting packet after unrecoverable error"; + return; + } + if (version == UnsupportedQuicVersion()) { + QUIC_DLOG(ERROR) << "Not ingesting packet with unsupported version"; + return; + } + if (version.handshake_protocol != PROTOCOL_TLS1_3) { + QUIC_DLOG(ERROR) << "Not ingesting packet with non-TLS version " << version; + return; + } + if (framer_) { + // This is not the first packet we have ingested, check if version matches. + if (!framer_->IsSupportedVersion(version)) { + QUIC_DLOG(ERROR) + << "Not ingesting packet with version mismatch, expected " + << framer_->version() << ", got " << version; + return; + } + } else { + // This is the first packet we have ingested, setup parser. + framer_ = std::make_unique<QuicFramer>( + ParsedQuicVersionVector{version}, QuicTime::Zero(), + Perspective::IS_SERVER, /*expected_server_connection_id_length=*/0); + // Note that expected_server_connection_id_length only matters for short + // headers and we explicitly drop those so we can pass any value here. + framer_->set_visitor(this); + } + + // When the framer parses |packet|, if it sees a CRYPTO frame it will call + // OnCryptoFrame below and that will set parsed_crypto_frame_in_this_packet_ + // to true. + parsed_crypto_frame_in_this_packet_ = false; + const bool parse_success = framer_->ProcessPacket(packet); + if (state_ == State::kInitial && parsed_crypto_frame_in_this_packet_) { + // If we parsed a CRYPTO frame but didn't advance the state from initial, + // then it means that we will need more packets to reassemble the full CHLO, + // so we advance the state here. This can happen when the first packet + // received is not the first one in the crypto stream. This allows us to + // differentiate our state between single-packet CHLO and multi-packet CHLO. + state_ = State::kParsedPartialChloFragment; + } + + if (!parse_success) { + // This could be due to the packet being non-initial for example. + QUIC_DLOG(ERROR) << "Failed to process packet"; + return; + } +} + +// This is called when the framer parsed the unencrypted parts of the header. +bool TlsChloExtractor::OnUnauthenticatedPublicHeader( + const QuicPacketHeader& header) { + if (header.form != IETF_QUIC_LONG_HEADER_PACKET) { + QUIC_DLOG(ERROR) << "Not parsing non-long-header packet " << header; + return false; + } + if (header.long_packet_type != INITIAL) { + QUIC_DLOG(ERROR) << "Not parsing non-initial packet " << header; + return false; + } + // QuicFramer is constructed without knowledge of the server's connection ID + // so it needs to be set up here in order to decrypt the packet. + framer_->SetInitialObfuscators(header.destination_connection_id); + return true; +} + +// This is called by the framer if it detects a change in version during +// parsing. +bool TlsChloExtractor::OnProtocolVersionMismatch(ParsedQuicVersion version) { + // This should never be called because we already check versions in + // IngestPacket. + QUIC_BUG << "Unexpected version mismatch, expected " << framer_->version() + << ", got " << version; + return false; +} + +// This is called by the QuicStreamSequencer if it encounters an unrecoverable +// error that will prevent it from reassembling the crypto stream data. +void TlsChloExtractor::OnUnrecoverableError(QuicErrorCode error, + const std::string& details) { + HandleUnrecoverableError(quiche::QuicheStrCat( + "Crypto stream error ", QuicErrorCodeToString(error), ": ", details)); +} + +// This is called by the framer if it sees a CRYPTO frame during parsing. +bool TlsChloExtractor::OnCryptoFrame(const QuicCryptoFrame& frame) { + if (frame.level != ENCRYPTION_INITIAL) { + // Since we drop non-INITIAL packets in OnUnauthenticatedPublicHeader, + // we should never receive any CRYPTO frames at other encryption levels. + QUIC_BUG << "Parsed bad-level CRYPTO frame " << frame; + return false; + } + // parsed_crypto_frame_in_this_packet_ is checked in IngestPacket to allow + // advancing our state to track the difference between single-packet CHLO + // and multi-packet CHLO. + parsed_crypto_frame_in_this_packet_ = true; + crypto_stream_sequencer_.OnCryptoFrame(frame); + return true; +} + +// Called by the QuicStreamSequencer when it receives a CRYPTO frame that +// advances the amount of contiguous data we now have starting from offset 0. +void TlsChloExtractor::OnDataAvailable() { + // Lazily set up BoringSSL handle. + SetupSslHandle(); + + // Get data from the stream sequencer and pass it to BoringSSL. + struct iovec iov; + while (crypto_stream_sequencer_.GetReadableRegion(&iov)) { + const int rv = SSL_provide_quic_data( + ssl_.get(), ssl_encryption_initial, + reinterpret_cast<const uint8_t*>(iov.iov_base), iov.iov_len); + if (rv != 1) { + HandleUnrecoverableError("SSL_provide_quic_data failed"); + return; + } + crypto_stream_sequencer_.MarkConsumed(iov.iov_len); + } + + // Instruct BoringSSL to attempt parsing a full CHLO from the provided data. + // We ignore the return value since we know the handshake is going to fail + // because we explicitly cancel processing once we've parsed the CHLO. + (void)SSL_do_handshake(ssl_.get()); +} + +// static +TlsChloExtractor* TlsChloExtractor::GetInstanceFromSSL(SSL* ssl) { + std::pair<SSL_CTX*, int> shared_handles = GetSharedSslHandles(); + int ex_data_index = shared_handles.second; + return reinterpret_cast<TlsChloExtractor*>( + SSL_get_ex_data(ssl, ex_data_index)); +} + +// static +int TlsChloExtractor::SetReadSecretCallback( + SSL* ssl, + enum ssl_encryption_level_t /*level*/, + const SSL_CIPHER* /*cipher*/, + const uint8_t* /*secret*/, + size_t /*secret_length*/) { + GetInstanceFromSSL(ssl)->HandleUnexpectedCallback("SetReadSecretCallback"); + return 0; +} + +// static +int TlsChloExtractor::SetWriteSecretCallback( + SSL* ssl, + enum ssl_encryption_level_t /*level*/, + const SSL_CIPHER* /*cipher*/, + const uint8_t* /*secret*/, + size_t /*secret_length*/) { + GetInstanceFromSSL(ssl)->HandleUnexpectedCallback("SetWriteSecretCallback"); + return 0; +} + +// static +int TlsChloExtractor::WriteMessageCallback( + SSL* ssl, + enum ssl_encryption_level_t /*level*/, + const uint8_t* /*data*/, + size_t /*len*/) { + GetInstanceFromSSL(ssl)->HandleUnexpectedCallback("WriteMessageCallback"); + return 0; +} + +// static +int TlsChloExtractor::FlushFlightCallback(SSL* ssl) { + GetInstanceFromSSL(ssl)->HandleUnexpectedCallback("FlushFlightCallback"); + return 0; +} + +void TlsChloExtractor::HandleUnexpectedCallback( + const std::string& callback_name) { + std::string error_details = + quiche::QuicheStrCat("Unexpected callback ", callback_name); + QUIC_BUG << error_details; + HandleUnrecoverableError(error_details); +} + +// static +int TlsChloExtractor::SendAlertCallback(SSL* ssl, + enum ssl_encryption_level_t /*level*/, + uint8_t desc) { + GetInstanceFromSSL(ssl)->SendAlert(desc); + return 0; +} + +void TlsChloExtractor::SendAlert(uint8_t tls_alert_value) { + if (tls_alert_value == SSL3_AD_HANDSHAKE_FAILURE && HasParsedFullChlo()) { + // This is the most common scenario. Since we return an error from + // SelectCertCallback in order to cancel further processing, BoringSSL will + // try to send this alert to tell the client that the handshake failed. + return; + } + HandleUnrecoverableError(quiche::QuicheStrCat( + "BoringSSL attempted to send alert ", static_cast<int>(tls_alert_value), + " ", SSL_alert_desc_string_long(tls_alert_value))); +} + +// static +enum ssl_select_cert_result_t TlsChloExtractor::SelectCertCallback( + const SSL_CLIENT_HELLO* client_hello) { + GetInstanceFromSSL(client_hello->ssl)->HandleParsedChlo(client_hello); + // Always return an error to cancel any further processing in BoringSSL. + return ssl_select_cert_error; +} + +// Extracts the server name and ALPN from the parsed ClientHello. +void TlsChloExtractor::HandleParsedChlo(const SSL_CLIENT_HELLO* client_hello) { + const char* server_name = + SSL_get_servername(client_hello->ssl, TLSEXT_NAMETYPE_host_name); + if (server_name) { + server_name_ = std::string(server_name); + } + const uint8_t* alpn_data; + size_t alpn_len; + int rv = SSL_early_callback_ctx_extension_get( + client_hello, TLSEXT_TYPE_application_layer_protocol_negotiation, + &alpn_data, &alpn_len); + if (rv == 1) { + QuicDataReader alpns_reader(reinterpret_cast<const char*>(alpn_data), + alpn_len); + quiche::QuicheStringPiece alpns_payload; + if (!alpns_reader.ReadStringPiece16(&alpns_payload)) { + HandleUnrecoverableError("Failed to read alpns_payload"); + return; + } + QuicDataReader alpns_payload_reader(alpns_payload); + while (!alpns_payload_reader.IsDoneReading()) { + quiche::QuicheStringPiece alpn_payload; + if (!alpns_payload_reader.ReadStringPiece8(&alpn_payload)) { + HandleUnrecoverableError("Failed to read alpn_payload"); + return; + } + alpns_.emplace_back(std::string(alpn_payload)); + } + } + + // Update our state now that we've parsed a full CHLO. + if (state_ == State::kInitial) { + state_ = State::kParsedFullSinglePacketChlo; + } else if (state_ == State::kParsedPartialChloFragment) { + state_ = State::kParsedFullMultiPacketChlo; + } else { + QUIC_BUG << "Unexpected state on successful parse " + << StateToString(state_); + } +} + +// static +std::pair<SSL_CTX*, int> TlsChloExtractor::GetSharedSslHandles() { + // Use a lambda to benefit from C++11 guarantee that static variables are + // initialized lazily in a thread-safe manner. |shared_handles| is therefore + // guaranteed to be initialized exactly once and never destructed. + static std::pair<SSL_CTX*, int>* shared_handles = []() { + CRYPTO_library_init(); + SSL_CTX* ssl_ctx = SSL_CTX_new(TLS_with_buffers_method()); + SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_3_VERSION); + SSL_CTX_set_max_proto_version(ssl_ctx, TLS1_3_VERSION); + static const SSL_QUIC_METHOD kQuicCallbacks{ + TlsChloExtractor::SetReadSecretCallback, + TlsChloExtractor::SetWriteSecretCallback, + TlsChloExtractor::WriteMessageCallback, + TlsChloExtractor::FlushFlightCallback, + TlsChloExtractor::SendAlertCallback}; + SSL_CTX_set_quic_method(ssl_ctx, &kQuicCallbacks); + SSL_CTX_set_select_certificate_cb(ssl_ctx, + TlsChloExtractor::SelectCertCallback); + int ex_data_index = + SSL_get_ex_new_index(0, nullptr, nullptr, nullptr, nullptr); + return new std::pair<SSL_CTX*, int>(ssl_ctx, ex_data_index); + }(); + return *shared_handles; +} + +// Sets up the per-instance SSL handle needed by BoringSSL. +void TlsChloExtractor::SetupSslHandle() { + if (ssl_) { + // Handles have already been set up. + return; + } + + std::pair<SSL_CTX*, int> shared_handles = GetSharedSslHandles(); + SSL_CTX* ssl_ctx = shared_handles.first; + int ex_data_index = shared_handles.second; + + ssl_ = bssl::UniquePtr<SSL>(SSL_new(ssl_ctx)); + const int rv = SSL_set_ex_data(ssl_.get(), ex_data_index, this); + CHECK_EQ(rv, 1) << "Internal allocation failure in SSL_set_ex_data"; + SSL_set_accept_state(ssl_.get()); +} + +// Called by other methods to record any unrecoverable failures they experience. +void TlsChloExtractor::HandleUnrecoverableError( + const std::string& error_details) { + if (HasParsedFullChlo()) { + // Ignore errors if we've parsed everything successfully. + QUIC_DLOG(ERROR) << "Ignoring error: " << error_details; + return; + } + QUIC_DLOG(ERROR) << "Handling error: " << error_details; + + state_ = State::kUnrecoverableFailure; + + if (error_details_.empty()) { + error_details_ = error_details; + } else { + error_details_ = quiche::QuicheStrCat(error_details_, "; ", error_details); + } +} + +// static +std::string TlsChloExtractor::StateToString(State state) { + switch (state) { + case State::kInitial: + return "Initial"; + case State::kParsedFullSinglePacketChlo: + return "ParsedFullSinglePacketChlo"; + case State::kParsedFullMultiPacketChlo: + return "ParsedFullMultiPacketChlo"; + case State::kParsedPartialChloFragment: + return "ParsedPartialChloFragment"; + case State::kUnrecoverableFailure: + return "UnrecoverableFailure"; + } + return quiche::QuicheStrCat("Unknown(", static_cast<int>(state), ")"); +} + +std::ostream& operator<<(std::ostream& os, + const TlsChloExtractor::State& state) { + os << TlsChloExtractor::StateToString(state); + return os; +} + +} // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/tls_chlo_extractor.h b/chromium/net/third_party/quiche/src/quic/core/tls_chlo_extractor.h new file mode 100644 index 00000000000..1762566d70a --- /dev/null +++ b/chromium/net/third_party/quiche/src/quic/core/tls_chlo_extractor.h @@ -0,0 +1,238 @@ +// Copyright (c) 2020 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef QUICHE_QUIC_CORE_TLS_CHLO_EXTRACTOR_H_ +#define QUICHE_QUIC_CORE_TLS_CHLO_EXTRACTOR_H_ + +#include <memory> +#include <string> +#include <vector> +#include "third_party/boringssl/src/include/openssl/ssl.h" +#include "net/third_party/quiche/src/quic/core/quic_framer.h" +#include "net/third_party/quiche/src/quic/core/quic_packets.h" +#include "net/third_party/quiche/src/quic/core/quic_stream_sequencer.h" +#include "net/third_party/quiche/src/quic/platform/api/quic_export.h" + +namespace quic { + +// Utility class that allows extracting information from a QUIC-TLS Client +// Hello. This class creates a QuicFramer to parse the packet, and implements +// QuicFramerVisitorInterface to access the frames parsed by the QuicFramer. It +// then uses a QuicStreamSequencer to reassemble the contents of the crypto +// stream, and implements QuicStreamSequencer::StreamInterface to access the +// reassembled data. +class QUIC_NO_EXPORT TlsChloExtractor + : public QuicFramerVisitorInterface, + public QuicStreamSequencer::StreamInterface { + public: + TlsChloExtractor(); + TlsChloExtractor(const TlsChloExtractor&) = delete; + TlsChloExtractor(TlsChloExtractor&&); + TlsChloExtractor& operator=(const TlsChloExtractor&) = delete; + TlsChloExtractor& operator=(TlsChloExtractor&&); + + enum class State : uint8_t { + kInitial = 0, + kParsedFullSinglePacketChlo = 1, + kParsedFullMultiPacketChlo = 2, + kParsedPartialChloFragment = 3, + kUnrecoverableFailure = 4, + }; + + State state() const { return state_; } + std::vector<std::string> alpns() const { return alpns_; } + std::string server_name() const { return server_name_; } + + // Converts |state| to a human-readable string suitable for logging. + static std::string StateToString(State state); + + // Ingests |packet| and attempts to parse out the CHLO. + void IngestPacket(const ParsedQuicVersion& version, + const QuicReceivedPacket& packet); + + // Returns whether the ingested packets have allowed parsing a complete CHLO. + bool HasParsedFullChlo() const { + return state_ == State::kParsedFullSinglePacketChlo || + state_ == State::kParsedFullMultiPacketChlo; + } + + // Methods from QuicFramerVisitorInterface. + void OnError(QuicFramer* /*framer*/) override {} + bool OnProtocolVersionMismatch(ParsedQuicVersion version) override; + void OnPacket() override {} + void OnPublicResetPacket(const QuicPublicResetPacket& /*packet*/) override {} + void OnVersionNegotiationPacket( + const QuicVersionNegotiationPacket& /*packet*/) override {} + void OnRetryPacket(QuicConnectionId /*original_connection_id*/, + QuicConnectionId /*new_connection_id*/, + quiche::QuicheStringPiece /*retry_token*/, + quiche::QuicheStringPiece /*retry_integrity_tag*/, + quiche::QuicheStringPiece /*retry_without_tag*/) override { + } + bool OnUnauthenticatedPublicHeader(const QuicPacketHeader& header) override; + bool OnUnauthenticatedHeader(const QuicPacketHeader& /*header*/) override { + return true; + } + void OnDecryptedPacket(EncryptionLevel /*level*/) override {} + bool OnPacketHeader(const QuicPacketHeader& /*header*/) override { + return true; + } + void OnCoalescedPacket(const QuicEncryptedPacket& /*packet*/) override {} + void OnUndecryptablePacket(const QuicEncryptedPacket& /*packet*/, + EncryptionLevel /*decryption_level*/, + bool /*has_decryption_key*/) override {} + bool OnStreamFrame(const QuicStreamFrame& /*frame*/) override { return true; } + bool OnCryptoFrame(const QuicCryptoFrame& frame) override; + bool OnAckFrameStart(QuicPacketNumber /*largest_acked*/, + QuicTime::Delta /*ack_delay_time*/) override { + return true; + } + bool OnAckRange(QuicPacketNumber /*start*/, + QuicPacketNumber /*end*/) override { + return true; + } + bool OnAckTimestamp(QuicPacketNumber /*packet_number*/, + QuicTime /*timestamp*/) override { + return true; + } + bool OnAckFrameEnd(QuicPacketNumber /*start*/) override { return true; } + bool OnStopWaitingFrame(const QuicStopWaitingFrame& /*frame*/) override { + return true; + } + bool OnPingFrame(const QuicPingFrame& /*frame*/) override { return true; } + bool OnRstStreamFrame(const QuicRstStreamFrame& /*frame*/) override { + return true; + } + bool OnConnectionCloseFrame( + const QuicConnectionCloseFrame& /*frame*/) override { + return true; + } + bool OnNewConnectionIdFrame( + const QuicNewConnectionIdFrame& /*frame*/) override { + return true; + } + bool OnRetireConnectionIdFrame( + const QuicRetireConnectionIdFrame& /*frame*/) override { + return true; + } + bool OnNewTokenFrame(const QuicNewTokenFrame& /*frame*/) override { + return true; + } + bool OnStopSendingFrame(const QuicStopSendingFrame& /*frame*/) override { + return true; + } + bool OnPathChallengeFrame(const QuicPathChallengeFrame& /*frame*/) override { + return true; + } + bool OnPathResponseFrame(const QuicPathResponseFrame& /*frame*/) override { + return true; + } + bool OnGoAwayFrame(const QuicGoAwayFrame& /*frame*/) override { return true; } + bool OnMaxStreamsFrame(const QuicMaxStreamsFrame& /*frame*/) override { + return true; + } + bool OnStreamsBlockedFrame( + const QuicStreamsBlockedFrame& /*frame*/) override { + return true; + } + bool OnWindowUpdateFrame(const QuicWindowUpdateFrame& /*frame*/) override { + return true; + } + bool OnBlockedFrame(const QuicBlockedFrame& /*frame*/) override { + return true; + } + bool OnPaddingFrame(const QuicPaddingFrame& /*frame*/) override { + return true; + } + bool OnMessageFrame(const QuicMessageFrame& /*frame*/) override { + return true; + } + bool OnHandshakeDoneFrame(const QuicHandshakeDoneFrame& /*frame*/) override { + return true; + } + void OnPacketComplete() override {} + bool IsValidStatelessResetToken(QuicUint128 /*token*/) const override { + return true; + } + void OnAuthenticatedIetfStatelessResetPacket( + const QuicIetfStatelessResetPacket& /*packet*/) override {} + + // Methods from QuicStreamSequencer::StreamInterface. + void OnDataAvailable() override; + void OnFinRead() override {} + void AddBytesConsumed(QuicByteCount /*bytes*/) override {} + void Reset(QuicRstStreamErrorCode /*error*/) override {} + void OnUnrecoverableError(QuicErrorCode error, + const std::string& details) override; + QuicStreamId id() const override { return 0; } + + private: + // Parses the length of the CHLO message by looking at the first four bytes. + // Returns whether we have received enough data to parse the full CHLO now. + bool MaybeAttemptToParseChloLength(); + // Parses the full CHLO message if enough data has been received. + void AttemptToParseFullChlo(); + // Moves to the failed state and records the error details. + void HandleUnrecoverableError(const std::string& error_details); + // Lazily sets up shared SSL handles if needed. + static std::pair<SSL_CTX*, int> GetSharedSslHandles(); + // Lazily sets up the per-instance SSL handle if needed. + void SetupSslHandle(); + // Extract the TlsChloExtractor instance from |ssl|. + static TlsChloExtractor* GetInstanceFromSSL(SSL* ssl); + + // BoringSSL static TLS callbacks. + static enum ssl_select_cert_result_t SelectCertCallback( + const SSL_CLIENT_HELLO* client_hello); + static int SetReadSecretCallback(SSL* ssl, + enum ssl_encryption_level_t level, + const SSL_CIPHER* cipher, + const uint8_t* secret, + size_t secret_length); + static int SetWriteSecretCallback(SSL* ssl, + enum ssl_encryption_level_t level, + const SSL_CIPHER* cipher, + const uint8_t* secret, + size_t secret_length); + static int WriteMessageCallback(SSL* ssl, + enum ssl_encryption_level_t level, + const uint8_t* data, + size_t len); + static int FlushFlightCallback(SSL* ssl); + static int SendAlertCallback(SSL* ssl, + enum ssl_encryption_level_t level, + uint8_t desc); + + // Called by SelectCertCallback. + void HandleParsedChlo(const SSL_CLIENT_HELLO* client_hello); + // Called by callbacks that should never be called. + void HandleUnexpectedCallback(const std::string& callback_name); + // Called by SendAlertCallback. + void SendAlert(uint8_t tls_alert_value); + + // Used to parse received packets to extract single frames. + std::unique_ptr<QuicFramer> framer_; + // Used to reassemble the crypto stream from received CRYPTO frames. + QuicStreamSequencer crypto_stream_sequencer_; + // BoringSSL handle required to parse the CHLO. + bssl::UniquePtr<SSL> ssl_; + // State of this TlsChloExtractor. + State state_; + // Detail string that can be logged in the presence of unrecoverable errors. + std::string error_details_; + // Whether a CRYPTO frame was parsed in this packet. + bool parsed_crypto_frame_in_this_packet_; + // Array of ALPNs parsed from the CHLO. + std::vector<std::string> alpns_; + // SNI parsed from the CHLO. + std::string server_name_; +}; + +// Convenience method to facilitate logging TlsChloExtractor::State. +QUIC_NO_EXPORT std::ostream& operator<<(std::ostream& os, + const TlsChloExtractor::State& state); + +} // namespace quic + +#endif // QUICHE_QUIC_CORE_TLS_CHLO_EXTRACTOR_H_ diff --git a/chromium/net/third_party/quiche/src/quic/core/tls_chlo_extractor_test.cc b/chromium/net/third_party/quiche/src/quic/core/tls_chlo_extractor_test.cc new file mode 100644 index 00000000000..ba57ad02bb9 --- /dev/null +++ b/chromium/net/third_party/quiche/src/quic/core/tls_chlo_extractor_test.cc @@ -0,0 +1,157 @@ +// Copyright (c) 2020 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/third_party/quiche/src/quic/core/tls_chlo_extractor.h" +#include <memory> + +#include "net/third_party/quiche/src/quic/core/http/quic_spdy_client_session.h" +#include "net/third_party/quiche/src/quic/core/quic_connection.h" +#include "net/third_party/quiche/src/quic/core/quic_packet_writer_wrapper.h" +#include "net/third_party/quiche/src/quic/core/quic_versions.h" +#include "net/third_party/quiche/src/quic/platform/api/quic_test.h" +#include "net/third_party/quiche/src/quic/test_tools/crypto_test_utils.h" +#include "net/third_party/quiche/src/quic/test_tools/first_flight.h" +#include "net/third_party/quiche/src/quic/test_tools/quic_test_utils.h" + +namespace quic { +namespace test { +namespace { + +class TlsChloExtractorTest : public QuicTestWithParam<ParsedQuicVersion> { + protected: + TlsChloExtractorTest() : version_(GetParam()) {} + + void Initialize() { packets_ = GetFirstFlightOfPackets(version_, config_); } + + void IngestPackets() { + for (const std::unique_ptr<QuicReceivedPacket>& packet : packets_) { + ReceivedPacketInfo packet_info( + QuicSocketAddress(TestPeerIPAddress(), kTestPort), + QuicSocketAddress(TestPeerIPAddress(), kTestPort), *packet); + std::string detailed_error; + bool retry_token_present; + quiche::QuicheStringPiece retry_token; + const QuicErrorCode error = QuicFramer::ParsePublicHeaderDispatcher( + *packet, /*expected_destination_connection_id_length=*/0, + &packet_info.form, &packet_info.long_packet_type, + &packet_info.version_flag, &packet_info.use_length_prefix, + &packet_info.version_label, &packet_info.version, + &packet_info.destination_connection_id, + &packet_info.source_connection_id, &retry_token_present, &retry_token, + &detailed_error); + ASSERT_THAT(error, IsQuicNoError()) << detailed_error; + tls_chlo_extractor_.IngestPacket(packet_info.version, packet_info.packet); + } + packets_.clear(); + } + + void ValidateChloDetails() { + EXPECT_TRUE(tls_chlo_extractor_.HasParsedFullChlo()); + ASSERT_EQ(tls_chlo_extractor_.alpns().size(), 1u); + EXPECT_EQ(tls_chlo_extractor_.alpns()[0], AlpnForVersion(version_)); + EXPECT_EQ(tls_chlo_extractor_.server_name(), TestHostname()); + } + + void IncreaseSizeOfChlo() { + // Add a 2000-byte custom parameter to increase the length of the CHLO. + constexpr auto kCustomParameterId = + static_cast<TransportParameters::TransportParameterId>(0xff33); + std::string kCustomParameterValue(2000, '-'); + config_.custom_transport_parameters_to_send()[kCustomParameterId] = + kCustomParameterValue; + } + + ParsedQuicVersion version_; + TlsChloExtractor tls_chlo_extractor_; + QuicConfig config_; + std::vector<std::unique_ptr<QuicReceivedPacket>> packets_; +}; + +INSTANTIATE_TEST_SUITE_P(TlsChloExtractorTests, + TlsChloExtractorTest, + ::testing::ValuesIn(AllSupportedVersionsWithTls()), + ::testing::PrintToStringParamName()); + +TEST_P(TlsChloExtractorTest, Simple) { + Initialize(); + EXPECT_EQ(packets_.size(), 1u); + IngestPackets(); + ValidateChloDetails(); + EXPECT_EQ(tls_chlo_extractor_.state(), + TlsChloExtractor::State::kParsedFullSinglePacketChlo); +} + +TEST_P(TlsChloExtractorTest, MultiPacket) { + IncreaseSizeOfChlo(); + Initialize(); + EXPECT_EQ(packets_.size(), 2u); + IngestPackets(); + ValidateChloDetails(); + EXPECT_EQ(tls_chlo_extractor_.state(), + TlsChloExtractor::State::kParsedFullMultiPacketChlo); +} + +TEST_P(TlsChloExtractorTest, MultiPacketReordered) { + IncreaseSizeOfChlo(); + Initialize(); + ASSERT_EQ(packets_.size(), 2u); + // Artifically reorder both packets. + std::swap(packets_[0], packets_[1]); + IngestPackets(); + ValidateChloDetails(); + EXPECT_EQ(tls_chlo_extractor_.state(), + TlsChloExtractor::State::kParsedFullMultiPacketChlo); +} + +TEST_P(TlsChloExtractorTest, MoveAssignment) { + Initialize(); + EXPECT_EQ(packets_.size(), 1u); + TlsChloExtractor other_extractor; + tls_chlo_extractor_ = std::move(other_extractor); + IngestPackets(); + ValidateChloDetails(); + EXPECT_EQ(tls_chlo_extractor_.state(), + TlsChloExtractor::State::kParsedFullSinglePacketChlo); +} + +TEST_P(TlsChloExtractorTest, MoveAssignmentBetweenPackets) { + IncreaseSizeOfChlo(); + Initialize(); + ASSERT_EQ(packets_.size(), 2u); + TlsChloExtractor other_extractor; + + // Have |other_extractor| parse the first packet. + ReceivedPacketInfo packet_info( + QuicSocketAddress(TestPeerIPAddress(), kTestPort), + QuicSocketAddress(TestPeerIPAddress(), kTestPort), *packets_[0]); + std::string detailed_error; + bool retry_token_present; + quiche::QuicheStringPiece retry_token; + const QuicErrorCode error = QuicFramer::ParsePublicHeaderDispatcher( + *packets_[0], /*expected_destination_connection_id_length=*/0, + &packet_info.form, &packet_info.long_packet_type, + &packet_info.version_flag, &packet_info.use_length_prefix, + &packet_info.version_label, &packet_info.version, + &packet_info.destination_connection_id, &packet_info.source_connection_id, + &retry_token_present, &retry_token, &detailed_error); + ASSERT_THAT(error, IsQuicNoError()) << detailed_error; + other_extractor.IngestPacket(packet_info.version, packet_info.packet); + // Remove the first packet from the list. + packets_.erase(packets_.begin()); + EXPECT_EQ(packets_.size(), 1u); + + // Move the extractor. + tls_chlo_extractor_ = std::move(other_extractor); + + // Have |tls_chlo_extractor_| parse the second packet. + IngestPackets(); + + ValidateChloDetails(); + EXPECT_EQ(tls_chlo_extractor_.state(), + TlsChloExtractor::State::kParsedFullMultiPacketChlo); +} + +} // namespace +} // namespace test +} // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/tls_client_handshaker.cc b/chromium/net/third_party/quiche/src/quic/core/tls_client_handshaker.cc index 5148e71caf5..d4e8ed023b1 100644 --- a/chromium/net/third_party/quiche/src/quic/core/tls_client_handshaker.cc +++ b/chromium/net/third_party/quiche/src/quic/core/tls_client_handshaker.cc @@ -8,9 +8,12 @@ #include <string> #include "third_party/boringssl/src/include/openssl/ssl.h" +#include "net/third_party/quiche/src/quic/core/crypto/quic_crypto_client_config.h" #include "net/third_party/quiche/src/quic/core/crypto/quic_encrypter.h" #include "net/third_party/quiche/src/quic/core/crypto/transport_parameters.h" #include "net/third_party/quiche/src/quic/core/quic_session.h" +#include "net/third_party/quiche/src/quic/platform/api/quic_flags.h" +#include "net/third_party/quiche/src/quic/platform/api/quic_hostname_utils.h" #include "net/third_party/quiche/src/common/platform/api/quiche_string_piece.h" #include "net/third_party/quiche/src/common/platform/api/quiche_text_utils.h" @@ -34,8 +37,10 @@ void TlsClientHandshaker::ProofVerifierCallbackImpl::Run( parent_->verify_result_ = ok ? ssl_verify_ok : ssl_verify_invalid; parent_->state_ = STATE_HANDSHAKE_RUNNING; parent_->proof_verify_callback_ = nullptr; - parent_->proof_handler_->OnProofVerifyDetailsAvailable( - *parent_->verify_details_); + if (parent_->verify_details_) { + parent_->proof_handler_->OnProofVerifyDetailsAvailable( + *parent_->verify_details_); + } parent_->AdvanceHandshake(); } @@ -49,7 +54,8 @@ TlsClientHandshaker::TlsClientHandshaker( QuicSession* session, std::unique_ptr<ProofVerifyContext> verify_context, QuicCryptoClientConfig* crypto_config, - QuicCryptoClientStream::ProofHandler* proof_handler) + QuicCryptoClientStream::ProofHandler* proof_handler, + bool has_application_state) : TlsHandshaker(stream, session), session_(session), server_id_(server_id), @@ -58,7 +64,9 @@ TlsClientHandshaker::TlsClientHandshaker( proof_handler_(proof_handler), session_cache_(crypto_config->session_cache()), user_agent_id_(crypto_config->user_agent_id()), + pre_shared_key_(crypto_config->pre_shared_key()), crypto_negotiated_params_(new QuicCryptoNegotiatedParameters), + has_application_state_(has_application_state), tls_connection_(crypto_config->ssl_ctx(), this) {} TlsClientHandshaker::~TlsClientHandshaker() { @@ -70,9 +78,25 @@ TlsClientHandshaker::~TlsClientHandshaker() { bool TlsClientHandshaker::CryptoConnect() { state_ = STATE_HANDSHAKE_RUNNING; + if (!pre_shared_key_.empty()) { + // TODO(b/154162689) add PSK support to QUIC+TLS. + std::string error_details = + "QUIC client pre-shared keys not yet supported with TLS"; + QUIC_BUG << error_details; + CloseConnection(QUIC_HANDSHAKE_FAILED, error_details); + return false; + } + // Set the SNI to send, if any. SSL_set_connect_state(ssl()); + if (QUIC_DLOG_INFO_IS_ON() && + !QuicHostnameUtils::IsValidSNI(server_id_.host())) { + QUIC_DLOG(INFO) << "Client configured with invalid hostname \"" + << server_id_.host() << "\", not sending as SNI"; + } if (!server_id_.host().empty() && + (QuicHostnameUtils::IsValidSNI(server_id_.host()) || + allow_invalid_sni_for_tests_) && SSL_set_tlsext_host_name(ssl(), server_id_.host().c_str()) != 1) { return false; } @@ -95,6 +119,13 @@ bool TlsClientHandshaker::CryptoConnect() { session_cache_->Lookup(server_id_, SSL_get_SSL_CTX(ssl())); if (cached_state) { SSL_set_session(ssl(), cached_state->tls_session.get()); + if (GetQuicReloadableFlag(quic_enable_zero_rtt_for_tls) && + VersionHasIetfQuicFrames(session()->transport_version()) && + SSL_SESSION_early_data_capable(cached_state->tls_session.get())) { + if (!PrepareZeroRttConfig(cached_state.get())) { + return false; + } + } } } @@ -103,6 +134,30 @@ bool TlsClientHandshaker::CryptoConnect() { return session()->connection()->connected(); } +bool TlsClientHandshaker::PrepareZeroRttConfig( + QuicResumptionState* cached_state) { + std::string error_details; + if (session()->config()->ProcessTransportParameters( + *(cached_state->transport_params), SERVER, + /*is_resumption = */ true, &error_details) != QUIC_NO_ERROR) { + QUIC_BUG << "Unable to parse cached transport parameters."; + CloseConnection(QUIC_HANDSHAKE_FAILED, + "Client failed to parse cached Transport Parameters."); + return false; + } + session()->OnConfigNegotiated(); + + if (has_application_state_) { + if (!session()->SetApplicationState(cached_state->application_state)) { + QUIC_BUG << "Unable to parse cached application state."; + CloseConnection(QUIC_HANDSHAKE_FAILED, + "Client failed to parse cached application state."); + return false; + } + } + return true; +} + static bool IsValidAlpn(const std::string& alpn_string) { return alpn_string.length() <= std::numeric_limits<uint8_t>::max(); } @@ -152,7 +207,14 @@ bool TlsClientHandshaker::SetTransportParameters() { if (!session()->config()->FillTransportParameters(¶ms)) { return false; } - params.google_quic_params->SetStringPiece(kUAID, user_agent_id_); + if (GetQuicRestartFlag(quic_google_transport_param_send_new)) { + if (!user_agent_id_.empty()) { + params.user_agent_id = user_agent_id_; + } + } + if (!GetQuicRestartFlag(quic_google_transport_param_omit_old)) { + params.google_quic_params->SetStringPiece(kUAID, user_agent_id_); + } std::vector<uint8_t> param_bytes; return SerializeTransportParameters(session()->connection()->version(), @@ -163,7 +225,7 @@ bool TlsClientHandshaker::SetTransportParameters() { bool TlsClientHandshaker::ProcessTransportParameters( std::string* error_details) { - TransportParameters params; + received_transport_params_ = std::make_unique<TransportParameters>(); const uint8_t* param_bytes; size_t param_bytes_len; SSL_get_peer_quic_transport_params(ssl(), ¶m_bytes, ¶m_bytes_len); @@ -174,7 +236,8 @@ bool TlsClientHandshaker::ProcessTransportParameters( std::string parse_error_details; if (!ParseTransportParameters( session()->connection()->version(), Perspective::IS_SERVER, - param_bytes, param_bytes_len, ¶ms, &parse_error_details)) { + param_bytes, param_bytes_len, received_transport_params_.get(), + &parse_error_details)) { DCHECK(!parse_error_details.empty()); *error_details = "Unable to parse server's transport parameters: " + parse_error_details; @@ -183,29 +246,37 @@ bool TlsClientHandshaker::ProcessTransportParameters( // When interoperating with non-Google implementations that do not send // the version extension, set it to what we expect. - if (params.version == 0) { - params.version = CreateQuicVersionLabel(session()->connection()->version()); + if (received_transport_params_->version == 0) { + received_transport_params_->version = + CreateQuicVersionLabel(session()->connection()->version()); } - if (params.supported_versions.empty()) { - params.supported_versions.push_back(params.version); + if (received_transport_params_->supported_versions.empty()) { + received_transport_params_->supported_versions.push_back( + received_transport_params_->version); } - if (params.version != + if (received_transport_params_->version != CreateQuicVersionLabel(session()->connection()->version())) { *error_details = "Version mismatch detected"; return false; } if (CryptoUtils::ValidateServerHelloVersions( - params.supported_versions, + received_transport_params_->supported_versions, session()->connection()->server_supported_versions(), error_details) != QUIC_NO_ERROR || session()->config()->ProcessTransportParameters( - params, SERVER, error_details) != QUIC_NO_ERROR) { + *received_transport_params_, SERVER, /* is_resumption = */ false, + error_details) != QUIC_NO_ERROR) { DCHECK(!error_details->empty()); return false; } session()->OnConfigNegotiated(); + if (state_ == STATE_CONNECTION_CLOSED) { + *error_details = + "Session closed the connection when parsing negotiated config."; + return false; + } return true; } @@ -277,6 +348,20 @@ void TlsClientHandshaker::OnOneRttPacketAcknowledged() { OnHandshakeConfirmed(); } +void TlsClientHandshaker::OnHandshakePacketSent() { + if (initial_keys_dropped_) { + return; + } + initial_keys_dropped_ = true; + handshaker_delegate()->DiscardOldEncryptionKey(ENCRYPTION_INITIAL); + handshaker_delegate()->DiscardOldDecryptionKey(ENCRYPTION_INITIAL); +} + +void TlsClientHandshaker::OnConnectionClosed(QuicErrorCode /*error*/, + ConnectionCloseSource /*source*/) { + state_ = STATE_CONNECTION_CLOSED; +} + void TlsClientHandshaker::OnHandshakeDoneReceived() { if (!one_rtt_keys_available_) { CloseConnection(QUIC_HANDSHAKE_FAILED, @@ -290,8 +375,10 @@ void TlsClientHandshaker::SetWriteSecret( EncryptionLevel level, const SSL_CIPHER* cipher, const std::vector<uint8_t>& write_secret) { - if (GetQuicRestartFlag(quic_send_settings_on_write_key_available) && - level == ENCRYPTION_FORWARD_SECURE) { + if (state_ == STATE_CONNECTION_CLOSED) { + return; + } + if (level == ENCRYPTION_FORWARD_SECURE) { encryption_established_ = true; } TlsHandshaker::SetWriteSecret(level, cipher, write_secret); @@ -335,6 +422,7 @@ void TlsClientHandshaker::AdvanceHandshake() { int ssl_error = SSL_get_error(ssl(), rv); bool should_close = true; switch (state_) { + // TODO(b/153726130): handle the case where the server rejects early data. case STATE_HANDSHAKE_RUNNING: should_close = ssl_error != SSL_ERROR_WANT_READ; break; @@ -363,16 +451,14 @@ void TlsClientHandshaker::CloseConnection(QuicErrorCode error, void TlsClientHandshaker::FinishHandshake() { QUIC_LOG(INFO) << "Client: handshake finished"; state_ = STATE_HANDSHAKE_COMPLETE; - if (GetQuicRestartFlag(quic_send_settings_on_write_key_available)) { - // Fill crypto_negotiated_params_: - const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl()); - if (cipher) { - crypto_negotiated_params_->cipher_suite = SSL_CIPHER_get_value(cipher); - } - crypto_negotiated_params_->key_exchange_group = SSL_get_curve_id(ssl()); - crypto_negotiated_params_->peer_signature_algorithm = - SSL_get_peer_signature_algorithm(ssl()); + // Fill crypto_negotiated_params_: + const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl()); + if (cipher) { + crypto_negotiated_params_->cipher_suite = SSL_CIPHER_get_value(cipher); } + crypto_negotiated_params_->key_exchange_group = SSL_get_curve_id(ssl()); + crypto_negotiated_params_->peer_signature_algorithm = + SSL_get_peer_signature_algorithm(ssl()); std::string error_details; if (!ProcessTransportParameters(&error_details)) { @@ -408,23 +494,7 @@ void TlsClientHandshaker::FinishHandshake() { session()->OnAlpnSelected(received_alpn_string); QUIC_DLOG(INFO) << "Client: server selected ALPN: '" << received_alpn_string << "'"; - - if (!GetQuicRestartFlag(quic_send_settings_on_write_key_available)) { - encryption_established_ = true; - } one_rtt_keys_available_ = true; - - if (!GetQuicRestartFlag(quic_send_settings_on_write_key_available)) { - // Fill crypto_negotiated_params_: - const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl()); - if (cipher) { - crypto_negotiated_params_->cipher_suite = SSL_CIPHER_get_value(cipher); - } - crypto_negotiated_params_->key_exchange_group = SSL_get_curve_id(ssl()); - crypto_negotiated_params_->peer_signature_algorithm = - SSL_get_peer_signature_algorithm(ssl()); - } - handshaker_delegate()->OnOneRttKeysAvailable(); } @@ -462,12 +532,14 @@ enum ssl_verify_result_t TlsClientHandshaker::VerifyCert(uint8_t* out_alert) { new ProofVerifierCallbackImpl(this); QuicAsyncStatus verify_result = proof_verifier_->VerifyCertChain( - server_id_.host(), certs, ocsp_response, sct_list, verify_context_.get(), - &cert_verify_error_details_, &verify_details_, + server_id_.host(), server_id_.port(), certs, ocsp_response, sct_list, + verify_context_.get(), &cert_verify_error_details_, &verify_details_, std::unique_ptr<ProofVerifierCallback>(proof_verify_callback)); switch (verify_result) { case QUIC_SUCCESS: - proof_handler_->OnProofVerifyDetailsAvailable(*verify_details_); + if (verify_details_) { + proof_handler_->OnProofVerifyDetailsAvailable(*verify_details_); + } return ssl_verify_ok; case QUIC_PENDING: proof_verify_callback_ = proof_verify_callback; @@ -482,13 +554,25 @@ enum ssl_verify_result_t TlsClientHandshaker::VerifyCert(uint8_t* out_alert) { } void TlsClientHandshaker::InsertSession(bssl::UniquePtr<SSL_SESSION> session) { + if (!received_transport_params_) { + QUIC_BUG << "Transport parameters isn't received"; + return; + } if (session_cache_ == nullptr) { QUIC_DVLOG(1) << "No session cache, not inserting a session"; return; } - auto cache_state = std::make_unique<QuicResumptionState>(); - cache_state->tls_session = std::move(session); - session_cache_->Insert(server_id_, std::move(cache_state)); + if (has_application_state_ && !received_application_state_) { + // Application state is not received yet. cache the sessions. + if (cached_tls_sessions_[0] != nullptr) { + cached_tls_sessions_[1] = std::move(cached_tls_sessions_[0]); + } + cached_tls_sessions_[0] = std::move(session); + return; + } + session_cache_->Insert(server_id_, std::move(session), + *received_transport_params_, + received_application_state_.get()); } void TlsClientHandshaker::WriteMessage(EncryptionLevel level, @@ -496,10 +580,27 @@ void TlsClientHandshaker::WriteMessage(EncryptionLevel level, if (level == ENCRYPTION_HANDSHAKE && state_ < STATE_ENCRYPTION_HANDSHAKE_DATA_SENT) { state_ = STATE_ENCRYPTION_HANDSHAKE_DATA_SENT; - handshaker_delegate()->DiscardOldEncryptionKey(ENCRYPTION_INITIAL); - handshaker_delegate()->DiscardOldDecryptionKey(ENCRYPTION_INITIAL); } TlsHandshaker::WriteMessage(level, data); } +void TlsClientHandshaker::OnApplicationState( + std::unique_ptr<ApplicationState> application_state) { + DCHECK_EQ(STATE_HANDSHAKE_COMPLETE, state_); + received_application_state_ = std::move(application_state); + // At least one tls session is cached before application state is received. So + // insert now. + if (session_cache_ != nullptr && cached_tls_sessions_[0] != nullptr) { + if (cached_tls_sessions_[1] != nullptr) { + // Insert the older session first. + session_cache_->Insert(server_id_, std::move(cached_tls_sessions_[1]), + *received_transport_params_, + received_application_state_.get()); + } + session_cache_->Insert(server_id_, std::move(cached_tls_sessions_[0]), + *received_transport_params_, + received_application_state_.get()); + } +} + } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/tls_client_handshaker.h b/chromium/net/third_party/quiche/src/quic/core/tls_client_handshaker.h index d9ee7608f6f..cc601219dfa 100644 --- a/chromium/net/third_party/quiche/src/quic/core/tls_client_handshaker.h +++ b/chromium/net/third_party/quiche/src/quic/core/tls_client_handshaker.h @@ -5,11 +5,15 @@ #ifndef QUICHE_QUIC_CORE_TLS_CLIENT_HANDSHAKER_H_ #define QUICHE_QUIC_CORE_TLS_CLIENT_HANDSHAKER_H_ +#include <cstdint> +#include <memory> #include <string> #include "third_party/boringssl/src/include/openssl/ssl.h" #include "net/third_party/quiche/src/quic/core/crypto/proof_verifier.h" +#include "net/third_party/quiche/src/quic/core/crypto/quic_crypto_client_config.h" #include "net/third_party/quiche/src/quic/core/crypto/tls_client_connection.h" +#include "net/third_party/quiche/src/quic/core/crypto/transport_parameters.h" #include "net/third_party/quiche/src/quic/core/quic_crypto_client_stream.h" #include "net/third_party/quiche/src/quic/core/quic_crypto_stream.h" #include "net/third_party/quiche/src/quic/core/tls_handshaker.h" @@ -30,7 +34,8 @@ class QUIC_EXPORT_PRIVATE TlsClientHandshaker QuicSession* session, std::unique_ptr<ProofVerifyContext> verify_context, QuicCryptoClientConfig* crypto_config, - QuicCryptoClientStream::ProofHandler* proof_handler); + QuicCryptoClientStream::ProofHandler* proof_handler, + bool has_application_state); TlsClientHandshaker(const TlsClientHandshaker&) = delete; TlsClientHandshaker& operator=(const TlsClientHandshaker&) = delete; @@ -54,6 +59,9 @@ class QUIC_EXPORT_PRIVATE TlsClientHandshaker HandshakeState GetHandshakeState() const override; size_t BufferSizeLimitForLevel(EncryptionLevel level) const override; void OnOneRttPacketAcknowledged() override; + void OnHandshakePacketSent() override; + void OnConnectionClosed(QuicErrorCode error, + ConnectionCloseSource source) override; void OnHandshakeDoneReceived() override; void SetWriteSecret(EncryptionLevel level, const SSL_CIPHER* cipher, @@ -63,7 +71,11 @@ class QUIC_EXPORT_PRIVATE TlsClientHandshaker void WriteMessage(EncryptionLevel level, quiche::QuicheStringPiece data) override; + void OnApplicationState( + std::unique_ptr<ApplicationState> application_state) override; + void AllowEmptyAlpnForTests() { allow_empty_alpn_for_tests_ = true; } + void AllowInvalidSNIForTests() { allow_invalid_sni_for_tests_ = true; } protected: const TlsConnection* tls_connection() const override { @@ -119,6 +131,8 @@ class QUIC_EXPORT_PRIVATE TlsClientHandshaker void InsertSession(bssl::UniquePtr<SSL_SESSION> session) override; + bool PrepareZeroRttConfig(QuicResumptionState* cached_state); + QuicSession* session() { return session_; } QuicSession* session_; @@ -140,6 +154,9 @@ class QUIC_EXPORT_PRIVATE TlsClientHandshaker std::string user_agent_id_; + // Pre-shared key used during the handshake. + std::string pre_shared_key_; + // ProofVerifierCallback used for async certificate verification. This object // is owned by |proof_verifier_|. ProofVerifierCallbackImpl* proof_verify_callback_ = nullptr; @@ -148,14 +165,25 @@ class QUIC_EXPORT_PRIVATE TlsClientHandshaker std::string cert_verify_error_details_; bool encryption_established_ = false; + bool initial_keys_dropped_ = false; bool one_rtt_keys_available_ = false; bool handshake_confirmed_ = false; QuicReferenceCountedPointer<QuicCryptoNegotiatedParameters> crypto_negotiated_params_; bool allow_empty_alpn_for_tests_ = false; + bool allow_invalid_sni_for_tests_ = false; + + const bool has_application_state_; TlsClientConnection tls_connection_; + + // If |has_application_state_|, stores the tls session tickets before + // application state is received. The latest one is put in the front. + bssl::UniquePtr<SSL_SESSION> cached_tls_sessions_[2] = {}; + + std::unique_ptr<TransportParameters> received_transport_params_ = nullptr; + std::unique_ptr<ApplicationState> received_application_state_ = nullptr; }; } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/tls_client_handshaker_test.cc b/chromium/net/third_party/quiche/src/quic/core/tls_client_handshaker_test.cc new file mode 100644 index 00000000000..68c413fbb63 --- /dev/null +++ b/chromium/net/third_party/quiche/src/quic/core/tls_client_handshaker_test.cc @@ -0,0 +1,455 @@ +// Copyright (c) 2012 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <memory> +#include <string> +#include <utility> + +#include "net/third_party/quiche/src/quic/core/crypto/quic_decrypter.h" +#include "net/third_party/quiche/src/quic/core/crypto/quic_encrypter.h" +#include "net/third_party/quiche/src/quic/core/quic_packets.h" +#include "net/third_party/quiche/src/quic/core/quic_server_id.h" +#include "net/third_party/quiche/src/quic/core/quic_utils.h" +#include "net/third_party/quiche/src/quic/platform/api/quic_expect_bug.h" +#include "net/third_party/quiche/src/quic/platform/api/quic_flags.h" +#include "net/third_party/quiche/src/quic/platform/api/quic_test.h" +#include "net/third_party/quiche/src/quic/test_tools/crypto_test_utils.h" +#include "net/third_party/quiche/src/quic/test_tools/quic_session_peer.h" +#include "net/third_party/quiche/src/quic/test_tools/quic_test_utils.h" +#include "net/third_party/quiche/src/quic/test_tools/simple_session_cache.h" +#include "net/third_party/quiche/src/quic/tools/fake_proof_verifier.h" +#include "net/third_party/quiche/src/common/platform/api/quiche_arraysize.h" +#include "net/third_party/quiche/src/common/test_tools/quiche_test_utils.h" + +using testing::_; + +namespace quic { +namespace test { +namespace { + +constexpr char kServerHostname[] = "test.example.com"; +constexpr uint16_t kServerPort = 443; + +// TestProofVerifier wraps ProofVerifierForTesting, except for VerifyCertChain +// which, if TestProofVerifier is active, always returns QUIC_PENDING. (If this +// test proof verifier is not active, it delegates VerifyCertChain to the +// ProofVerifierForTesting.) The pending VerifyCertChain operation can be +// completed by calling InvokePendingCallback. This allows for testing +// asynchronous VerifyCertChain operations. +class TestProofVerifier : public ProofVerifier { + public: + TestProofVerifier() + : verifier_(crypto_test_utils::ProofVerifierForTesting()) {} + + QuicAsyncStatus VerifyProof( + const std::string& hostname, + const uint16_t port, + const std::string& server_config, + QuicTransportVersion quic_version, + quiche::QuicheStringPiece chlo_hash, + const std::vector<std::string>& certs, + const std::string& cert_sct, + const std::string& signature, + const ProofVerifyContext* context, + std::string* error_details, + std::unique_ptr<ProofVerifyDetails>* details, + std::unique_ptr<ProofVerifierCallback> callback) override { + return verifier_->VerifyProof( + hostname, port, server_config, quic_version, chlo_hash, certs, cert_sct, + signature, context, error_details, details, std::move(callback)); + } + + QuicAsyncStatus VerifyCertChain( + const std::string& hostname, + const uint16_t port, + const std::vector<std::string>& certs, + const std::string& ocsp_response, + const std::string& cert_sct, + const ProofVerifyContext* context, + std::string* error_details, + std::unique_ptr<ProofVerifyDetails>* details, + std::unique_ptr<ProofVerifierCallback> callback) override { + if (!active_) { + return verifier_->VerifyCertChain(hostname, port, certs, ocsp_response, + cert_sct, context, error_details, + details, std::move(callback)); + } + pending_ops_.push_back(std::make_unique<VerifyChainPendingOp>( + hostname, port, certs, ocsp_response, cert_sct, context, error_details, + details, std::move(callback), verifier_.get())); + return QUIC_PENDING; + } + + std::unique_ptr<ProofVerifyContext> CreateDefaultContext() override { + return nullptr; + } + + void Activate() { active_ = true; } + + size_t NumPendingCallbacks() const { return pending_ops_.size(); } + + void InvokePendingCallback(size_t n) { + ASSERT_GT(NumPendingCallbacks(), n); + pending_ops_[n]->Run(); + auto it = pending_ops_.begin() + n; + pending_ops_.erase(it); + } + + private: + // Implementation of ProofVerifierCallback that fails if the callback is ever + // run. + class FailingProofVerifierCallback : public ProofVerifierCallback { + public: + void Run(bool /*ok*/, + const std::string& /*error_details*/, + std::unique_ptr<ProofVerifyDetails>* /*details*/) override { + FAIL(); + } + }; + + class VerifyChainPendingOp { + public: + VerifyChainPendingOp(const std::string& hostname, + const uint16_t port, + const std::vector<std::string>& certs, + const std::string& ocsp_response, + const std::string& cert_sct, + const ProofVerifyContext* context, + std::string* error_details, + std::unique_ptr<ProofVerifyDetails>* details, + std::unique_ptr<ProofVerifierCallback> callback, + ProofVerifier* delegate) + : hostname_(hostname), + port_(port), + certs_(certs), + ocsp_response_(ocsp_response), + cert_sct_(cert_sct), + context_(context), + error_details_(error_details), + details_(details), + callback_(std::move(callback)), + delegate_(delegate) {} + + void Run() { + // TestProofVerifier depends on crypto_test_utils::ProofVerifierForTesting + // running synchronously. It passes a FailingProofVerifierCallback and + // runs the original callback after asserting that the verification ran + // synchronously. + QuicAsyncStatus status = delegate_->VerifyCertChain( + hostname_, port_, certs_, ocsp_response_, cert_sct_, context_, + error_details_, details_, + std::make_unique<FailingProofVerifierCallback>()); + ASSERT_NE(status, QUIC_PENDING); + callback_->Run(status == QUIC_SUCCESS, *error_details_, details_); + } + + private: + std::string hostname_; + const uint16_t port_; + std::vector<std::string> certs_; + std::string ocsp_response_; + std::string cert_sct_; + const ProofVerifyContext* context_; + std::string* error_details_; + std::unique_ptr<ProofVerifyDetails>* details_; + std::unique_ptr<ProofVerifierCallback> callback_; + ProofVerifier* delegate_; + }; + + std::unique_ptr<ProofVerifier> verifier_; + bool active_ = false; + std::vector<std::unique_ptr<VerifyChainPendingOp>> pending_ops_; +}; + +class TlsClientHandshakerTest : public QuicTestWithParam<ParsedQuicVersion> { + public: + TlsClientHandshakerTest() + : supported_versions_({GetParam()}), + server_id_(kServerHostname, kServerPort, false), + crypto_config_(std::make_unique<QuicCryptoClientConfig>( + std::make_unique<TestProofVerifier>(), + std::make_unique<test::SimpleSessionCache>())), + server_compressed_certs_cache_( + QuicCompressedCertsCache::kQuicCompressedCertsCacheSize) { + SetQuicReloadableFlag(quic_enable_tls_resumption, true); + SetQuicReloadableFlag(quic_enable_zero_rtt_for_tls, true); + server_crypto_config_ = crypto_test_utils::CryptoServerConfigForTesting(); + CreateConnection(); + } + + void CreateSession() { + session_ = std::make_unique<TestQuicSpdyClientSession>( + connection_, DefaultQuicConfig(), supported_versions_, server_id_, + crypto_config_.get()); + EXPECT_CALL(*session_, GetAlpnsToOffer()) + .WillRepeatedly(testing::Return(std::vector<std::string>( + {AlpnForVersion(connection_->version())}))); + } + + void CreateConnection() { + connection_ = + new PacketSavingConnection(&client_helper_, &alarm_factory_, + Perspective::IS_CLIENT, supported_versions_); + // Advance the time, because timers do not like uninitialized times. + connection_->AdvanceTime(QuicTime::Delta::FromSeconds(1)); + CreateSession(); + } + + void CompleteCryptoHandshake() { + EXPECT_CALL(*connection_, SendCryptoData(_, _, _)) + .Times(testing::AnyNumber()); + stream()->CryptoConnect(); + QuicConfig config; + crypto_test_utils::HandshakeWithFakeServer( + &config, server_crypto_config_.get(), &server_helper_, &alarm_factory_, + connection_, stream(), AlpnForVersion(connection_->version())); + } + + QuicCryptoClientStream* stream() { + return session_->GetMutableCryptoStream(); + } + + QuicCryptoServerStreamBase* server_stream() { + return server_session_->GetMutableCryptoStream(); + } + + // Initializes a fake server, and all its associated state, for testing. + void InitializeFakeServer() { + TestQuicSpdyServerSession* server_session = nullptr; + CreateServerSessionForTest( + server_id_, QuicTime::Delta::FromSeconds(100000), supported_versions_, + &server_helper_, &alarm_factory_, server_crypto_config_.get(), + &server_compressed_certs_cache_, &server_connection_, &server_session); + server_session_.reset(server_session); + std::string alpn = AlpnForVersion(connection_->version()); + EXPECT_CALL(*server_session_, SelectAlpn(_)) + .WillRepeatedly( + [alpn](const std::vector<quiche::QuicheStringPiece>& alpns) { + return std::find(alpns.cbegin(), alpns.cend(), alpn); + }); + } + + MockQuicConnectionHelper server_helper_; + MockQuicConnectionHelper client_helper_; + MockAlarmFactory alarm_factory_; + PacketSavingConnection* connection_; + ParsedQuicVersionVector supported_versions_; + std::unique_ptr<TestQuicSpdyClientSession> session_; + QuicServerId server_id_; + CryptoHandshakeMessage message_; + std::unique_ptr<QuicCryptoClientConfig> crypto_config_; + + // Server state. + std::unique_ptr<QuicCryptoServerConfig> server_crypto_config_; + PacketSavingConnection* server_connection_; + std::unique_ptr<TestQuicSpdyServerSession> server_session_; + QuicCompressedCertsCache server_compressed_certs_cache_; +}; + +INSTANTIATE_TEST_SUITE_P(TlsHandshakerTests, + TlsClientHandshakerTest, + ::testing::ValuesIn(AllSupportedVersionsWithTls()), + ::testing::PrintToStringParamName()); + +TEST_P(TlsClientHandshakerTest, NotInitiallyConnected) { + EXPECT_FALSE(stream()->encryption_established()); + EXPECT_FALSE(stream()->one_rtt_keys_available()); +} + +TEST_P(TlsClientHandshakerTest, ConnectedAfterHandshake) { + CompleteCryptoHandshake(); + EXPECT_EQ(PROTOCOL_TLS1_3, stream()->handshake_protocol()); + EXPECT_TRUE(stream()->encryption_established()); + EXPECT_TRUE(stream()->one_rtt_keys_available()); + EXPECT_FALSE(stream()->IsResumption()); +} + +TEST_P(TlsClientHandshakerTest, ConnectionClosedOnTlsError) { + // Have client send ClientHello. + stream()->CryptoConnect(); + EXPECT_CALL(*connection_, CloseConnection(QUIC_HANDSHAKE_FAILED, _, _)); + + // Send a zero-length ServerHello from server to client. + char bogus_handshake_message[] = { + // Handshake struct (RFC 8446 appendix B.3) + 2, // HandshakeType server_hello + 0, 0, 0, // uint24 length + }; + stream()->crypto_message_parser()->ProcessInput( + quiche::QuicheStringPiece(bogus_handshake_message, + QUICHE_ARRAYSIZE(bogus_handshake_message)), + ENCRYPTION_INITIAL); + + EXPECT_FALSE(stream()->one_rtt_keys_available()); +} + +TEST_P(TlsClientHandshakerTest, ProofVerifyDetailsAvailableAfterHandshake) { + EXPECT_CALL(*session_, OnProofVerifyDetailsAvailable(testing::_)); + stream()->CryptoConnect(); + QuicConfig config; + crypto_test_utils::HandshakeWithFakeServer( + &config, server_crypto_config_.get(), &server_helper_, &alarm_factory_, + connection_, stream(), AlpnForVersion(connection_->version())); + EXPECT_EQ(PROTOCOL_TLS1_3, stream()->handshake_protocol()); + EXPECT_TRUE(stream()->encryption_established()); + EXPECT_TRUE(stream()->one_rtt_keys_available()); +} + +TEST_P(TlsClientHandshakerTest, HandshakeWithAsyncProofVerifier) { + InitializeFakeServer(); + + // Enable TestProofVerifier to capture call to VerifyCertChain and run it + // asynchronously. + TestProofVerifier* proof_verifier = + static_cast<TestProofVerifier*>(crypto_config_->proof_verifier()); + proof_verifier->Activate(); + + stream()->CryptoConnect(); + // Exchange handshake messages. + std::pair<size_t, size_t> moved_message_counts = + crypto_test_utils::AdvanceHandshake( + connection_, stream(), 0, server_connection_, server_stream(), 0); + + ASSERT_EQ(proof_verifier->NumPendingCallbacks(), 1u); + proof_verifier->InvokePendingCallback(0); + + // Exchange more handshake messages. + crypto_test_utils::AdvanceHandshake( + connection_, stream(), moved_message_counts.first, server_connection_, + server_stream(), moved_message_counts.second); + + EXPECT_TRUE(stream()->encryption_established()); + EXPECT_TRUE(stream()->one_rtt_keys_available()); +} + +TEST_P(TlsClientHandshakerTest, Resumption) { + // Finish establishing the first connection: + CompleteCryptoHandshake(); + + EXPECT_EQ(PROTOCOL_TLS1_3, stream()->handshake_protocol()); + EXPECT_TRUE(stream()->encryption_established()); + EXPECT_TRUE(stream()->one_rtt_keys_available()); + EXPECT_FALSE(stream()->IsResumption()); + + // Create a second connection + CreateConnection(); + CompleteCryptoHandshake(); + + EXPECT_EQ(PROTOCOL_TLS1_3, stream()->handshake_protocol()); + EXPECT_TRUE(stream()->encryption_established()); + EXPECT_TRUE(stream()->one_rtt_keys_available()); + EXPECT_TRUE(stream()->IsResumption()); +} + +TEST_P(TlsClientHandshakerTest, ClientSendsNoSNI) { + // Reconfigure client to sent an empty server hostname. The crypto config also + // needs to be recreated to use a FakeProofVerifier since the server's cert + // won't match the empty hostname. + server_id_ = QuicServerId("", 443); + crypto_config_.reset(new QuicCryptoClientConfig( + std::make_unique<FakeProofVerifier>(), nullptr)); + CreateConnection(); + InitializeFakeServer(); + + stream()->CryptoConnect(); + crypto_test_utils::CommunicateHandshakeMessages( + connection_, stream(), server_connection_, server_stream()); + + EXPECT_EQ(PROTOCOL_TLS1_3, stream()->handshake_protocol()); + EXPECT_TRUE(stream()->encryption_established()); + EXPECT_TRUE(stream()->one_rtt_keys_available()); + + EXPECT_EQ(server_stream()->crypto_negotiated_params().sni, ""); +} + +TEST_P(TlsClientHandshakerTest, ClientSendingTooManyALPNs) { + std::string long_alpn(250, 'A'); + EXPECT_CALL(*session_, GetAlpnsToOffer()) + .WillOnce(testing::Return(std::vector<std::string>({ + long_alpn + "1", + long_alpn + "2", + long_alpn + "3", + long_alpn + "4", + long_alpn + "5", + long_alpn + "6", + long_alpn + "7", + long_alpn + "8", + }))); + EXPECT_QUIC_BUG(stream()->CryptoConnect(), "Failed to set ALPN"); +} + +TEST_P(TlsClientHandshakerTest, ServerRequiresCustomALPN) { + InitializeFakeServer(); + const std::string kTestAlpn = "An ALPN That Client Did Not Offer"; + EXPECT_CALL(*server_session_, SelectAlpn(_)) + .WillOnce( + [kTestAlpn](const std::vector<quiche::QuicheStringPiece>& alpns) { + return std::find(alpns.cbegin(), alpns.cend(), kTestAlpn); + }); + EXPECT_CALL(*connection_, CloseConnection(QUIC_HANDSHAKE_FAILED, + "Server did not select ALPN", _)); + stream()->CryptoConnect(); + crypto_test_utils::AdvanceHandshake(connection_, stream(), 0, + server_connection_, server_stream(), 0); + + EXPECT_FALSE(stream()->one_rtt_keys_available()); + EXPECT_TRUE(stream()->encryption_established()); + EXPECT_FALSE(server_stream()->one_rtt_keys_available()); + EXPECT_TRUE(server_stream()->encryption_established()); +} + +TEST_P(TlsClientHandshakerTest, InvalidSNI) { + // Test that a client will skip sending SNI if configured to send an invalid + // hostname. In this case, the inclusion of '!' is invalid. + server_id_ = QuicServerId("invalid!.example.com", 443); + crypto_config_.reset(new QuicCryptoClientConfig( + std::make_unique<FakeProofVerifier>(), nullptr)); + CreateConnection(); + InitializeFakeServer(); + + stream()->CryptoConnect(); + crypto_test_utils::CommunicateHandshakeMessages( + connection_, stream(), server_connection_, server_stream()); + + EXPECT_EQ(PROTOCOL_TLS1_3, stream()->handshake_protocol()); + EXPECT_TRUE(stream()->encryption_established()); + EXPECT_TRUE(stream()->one_rtt_keys_available()); + + EXPECT_EQ(server_stream()->crypto_negotiated_params().sni, ""); +} + +TEST_P(TlsClientHandshakerTest, BadTransportParams) { + if (!connection_->version().UsesHttp3()) { + return; + } + SetQuicReloadableFlag(quic_notify_handshaker_on_connection_close, true); + // Finish establishing the first connection: + CompleteCryptoHandshake(); + + // Create a second connection + CreateConnection(); + + stream()->CryptoConnect(); + auto* id_manager = QuicSessionPeer::v99_streamid_manager(session_.get()); + EXPECT_EQ(kDefaultMaxStreamsPerConnection, + id_manager->max_outgoing_bidirectional_streams()); + QuicConfig config; + config.SetMaxBidirectionalStreamsToSend( + config.GetMaxBidirectionalStreamsToSend() - 1); + + EXPECT_CALL(*connection_, CloseConnection(QUIC_MAX_STREAMS_ERROR, _, _)) + .WillOnce(testing::Invoke(connection_, + &MockQuicConnection::ReallyCloseConnection)); + // Close connection will be called again in the handshaker, but this will be + // no-op as the connection is already closed. + EXPECT_CALL(*connection_, CloseConnection(QUIC_HANDSHAKE_FAILED, _, _)); + + crypto_test_utils::HandshakeWithFakeServer( + &config, server_crypto_config_.get(), &server_helper_, &alarm_factory_, + connection_, stream(), AlpnForVersion(connection_->version())); +} + +} // namespace +} // namespace test +} // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/tls_handshaker_test.cc b/chromium/net/third_party/quiche/src/quic/core/tls_handshaker_test.cc index 2d332a385bd..5a2bd6400aa 100644 --- a/chromium/net/third_party/quiche/src/quic/core/tls_handshaker_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/tls_handshaker_test.cc @@ -2,15 +2,16 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. +#include <memory> #include <string> #include <utility> +#include "net/third_party/quiche/src/quic/core/crypto/quic_crypto_server_config.h" #include "net/third_party/quiche/src/quic/core/crypto/tls_client_connection.h" #include "net/third_party/quiche/src/quic/core/crypto/tls_server_connection.h" #include "net/third_party/quiche/src/quic/core/quic_utils.h" #include "net/third_party/quiche/src/quic/core/tls_client_handshaker.h" #include "net/third_party/quiche/src/quic/core/tls_server_handshaker.h" -#include "net/third_party/quiche/src/quic/platform/api/quic_expect_bug.h" #include "net/third_party/quiche/src/quic/platform/api/quic_test.h" #include "net/third_party/quiche/src/quic/test_tools/crypto_test_utils.h" #include "net/third_party/quiche/src/quic/test_tools/fake_proof_source.h" @@ -53,6 +54,7 @@ class TestProofVerifier : public ProofVerifier { QuicAsyncStatus VerifyCertChain( const std::string& hostname, + const uint16_t port, const std::vector<std::string>& certs, const std::string& ocsp_response, const std::string& cert_sct, @@ -61,12 +63,12 @@ class TestProofVerifier : public ProofVerifier { std::unique_ptr<ProofVerifyDetails>* details, std::unique_ptr<ProofVerifierCallback> callback) override { if (!active_) { - return verifier_->VerifyCertChain(hostname, certs, ocsp_response, + return verifier_->VerifyCertChain(hostname, port, certs, ocsp_response, cert_sct, context, error_details, details, std::move(callback)); } pending_ops_.push_back(std::make_unique<VerifyChainPendingOp>( - hostname, certs, ocsp_response, cert_sct, context, error_details, + hostname, port, certs, ocsp_response, cert_sct, context, error_details, details, std::move(callback), verifier_.get())); return QUIC_PENDING; } @@ -101,6 +103,7 @@ class TestProofVerifier : public ProofVerifier { class VerifyChainPendingOp { public: VerifyChainPendingOp(const std::string& hostname, + const uint16_t port, const std::vector<std::string>& certs, const std::string& ocsp_response, const std::string& cert_sct, @@ -110,6 +113,7 @@ class TestProofVerifier : public ProofVerifier { std::unique_ptr<ProofVerifierCallback> callback, ProofVerifier* delegate) : hostname_(hostname), + port_(port), certs_(certs), ocsp_response_(ocsp_response), cert_sct_(cert_sct), @@ -125,7 +129,7 @@ class TestProofVerifier : public ProofVerifier { // runs the original callback after asserting that the verification ran // synchronously. QuicAsyncStatus status = delegate_->VerifyCertChain( - hostname_, certs_, ocsp_response_, cert_sct_, context_, + hostname_, port_, certs_, ocsp_response_, cert_sct_, context_, error_details_, details_, std::make_unique<FailingProofVerifierCallback>()); ASSERT_NE(status, QUIC_PENDING); @@ -134,6 +138,7 @@ class TestProofVerifier : public ProofVerifier { private: std::string hostname_; + const uint16_t port_; std::vector<std::string> certs_; std::string ocsp_response_; std::string cert_sct_; @@ -182,6 +187,7 @@ class TestQuicCryptoStream : public QuicCryptoStream { void OnPacketDecrypted(EncryptionLevel /*level*/) override {} void OnOneRttPacketAcknowledged() override {} + void OnHandshakePacketSent() override {} HandshakeState GetHandshakeState() const override { return handshaker()->GetHandshakeState(); @@ -224,8 +230,16 @@ class MockProofHandler : public QuicCryptoClientStream::ProofHandler { MockProofHandler() = default; ~MockProofHandler() override {} - MOCK_METHOD1(OnProofValid, void(const QuicCryptoClientConfig::CachedState&)); - MOCK_METHOD1(OnProofVerifyDetailsAvailable, void(const ProofVerifyDetails&)); + MOCK_METHOD( // NOLINT(build/deprecated) + void, + OnProofValid, + (const QuicCryptoClientConfig::CachedState&), + (override)); + MOCK_METHOD( // NOLINT(build/deprecated) + void, + OnProofVerifyDetailsAvailable, + (const ProofVerifyDetails&), + (override)); }; class TestQuicCryptoClientStream : public TestQuicCryptoStream { @@ -247,7 +261,8 @@ class TestQuicCryptoClientStream : public TestQuicCryptoStream { session, crypto_test_utils::ProofVerifyContextForTesting(), &crypto_config_, - &proof_handler_)) {} + &proof_handler_, + /*has_application_state = */ false)) {} ~TestQuicCryptoClientStream() override = default; @@ -271,10 +286,9 @@ class TestQuicCryptoClientStream : public TestQuicCryptoStream { class TestTlsServerHandshaker : public TlsServerHandshaker { public: TestTlsServerHandshaker(QuicSession* session, - SSL_CTX* ssl_ctx, - ProofSource* proof_source, + const QuicCryptoServerConfig& crypto_config, TestQuicCryptoStream* test_stream) - : TlsServerHandshaker(session, ssl_ctx, proof_source), + : TlsServerHandshaker(session, crypto_config), test_stream_(test_stream) {} void WriteCryptoData(EncryptionLevel level, @@ -288,15 +302,14 @@ class TestTlsServerHandshaker : public TlsServerHandshaker { class TestQuicCryptoServerStream : public TestQuicCryptoStream { public: - TestQuicCryptoServerStream(QuicSession* session, - FakeProofSource* proof_source) + TestQuicCryptoServerStream(QuicSession* session) : TestQuicCryptoStream(session), - proof_source_(proof_source), - ssl_ctx_(TlsServerConnection::CreateSslCtx()), - handshaker_(new TestTlsServerHandshaker(session, - ssl_ctx_.get(), - proof_source_, - this)) {} + crypto_config_(QuicCryptoServerConfig::TESTING, + QuicRandom::GetInstance(), + std::make_unique<FakeProofSource>(), + KeyExchangeSource::Default()), + handshaker_( + new TestTlsServerHandshaker(session, crypto_config_, this)) {} ~TestQuicCryptoServerStream() override = default; @@ -311,11 +324,12 @@ class TestQuicCryptoServerStream : public TestQuicCryptoStream { TlsHandshaker* handshaker() const override { return handshaker_.get(); } - FakeProofSource* GetFakeProofSource() const { return proof_source_; } + FakeProofSource* GetFakeProofSource() const { + return static_cast<FakeProofSource*>(crypto_config_.proof_source()); + } private: - FakeProofSource* proof_source_; - bssl::UniquePtr<SSL_CTX> ssl_ctx_; + QuicCryptoServerConfig crypto_config_; std::unique_ptr<TlsServerHandshaker> handshaker_; }; @@ -344,8 +358,7 @@ class TlsHandshakerTest : public QuicTestWithParam<ParsedQuicVersion> { server_session_(server_conn_, /*create_mock_crypto_stream=*/false) { client_stream_ = new TestQuicCryptoClientStream(&client_session_); client_session_.SetCryptoStream(client_stream_); - server_stream_ = - new TestQuicCryptoServerStream(&server_session_, &proof_source_); + server_stream_ = new TestQuicCryptoServerStream(&server_session_); server_session_.SetCryptoStream(server_stream_); client_session_.Initialize(); server_session_.Initialize(); @@ -401,7 +414,6 @@ class TlsHandshakerTest : public QuicTestWithParam<ParsedQuicVersion> { MockQuicSession client_session_; MockQuicSession server_session_; - FakeProofSource proof_source_; TestQuicCryptoClientStream* client_stream_; TestQuicCryptoServerStream* server_stream_; }; @@ -434,236 +446,6 @@ TEST_P(TlsHandshakerTest, CryptoHandshake) { ExpectHandshakeSuccessful(); } -TEST_P(TlsHandshakerTest, HandshakeWithAsyncProofSource) { - EXPECT_CALL(*client_conn_, CloseConnection(_, _, _)).Times(0); - EXPECT_CALL(*server_conn_, CloseConnection(_, _, _)).Times(0); - // Enable FakeProofSource to capture call to ComputeTlsSignature and run it - // asynchronously. - FakeProofSource* proof_source = server_stream_->GetFakeProofSource(); - proof_source->Activate(); - - // Start handshake. - client_stream_->CryptoConnect(); - ExchangeHandshakeMessages(client_stream_, server_stream_); - - ASSERT_EQ(proof_source->NumPendingCallbacks(), 1); - proof_source->InvokePendingCallback(0); - - ExchangeHandshakeMessages(client_stream_, server_stream_); - - ExpectHandshakeSuccessful(); -} - -TEST_P(TlsHandshakerTest, CancelPendingProofSource) { - EXPECT_CALL(*client_conn_, CloseConnection(_, _, _)).Times(0); - EXPECT_CALL(*server_conn_, CloseConnection(_, _, _)).Times(0); - // Enable FakeProofSource to capture call to ComputeTlsSignature and run it - // asynchronously. - FakeProofSource* proof_source = server_stream_->GetFakeProofSource(); - proof_source->Activate(); - - // Start handshake. - client_stream_->CryptoConnect(); - ExchangeHandshakeMessages(client_stream_, server_stream_); - - ASSERT_EQ(proof_source->NumPendingCallbacks(), 1); - server_stream_ = nullptr; - - proof_source->InvokePendingCallback(0); -} - -TEST_P(TlsHandshakerTest, HandshakeWithAsyncProofVerifier) { - EXPECT_CALL(*client_conn_, CloseConnection(_, _, _)).Times(0); - EXPECT_CALL(*server_conn_, CloseConnection(_, _, _)).Times(0); - // Enable TestProofVerifier to capture call to VerifyCertChain and run it - // asynchronously. - TestProofVerifier* proof_verifier = client_stream_->GetTestProofVerifier(); - proof_verifier->Activate(); - - EXPECT_CALL(client_stream_->proof_handler(), OnProofVerifyDetailsAvailable); - - // Start handshake. - client_stream_->CryptoConnect(); - ExchangeHandshakeMessages(client_stream_, server_stream_); - - ASSERT_EQ(proof_verifier->NumPendingCallbacks(), 1u); - proof_verifier->InvokePendingCallback(0); - - ExchangeHandshakeMessages(client_stream_, server_stream_); - - ExpectHandshakeSuccessful(); -} - -TEST_P(TlsHandshakerTest, ClientSendsNoSNI) { - // Create a new client stream (and handshaker) with an empty server hostname. - client_stream_ = - new TestQuicCryptoClientStream(&client_session_, QuicServerId("", 443), - std::make_unique<FakeProofVerifier>()); - client_session_.SetCryptoStream(client_stream_); - - EXPECT_CALL(*client_conn_, CloseConnection(_, _, _)).Times(0); - EXPECT_CALL(*server_conn_, CloseConnection(_, _, _)).Times(0); - EXPECT_CALL(client_stream_->proof_handler(), OnProofVerifyDetailsAvailable); - client_stream_->CryptoConnect(); - ExchangeHandshakeMessages(client_stream_, server_stream_); - - ExpectHandshakeSuccessful(); - EXPECT_EQ(server_stream_->crypto_negotiated_params().sni, ""); -} - -TEST_P(TlsHandshakerTest, ServerExtractSNI) { - EXPECT_CALL(*client_conn_, CloseConnection(_, _, _)).Times(0); - EXPECT_CALL(*server_conn_, CloseConnection(_, _, _)).Times(0); - EXPECT_CALL(client_stream_->proof_handler(), OnProofVerifyDetailsAvailable); - client_stream_->CryptoConnect(); - ExchangeHandshakeMessages(client_stream_, server_stream_); - ExpectHandshakeSuccessful(); - - EXPECT_EQ(server_stream_->crypto_negotiated_params().sni, "test.example.com"); -} - -TEST_P(TlsHandshakerTest, ClientConnectionClosedOnTlsError) { - // Have client send ClientHello. - client_stream_->CryptoConnect(); - EXPECT_CALL(*client_conn_, CloseConnection(QUIC_HANDSHAKE_FAILED, _, _)); - - // Send a zero-length ServerHello from server to client. - char bogus_handshake_message[] = { - // Handshake struct (RFC 8446 appendix B.3) - 2, // HandshakeType server_hello - 0, 0, 0, // uint24 length - }; - server_stream_->WriteCryptoData( - ENCRYPTION_INITIAL, - quiche::QuicheStringPiece(bogus_handshake_message, - QUICHE_ARRAYSIZE(bogus_handshake_message))); - server_stream_->SendCryptoMessagesToPeer(client_stream_); - - EXPECT_FALSE(client_stream_->one_rtt_keys_available()); -} - -TEST_P(TlsHandshakerTest, ServerConnectionClosedOnTlsError) { - EXPECT_CALL(*server_conn_, CloseConnection(QUIC_HANDSHAKE_FAILED, _, _)); - - // Send a zero-length ClientHello from client to server. - char bogus_handshake_message[] = { - // Handshake struct (RFC 8446 appendix B.3) - 1, // HandshakeType client_hello - 0, 0, 0, // uint24 length - }; - client_stream_->WriteCryptoData( - ENCRYPTION_INITIAL, - quiche::QuicheStringPiece(bogus_handshake_message, - QUICHE_ARRAYSIZE(bogus_handshake_message))); - client_stream_->SendCryptoMessagesToPeer(server_stream_); - - EXPECT_FALSE(server_stream_->one_rtt_keys_available()); -} - -TEST_P(TlsHandshakerTest, ClientNotSendingALPN) { - client_stream_->client_handshaker()->AllowEmptyAlpnForTests(); - EXPECT_CALL(client_session_, GetAlpnsToOffer()) - .WillOnce(Return(std::vector<std::string>())); - EXPECT_CALL(*client_conn_, CloseConnection(QUIC_HANDSHAKE_FAILED, - "Server did not select ALPN", _)); - EXPECT_CALL(*server_conn_, - CloseConnection(QUIC_HANDSHAKE_FAILED, - "Server did not receive a known ALPN", _)); - client_stream_->CryptoConnect(); - ExchangeHandshakeMessages(client_stream_, server_stream_); - - EXPECT_FALSE(client_stream_->one_rtt_keys_available()); - EXPECT_EQ(GetQuicRestartFlag(quic_send_settings_on_write_key_available), - client_stream_->encryption_established()); - EXPECT_FALSE(server_stream_->one_rtt_keys_available()); - EXPECT_EQ(GetQuicRestartFlag(quic_send_settings_on_write_key_available), - server_stream_->encryption_established()); -} - -TEST_P(TlsHandshakerTest, ClientSendingBadALPN) { - const std::string kTestBadClientAlpn = "bad-client-alpn"; - EXPECT_CALL(client_session_, GetAlpnsToOffer()) - .WillOnce(Return(std::vector<std::string>({kTestBadClientAlpn}))); - EXPECT_CALL(*client_conn_, CloseConnection(QUIC_HANDSHAKE_FAILED, - "Server did not select ALPN", _)); - EXPECT_CALL(*server_conn_, - CloseConnection(QUIC_HANDSHAKE_FAILED, - "Server did not receive a known ALPN", _)); - client_stream_->CryptoConnect(); - ExchangeHandshakeMessages(client_stream_, server_stream_); - - EXPECT_FALSE(client_stream_->one_rtt_keys_available()); - EXPECT_EQ(GetQuicRestartFlag(quic_send_settings_on_write_key_available), - client_stream_->encryption_established()); - EXPECT_FALSE(server_stream_->one_rtt_keys_available()); - EXPECT_EQ(GetQuicRestartFlag(quic_send_settings_on_write_key_available), - server_stream_->encryption_established()); -} - -TEST_P(TlsHandshakerTest, ClientSendingTooManyALPNs) { - std::string long_alpn(250, 'A'); - EXPECT_CALL(client_session_, GetAlpnsToOffer()) - .WillOnce(Return(std::vector<std::string>({ - long_alpn + "1", - long_alpn + "2", - long_alpn + "3", - long_alpn + "4", - long_alpn + "5", - long_alpn + "6", - long_alpn + "7", - long_alpn + "8", - }))); - EXPECT_QUIC_BUG(client_stream_->CryptoConnect(), "Failed to set ALPN"); -} - -TEST_P(TlsHandshakerTest, ServerRequiresCustomALPN) { - const std::string kTestAlpn = "An ALPN That Client Did Not Offer"; - EXPECT_CALL(server_session_, SelectAlpn(_)) - .WillOnce( - [kTestAlpn](const std::vector<quiche::QuicheStringPiece>& alpns) { - return std::find(alpns.cbegin(), alpns.cend(), kTestAlpn); - }); - EXPECT_CALL(*client_conn_, CloseConnection(QUIC_HANDSHAKE_FAILED, - "Server did not select ALPN", _)); - EXPECT_CALL(*server_conn_, - CloseConnection(QUIC_HANDSHAKE_FAILED, - "Server did not receive a known ALPN", _)); - client_stream_->CryptoConnect(); - ExchangeHandshakeMessages(client_stream_, server_stream_); - - EXPECT_FALSE(client_stream_->one_rtt_keys_available()); - EXPECT_EQ(GetQuicRestartFlag(quic_send_settings_on_write_key_available), - client_stream_->encryption_established()); - EXPECT_FALSE(server_stream_->one_rtt_keys_available()); - EXPECT_EQ(GetQuicRestartFlag(quic_send_settings_on_write_key_available), - server_stream_->encryption_established()); -} - -TEST_P(TlsHandshakerTest, CustomALPNNegotiation) { - EXPECT_CALL(*client_conn_, CloseConnection(_, _, _)).Times(0); - EXPECT_CALL(*server_conn_, CloseConnection(_, _, _)).Times(0); - - const std::string kTestAlpn = "A Custom ALPN Value"; - const std::vector<std::string> kTestAlpns( - {"foo", "bar", kTestAlpn, "something else"}); - EXPECT_CALL(client_session_, GetAlpnsToOffer()) - .WillRepeatedly(Return(kTestAlpns)); - EXPECT_CALL(server_session_, SelectAlpn(_)) - .WillOnce([kTestAlpn, kTestAlpns]( - const std::vector<quiche::QuicheStringPiece>& alpns) { - EXPECT_THAT(alpns, ElementsAreArray(kTestAlpns)); - return std::find(alpns.cbegin(), alpns.cend(), kTestAlpn); - }); - EXPECT_CALL(client_session_, - OnAlpnSelected(quiche::QuicheStringPiece(kTestAlpn))); - EXPECT_CALL(server_session_, - OnAlpnSelected(quiche::QuicheStringPiece(kTestAlpn))); - client_stream_->CryptoConnect(); - ExchangeHandshakeMessages(client_stream_, server_stream_); - - ExpectHandshakeSuccessful(); -} - } // namespace } // namespace test } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/tls_server_handshaker.cc b/chromium/net/third_party/quiche/src/quic/core/tls_server_handshaker.cc index ced2bd4a51c..5bd5b3d642d 100644 --- a/chromium/net/third_party/quiche/src/quic/core/tls_server_handshaker.cc +++ b/chromium/net/third_party/quiche/src/quic/core/tls_server_handshaker.cc @@ -44,14 +44,51 @@ void TlsServerHandshaker::SignatureCallback::Cancel() { handshaker_ = nullptr; } -TlsServerHandshaker::TlsServerHandshaker(QuicSession* session, - SSL_CTX* ssl_ctx, - ProofSource* proof_source) +TlsServerHandshaker::DecryptCallback::DecryptCallback( + TlsServerHandshaker* handshaker) + : handshaker_(handshaker) {} + +void TlsServerHandshaker::DecryptCallback::Run(std::vector<uint8_t> plaintext) { + if (handshaker_ == nullptr) { + // The callback was cancelled before we could run. + return; + } + handshaker_->decrypted_session_ticket_ = std::move(plaintext); + // DecryptCallback::Run could be called synchronously. When that happens, we + // are currently in the middle of a call to AdvanceHandshake. + // (AdvanceHandshake called SSL_do_handshake, which through some layers called + // SessionTicketOpen, which called TicketCrypter::Decrypt, which synchronously + // called this function.) In that case, the handshake will continue to be + // processed when this function returns. + // + // When this callback is called asynchronously (i.e. the ticket decryption is + // pending), TlsServerHandshaker is not actively processing handshake + // messages. We need to have it resume processing handshake messages by + // calling AdvanceHandshake. + if (handshaker_->state_ == STATE_TICKET_DECRYPTION_PENDING) { + handshaker_->AdvanceHandshake(); + } + // The TicketDecrypter took ownership of this callback when Decrypt was + // called. Once the callback returns, it will be deleted. Remove the + // (non-owning) pointer to the callback from the handshaker so the handshaker + // doesn't have an invalid pointer hanging around. + handshaker_->ticket_decryption_callback_ = nullptr; +} + +void TlsServerHandshaker::DecryptCallback::Cancel() { + DCHECK(handshaker_); + handshaker_ = nullptr; +} + +TlsServerHandshaker::TlsServerHandshaker( + QuicSession* session, + const QuicCryptoServerConfig& crypto_config) : TlsHandshaker(this, session), QuicCryptoServerStreamBase(session), - proof_source_(proof_source), + proof_source_(crypto_config.proof_source()), + pre_shared_key_(crypto_config.pre_shared_key()), crypto_negotiated_params_(new QuicCryptoNegotiatedParameters), - tls_connection_(ssl_ctx, this) { + tls_connection_(crypto_config.ssl_ctx(), this) { DCHECK_EQ(PROTOCOL_TLS1_3, session->connection()->version().handshake_protocol); @@ -68,6 +105,10 @@ void TlsServerHandshaker::CancelOutstandingCallbacks() { signature_callback_->Cancel(); signature_callback_ = nullptr; } + if (ticket_decryption_callback_) { + ticket_decryption_callback_->Cancel(); + ticket_decryption_callback_ = nullptr; + } } bool TlsServerHandshaker::GetBase64SHA256ClientChannelID( @@ -121,6 +162,11 @@ bool TlsServerHandshaker::ShouldSendExpectCTHeader() const { return false; } +void TlsServerHandshaker::OnConnectionClosed(QuicErrorCode /*error*/, + ConnectionCloseSource /*source*/) { + state_ = STATE_CONNECTION_CLOSED; +} + bool TlsServerHandshaker::encryption_established() const { return encryption_established_; } @@ -195,6 +241,9 @@ void TlsServerHandshaker::AdvanceHandshake() { case STATE_SIGNATURE_PENDING: should_close = ssl_error != SSL_ERROR_WANT_PRIVATE_KEY_OPERATION; break; + case STATE_TICKET_DECRYPTION_PENDING: + should_close = ssl_error != SSL_ERROR_PENDING_TICKET; + break; default: should_close = true; } @@ -246,12 +295,12 @@ bool TlsServerHandshaker::ProcessTransportParameters( client_params.version, session()->connection()->version(), session()->supported_versions(), error_details) != QUIC_NO_ERROR || session()->config()->ProcessTransportParameters( - client_params, CLIENT, error_details) != QUIC_NO_ERROR) { + client_params, CLIENT, /* is_resumption = */ false, error_details) != + QUIC_NO_ERROR) { return false; } ProcessAdditionalTransportParameters(client_params); - session()->OnConfigNegotiated(); return true; } @@ -283,8 +332,11 @@ void TlsServerHandshaker::SetWriteSecret( EncryptionLevel level, const SSL_CIPHER* cipher, const std::vector<uint8_t>& write_secret) { - if (GetQuicRestartFlag(quic_send_settings_on_write_key_available) && - level == ENCRYPTION_FORWARD_SECURE) { + if (GetQuicReloadableFlag(quic_notify_handshaker_on_connection_close) && + state_ == STATE_CONNECTION_CLOSED) { + return; + } + if (level == ENCRYPTION_FORWARD_SECURE) { encryption_established_ = true; // Fill crypto_negotiated_params_: const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl()); @@ -309,20 +361,9 @@ void TlsServerHandshaker::FinishHandshake() { QUIC_LOG(INFO) << "Server: handshake finished"; state_ = STATE_HANDSHAKE_COMPLETE; - - if (!GetQuicRestartFlag(quic_send_settings_on_write_key_available)) { - encryption_established_ = true; - } one_rtt_keys_available_ = true; const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl()); - if (!GetQuicRestartFlag(quic_send_settings_on_write_key_available)) { - // Fill crypto_negotiated_params_: - if (cipher) { - crypto_negotiated_params_->cipher_suite = SSL_CIPHER_get_value(cipher); - } - crypto_negotiated_params_->key_exchange_group = SSL_get_curve_id(ssl()); - } if (!app_data_read_secret_.empty()) { if (!SetReadSecret(ENCRYPTION_FORWARD_SECURE, cipher, @@ -347,7 +388,8 @@ ssl_private_key_result_t TlsServerHandshaker::PrivateKeySign( quiche::QuicheStringPiece in) { signature_callback_ = new SignatureCallback(this); proof_source_->ComputeTlsSignature( - session()->connection()->self_address(), hostname_, sig_alg, in, + session()->connection()->self_address(), + session()->connection()->peer_address(), hostname_, sig_alg, in, std::unique_ptr<SignatureCallback>(signature_callback_)); if (state_ == STATE_SIGNATURE_COMPLETE) { return PrivateKeyComplete(out, out_len, max_out); @@ -373,24 +415,105 @@ ssl_private_key_result_t TlsServerHandshaker::PrivateKeyComplete( return ssl_private_key_success; } +size_t TlsServerHandshaker::SessionTicketMaxOverhead() { + DCHECK(proof_source_->GetTicketCrypter()); + return proof_source_->GetTicketCrypter()->MaxOverhead(); +} + +int TlsServerHandshaker::SessionTicketSeal(uint8_t* out, + size_t* out_len, + size_t max_out_len, + quiche::QuicheStringPiece in) { + DCHECK(proof_source_->GetTicketCrypter()); + std::vector<uint8_t> ticket = proof_source_->GetTicketCrypter()->Encrypt(in); + if (max_out_len < ticket.size()) { + QUIC_BUG + << "TicketCrypter returned " << ticket.size() + << " bytes of ciphertext, which is larger than its max overhead of " + << max_out_len; + return 0; // failure + } + *out_len = ticket.size(); + memcpy(out, ticket.data(), ticket.size()); + return 1; // success +} + +ssl_ticket_aead_result_t TlsServerHandshaker::SessionTicketOpen( + uint8_t* out, + size_t* out_len, + size_t max_out_len, + quiche::QuicheStringPiece in) { + DCHECK(proof_source_->GetTicketCrypter()); + + if (!ticket_decryption_callback_) { + ticket_decryption_callback_ = new DecryptCallback(this); + proof_source_->GetTicketCrypter()->Decrypt( + in, std::unique_ptr<DecryptCallback>(ticket_decryption_callback_)); + // Decrypt can run the callback synchronously. In that case, the callback + // will clear the ticket_decryption_callback_ pointer, and instead of + // returning ssl_ticket_aead_retry, we should continue processing to return + // the decrypted ticket. + // + // If the callback is not run asynchronously, return ssl_ticket_aead_retry + // and when the callback is complete this function will be run again to + // return the result. + if (ticket_decryption_callback_) { + state_ = STATE_TICKET_DECRYPTION_PENDING; + return ssl_ticket_aead_retry; + } + } + ticket_decryption_callback_ = nullptr; + state_ = STATE_LISTENING; + if (decrypted_session_ticket_.empty()) { + QUIC_DLOG(ERROR) << "Session ticket decryption failed; ignoring ticket"; + // Ticket decryption failed. Ignore the ticket. + return ssl_ticket_aead_ignore_ticket; + } + if (max_out_len < decrypted_session_ticket_.size()) { + return ssl_ticket_aead_error; + } + memcpy(out, decrypted_session_ticket_.data(), + decrypted_session_ticket_.size()); + *out_len = decrypted_session_ticket_.size(); + QUIC_RELOADABLE_FLAG_COUNT(quic_enable_tls_resumption); + + return ssl_ticket_aead_success; +} + int TlsServerHandshaker::SelectCertificate(int* out_alert) { const char* hostname = SSL_get_servername(ssl(), TLSEXT_NAMETYPE_host_name); if (hostname) { hostname_ = hostname; crypto_negotiated_params_->sni = QuicHostnameUtils::NormalizeHostname(hostname_); + if (GetQuicReloadableFlag(quic_tls_enforce_valid_sni)) { + QUIC_RELOADABLE_FLAG_COUNT(quic_tls_enforce_valid_sni); + if (!QuicHostnameUtils::IsValidSNI(hostname_)) { + // TODO(b/151676147): Include this error string in the CONNECTION_CLOSE + // frame. + QUIC_LOG(ERROR) << "Invalid SNI provided: \"" << hostname_ << "\""; + return SSL_TLSEXT_ERR_ALERT_FATAL; + } + } } else { QUIC_LOG(INFO) << "No hostname indicated in SNI"; } QuicReferenceCountedPointer<ProofSource::Chain> chain = proof_source_->GetCertChain(session()->connection()->self_address(), + session()->connection()->peer_address(), hostname_); - if (chain->certs.empty()) { + if (!chain || chain->certs.empty()) { QUIC_LOG(ERROR) << "No certs provided for host '" << hostname_ << "'"; return SSL_TLSEXT_ERR_ALERT_FATAL; } + if (!pre_shared_key_.empty()) { + // TODO(b/154162689) add PSK support to QUIC+TLS. + QUIC_BUG << "QUIC server pre-shared keys not yet supported with TLS"; + return SSL_TLSEXT_ERR_ALERT_FATAL; + } + std::vector<CRYPTO_BUFFER*> certs; certs.resize(chain->certs.size()); for (size_t i = 0; i < certs.size(); i++) { @@ -412,6 +535,8 @@ int TlsServerHandshaker::SelectCertificate(int* out_alert) { return SSL_TLSEXT_ERR_ALERT_FATAL; } OverrideQuicConfigDefaults(session()->config()); + session()->OnConfigNegotiated(); + if (!SetTransportParameters()) { QUIC_LOG(ERROR) << "Failed to set transport parameters"; return SSL_TLSEXT_ERR_ALERT_FATAL; diff --git a/chromium/net/third_party/quiche/src/quic/core/tls_server_handshaker.h b/chromium/net/third_party/quiche/src/quic/core/tls_server_handshaker.h index 22ae45df9ed..c62dbbbe47c 100644 --- a/chromium/net/third_party/quiche/src/quic/core/tls_server_handshaker.h +++ b/chromium/net/third_party/quiche/src/quic/core/tls_server_handshaker.h @@ -9,6 +9,7 @@ #include "third_party/boringssl/src/include/openssl/pool.h" #include "third_party/boringssl/src/include/openssl/ssl.h" +#include "net/third_party/quiche/src/quic/core/crypto/quic_crypto_server_config.h" #include "net/third_party/quiche/src/quic/core/crypto/tls_server_connection.h" #include "net/third_party/quiche/src/quic/core/proto/cached_network_parameters_proto.h" #include "net/third_party/quiche/src/quic/core/quic_crypto_server_stream_base.h" @@ -27,8 +28,7 @@ class QUIC_EXPORT_PRIVATE TlsServerHandshaker public QuicCryptoServerStreamBase { public: TlsServerHandshaker(QuicSession* session, - SSL_CTX* ssl_ctx, - ProofSource* proof_source); + const QuicCryptoServerConfig& crypto_config); TlsServerHandshaker(const TlsServerHandshaker&) = delete; TlsServerHandshaker& operator=(const TlsServerHandshaker&) = delete; @@ -47,6 +47,9 @@ class QUIC_EXPORT_PRIVATE TlsServerHandshaker CachedNetworkParameters cached_network_params) override; void OnPacketDecrypted(EncryptionLevel level) override; void OnOneRttPacketAcknowledged() override {} + void OnHandshakePacketSent() override {} + void OnConnectionClosed(QuicErrorCode error, + ConnectionCloseSource source) override; void OnHandshakeDoneReceived() override; bool ShouldSendExpectCTHeader() const override; @@ -106,6 +109,16 @@ class QUIC_EXPORT_PRIVATE TlsServerHandshaker ssl_private_key_result_t PrivateKeyComplete(uint8_t* out, size_t* out_len, size_t max_out) override; + size_t SessionTicketMaxOverhead() override; + int SessionTicketSeal(uint8_t* out, + size_t* out_len, + size_t max_out_len, + quiche::QuicheStringPiece in) override; + ssl_ticket_aead_result_t SessionTicketOpen( + uint8_t* out, + size_t* out_len, + size_t max_out_len, + quiche::QuicheStringPiece in) override; TlsConnection::Delegate* ConnectionDelegate() override { return this; } private: @@ -124,8 +137,22 @@ class QUIC_EXPORT_PRIVATE TlsServerHandshaker TlsServerHandshaker* handshaker_; }; + class QUIC_EXPORT_PRIVATE DecryptCallback + : public ProofSource::DecryptCallback { + public: + explicit DecryptCallback(TlsServerHandshaker* handshaker); + void Run(std::vector<uint8_t> plaintext) override; + + // If called, Cancel causes the pending callback to be a no-op. + void Cancel(); + + private: + TlsServerHandshaker* handshaker_; + }; + enum State { STATE_LISTENING, + STATE_TICKET_DECRYPTION_PENDING, STATE_SIGNATURE_PENDING, STATE_SIGNATURE_COMPLETE, STATE_ENCRYPTION_HANDSHAKE_DATA_PROCESSED, @@ -146,10 +173,22 @@ class QUIC_EXPORT_PRIVATE TlsServerHandshaker ProofSource* proof_source_; SignatureCallback* signature_callback_ = nullptr; + // State to handle potentially asynchronous session ticket decryption. + // |ticket_decryption_callback_| points to the non-owned callback that was + // passed to ProofSource::TicketCrypter::Decrypt but hasn't finished running + // yet. + DecryptCallback* ticket_decryption_callback_ = nullptr; + // |decrypted_session_ticket_| contains the decrypted session ticket after the + // callback has run but before it is passed to BoringSSL. + std::vector<uint8_t> decrypted_session_ticket_; + std::string hostname_; std::string cert_verify_sig_; std::unique_ptr<ProofSource::Details> proof_source_details_; + // Pre-shared key used during the handshake. + std::string pre_shared_key_; + // Used to hold the ENCRYPTION_FORWARD_SECURE read secret until the handshake // is complete. This is temporary until // https://bugs.chromium.org/p/boringssl/issues/detail?id=303 is resolved. diff --git a/chromium/net/third_party/quiche/src/quic/core/tls_server_handshaker_test.cc b/chromium/net/third_party/quiche/src/quic/core/tls_server_handshaker_test.cc new file mode 100644 index 00000000000..a71338c5f5b --- /dev/null +++ b/chromium/net/third_party/quiche/src/quic/core/tls_server_handshaker_test.cc @@ -0,0 +1,467 @@ +// Copyright (c) 2012 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <memory> +#include <utility> +#include <vector> + +#include "net/third_party/quiche/src/quic/core/crypto/proof_source.h" +#include "net/third_party/quiche/src/quic/core/crypto/quic_random.h" +#include "net/third_party/quiche/src/quic/core/quic_crypto_client_stream.h" +#include "net/third_party/quiche/src/quic/core/quic_session.h" +#include "net/third_party/quiche/src/quic/core/quic_utils.h" +#include "net/third_party/quiche/src/quic/core/quic_versions.h" +#include "net/third_party/quiche/src/quic/core/tls_client_handshaker.h" +#include "net/third_party/quiche/src/quic/platform/api/quic_flags.h" +#include "net/third_party/quiche/src/quic/platform/api/quic_logging.h" +#include "net/third_party/quiche/src/quic/platform/api/quic_test.h" +#include "net/third_party/quiche/src/quic/test_tools/crypto_test_utils.h" +#include "net/third_party/quiche/src/quic/test_tools/failing_proof_source.h" +#include "net/third_party/quiche/src/quic/test_tools/fake_proof_source.h" +#include "net/third_party/quiche/src/quic/test_tools/quic_test_utils.h" +#include "net/third_party/quiche/src/quic/test_tools/simple_session_cache.h" +#include "net/third_party/quiche/src/quic/test_tools/test_ticket_crypter.h" +#include "net/third_party/quiche/src/common/platform/api/quiche_arraysize.h" +#include "net/third_party/quiche/src/common/platform/api/quiche_string_piece.h" + +namespace quic { +class QuicConnection; +class QuicStream; +} // namespace quic + +using testing::_; +using testing::NiceMock; +using testing::Return; + +namespace quic { +namespace test { + +namespace { + +const char kServerHostname[] = "test.example.com"; +const uint16_t kServerPort = 443; + +class TlsServerHandshakerTest : public QuicTest { + public: + TlsServerHandshakerTest() + : server_compressed_certs_cache_( + QuicCompressedCertsCache::kQuicCompressedCertsCacheSize), + server_id_(kServerHostname, kServerPort, false), + client_crypto_config_(crypto_test_utils::ProofVerifierForTesting(), + std::make_unique<test::SimpleSessionCache>()) { + InitializeServerConfig(); + InitializeServer(); + InitializeFakeClient(); + } + + ~TlsServerHandshakerTest() override { + // Ensure that anything that might reference |helpers_| is destroyed before + // |helpers_| is destroyed. + server_session_.reset(); + client_session_.reset(); + helpers_.clear(); + alarm_factories_.clear(); + } + + void InitializeServerConfig() { + SetQuicReloadableFlag(quic_enable_tls_resumption, true); + auto ticket_crypter = std::make_unique<TestTicketCrypter>(); + ticket_crypter_ = ticket_crypter.get(); + auto proof_source = std::make_unique<FakeProofSource>(); + proof_source_ = proof_source.get(); + proof_source_->SetTicketCrypter(std::move(ticket_crypter)); + server_crypto_config_ = std::make_unique<QuicCryptoServerConfig>( + QuicCryptoServerConfig::TESTING, QuicRandom::GetInstance(), + std::move(proof_source), KeyExchangeSource::Default()); + } + + void InitializeServerConfigWithFailingProofSource() { + server_crypto_config_ = std::make_unique<QuicCryptoServerConfig>( + QuicCryptoServerConfig::TESTING, QuicRandom::GetInstance(), + std::make_unique<FailingProofSource>(), KeyExchangeSource::Default()); + } + + // Initializes the crypto server stream state for testing. May be + // called multiple times. + void InitializeServer() { + TestQuicSpdyServerSession* server_session = nullptr; + helpers_.push_back(std::make_unique<NiceMock<MockQuicConnectionHelper>>()); + alarm_factories_.push_back(std::make_unique<MockAlarmFactory>()); + CreateServerSessionForTest( + server_id_, QuicTime::Delta::FromSeconds(100000), supported_versions_, + helpers_.back().get(), alarm_factories_.back().get(), + server_crypto_config_.get(), &server_compressed_certs_cache_, + &server_connection_, &server_session); + CHECK(server_session); + server_session_.reset(server_session); + EXPECT_CALL(*server_session_->helper(), CanAcceptClientHello(_, _, _, _, _)) + .Times(testing::AnyNumber()); + EXPECT_CALL(*server_session_, SelectAlpn(_)) + .WillRepeatedly( + [this](const std::vector<quiche::QuicheStringPiece>& alpns) { + return std::find( + alpns.cbegin(), alpns.cend(), + AlpnForVersion(server_session_->connection()->version())); + }); + crypto_test_utils::SetupCryptoServerConfigForTest( + server_connection_->clock(), server_connection_->random_generator(), + server_crypto_config_.get()); + } + + QuicCryptoServerStreamBase* server_stream() { + return server_session_->GetMutableCryptoStream(); + } + + QuicCryptoClientStream* client_stream() { + return client_session_->GetMutableCryptoStream(); + } + + // Initializes a fake client, and all its associated state, for + // testing. May be called multiple times. + void InitializeFakeClient() { + TestQuicSpdyClientSession* client_session = nullptr; + helpers_.push_back(std::make_unique<NiceMock<MockQuicConnectionHelper>>()); + alarm_factories_.push_back(std::make_unique<MockAlarmFactory>()); + CreateClientSessionForTest( + server_id_, QuicTime::Delta::FromSeconds(100000), supported_versions_, + helpers_.back().get(), alarm_factories_.back().get(), + &client_crypto_config_, &client_connection_, &client_session); + const std::string default_alpn = + AlpnForVersion(client_connection_->version()); + ON_CALL(*client_session, GetAlpnsToOffer()) + .WillByDefault(Return(std::vector<std::string>({default_alpn}))); + CHECK(client_session); + client_session_.reset(client_session); + moved_messages_counts_ = {0, 0}; + } + + void CompleteCryptoHandshake() { + while (!client_stream()->one_rtt_keys_available() || + !server_stream()->one_rtt_keys_available()) { + auto previous_moved_messages_counts = moved_messages_counts_; + AdvanceHandshakeWithFakeClient(); + // Check that the handshake has made forward progress + ASSERT_NE(previous_moved_messages_counts, moved_messages_counts_); + } + } + + // Performs a single round of handshake message-exchange between the + // client and server. + void AdvanceHandshakeWithFakeClient() { + CHECK(server_connection_); + CHECK(client_session_ != nullptr); + + EXPECT_CALL(*client_session_, OnProofValid(_)).Times(testing::AnyNumber()); + EXPECT_CALL(*client_session_, OnProofVerifyDetailsAvailable(_)) + .Times(testing::AnyNumber()); + EXPECT_CALL(*client_connection_, OnCanWrite()).Times(testing::AnyNumber()); + EXPECT_CALL(*server_connection_, OnCanWrite()).Times(testing::AnyNumber()); + // Call CryptoConnect if we haven't moved any client messages yet. + if (moved_messages_counts_.first == 0) { + client_stream()->CryptoConnect(); + } + moved_messages_counts_ = crypto_test_utils::AdvanceHandshake( + client_connection_, client_stream(), moved_messages_counts_.first, + server_connection_, server_stream(), moved_messages_counts_.second); + } + + void ExpectHandshakeSuccessful() { + EXPECT_TRUE(client_stream()->one_rtt_keys_available()); + EXPECT_TRUE(client_stream()->encryption_established()); + EXPECT_TRUE(server_stream()->one_rtt_keys_available()); + EXPECT_TRUE(server_stream()->encryption_established()); + EXPECT_EQ(HANDSHAKE_COMPLETE, client_stream()->GetHandshakeState()); + EXPECT_EQ(HANDSHAKE_CONFIRMED, server_stream()->GetHandshakeState()); + + const auto& client_crypto_params = + client_stream()->crypto_negotiated_params(); + const auto& server_crypto_params = + server_stream()->crypto_negotiated_params(); + // The TLS params should be filled in on the client. + EXPECT_NE(0, client_crypto_params.cipher_suite); + EXPECT_NE(0, client_crypto_params.key_exchange_group); + EXPECT_NE(0, client_crypto_params.peer_signature_algorithm); + + // The cipher suite and key exchange group should match on the client and + // server. + EXPECT_EQ(client_crypto_params.cipher_suite, + server_crypto_params.cipher_suite); + EXPECT_EQ(client_crypto_params.key_exchange_group, + server_crypto_params.key_exchange_group); + // We don't support client certs on the server (yet), so the server + // shouldn't have a peer signature algorithm to report. + EXPECT_EQ(0, server_crypto_params.peer_signature_algorithm); + } + + protected: + // Every connection gets its own MockQuicConnectionHelper and + // MockAlarmFactory, tracked separately from the server and client state so + // their lifetimes persist through the whole test. + std::vector<std::unique_ptr<MockQuicConnectionHelper>> helpers_; + std::vector<std::unique_ptr<MockAlarmFactory>> alarm_factories_; + + // Server state. + PacketSavingConnection* server_connection_; + std::unique_ptr<TestQuicSpdyServerSession> server_session_; + TestTicketCrypter* ticket_crypter_; // owned by proof_source_ + FakeProofSource* proof_source_; // owned by server_crypto_config_ + std::unique_ptr<QuicCryptoServerConfig> server_crypto_config_; + QuicCompressedCertsCache server_compressed_certs_cache_; + QuicServerId server_id_; + + // Client state. + PacketSavingConnection* client_connection_; + QuicCryptoClientConfig client_crypto_config_; + std::unique_ptr<TestQuicSpdyClientSession> client_session_; + + crypto_test_utils::FakeClientOptions client_options_; + // How many handshake messages have been moved from client to server and + // server to client. + std::pair<size_t, size_t> moved_messages_counts_ = {0, 0}; + + // Which QUIC versions the client and server support. + ParsedQuicVersionVector supported_versions_ = AllSupportedVersionsWithTls(); +}; + +TEST_F(TlsServerHandshakerTest, NotInitiallyConected) { + EXPECT_FALSE(server_stream()->encryption_established()); + EXPECT_FALSE(server_stream()->one_rtt_keys_available()); +} + +TEST_F(TlsServerHandshakerTest, ConnectedAfterTlsHandshake) { + CompleteCryptoHandshake(); + EXPECT_EQ(PROTOCOL_TLS1_3, server_stream()->handshake_protocol()); + ExpectHandshakeSuccessful(); +} + +TEST_F(TlsServerHandshakerTest, HandshakeWithAsyncProofSource) { + EXPECT_CALL(*client_connection_, CloseConnection(_, _, _)).Times(0); + EXPECT_CALL(*server_connection_, CloseConnection(_, _, _)).Times(0); + // Enable FakeProofSource to capture call to ComputeTlsSignature and run it + // asynchronously. + proof_source_->Activate(); + + // Start handshake. + AdvanceHandshakeWithFakeClient(); + + ASSERT_EQ(proof_source_->NumPendingCallbacks(), 1); + proof_source_->InvokePendingCallback(0); + + CompleteCryptoHandshake(); + + ExpectHandshakeSuccessful(); +} + +TEST_F(TlsServerHandshakerTest, CancelPendingProofSource) { + EXPECT_CALL(*client_connection_, CloseConnection(_, _, _)).Times(0); + EXPECT_CALL(*server_connection_, CloseConnection(_, _, _)).Times(0); + // Enable FakeProofSource to capture call to ComputeTlsSignature and run it + // asynchronously. + proof_source_->Activate(); + + // Start handshake. + AdvanceHandshakeWithFakeClient(); + + ASSERT_EQ(proof_source_->NumPendingCallbacks(), 1); + server_session_ = nullptr; + + proof_source_->InvokePendingCallback(0); +} + +TEST_F(TlsServerHandshakerTest, ExtractSNI) { + CompleteCryptoHandshake(); + ExpectHandshakeSuccessful(); + + EXPECT_EQ(server_stream()->crypto_negotiated_params().sni, + "test.example.com"); +} + +TEST_F(TlsServerHandshakerTest, ConnectionClosedOnTlsError) { + EXPECT_CALL(*server_connection_, + CloseConnection(QUIC_HANDSHAKE_FAILED, _, _)); + + // Send a zero-length ClientHello from client to server. + char bogus_handshake_message[] = { + // Handshake struct (RFC 8446 appendix B.3) + 1, // HandshakeType client_hello + 0, 0, 0, // uint24 length + }; + server_stream()->crypto_message_parser()->ProcessInput( + quiche::QuicheStringPiece(bogus_handshake_message, + QUICHE_ARRAYSIZE(bogus_handshake_message)), + ENCRYPTION_INITIAL); + + EXPECT_FALSE(server_stream()->one_rtt_keys_available()); +} + +TEST_F(TlsServerHandshakerTest, ClientNotSendingALPN) { + static_cast<TlsClientHandshaker*>( + QuicCryptoClientStreamPeer::GetHandshaker(client_stream())) + ->AllowEmptyAlpnForTests(); + EXPECT_CALL(*client_session_, GetAlpnsToOffer()) + .WillOnce(Return(std::vector<std::string>())); + EXPECT_CALL( + *client_connection_, + CloseConnection(QUIC_HANDSHAKE_FAILED, "Server did not select ALPN", _)); + EXPECT_CALL(*server_connection_, + CloseConnection(QUIC_HANDSHAKE_FAILED, + "Server did not receive a known ALPN", _)); + + // Process two flights of handshake messages. + AdvanceHandshakeWithFakeClient(); + AdvanceHandshakeWithFakeClient(); + + EXPECT_FALSE(client_stream()->one_rtt_keys_available()); + EXPECT_TRUE(client_stream()->encryption_established()); + EXPECT_FALSE(server_stream()->one_rtt_keys_available()); + EXPECT_TRUE(server_stream()->encryption_established()); +} + +TEST_F(TlsServerHandshakerTest, ClientSendingBadALPN) { + const std::string kTestBadClientAlpn = "bad-client-alpn"; + EXPECT_CALL(*client_session_, GetAlpnsToOffer()) + .WillOnce(Return(std::vector<std::string>({kTestBadClientAlpn}))); + EXPECT_CALL( + *client_connection_, + CloseConnection(QUIC_HANDSHAKE_FAILED, "Server did not select ALPN", _)); + EXPECT_CALL(*server_connection_, + CloseConnection(QUIC_HANDSHAKE_FAILED, + "Server did not receive a known ALPN", _)); + + // Process two flights of handshake messages. + AdvanceHandshakeWithFakeClient(); + AdvanceHandshakeWithFakeClient(); + + EXPECT_FALSE(client_stream()->one_rtt_keys_available()); + EXPECT_TRUE(client_stream()->encryption_established()); + EXPECT_FALSE(server_stream()->one_rtt_keys_available()); + EXPECT_TRUE(server_stream()->encryption_established()); +} + +TEST_F(TlsServerHandshakerTest, CustomALPNNegotiation) { + EXPECT_CALL(*client_connection_, CloseConnection(_, _, _)).Times(0); + EXPECT_CALL(*server_connection_, CloseConnection(_, _, _)).Times(0); + + const std::string kTestAlpn = "A Custom ALPN Value"; + const std::vector<std::string> kTestAlpns( + {"foo", "bar", kTestAlpn, "something else"}); + EXPECT_CALL(*client_session_, GetAlpnsToOffer()) + .WillRepeatedly(Return(kTestAlpns)); + EXPECT_CALL(*server_session_, SelectAlpn(_)) + .WillOnce([kTestAlpn, kTestAlpns]( + const std::vector<quiche::QuicheStringPiece>& alpns) { + EXPECT_THAT(alpns, testing::ElementsAreArray(kTestAlpns)); + return std::find(alpns.cbegin(), alpns.cend(), kTestAlpn); + }); + EXPECT_CALL(*client_session_, + OnAlpnSelected(quiche::QuicheStringPiece(kTestAlpn))); + EXPECT_CALL(*server_session_, + OnAlpnSelected(quiche::QuicheStringPiece(kTestAlpn))); + + CompleteCryptoHandshake(); + ExpectHandshakeSuccessful(); +} + +TEST_F(TlsServerHandshakerTest, RejectInvalidSNI) { + SetQuicReloadableFlag(quic_tls_enforce_valid_sni, true); + server_id_ = QuicServerId("invalid!.example.com", kServerPort, false); + InitializeFakeClient(); + static_cast<TlsClientHandshaker*>( + QuicCryptoClientStreamPeer::GetHandshaker(client_stream())) + ->AllowInvalidSNIForTests(); + + // Run the handshake and expect it to fail. + AdvanceHandshakeWithFakeClient(); + EXPECT_FALSE(server_stream()->encryption_established()); + EXPECT_FALSE(server_stream()->one_rtt_keys_available()); +} + +TEST_F(TlsServerHandshakerTest, Resumption) { + // Do the first handshake + InitializeFakeClient(); + CompleteCryptoHandshake(); + ExpectHandshakeSuccessful(); + EXPECT_FALSE(client_stream()->IsResumption()); + + // Now do another handshake + InitializeServer(); + InitializeFakeClient(); + CompleteCryptoHandshake(); + ExpectHandshakeSuccessful(); + EXPECT_TRUE(client_stream()->IsResumption()); +} + +TEST_F(TlsServerHandshakerTest, ResumptionWithAsyncDecryptCallback) { + // Do the first handshake + InitializeFakeClient(); + CompleteCryptoHandshake(); + ExpectHandshakeSuccessful(); + + ticket_crypter_->SetRunCallbacksAsync(true); + // Now do another handshake + InitializeServer(); + InitializeFakeClient(); + + AdvanceHandshakeWithFakeClient(); + // Test that the DecryptCallback will be run asynchronously, and then run it. + ASSERT_EQ(ticket_crypter_->NumPendingCallbacks(), 1u); + ticket_crypter_->RunPendingCallback(0); + + CompleteCryptoHandshake(); + ExpectHandshakeSuccessful(); + EXPECT_TRUE(client_stream()->IsResumption()); +} + +TEST_F(TlsServerHandshakerTest, ResumptionWithFailingDecryptCallback) { + // Do the first handshake + InitializeFakeClient(); + CompleteCryptoHandshake(); + ExpectHandshakeSuccessful(); + + ticket_crypter_->set_fail_decrypt(true); + // Now do another handshake + InitializeServer(); + InitializeFakeClient(); + CompleteCryptoHandshake(); + ExpectHandshakeSuccessful(); + EXPECT_FALSE(client_stream()->IsResumption()); +} + +TEST_F(TlsServerHandshakerTest, ResumptionWithFailingAsyncDecryptCallback) { + // Do the first handshake + InitializeFakeClient(); + CompleteCryptoHandshake(); + ExpectHandshakeSuccessful(); + + ticket_crypter_->set_fail_decrypt(true); + ticket_crypter_->SetRunCallbacksAsync(true); + // Now do another handshake + InitializeServer(); + InitializeFakeClient(); + + AdvanceHandshakeWithFakeClient(); + // Test that the DecryptCallback will be run asynchronously, and then run it. + ASSERT_EQ(ticket_crypter_->NumPendingCallbacks(), 1u); + ticket_crypter_->RunPendingCallback(0); + + CompleteCryptoHandshake(); + ExpectHandshakeSuccessful(); + EXPECT_FALSE(client_stream()->IsResumption()); +} + +TEST_F(TlsServerHandshakerTest, HandshakeFailsWithFailingProofSource) { + InitializeServerConfigWithFailingProofSource(); + InitializeServer(); + InitializeFakeClient(); + + // Attempt handshake. + AdvanceHandshakeWithFakeClient(); + // Check that the server didn't send any handshake messages, because it failed + // to handshake. + EXPECT_EQ(moved_messages_counts_.second, 0u); +} + +} // namespace +} // namespace test +} // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/core/uber_quic_stream_id_manager.cc b/chromium/net/third_party/quiche/src/quic/core/uber_quic_stream_id_manager.cc index daa56302145..6951b2cea3f 100644 --- a/chromium/net/third_party/quiche/src/quic/core/uber_quic_stream_id_manager.cc +++ b/chromium/net/third_party/quiche/src/quic/core/uber_quic_stream_id_manager.cc @@ -20,14 +20,14 @@ UberQuicStreamIdManager::UberQuicStreamIdManager( : bidirectional_stream_id_manager_(delegate, /*unidirectional=*/false, perspective, - version.transport_version, + version, max_open_outgoing_bidirectional_streams, max_open_incoming_bidirectional_streams), unidirectional_stream_id_manager_( delegate, /*unidirectional=*/true, perspective, - version.transport_version, + version, max_open_outgoing_unidirectional_streams, max_open_incoming_unidirectional_streams) {} @@ -96,13 +96,6 @@ bool UberQuicStreamIdManager::OnStreamsBlockedFrame( error_details); } -bool UberQuicStreamIdManager::IsIncomingStream(QuicStreamId id) const { - if (QuicUtils::IsBidirectionalStreamId(id)) { - return bidirectional_stream_id_manager_.IsIncomingStream(id); - } - return unidirectional_stream_id_manager_.IsIncomingStream(id); -} - bool UberQuicStreamIdManager::IsAvailableStream(QuicStreamId id) const { if (QuicUtils::IsBidirectionalStreamId(id)) { return bidirectional_stream_id_manager_.IsAvailableStream(id); diff --git a/chromium/net/third_party/quiche/src/quic/core/uber_quic_stream_id_manager.h b/chromium/net/third_party/quiche/src/quic/core/uber_quic_stream_id_manager.h index d3f374a83a5..b1fc1260987 100644 --- a/chromium/net/third_party/quiche/src/quic/core/uber_quic_stream_id_manager.h +++ b/chromium/net/third_party/quiche/src/quic/core/uber_quic_stream_id_manager.h @@ -66,9 +66,6 @@ class QUIC_EXPORT_PRIVATE UberQuicStreamIdManager { bool OnStreamsBlockedFrame(const QuicStreamsBlockedFrame& frame, std::string* error_details); - // Return true if |id| is peer initiated. - bool IsIncomingStream(QuicStreamId id) const; - // Returns true if |id| is still available. bool IsAvailableStream(QuicStreamId id) const; diff --git a/chromium/net/third_party/quiche/src/quic/core/uber_quic_stream_id_manager_test.cc b/chromium/net/third_party/quiche/src/quic/core/uber_quic_stream_id_manager_test.cc index 4fc1ccab333..7cae0a6e1de 100644 --- a/chromium/net/third_party/quiche/src/quic/core/uber_quic_stream_id_manager_test.cc +++ b/chromium/net/third_party/quiche/src/quic/core/uber_quic_stream_id_manager_test.cc @@ -46,8 +46,10 @@ std::vector<TestParams> GetTestParams() { class MockDelegate : public QuicStreamIdManager::DelegateInterface { public: - MOCK_METHOD2(SendMaxStreams, - void(QuicStreamCount stream_count, bool unidirectional)); + MOCK_METHOD(void, + SendMaxStreams, + (QuicStreamCount stream_count, bool unidirectional), + (override)); }; class UberQuicStreamIdManagerTest : public QuicTestWithParam<TestParams> { @@ -64,25 +66,25 @@ class UberQuicStreamIdManagerTest : public QuicTestWithParam<TestParams> { QuicStreamId GetNthClientInitiatedBidirectionalId(int n) { return QuicUtils::GetFirstBidirectionalStreamId(transport_version(), Perspective::IS_CLIENT) + - kV99StreamIdIncrement * n; + QuicUtils::StreamIdDelta(transport_version()) * n; } QuicStreamId GetNthClientInitiatedUnidirectionalId(int n) { return QuicUtils::GetFirstUnidirectionalStreamId(transport_version(), Perspective::IS_CLIENT) + - kV99StreamIdIncrement * n; + QuicUtils::StreamIdDelta(transport_version()) * n; } QuicStreamId GetNthServerInitiatedBidirectionalId(int n) { return QuicUtils::GetFirstBidirectionalStreamId(transport_version(), Perspective::IS_SERVER) + - kV99StreamIdIncrement * n; + QuicUtils::StreamIdDelta(transport_version()) * n; } QuicStreamId GetNthServerInitiatedUnidirectionalId(int n) { return QuicUtils::GetFirstUnidirectionalStreamId(transport_version(), Perspective::IS_SERVER) + - kV99StreamIdIncrement * n; + QuicUtils::StreamIdDelta(transport_version()) * n; } QuicStreamId GetNthPeerInitiatedBidirectionalStreamId(int n) { @@ -300,17 +302,6 @@ TEST_P(UberQuicStreamIdManagerTest, OnStreamsBlockedFrame) { EXPECT_TRUE(manager_.OnStreamsBlockedFrame(frame, nullptr)); } -TEST_P(UberQuicStreamIdManagerTest, IsIncomingStream) { - EXPECT_TRUE( - manager_.IsIncomingStream(GetNthPeerInitiatedBidirectionalStreamId(0))); - EXPECT_TRUE( - manager_.IsIncomingStream(GetNthPeerInitiatedUnidirectionalStreamId(0))); - EXPECT_FALSE( - manager_.IsIncomingStream(GetNthSelfInitiatedBidirectionalStreamId(0))); - EXPECT_FALSE( - manager_.IsIncomingStream(GetNthSelfInitiatedUnidirectionalStreamId(0))); -} - TEST_P(UberQuicStreamIdManagerTest, SetMaxOpenOutgoingStreamsPlusFrame) { const size_t kNumMaxOutgoingStream = 123; // Set the uni- and bi- directional limits to different values to ensure diff --git a/chromium/net/third_party/quiche/src/quic/masque/masque_client_session.h b/chromium/net/third_party/quiche/src/quic/masque/masque_client_session.h index acf21118c59..fee24c908ee 100644 --- a/chromium/net/third_party/quiche/src/quic/masque/masque_client_session.h +++ b/chromium/net/third_party/quiche/src/quic/masque/masque_client_session.h @@ -86,9 +86,9 @@ class QUIC_NO_EXPORT MasqueClientSession : public QuicSpdyClientSession { void UnregisterConnectionId(QuicConnectionId client_connection_id); private: - QuicUnorderedMap<QuicConnectionId, - EncapsulatedClientSession*, - QuicConnectionIdHash> + QuicHashMap<QuicConnectionId, + EncapsulatedClientSession*, + QuicConnectionIdHash> client_connection_id_registrations_; Owner* owner_; // Unowned; MasqueCompressionEngine compression_engine_; diff --git a/chromium/net/third_party/quiche/src/quic/masque/masque_compression_engine.h b/chromium/net/third_party/quiche/src/quic/masque/masque_compression_engine.h index 95328df7acf..5ab88bd9d7e 100644 --- a/chromium/net/third_party/quiche/src/quic/masque/masque_compression_engine.h +++ b/chromium/net/third_party/quiche/src/quic/masque/masque_compression_engine.h @@ -117,7 +117,7 @@ class QUIC_NO_EXPORT MasqueCompressionEngine { bool* version_present); QuicSession* masque_session_; // Unowned. - QuicUnorderedMap<QuicDatagramFlowId, MasqueCompressionContext> contexts_; + QuicHashMap<QuicDatagramFlowId, MasqueCompressionContext> contexts_; QuicDatagramFlowId next_flow_id_; }; diff --git a/chromium/net/third_party/quiche/src/quic/masque/masque_dispatcher.h b/chromium/net/third_party/quiche/src/quic/masque/masque_dispatcher.h index 4817b7bd391..6901a8645b7 100644 --- a/chromium/net/third_party/quiche/src/quic/masque/masque_dispatcher.h +++ b/chromium/net/third_party/quiche/src/quic/masque/masque_dispatcher.h @@ -52,7 +52,7 @@ class QUIC_NO_EXPORT MasqueDispatcher : public QuicSimpleDispatcher, MasqueServerBackend* masque_server_backend_; // Unowned. // Mapping from client connection IDs to server sessions, allows routing // incoming packets to the right MASQUE connection. - QuicUnorderedMap<QuicConnectionId, MasqueServerSession*, QuicConnectionIdHash> + QuicHashMap<QuicConnectionId, MasqueServerSession*, QuicConnectionIdHash> client_connection_id_registrations_; }; diff --git a/chromium/net/third_party/quiche/src/quic/masque/masque_server_backend.h b/chromium/net/third_party/quiche/src/quic/masque/masque_server_backend.h index 78dfbf4105a..481d90dde48 100644 --- a/chromium/net/third_party/quiche/src/quic/masque/masque_server_backend.h +++ b/chromium/net/third_party/quiche/src/quic/masque/masque_server_backend.h @@ -57,9 +57,9 @@ class QUIC_NO_EXPORT MasqueServerBackend : public QuicMemoryCacheBackend { QuicSimpleServerBackend::RequestHandler* request_handler); std::string server_authority_; - QuicUnorderedMap<std::string, std::unique_ptr<QuicBackendResponse>> + QuicHashMap<std::string, std::unique_ptr<QuicBackendResponse>> active_response_map_; - QuicUnorderedMap<QuicConnectionId, BackendClient*, QuicConnectionIdHash> + QuicHashMap<QuicConnectionId, BackendClient*, QuicConnectionIdHash> backend_clients_; }; diff --git a/chromium/net/third_party/quiche/src/quic/platform/api/quic_containers.h b/chromium/net/third_party/quiche/src/quic/platform/api/quic_containers.h index 44c7ab10589..d0c63a53b50 100644 --- a/chromium/net/third_party/quiche/src/quic/platform/api/quic_containers.h +++ b/chromium/net/third_party/quiche/src/quic/platform/api/quic_containers.h @@ -17,10 +17,18 @@ using QuicDefaultHasher = QuicDefaultHasherImpl<Key>; template <typename Key, typename Value, typename Hash = QuicDefaultHasher<Key>> using QuicUnorderedMap = QuicUnorderedMapImpl<Key, Value, Hash>; +// A general-purpose unordered map that does not gurantee pointer stability. +template <typename Key, typename Value, typename Hash = QuicDefaultHasher<Key>> +using QuicHashMap = QuicHashMapImpl<Key, Value, Hash>; + // A general-purpose unordered set. template <typename Key, typename Hash = QuicDefaultHasher<Key>> using QuicUnorderedSet = QuicUnorderedSetImpl<Key, Hash>; +// A general-purpose unordered set that does not gurantee pointer stability. +template <typename Key, typename Hash = QuicDefaultHasher<Key>> +using QuicHashSet = QuicHashSetImpl<Key, Hash>; + // A map which offers insertion-ordered iteration. template <typename Key, typename Value, typename Hash = QuicDefaultHasher<Key>> using QuicLinkedHashMap = QuicLinkedHashMapImpl<Key, Value, Hash>; diff --git a/chromium/net/third_party/quiche/src/quic/platform/api/quic_macros.h b/chromium/net/third_party/quiche/src/quic/platform/api/quic_macros.h index 9dee2e987c8..7edeb6aa953 100644 --- a/chromium/net/third_party/quiche/src/quic/platform/api/quic_macros.h +++ b/chromium/net/third_party/quiche/src/quic/platform/api/quic_macros.h @@ -9,5 +9,6 @@ #define QUIC_MUST_USE_RESULT QUIC_MUST_USE_RESULT_IMPL #define QUIC_UNUSED QUIC_UNUSED_IMPL +#define QUIC_CONST_INIT QUIC_CONST_INIT_IMPL #endif // QUICHE_QUIC_PLATFORM_API_QUIC_MACROS_H_ diff --git a/chromium/net/third_party/quiche/src/quic/platform/api/quic_socket_address.cc b/chromium/net/third_party/quiche/src/quic/platform/api/quic_socket_address.cc index 72debb950f7..ee3c3beb57e 100644 --- a/chromium/net/third_party/quiche/src/quic/platform/api/quic_socket_address.cc +++ b/chromium/net/third_party/quiche/src/quic/platform/api/quic_socket_address.cc @@ -4,6 +4,7 @@ #include "net/third_party/quiche/src/quic/platform/api/quic_socket_address.h" +#include <cstring> #include <limits> #include <string> diff --git a/chromium/net/third_party/quiche/src/quic/qbone/bonnet/mock_icmp_reachable.h b/chromium/net/third_party/quiche/src/quic/qbone/bonnet/mock_icmp_reachable.h index 092845eba7d..b717a604a7f 100644 --- a/chromium/net/third_party/quiche/src/quic/qbone/bonnet/mock_icmp_reachable.h +++ b/chromium/net/third_party/quiche/src/quic/qbone/bonnet/mock_icmp_reachable.h @@ -12,7 +12,7 @@ namespace quic { class MockIcmpReachable : public IcmpReachableInterface { public: - MOCK_METHOD0(Init, bool()); + MOCK_METHOD(bool, Init, (), (override)); }; } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/qbone/bonnet/mock_packet_exchanger_stats_interface.h b/chromium/net/third_party/quiche/src/quic/qbone/bonnet/mock_packet_exchanger_stats_interface.h index a265603c18f..f1f8e87cad3 100644 --- a/chromium/net/third_party/quiche/src/quic/qbone/bonnet/mock_packet_exchanger_stats_interface.h +++ b/chromium/net/third_party/quiche/src/quic/qbone/bonnet/mock_packet_exchanger_stats_interface.h @@ -13,13 +13,13 @@ namespace quic { class MockPacketExchangerStatsInterface : public TunDevicePacketExchanger::StatsInterface { public: - MOCK_METHOD1(OnPacketRead, void(size_t)); - MOCK_METHOD1(OnPacketWritten, void(size_t)); - MOCK_METHOD1(OnReadError, void(std::string*)); - MOCK_METHOD1(OnWriteError, void(std::string*)); + MOCK_METHOD(void, OnPacketRead, (size_t), (override)); + MOCK_METHOD(void, OnPacketWritten, (size_t), (override)); + MOCK_METHOD(void, OnReadError, (std::string*), (override)); + MOCK_METHOD(void, OnWriteError, (std::string*), (override)); - MOCK_CONST_METHOD0(PacketsRead, int64_t()); - MOCK_CONST_METHOD0(PacketsWritten, int64_t()); + MOCK_METHOD(int64_t, PacketsRead, (), (const, override)); + MOCK_METHOD(int64_t, PacketsWritten, (), (const, override)); }; } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/qbone/bonnet/mock_tun_device.h b/chromium/net/third_party/quiche/src/quic/qbone/bonnet/mock_tun_device.h index 37e852af515..14879de24cc 100644 --- a/chromium/net/third_party/quiche/src/quic/qbone/bonnet/mock_tun_device.h +++ b/chromium/net/third_party/quiche/src/quic/qbone/bonnet/mock_tun_device.h @@ -12,13 +12,13 @@ namespace quic { class MockTunDevice : public TunDeviceInterface { public: - MOCK_METHOD0(Init, bool()); + MOCK_METHOD(bool, Init, (), (override)); - MOCK_METHOD0(Up, bool()); + MOCK_METHOD(bool, Up, (), (override)); - MOCK_METHOD0(Down, bool()); + MOCK_METHOD(bool, Down, (), (override)); - MOCK_CONST_METHOD0(GetFileDescriptor, int()); + MOCK_METHOD(int, GetFileDescriptor, (), (const, override)); }; } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/qbone/bonnet/tun_device_packet_exchanger_test.cc b/chromium/net/third_party/quiche/src/quic/qbone/bonnet/tun_device_packet_exchanger_test.cc index 30ef5edb1cd..f61407d8057 100644 --- a/chromium/net/third_party/quiche/src/quic/qbone/bonnet/tun_device_packet_exchanger_test.cc +++ b/chromium/net/third_party/quiche/src/quic/qbone/bonnet/tun_device_packet_exchanger_test.cc @@ -23,8 +23,8 @@ using ::testing::StrictMock; class MockVisitor : public QbonePacketExchanger::Visitor { public: - MOCK_METHOD1(OnReadError, void(const std::string&)); - MOCK_METHOD1(OnWriteError, void(const std::string&)); + MOCK_METHOD(void, OnReadError, (const std::string&), (override)); + MOCK_METHOD(void, OnWriteError, (const std::string&), (override)); }; class TunDevicePacketExchangerTest : public QuicTest { diff --git a/chromium/net/third_party/quiche/src/quic/qbone/mock_qbone_client.h b/chromium/net/third_party/quiche/src/quic/qbone/mock_qbone_client.h index 0a089ea955c..3170b7ed4b1 100644 --- a/chromium/net/third_party/quiche/src/quic/qbone/mock_qbone_client.h +++ b/chromium/net/third_party/quiche/src/quic/qbone/mock_qbone_client.h @@ -13,8 +13,10 @@ namespace quic { class MockQboneClient : public QboneClientInterface { public: - MOCK_METHOD1(ProcessPacketFromNetwork, - void(quiche::QuicheStringPiece packet)); + MOCK_METHOD(void, + ProcessPacketFromNetwork, + (quiche::QuicheStringPiece packet), + (override)); }; } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/qbone/mock_qbone_server_session.h b/chromium/net/third_party/quiche/src/quic/qbone/mock_qbone_server_session.h index 874ad216ca9..0781e7f6b4d 100644 --- a/chromium/net/third_party/quiche/src/quic/qbone/mock_qbone_server_session.h +++ b/chromium/net/third_party/quiche/src/quic/qbone/mock_qbone_server_session.h @@ -25,10 +25,16 @@ class MockQboneServerSession : public QboneServerSession { /*client_ip_subnet_length=*/0, /*handler=*/nullptr) {} - MOCK_METHOD1(SendClientRequest, bool(const QboneClientRequest&)); - - MOCK_METHOD1(ProcessPacketFromNetwork, void(quiche::QuicheStringPiece)); - MOCK_METHOD1(ProcessPacketFromPeer, void(quiche::QuicheStringPiece)); + MOCK_METHOD(bool, SendClientRequest, (const QboneClientRequest&), (override)); + + MOCK_METHOD(void, + ProcessPacketFromNetwork, + (quiche::QuicheStringPiece), + (override)); + MOCK_METHOD(void, + ProcessPacketFromPeer, + (quiche::QuicheStringPiece), + (override)); }; } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/qbone/platform/mock_kernel.h b/chromium/net/third_party/quiche/src/quic/qbone/platform/mock_kernel.h index c01aad1708b..e30bfa1bad9 100644 --- a/chromium/net/third_party/quiche/src/quic/qbone/platform/mock_kernel.h +++ b/chromium/net/third_party/quiche/src/quic/qbone/platform/mock_kernel.h @@ -14,31 +14,38 @@ class MockKernel : public KernelInterface { public: MockKernel() {} - MOCK_METHOD3(bind, - int(int fd, const struct sockaddr* addr, socklen_t addr_len)); - MOCK_METHOD1(close, int(int fd)); - MOCK_METHOD3(ioctl, int(int fd, int request, void* argp)); - MOCK_METHOD2(open, int(const char* pathname, int flags)); - MOCK_METHOD3(read, ssize_t(int fd, void* buf, size_t count)); - MOCK_METHOD6(recvfrom, - ssize_t(int sockfd, - void* buf, - size_t len, - int flags, - struct sockaddr* src_addr, - socklen_t* addrlen)); - MOCK_METHOD3(sendmsg, - ssize_t(int sockfd, const struct msghdr* msg, int flags)); - MOCK_METHOD6(sendto, - ssize_t(int sockfd, - const void* buf, - size_t len, - int flags, - const struct sockaddr* dest_addr, - socklen_t addrlen)); - MOCK_METHOD3(socket, int(int domain, int type, int protocol)); - MOCK_METHOD5(setsockopt, int(int, int, int, const void*, socklen_t)); - MOCK_METHOD3(write, ssize_t(int fd, const void* buf, size_t count)); + MOCK_METHOD(int, + bind, + (int fd, const struct sockaddr*, socklen_t addr_len), + (override)); + MOCK_METHOD(int, close, (int fd), (override)); + MOCK_METHOD(int, ioctl, (int fd, int request, void*), (override)); + MOCK_METHOD(int, open, (const char*, int flags), (override)); + MOCK_METHOD(ssize_t, read, (int fd, void*, size_t count), (override)); + MOCK_METHOD( + ssize_t, + recvfrom, + (int sockfd, void*, size_t len, int flags, struct sockaddr*, socklen_t*), + (override)); + MOCK_METHOD(ssize_t, + sendmsg, + (int sockfd, const struct msghdr*, int flags), + (override)); + MOCK_METHOD(ssize_t, + sendto, + (int sockfd, + const void*, + size_t len, + int flags, + const struct sockaddr*, + socklen_t addrlen), + (override)); + MOCK_METHOD(int, socket, (int domain, int type, int protocol), (override)); + MOCK_METHOD(int, + setsockopt, + (int, int, int, const void*, socklen_t), + (override)); + MOCK_METHOD(ssize_t, write, (int fd, const void*, size_t count), (override)); }; } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/qbone/platform/mock_netlink.h b/chromium/net/third_party/quiche/src/quic/qbone/platform/mock_netlink.h index e9f5d680980..ea5d62e9f61 100644 --- a/chromium/net/third_party/quiche/src/quic/qbone/platform/mock_netlink.h +++ b/chromium/net/third_party/quiche/src/quic/qbone/platform/mock_netlink.h @@ -12,33 +12,38 @@ namespace quic { class MockNetlink : public NetlinkInterface { public: - MOCK_METHOD2(GetLinkInfo, bool(const std::string&, LinkInfo*)); + MOCK_METHOD(bool, GetLinkInfo, (const std::string&, LinkInfo*), (override)); - MOCK_METHOD4(GetAddresses, - bool(int, uint8_t, std::vector<AddressInfo>*, int*)); + MOCK_METHOD(bool, + GetAddresses, + (int, uint8_t, std::vector<AddressInfo>*, int*), + (override)); - MOCK_METHOD7(ChangeLocalAddress, - bool(uint32_t, - Verb, - const QuicIpAddress&, - uint8_t, - uint8_t, - uint8_t, - const std::vector<struct rtattr*>&)); + MOCK_METHOD(bool, + ChangeLocalAddress, + (uint32_t, + Verb, + const QuicIpAddress&, + uint8_t, + uint8_t, + uint8_t, + const std::vector<struct rtattr*>&), + (override)); - MOCK_METHOD1(GetRouteInfo, bool(std::vector<RoutingRule>*)); + MOCK_METHOD(bool, GetRouteInfo, (std::vector<RoutingRule>*), (override)); - MOCK_METHOD6( - ChangeRoute, - bool(Verb, uint32_t, const IpRange&, uint8_t, QuicIpAddress, int32_t)); + MOCK_METHOD(bool, + ChangeRoute, + (Verb, uint32_t, const IpRange&, uint8_t, QuicIpAddress, int32_t), + (override)); - MOCK_METHOD1(GetRuleInfo, bool(std::vector<IpRule>*)); + MOCK_METHOD(bool, GetRuleInfo, (std::vector<IpRule>*), (override)); - MOCK_METHOD3(ChangeRule, bool(Verb, uint32_t, IpRange)); + MOCK_METHOD(bool, ChangeRule, (Verb, uint32_t, IpRange), (override)); - MOCK_METHOD2(Send, bool(struct iovec*, size_t)); + MOCK_METHOD(bool, Send, (struct iovec*, size_t), (override)); - MOCK_METHOD2(Recv, bool(uint32_t, NetlinkParserInterface*)); + MOCK_METHOD(bool, Recv, (uint32_t, NetlinkParserInterface*), (override)); }; } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/qbone/qbone_client_session.cc b/chromium/net/third_party/quiche/src/quic/qbone/qbone_client_session.cc index 13f8b5fc103..52ba763118f 100644 --- a/chromium/net/third_party/quiche/src/quic/qbone/qbone_client_session.cc +++ b/chromium/net/third_party/quiche/src/quic/qbone/qbone_client_session.cc @@ -30,7 +30,8 @@ QboneClientSession::~QboneClientSession() {} std::unique_ptr<QuicCryptoStream> QboneClientSession::CreateCryptoStream() { return std::make_unique<QuicCryptoClientStream>( - server_id_, this, nullptr, quic_crypto_client_config_, this); + server_id_, this, nullptr, quic_crypto_client_config_, this, + /*has_application_state = */ true); } void QboneClientSession::Initialize() { diff --git a/chromium/net/third_party/quiche/src/quic/qbone/qbone_client_test.cc b/chromium/net/third_party/quiche/src/quic/qbone/qbone_client_test.cc index a41e6a94eba..cdb611c9209 100644 --- a/chromium/net/third_party/quiche/src/quic/qbone/qbone_client_test.cc +++ b/chromium/net/third_party/quiche/src/quic/qbone/qbone_client_test.cc @@ -21,6 +21,7 @@ #include "net/third_party/quiche/src/quic/qbone/qbone_packet_processor_test_tools.h" #include "net/third_party/quiche/src/quic/qbone/qbone_server_session.h" #include "net/third_party/quiche/src/quic/test_tools/crypto_test_utils.h" +#include "net/third_party/quiche/src/quic/test_tools/quic_connection_peer.h" #include "net/third_party/quiche/src/quic/test_tools/quic_server_peer.h" #include "net/third_party/quiche/src/quic/test_tools/server_thread.h" #include "net/third_party/quiche/src/quic/tools/quic_memory_cache_backend.h" @@ -169,11 +170,6 @@ class QboneTestServer : public QuicServer { std::vector<std::string> data() { return writer_.data(); } - void WaitForDataSize(int n) { - while (data().size() != n) { - } - } - private: quic::QuicMemoryCacheBackend response_cache_; DataSavingQbonePacketWriter writer_; @@ -208,10 +204,19 @@ class QboneTestClient : public QboneClient { } } - void WaitForDataSize(int n) { - while (data().size() != n) { + // Returns true when the data size is reached or false on timeouts. + bool WaitForDataSize(int n, QuicTime::Delta timeout) { + const QuicClock* clock = + quic::test::QuicConnectionPeer::GetHelper(session()->connection()) + ->GetClock(); + const QuicTime deadline = clock->Now() + timeout; + while (data().size() < n) { + if (clock->Now() > deadline) { + return false; + } WaitForEvents(); } + return true; } std::vector<std::string> data() { return qbone_writer_.data(); } @@ -247,24 +252,30 @@ TEST_P(QboneClientTest, SendDataFromClient) { client.SendData(TestPacketIn("hello")); client.SendData(TestPacketIn("world")); client.WaitForWriteToFlush(); - server->WaitForDataSize(2); - EXPECT_THAT(server->data()[0], testing::Eq(TestPacketOut("hello"))); - EXPECT_THAT(server->data()[1], testing::Eq(TestPacketOut("world"))); - auto server_session = - static_cast<QboneServerSession*>(QuicServerPeer::GetDispatcher(server) - ->session_map() - .begin() - ->second.get()); + + // Wait until the server has received at least two packets, timeout after 5s. + ASSERT_TRUE( + server_thread.WaitUntil([&] { return server->data().size() >= 2; }, + QuicTime::Delta::FromSeconds(5))); + std::string long_data( QboneConstants::kMaxQbonePacketBytes - sizeof(ip6_hdr) - 1, 'A'); + // Pretend the server gets data. - server_thread.Schedule([&server_session, &long_data]() { + server_thread.Schedule([&server, &long_data]() { + EXPECT_THAT(server->data()[0], testing::Eq(TestPacketOut("hello"))); + EXPECT_THAT(server->data()[1], testing::Eq(TestPacketOut("world"))); + auto server_session = + static_cast<QboneServerSession*>(QuicServerPeer::GetDispatcher(server) + ->session_map() + .begin() + ->second.get()); server_session->ProcessPacketFromNetwork( TestPacketIn("Somethingsomething")); server_session->ProcessPacketFromNetwork(TestPacketIn(long_data)); server_session->ProcessPacketFromNetwork(TestPacketIn(long_data)); }); - client.WaitForDataSize(3); + ASSERT_TRUE(client.WaitForDataSize(3, QuicTime::Delta::FromSeconds(5))); EXPECT_THAT(client.data()[0], testing::Eq(TestPacketOut("Somethingsomething"))); EXPECT_THAT(client.data()[1], testing::Eq(TestPacketOut(long_data))); diff --git a/chromium/net/third_party/quiche/src/quic/qbone/qbone_packet_exchanger_test.cc b/chromium/net/third_party/quiche/src/quic/qbone/qbone_packet_exchanger_test.cc index 1f38910d4cc..9ec9e209a60 100644 --- a/chromium/net/third_party/quiche/src/quic/qbone/qbone_packet_exchanger_test.cc +++ b/chromium/net/third_party/quiche/src/quic/qbone/qbone_packet_exchanger_test.cc @@ -19,8 +19,8 @@ const size_t kMaxPendingPackets = 2; class MockVisitor : public QbonePacketExchanger::Visitor { public: - MOCK_METHOD1(OnReadError, void(const std::string&)); - MOCK_METHOD1(OnWriteError, void(const std::string&)); + MOCK_METHOD(void, OnReadError, (const std::string&), (override)); + MOCK_METHOD(void, OnWriteError, (const std::string&), (override)); }; class FakeQbonePacketExchanger : public QbonePacketExchanger { diff --git a/chromium/net/third_party/quiche/src/quic/qbone/qbone_packet_processor_test.cc b/chromium/net/third_party/quiche/src/quic/qbone/qbone_packet_processor_test.cc index 77fb5d53231..2820a7a1f70 100644 --- a/chromium/net/third_party/quiche/src/quic/qbone/qbone_packet_processor_test.cc +++ b/chromium/net/third_party/quiche/src/quic/qbone/qbone_packet_processor_test.cc @@ -125,12 +125,14 @@ MATCHER_P(IsIcmpMessage, class MockPacketFilter : public QbonePacketProcessor::Filter { public: - MOCK_METHOD5(FilterPacket, - ProcessingResult(Direction, - quiche::QuicheStringPiece, - quiche::QuicheStringPiece, - icmp6_hdr*, - OutputInterface*)); + MOCK_METHOD(ProcessingResult, + FilterPacket, + (Direction, + quiche::QuicheStringPiece, + quiche::QuicheStringPiece, + icmp6_hdr*, + OutputInterface*), + (override)); }; class QbonePacketProcessorTest : public QuicTest { diff --git a/chromium/net/third_party/quiche/src/quic/qbone/qbone_packet_processor_test_tools.h b/chromium/net/third_party/quiche/src/quic/qbone/qbone_packet_processor_test_tools.h index 809b5422f78..72030506399 100644 --- a/chromium/net/third_party/quiche/src/quic/qbone/qbone_packet_processor_test_tools.h +++ b/chromium/net/third_party/quiche/src/quic/qbone/qbone_packet_processor_test_tools.h @@ -15,20 +15,40 @@ class MockPacketProcessorOutput : public QbonePacketProcessor::OutputInterface { public: MockPacketProcessorOutput() {} - MOCK_METHOD1(SendPacketToClient, void(quiche::QuicheStringPiece)); - MOCK_METHOD1(SendPacketToNetwork, void(quiche::QuicheStringPiece)); + MOCK_METHOD(void, + SendPacketToClient, + (quiche::QuicheStringPiece), + (override)); + MOCK_METHOD(void, + SendPacketToNetwork, + (quiche::QuicheStringPiece), + (override)); }; class MockPacketProcessorStats : public QbonePacketProcessor::StatsInterface { public: MockPacketProcessorStats() {} - MOCK_METHOD1(OnPacketForwarded, void(QbonePacketProcessor::Direction)); - MOCK_METHOD1(OnPacketDroppedSilently, void(QbonePacketProcessor::Direction)); - MOCK_METHOD1(OnPacketDroppedWithIcmp, void(QbonePacketProcessor::Direction)); - MOCK_METHOD1(OnPacketDroppedWithTcpReset, - void(QbonePacketProcessor::Direction)); - MOCK_METHOD1(OnPacketDeferred, void(QbonePacketProcessor::Direction)); + MOCK_METHOD(void, + OnPacketForwarded, + (QbonePacketProcessor::Direction), + (override)); + MOCK_METHOD(void, + OnPacketDroppedSilently, + (QbonePacketProcessor::Direction), + (override)); + MOCK_METHOD(void, + OnPacketDroppedWithIcmp, + (QbonePacketProcessor::Direction), + (override)); + MOCK_METHOD(void, + OnPacketDroppedWithTcpReset, + (QbonePacketProcessor::Direction), + (override)); + MOCK_METHOD(void, + OnPacketDeferred, + (QbonePacketProcessor::Direction), + (override)); }; std::string PrependIPv6HeaderForTest(const std::string& body, int hops); diff --git a/chromium/net/third_party/quiche/src/quic/qbone/qbone_session_base.cc b/chromium/net/third_party/quiche/src/quic/qbone/qbone_session_base.cc index 68f659c3a6a..81aeda80872 100644 --- a/chromium/net/third_party/quiche/src/quic/qbone/qbone_session_base.cc +++ b/chromium/net/third_party/quiche/src/quic/qbone/qbone_session_base.cc @@ -18,6 +18,12 @@ #include "net/third_party/quiche/src/quic/qbone/qbone_constants.h" #include "net/third_party/quiche/src/common/platform/api/quiche_string_piece.h" +ABSL_FLAG( + bool, + qbone_close_ephemeral_frames, + true, + "If true, we'll call CloseStream even when we receive ephemeral frames."); + namespace quic { #define ENDPOINT \ @@ -40,7 +46,7 @@ QboneSessionBase::QboneSessionBase( 1; this->config()->SetMaxBidirectionalStreamsToSend(max_streams); if (VersionHasIetfQuicFrames(transport_version())) { - ConfigureMaxDynamicStreamsToSend(max_streams); + this->config()->SetMaxUnidirectionalStreamsToSend(max_streams); } } @@ -84,6 +90,11 @@ void QboneSessionBase::OnStreamFrame(const QuicStreamFrame& frame) { ProcessPacketFromPeer( quiche::QuicheStringPiece(frame.data_buffer, frame.data_length)); flow_controller()->AddBytesConsumed(frame.data_length); + // TODO(b/147817422): Add a counter for how many streams were actually + // closed here. + if (GetQuicFlag(FLAGS_qbone_close_ephemeral_frames)) { + CloseStream(frame.stream_id); + } return; } QuicSession::OnStreamFrame(frame); diff --git a/chromium/net/third_party/quiche/src/quic/qbone/qbone_session_base.h b/chromium/net/third_party/quiche/src/quic/qbone/qbone_session_base.h index 241a3c9c6e2..59ca2c4d3f3 100644 --- a/chromium/net/third_party/quiche/src/quic/qbone/qbone_session_base.h +++ b/chromium/net/third_party/quiche/src/quic/qbone/qbone_session_base.h @@ -110,8 +110,6 @@ class QUIC_EXPORT_PRIVATE QboneSessionBase : public QuicSession { // Number of times the connection has failed to send packets as MESSAGE frame // and used streams as a fallback. uint64_t num_fallback_to_stream_ = 0; - - QuicUnorderedSet<QuicStreamId> reliable_streams_; }; } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/qbone/qbone_session_test.cc b/chromium/net/third_party/quiche/src/quic/qbone/qbone_session_test.cc index 7ea1c519dd3..243a5c535d5 100644 --- a/chromium/net/third_party/quiche/src/quic/qbone/qbone_session_test.cc +++ b/chromium/net/third_party/quiche/src/quic/qbone/qbone_session_test.cc @@ -17,6 +17,7 @@ #include "net/third_party/quiche/src/quic/qbone/qbone_control_placeholder.pb.h" #include "net/third_party/quiche/src/quic/qbone/qbone_packet_processor_test_tools.h" #include "net/third_party/quiche/src/quic/qbone/qbone_server_session.h" +#include "net/third_party/quiche/src/quic/test_tools/crypto_test_utils.h" #include "net/third_party/quiche/src/quic/test_tools/mock_clock.h" #include "net/third_party/quiche/src/quic/test_tools/quic_connection_peer.h" #include "net/third_party/quiche/src/quic/test_tools/quic_session_peer.h" @@ -59,60 +60,80 @@ ParsedQuicVersionVector GetTestParams() { return test_versions; } -// Used by QuicCryptoServerConfig to provide server credentials, returning a -// canned response equal to |success|. -class FakeProofSource : public ProofSource { +// Used by QuicCryptoServerConfig to provide server credentials, passes +// everything through to ProofSourceForTesting if success is true, +// and fails otherwise. +class IndirectionProofSource : public ProofSource { public: - explicit FakeProofSource(bool success) : success_(success) {} + explicit IndirectionProofSource(bool success) { + if (success) { + proof_source_ = crypto_test_utils::ProofSourceForTesting(); + } + } // ProofSource override. void GetProof(const QuicSocketAddress& server_address, + const QuicSocketAddress& client_address, const std::string& hostname, const std::string& server_config, QuicTransportVersion transport_version, quiche::QuicheStringPiece chlo_hash, std::unique_ptr<Callback> callback) override { - QuicReferenceCountedPointer<ProofSource::Chain> chain = - GetCertChain(server_address, hostname); - QuicCryptoProof proof; - if (success_) { - proof.signature = "Signature"; - proof.leaf_cert_scts = "Time"; + if (!proof_source_) { + QuicReferenceCountedPointer<ProofSource::Chain> chain = + GetCertChain(server_address, client_address, hostname); + QuicCryptoProof proof; + callback->Run(/*ok=*/false, chain, proof, /*details=*/nullptr); + return; } - callback->Run(success_, chain, proof, nullptr /* details */); + proof_source_->GetProof(server_address, client_address, hostname, + server_config, transport_version, chlo_hash, + std::move(callback)); } QuicReferenceCountedPointer<Chain> GetCertChain( const QuicSocketAddress& server_address, + const QuicSocketAddress& client_address, const std::string& hostname) override { - if (!success_) { + if (!proof_source_) { return QuicReferenceCountedPointer<Chain>(); } - std::vector<std::string> certs; - certs.push_back("Required to establish handshake"); - return QuicReferenceCountedPointer<ProofSource::Chain>( - new ProofSource::Chain(certs)); + return proof_source_->GetCertChain(server_address, client_address, + hostname); } void ComputeTlsSignature( const QuicSocketAddress& server_address, + const QuicSocketAddress& client_address, const std::string& hostname, uint16_t signature_algorithm, quiche::QuicheStringPiece in, std::unique_ptr<SignatureCallback> callback) override { - callback->Run(true, "Signature", /*details=*/nullptr); + if (!proof_source_) { + callback->Run(/*ok=*/true, "Signature", /*details=*/nullptr); + return; + } + proof_source_->ComputeTlsSignature(server_address, client_address, hostname, + signature_algorithm, in, + std::move(callback)); } + TicketCrypter* GetTicketCrypter() override { return nullptr; } + private: - // Whether or not obtaining proof source succeeds. - bool success_; + std::unique_ptr<ProofSource> proof_source_; }; -// Used by QuicCryptoClientConfig to verify server credentials, returning a -// canned response of QUIC_SUCCESS if |success| is true. -class FakeProofVerifier : public ProofVerifier { +// Used by QuicCryptoClientConfig to verify server credentials, passes +// everything through to ProofVerifierForTesting is success is true, +// otherwise returns a canned response of QUIC_FAILURE. +class IndirectionProofVerifier : public ProofVerifier { public: - explicit FakeProofVerifier(bool success) : success_(success) {} + explicit IndirectionProofVerifier(bool success) { + if (success) { + proof_verifier_ = crypto_test_utils::ProofVerifierForTesting(); + } + } // ProofVerifier override QuicAsyncStatus VerifyProof( @@ -128,11 +149,18 @@ class FakeProofVerifier : public ProofVerifier { std::string* error_details, std::unique_ptr<ProofVerifyDetails>* verify_details, std::unique_ptr<ProofVerifierCallback> callback) override { - return success_ ? QUIC_SUCCESS : QUIC_FAILURE; + if (!proof_verifier_) { + return QUIC_FAILURE; + } + return proof_verifier_->VerifyProof( + hostname, port, server_config, transport_version, chlo_hash, certs, + cert_sct, signature, context, error_details, verify_details, + std::move(callback)); } QuicAsyncStatus VerifyCertChain( const std::string& hostname, + const uint16_t port, const std::vector<std::string>& certs, const std::string& ocsp_response, const std::string& cert_sct, @@ -140,16 +168,23 @@ class FakeProofVerifier : public ProofVerifier { std::string* error_details, std::unique_ptr<ProofVerifyDetails>* details, std::unique_ptr<ProofVerifierCallback> callback) override { - return success_ ? QUIC_SUCCESS : QUIC_FAILURE; + if (!proof_verifier_) { + return QUIC_FAILURE; + } + return proof_verifier_->VerifyCertChain( + hostname, port, certs, ocsp_response, cert_sct, context, error_details, + details, std::move(callback)); } std::unique_ptr<ProofVerifyContext> CreateDefaultContext() override { - return nullptr; + if (!proof_verifier_) { + return nullptr; + } + return proof_verifier_->CreateDefaultContext(); } private: - // Whether or not proof verification succeeds. - bool success_; + std::unique_ptr<ProofVerifier> proof_verifier_; }; class DataSavingQbonePacketWriter : public QbonePacketWriter { @@ -289,7 +324,7 @@ class QboneSessionTest : public QuicTestWithParam<ParsedQuicVersion> { client_connection_->SetSelfAddress(client_address); QuicConfig config; client_crypto_config_ = std::make_unique<QuicCryptoClientConfig>( - std::make_unique<FakeProofVerifier>(client_handshake_success)); + std::make_unique<IndirectionProofVerifier>(client_handshake_success)); if (send_qbone_alpn) { client_crypto_config_->set_alpn("qbone"); } @@ -308,9 +343,8 @@ class QboneSessionTest : public QuicTestWithParam<ParsedQuicVersion> { server_connection_->SetSelfAddress(server_address); QuicConfig config; server_crypto_config_ = std::make_unique<QuicCryptoServerConfig>( - "TESTING", QuicRandom::GetInstance(), - std::unique_ptr<FakeProofSource>( - new FakeProofSource(server_handshake_success)), + QuicCryptoServerConfig::TESTING, QuicRandom::GetInstance(), + std::make_unique<IndirectionProofSource>(server_handshake_success), KeyExchangeSource::Default()); QuicCryptoServerConfig::ConfigOptions options; QuicServerConfigProtobuf primary_config = diff --git a/chromium/net/third_party/quiche/src/quic/qbone/qbone_stream_test.cc b/chromium/net/third_party/quiche/src/quic/qbone/qbone_stream_test.cc index 42840bebee0..10edaf6650d 100644 --- a/chromium/net/third_party/quiche/src/quic/qbone/qbone_stream_test.cc +++ b/chromium/net/third_party/quiche/src/quic/qbone/qbone_stream_test.cc @@ -62,8 +62,10 @@ class MockQuicSession : public QboneSessionBase { QuicCryptoStream* GetMutableCryptoStream() override { return nullptr; } // Called by QuicStream when they want to close stream. - MOCK_METHOD3(SendRstStream, - void(QuicStreamId, QuicRstStreamErrorCode, QuicStreamOffset)); + MOCK_METHOD(void, + SendRstStream, + (QuicStreamId, QuicRstStreamErrorCode, QuicStreamOffset), + (override)); // Sets whether data is written to buffer, or else if this is write blocked. void set_writable(bool writable) { writable_ = writable; } @@ -87,8 +89,14 @@ class MockQuicSession : public QboneSessionBase { return nullptr; } - MOCK_METHOD1(ProcessPacketFromPeer, void(quiche::QuicheStringPiece)); - MOCK_METHOD1(ProcessPacketFromNetwork, void(quiche::QuicheStringPiece)); + MOCK_METHOD(void, + ProcessPacketFromPeer, + (quiche::QuicheStringPiece), + (override)); + MOCK_METHOD(void, + ProcessPacketFromNetwork, + (quiche::QuicheStringPiece), + (override)); private: // Whether data is written to write_buffer_. diff --git a/chromium/net/third_party/quiche/src/quic/quartc/quartc_crypto_helpers.cc b/chromium/net/third_party/quiche/src/quic/quartc/quartc_crypto_helpers.cc index 1a028458ecd..14645f83da0 100644 --- a/chromium/net/third_party/quiche/src/quic/quartc/quartc_crypto_helpers.cc +++ b/chromium/net/third_party/quiche/src/quic/quartc/quartc_crypto_helpers.cc @@ -11,13 +11,14 @@ namespace quic { void DummyProofSource::GetProof(const QuicSocketAddress& server_address, + const QuicSocketAddress& client_address, const std::string& hostname, const std::string& /*server_config*/, QuicTransportVersion /*transport_version*/, quiche::QuicheStringPiece /*chlo_hash*/, std::unique_ptr<Callback> callback) { QuicReferenceCountedPointer<ProofSource::Chain> chain = - GetCertChain(server_address, hostname); + GetCertChain(server_address, client_address, hostname); QuicCryptoProof proof; proof.signature = "Dummy signature"; proof.leaf_cert_scts = "Dummy timestamp"; @@ -26,6 +27,7 @@ void DummyProofSource::GetProof(const QuicSocketAddress& server_address, QuicReferenceCountedPointer<DummyProofSource::Chain> DummyProofSource::GetCertChain(const QuicSocketAddress& /*server_address*/, + const QuicSocketAddress& /*client_address*/, const std::string& /*hostname*/) { std::vector<std::string> certs; certs.push_back(kDummyCertName); @@ -35,6 +37,7 @@ DummyProofSource::GetCertChain(const QuicSocketAddress& /*server_address*/, void DummyProofSource::ComputeTlsSignature( const QuicSocketAddress& /*server_address*/, + const QuicSocketAddress& /*client_address*/, const std::string& /*hostname*/, uint16_t /*signature_algorithm*/, quiche::QuicheStringPiece /*in*/, @@ -60,6 +63,7 @@ QuicAsyncStatus InsecureProofVerifier::VerifyProof( QuicAsyncStatus InsecureProofVerifier::VerifyCertChain( const std::string& /*hostname*/, + const uint16_t /*port*/, const std::vector<std::string>& /*certs*/, const std::string& /*ocsp_response*/, const std::string& /*cert_sct*/, diff --git a/chromium/net/third_party/quiche/src/quic/quartc/quartc_crypto_helpers.h b/chromium/net/third_party/quiche/src/quic/quartc/quartc_crypto_helpers.h index b1e2e186154..806786f2f3d 100644 --- a/chromium/net/third_party/quiche/src/quic/quartc/quartc_crypto_helpers.h +++ b/chromium/net/third_party/quiche/src/quic/quartc/quartc_crypto_helpers.h @@ -44,6 +44,7 @@ class DummyProofSource : public ProofSource { // ProofSource overrides. void GetProof(const QuicSocketAddress& server_address, + const QuicSocketAddress& client_address, const std::string& hostname, const std::string& server_config, QuicTransportVersion transport_version, @@ -52,14 +53,18 @@ class DummyProofSource : public ProofSource { QuicReferenceCountedPointer<Chain> GetCertChain( const QuicSocketAddress& server_address, + const QuicSocketAddress& client_address, const std::string& hostname) override; void ComputeTlsSignature( const QuicSocketAddress& server_address, + const QuicSocketAddress& client_address, const std::string& hostname, uint16_t signature_algorithm, quiche::QuicheStringPiece in, std::unique_ptr<SignatureCallback> callback) override; + + TicketCrypter* GetTicketCrypter() override { return nullptr; } }; // Used by QuicCryptoClientConfig to ignore the peer's credentials @@ -87,6 +92,7 @@ class InsecureProofVerifier : public ProofVerifier { QuicAsyncStatus VerifyCertChain( const std::string& hostname, + const uint16_t port, const std::vector<std::string>& certs, const std::string& ocsp_response, const std::string& cert_sct, diff --git a/chromium/net/third_party/quiche/src/quic/quartc/quartc_factory.cc b/chromium/net/third_party/quiche/src/quic/quartc/quartc_factory.cc index ff98761b4c7..280d936b25a 100644 --- a/chromium/net/third_party/quiche/src/quic/quartc/quartc_factory.cc +++ b/chromium/net/third_party/quiche/src/quic/quartc/quartc_factory.cc @@ -148,7 +148,6 @@ QuicConfig CreateQuicConfig(const QuartcSessionConfig& quartc_session_config) { } if (quartc_session_config.idle_network_timeout > QuicTime::Delta::Zero()) { quic_config.SetIdleNetworkTimeout( - quartc_session_config.idle_network_timeout, quartc_session_config.idle_network_timeout); } diff --git a/chromium/net/third_party/quiche/src/quic/quartc/quartc_multiplexer.h b/chromium/net/third_party/quiche/src/quic/quartc/quartc_multiplexer.h index b90026b5495..1e6c2e5dbdf 100644 --- a/chromium/net/third_party/quiche/src/quic/quartc/quartc_multiplexer.h +++ b/chromium/net/third_party/quiche/src/quic/quartc/quartc_multiplexer.h @@ -89,7 +89,7 @@ class QuartcSendChannel { // to demux sent, acked, and lost messages, the multiplexer assigns a globally // unique id to each message. This map is used to restore the original caller // datagram id before issuing callbacks. - QuicUnorderedMap<int64_t, int64_t> multiplexer_to_user_datagram_ids_; + QuicHashMap<int64_t, int64_t> multiplexer_to_user_datagram_ids_; }; // A single, multiplexed receive channel within a Quartc session. A receive @@ -178,11 +178,11 @@ class QuartcMultiplexer : public QuartcEndpoint::Delegate, QuartcSession* session_ = nullptr; std::vector<std::unique_ptr<QuartcSendChannel>> send_channels_; - QuicUnorderedMap<uint64_t, QuartcReceiveChannel*> receive_channels_; + QuicHashMap<uint64_t, QuartcReceiveChannel*> receive_channels_; QuartcReceiveChannel* default_receive_channel_ = nullptr; int64_t next_datagram_id_ = 1; - QuicUnorderedMap<int64_t, QuartcSendChannel*> send_channels_by_datagram_id_; + QuicHashMap<int64_t, QuartcSendChannel*> send_channels_by_datagram_id_; }; } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/quartc/quartc_multiplexer_test.cc b/chromium/net/third_party/quiche/src/quic/quartc/quartc_multiplexer_test.cc index fcdbe994f24..024b67d8a94 100644 --- a/chromium/net/third_party/quiche/src/quic/quartc/quartc_multiplexer_test.cc +++ b/chromium/net/third_party/quiche/src/quic/quartc/quartc_multiplexer_test.cc @@ -202,9 +202,7 @@ class QuartcMultiplexerTest : public QuicTest { quic::QuartcSessionConfig())) { // TODO(b/150224094): Re-enable TLS handshake. // TODO(b/150236522): Parametrize by QUIC version. - SetQuicReloadableFlag(quic_enable_version_draft_27, false); - SetQuicReloadableFlag(quic_enable_version_draft_25_v3, false); - SetQuicReloadableFlag(quic_enable_version_t050, false); + quic::test::DisableQuicVersionsWithTls(); } void Connect() { diff --git a/chromium/net/third_party/quiche/src/quic/quartc/quartc_session.cc b/chromium/net/third_party/quiche/src/quic/quartc/quartc_session.cc index a93f4107ddb..0a7fca933bf 100644 --- a/chromium/net/third_party/quiche/src/quic/quartc/quartc_session.cc +++ b/chromium/net/third_party/quiche/src/quic/quartc/quartc_session.cc @@ -198,11 +198,11 @@ void QuartcSession::OnOneRttKeysAvailable() { } void QuartcSession::CancelStream(QuicStreamId stream_id) { - ResetStream(stream_id, QuicRstStreamErrorCode::QUIC_STREAM_CANCELLED); + ResetQuartcStream(stream_id, QuicRstStreamErrorCode::QUIC_STREAM_CANCELLED); } -void QuartcSession::ResetStream(QuicStreamId stream_id, - QuicRstStreamErrorCode error) { +void QuartcSession::ResetQuartcStream(QuicStreamId stream_id, + QuicRstStreamErrorCode error) { if (!IsOpenStream(stream_id)) { return; } @@ -418,7 +418,7 @@ void QuartcClientSession::StartCryptoHandshake() { crypto_stream_ = std::make_unique<QuicCryptoClientStream>( server_id, this, client_crypto_config_->proof_verifier()->CreateDefaultContext(), - client_crypto_config_.get(), this); + client_crypto_config_.get(), this, /*has_application_state = */ true); Initialize(); crypto_stream_->CryptoConnect(); } diff --git a/chromium/net/third_party/quiche/src/quic/quartc/quartc_session.h b/chromium/net/third_party/quiche/src/quic/quartc/quartc_session.h index db988a06654..66ddfc3617f 100644 --- a/chromium/net/third_party/quiche/src/quic/quartc/quartc_session.h +++ b/chromium/net/third_party/quiche/src/quic/quartc/quartc_session.h @@ -204,7 +204,7 @@ class QuartcSession : public QuicSession, // returns an unowned pointer to the stream for convenience. QuartcStream* ActivateDataStream(std::unique_ptr<QuartcStream> stream); - void ResetStream(QuicStreamId stream_id, QuicRstStreamErrorCode error); + void ResetQuartcStream(QuicStreamId stream_id, QuicRstStreamErrorCode error); const QuicClock* clock() { return clock_; } @@ -244,7 +244,7 @@ class QuartcSession : public QuicSession, // Maps message ids to datagram ids, so we could translate message ACKs // received from QUIC to datagram ACKs that are propagated up the stack. - QuicUnorderedMap<QuicMessageId, int64_t> message_to_datagram_id_; + QuicHashMap<QuicMessageId, int64_t> message_to_datagram_id_; }; class QuartcClientSession : public QuartcSession, diff --git a/chromium/net/third_party/quiche/src/quic/quartc/quartc_session_test.cc b/chromium/net/third_party/quiche/src/quic/quartc/quartc_session_test.cc index 47312059721..93172e7c55d 100644 --- a/chromium/net/third_party/quiche/src/quic/quartc/quartc_session_test.cc +++ b/chromium/net/third_party/quiche/src/quic/quartc/quartc_session_test.cc @@ -56,9 +56,7 @@ class QuartcSessionTest : public QuicTest { void Init(bool create_client_endpoint = true) { // TODO(b/150224094): Re-enable TLS handshake. // TODO(b/150236522): Parametrize by QUIC version. - SetQuicReloadableFlag(quic_enable_version_draft_27, false); - SetQuicReloadableFlag(quic_enable_version_draft_25_v3, false); - SetQuicReloadableFlag(quic_enable_version_t050, false); + quic::test::DisableQuicVersionsWithTls(); client_transport_ = std::make_unique<simulator::SimulatedQuartcPacketTransport>( diff --git a/chromium/net/third_party/quiche/src/quic/quartc/quartc_stream.cc b/chromium/net/third_party/quiche/src/quic/quartc/quartc_stream.cc index 9edf370120f..01494c5ddf5 100644 --- a/chromium/net/third_party/quiche/src/quic/quartc/quartc_stream.cc +++ b/chromium/net/third_party/quiche/src/quic/quartc/quartc_stream.cc @@ -56,7 +56,7 @@ void QuartcStream::OnClose() { delegate_->OnClose(this); } -void QuartcStream::OnStreamDataConsumed(size_t bytes_consumed) { +void QuartcStream::OnStreamDataConsumed(QuicByteCount bytes_consumed) { QuicStream::OnStreamDataConsumed(bytes_consumed); if (delegate_) { diff --git a/chromium/net/third_party/quiche/src/quic/quartc/quartc_stream.h b/chromium/net/third_party/quiche/src/quic/quartc/quartc_stream.h index 40e8328efea..7f3c28d005c 100644 --- a/chromium/net/third_party/quiche/src/quic/quartc/quartc_stream.h +++ b/chromium/net/third_party/quiche/src/quic/quartc/quartc_stream.h @@ -34,7 +34,7 @@ class QuartcStream : public QuicStream { void OnClose() override; - void OnStreamDataConsumed(size_t bytes_consumed) override; + void OnStreamDataConsumed(QuicByteCount bytes_consumed) override; void OnDataBuffered( QuicStreamOffset offset, diff --git a/chromium/net/third_party/quiche/src/quic/quartc/quartc_stream_test.cc b/chromium/net/third_party/quiche/src/quic/quartc/quartc_stream_test.cc index 7a8b22d501b..b387e7f9723 100644 --- a/chromium/net/third_party/quiche/src/quic/quartc/quartc_stream_test.cc +++ b/chromium/net/third_party/quiche/src/quic/quartc/quartc_stream_test.cc @@ -398,7 +398,12 @@ TEST_P(QuartcStreamTest, StopReading) { TEST_P(QuartcStreamTest, CloseStream) { CreateReliableQuicStream(); EXPECT_FALSE(mock_stream_delegate_->closed()); - stream_->OnClose(); + if (GetQuicReloadableFlag(quic_break_session_stream_close_loop)) { + stream_->CloseWriteSide(); + stream_->CloseReadSide(); + } else { + stream_->OnClose(); + } EXPECT_TRUE(mock_stream_delegate_->closed()); } diff --git a/chromium/net/third_party/quiche/src/quic/quic_transport/quic_transport_client_session.cc b/chromium/net/third_party/quiche/src/quic/quic_transport/quic_transport_client_session.cc index a35d0841b55..3a8eba1306f 100644 --- a/chromium/net/third_party/quiche/src/quic/quic_transport/quic_transport_client_session.cc +++ b/chromium/net/third_party/quiche/src/quic/quic_transport/quic_transport_client_session.cc @@ -66,7 +66,7 @@ QuicTransportClientSession::QuicTransportClientSession( crypto_stream_ = std::make_unique<QuicCryptoClientStream>( QuicServerId(url.host(), url.EffectiveIntPort()), this, crypto_config->proof_verifier()->CreateDefaultContext(), crypto_config, - proof_handler); + proof_handler, /*has_application_state = */ true); } void QuicTransportClientSession::OnAlpnSelected( diff --git a/chromium/net/third_party/quiche/src/quic/quic_transport/quic_transport_integration_test.cc b/chromium/net/third_party/quiche/src/quic/quic_transport/quic_transport_integration_test.cc index 355f6cc7f8b..f1912e2f33c 100644 --- a/chromium/net/third_party/quiche/src/quic/quic_transport/quic_transport_integration_test.cc +++ b/chromium/net/third_party/quiche/src/quic/quic_transport/quic_transport_integration_test.cc @@ -23,6 +23,7 @@ #include "net/third_party/quiche/src/quic/quic_transport/quic_transport_server_session.h" #include "net/third_party/quiche/src/quic/quic_transport/quic_transport_stream.h" #include "net/third_party/quiche/src/quic/test_tools/crypto_test_utils.h" +#include "net/third_party/quiche/src/quic/test_tools/quic_session_peer.h" #include "net/third_party/quiche/src/quic/test_tools/quic_test_utils.h" #include "net/third_party/quiche/src/quic/test_tools/quic_transport_test_tools.h" #include "net/third_party/quiche/src/quic/test_tools/simulator/link.h" @@ -254,7 +255,8 @@ TEST_F(QuicTransportIntegrationTest, SendOutgoingStreams) { } ASSERT_TRUE(simulator_.RunUntilOrTimeout( [this]() { - return server_->session()->GetNumOpenIncomingStreams() == 10; + return QuicSessionPeer::GetNumOpenDynamicStreams(server_->session()) == + 10; }, kDefaultTimeout)); @@ -262,7 +264,10 @@ TEST_F(QuicTransportIntegrationTest, SendOutgoingStreams) { ASSERT_TRUE(stream->SendFin()); } ASSERT_TRUE(simulator_.RunUntilOrTimeout( - [this]() { return server_->session()->GetNumOpenIncomingStreams() == 0; }, + [this]() { + return QuicSessionPeer::GetNumOpenDynamicStreams(server_->session()) == + 0; + }, kDefaultTimeout)); } @@ -284,7 +289,10 @@ TEST_F(QuicTransportIntegrationTest, EchoBidirectionalStreams) { EXPECT_TRUE(stream->SendFin()); ASSERT_TRUE(simulator_.RunUntilOrTimeout( - [this]() { return server_->session()->GetNumOpenIncomingStreams() == 0; }, + [this]() { + return QuicSessionPeer::GetNumOpenDynamicStreams(server_->session()) == + 0; + }, kDefaultTimeout)); } diff --git a/chromium/net/third_party/quiche/src/quic/quic_transport/quic_transport_stream_test.cc b/chromium/net/third_party/quiche/src/quic/quic_transport/quic_transport_stream_test.cc index 6a91702fa58..0f0d770ecc5 100644 --- a/chromium/net/third_party/quiche/src/quic/quic_transport/quic_transport_stream_test.cc +++ b/chromium/net/third_party/quiche/src/quic/quic_transport/quic_transport_stream_test.cc @@ -29,7 +29,7 @@ ParsedQuicVersionVector GetVersions() { class MockQuicTransportSessionInterface : public QuicTransportSessionInterface { public: - MOCK_CONST_METHOD0(IsSessionReady, bool()); + MOCK_METHOD(bool, IsSessionReady, (), (const, override)); }; class QuicTransportStreamTest : public QuicTest { diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/crypto_test_utils.cc b/chromium/net/third_party/quiche/src/quic/test_tools/crypto_test_utils.cc index bfe4a5e349c..486444183c9 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/crypto_test_utils.cc +++ b/chromium/net/third_party/quiche/src/quic/test_tools/crypto_test_utils.cc @@ -230,7 +230,7 @@ int HandshakeWithFakeServer(QuicConfig* server_quic_config, PacketSavingConnection* client_conn, QuicCryptoClientStream* client, std::string alpn) { - PacketSavingConnection* server_conn = new PacketSavingConnection( + auto* server_conn = new testing::NiceMock<PacketSavingConnection>( helper, alarm_factory, Perspective::IS_SERVER, ParsedVersionOfIndex(client_conn->supported_versions(), 0)); @@ -249,6 +249,8 @@ int HandshakeWithFakeServer(QuicConfig* server_quic_config, .Times(testing::AnyNumber()); EXPECT_CALL(*server_conn, OnCanWrite()).Times(testing::AnyNumber()); EXPECT_CALL(*client_conn, OnCanWrite()).Times(testing::AnyNumber()); + EXPECT_CALL(*server_conn, SendCryptoData(_, _, _)) + .Times(testing::AnyNumber()); EXPECT_CALL(server_session, SelectAlpn(_)) .WillRepeatedly( [alpn](const std::vector<quiche::QuicheStringPiece>& alpns) { @@ -260,7 +262,9 @@ int HandshakeWithFakeServer(QuicConfig* server_quic_config, CommunicateHandshakeMessages(client_conn, client, server_conn, server_session.GetMutableCryptoStream()); - CompareClientAndServerKeys(client, server_session.GetMutableCryptoStream()); + if (client_conn->connected() && server_conn->connected()) { + CompareClientAndServerKeys(client, server_session.GetMutableCryptoStream()); + } return client->num_sent_client_hellos(); } @@ -362,8 +366,9 @@ void CommunicateHandshakeMessages(PacketSavingConnection* client_conn, PacketSavingConnection* server_conn, QuicCryptoStream* server) { size_t client_i = 0, server_i = 0; - while (!client->one_rtt_keys_available() || - !server->one_rtt_keys_available()) { + while (client_conn->connected() && server_conn->connected() && + (!client->one_rtt_keys_available() || + !server->one_rtt_keys_available())) { ASSERT_GT(client_conn->encrypted_packets_.size(), client_i); QUIC_LOG(INFO) << "Processing " << client_conn->encrypted_packets_.size() - client_i @@ -419,6 +424,7 @@ std::string GetValueForTag(const CryptoHandshakeMessage& message, QuicTag tag) { uint64_t LeafCertHashForTesting() { QuicReferenceCountedPointer<ProofSource::Chain> chain; QuicSocketAddress server_address(QuicIpAddress::Any4(), 42); + QuicSocketAddress client_address(QuicIpAddress::Any4(), 43); QuicCryptoProof proof; std::unique_ptr<ProofSource> proof_source(ProofSourceForTesting()); @@ -443,7 +449,8 @@ uint64_t LeafCertHashForTesting() { // Note: relies on the callback being invoked synchronously bool ok = false; proof_source->GetProof( - server_address, "", "", AllSupportedTransportVersions().front(), "", + server_address, client_address, "", "", + AllSupportedTransportVersions().front(), "", std::unique_ptr<ProofSource::Callback>(new Callback(&ok, &chain))); if (!ok || chain->certs.empty()) { DCHECK(false) << "Proof generation failed"; @@ -743,6 +750,7 @@ void MovePackets(PacketSavingConnection* source_conn, if (!framer.ProcessPacket(*source_conn->encrypted_packets_[index])) { // The framer will be unable to decrypt forward-secure packets sent after // the handshake is complete. Don't treat them as handshake packets. + QuicConnectionPeer::SwapCrypters(dest_conn, framer.framer()); break; } QuicConnectionPeer::SwapCrypters(dest_conn, framer.framer()); @@ -755,6 +763,8 @@ void MovePackets(PacketSavingConnection* source_conn, // packets should ever be encrypted with the NullEncrypter, instead // they're encrypted with an obfuscation cipher based on QUIC version and // connection ID. + QUIC_LOG(INFO) << "Attempting to decrypt with NullDecrypter: " + "expect a decryption failure on the next log line."; ASSERT_FALSE(null_encryption_framer.ProcessPacket( *source_conn->encrypted_packets_[index])) << "No TLS packets should be encrypted with the NullEncrypter"; @@ -846,7 +856,7 @@ void GenerateFullCHLO( ParsedQuicVersion(PROTOCOL_QUIC_CRYPTO, transport_version), signed_config, compressed_certs_cache, out); crypto_config->ValidateClientHello( - inchoate_chlo, client_addr.host(), server_addr, transport_version, clock, + inchoate_chlo, client_addr, server_addr, transport_version, clock, signed_config, generator.GetValidateClientHelloCallback()); } diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/crypto_test_utils_test.cc b/chromium/net/third_party/quiche/src/quic/test_tools/crypto_test_utils_test.cc index 6e64cb822fd..a21b43ab109 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/crypto_test_utils_test.cc +++ b/chromium/net/third_party/quiche/src/quic/test_tools/crypto_test_utils_test.cc @@ -178,7 +178,7 @@ TEST_F(CryptoTestUtilsTest, TestGenerateFullCHLO) { &compressed_certs_cache, ParsedQuicVersion(PROTOCOL_QUIC_CRYPTO, transport_version)); crypto_config.ValidateClientHello( - full_chlo, client_addr.host(), server_addr, transport_version, &clock, + full_chlo, client_addr, server_addr, transport_version, &clock, signed_config, shlo_verifier.GetValidateClientHelloCallback()); } diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/failing_proof_source.cc b/chromium/net/third_party/quiche/src/quic/test_tools/failing_proof_source.cc index 1f52476085a..98e18fcea13 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/failing_proof_source.cc +++ b/chromium/net/third_party/quiche/src/quic/test_tools/failing_proof_source.cc @@ -10,6 +10,7 @@ namespace quic { namespace test { void FailingProofSource::GetProof(const QuicSocketAddress& /*server_address*/, + const QuicSocketAddress& /*client_address*/, const std::string& /*hostname*/, const std::string& /*server_config*/, QuicTransportVersion /*transport_version*/, @@ -20,12 +21,14 @@ void FailingProofSource::GetProof(const QuicSocketAddress& /*server_address*/, QuicReferenceCountedPointer<ProofSource::Chain> FailingProofSource::GetCertChain(const QuicSocketAddress& /*server_address*/, + const QuicSocketAddress& /*client_address*/, const std::string& /*hostname*/) { return QuicReferenceCountedPointer<Chain>(); } void FailingProofSource::ComputeTlsSignature( const QuicSocketAddress& /*server_address*/, + const QuicSocketAddress& /*client_address*/, const std::string& /*hostname*/, uint16_t /*signature_algorithm*/, quiche::QuicheStringPiece /*in*/, diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/failing_proof_source.h b/chromium/net/third_party/quiche/src/quic/test_tools/failing_proof_source.h index 36e23989117..6ea303d1df8 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/failing_proof_source.h +++ b/chromium/net/third_party/quiche/src/quic/test_tools/failing_proof_source.h @@ -14,6 +14,7 @@ namespace test { class FailingProofSource : public ProofSource { public: void GetProof(const QuicSocketAddress& server_address, + const QuicSocketAddress& client_address, const std::string& hostname, const std::string& server_config, QuicTransportVersion transport_version, @@ -22,14 +23,18 @@ class FailingProofSource : public ProofSource { QuicReferenceCountedPointer<Chain> GetCertChain( const QuicSocketAddress& server_address, + const QuicSocketAddress& client_address, const std::string& hostname) override; void ComputeTlsSignature( const QuicSocketAddress& server_address, + const QuicSocketAddress& client_address, const std::string& hostname, uint16_t signature_algorithm, quiche::QuicheStringPiece in, std::unique_ptr<SignatureCallback> callback) override; + + TicketCrypter* GetTicketCrypter() override { return nullptr; } }; } // namespace test diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/fake_proof_source.cc b/chromium/net/third_party/quiche/src/quic/test_tools/fake_proof_source.cc index 0d85b5d450d..9619fad5523 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/fake_proof_source.cc +++ b/chromium/net/third_party/quiche/src/quic/test_tools/fake_proof_source.cc @@ -22,6 +22,7 @@ FakeProofSource::PendingOp::~PendingOp() = default; FakeProofSource::GetProofOp::GetProofOp( const QuicSocketAddress& server_addr, + const QuicSocketAddress& client_address, std::string hostname, std::string server_config, QuicTransportVersion transport_version, @@ -29,6 +30,7 @@ FakeProofSource::GetProofOp::GetProofOp( std::unique_ptr<ProofSource::Callback> callback, ProofSource* delegate) : server_address_(server_addr), + client_address_(client_address), hostname_(std::move(hostname)), server_config_(std::move(server_config)), transport_version_(transport_version), @@ -40,18 +42,21 @@ FakeProofSource::GetProofOp::~GetProofOp() = default; void FakeProofSource::GetProofOp::Run() { // Note: relies on the callback being invoked synchronously - delegate_->GetProof(server_address_, hostname_, server_config_, - transport_version_, chlo_hash_, std::move(callback_)); + delegate_->GetProof(server_address_, client_address_, hostname_, + server_config_, transport_version_, chlo_hash_, + std::move(callback_)); } FakeProofSource::ComputeSignatureOp::ComputeSignatureOp( const QuicSocketAddress& server_address, + const QuicSocketAddress& client_address, std::string hostname, uint16_t sig_alg, quiche::QuicheStringPiece in, std::unique_ptr<ProofSource::SignatureCallback> callback, ProofSource* delegate) : server_address_(server_address), + client_address_(client_address), hostname_(std::move(hostname)), sig_alg_(sig_alg), in_(in), @@ -61,8 +66,8 @@ FakeProofSource::ComputeSignatureOp::ComputeSignatureOp( FakeProofSource::ComputeSignatureOp::~ComputeSignatureOp() = default; void FakeProofSource::ComputeSignatureOp::Run() { - delegate_->ComputeTlsSignature(server_address_, hostname_, sig_alg_, in_, - std::move(callback_)); + delegate_->ComputeTlsSignature(server_address_, client_address_, hostname_, + sig_alg_, in_, std::move(callback_)); } void FakeProofSource::Activate() { @@ -71,30 +76,34 @@ void FakeProofSource::Activate() { void FakeProofSource::GetProof( const QuicSocketAddress& server_address, + const QuicSocketAddress& client_address, const std::string& hostname, const std::string& server_config, QuicTransportVersion transport_version, quiche::QuicheStringPiece chlo_hash, std::unique_ptr<ProofSource::Callback> callback) { if (!active_) { - delegate_->GetProof(server_address, hostname, server_config, + delegate_->GetProof(server_address, client_address, hostname, server_config, transport_version, chlo_hash, std::move(callback)); return; } pending_ops_.push_back(std::make_unique<GetProofOp>( - server_address, hostname, server_config, transport_version, - std::string(chlo_hash), std::move(callback), delegate_.get())); + server_address, client_address, hostname, server_config, + transport_version, std::string(chlo_hash), std::move(callback), + delegate_.get())); } QuicReferenceCountedPointer<ProofSource::Chain> FakeProofSource::GetCertChain( const QuicSocketAddress& server_address, + const QuicSocketAddress& client_address, const std::string& hostname) { - return delegate_->GetCertChain(server_address, hostname); + return delegate_->GetCertChain(server_address, client_address, hostname); } void FakeProofSource::ComputeTlsSignature( const QuicSocketAddress& server_address, + const QuicSocketAddress& client_address, const std::string& hostname, uint16_t signature_algorithm, quiche::QuicheStringPiece in, @@ -102,15 +111,28 @@ void FakeProofSource::ComputeTlsSignature( QUIC_LOG(INFO) << "FakeProofSource::ComputeTlsSignature"; if (!active_) { QUIC_LOG(INFO) << "Not active - directly calling delegate"; - delegate_->ComputeTlsSignature( - server_address, hostname, signature_algorithm, in, std::move(callback)); + delegate_->ComputeTlsSignature(server_address, client_address, hostname, + signature_algorithm, in, + std::move(callback)); return; } QUIC_LOG(INFO) << "Adding pending op"; pending_ops_.push_back(std::make_unique<ComputeSignatureOp>( - server_address, hostname, signature_algorithm, in, std::move(callback), - delegate_.get())); + server_address, client_address, hostname, signature_algorithm, in, + std::move(callback), delegate_.get())); +} + +ProofSource::TicketCrypter* FakeProofSource::GetTicketCrypter() { + if (ticket_crypter_) { + return ticket_crypter_.get(); + } + return delegate_->GetTicketCrypter(); +} + +void FakeProofSource::SetTicketCrypter( + std::unique_ptr<TicketCrypter> ticket_crypter) { + ticket_crypter_ = std::move(ticket_crypter); } int FakeProofSource::NumPendingCallbacks() const { diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/fake_proof_source.h b/chromium/net/third_party/quiche/src/quic/test_tools/fake_proof_source.h index 41b761ac119..94dede6b385 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/fake_proof_source.h +++ b/chromium/net/third_party/quiche/src/quic/test_tools/fake_proof_source.h @@ -15,10 +15,13 @@ namespace quic { namespace test { -// Implementation of ProofSource which delegates to a ProofSourceForTesting, -// except that when the async GetProof is called, it captures the call and -// allows tests to see that a call is pending, which they can then cause to -// complete at a time of their choosing. +// Implementation of ProofSource which delegates to a ProofSourceForTesting, but +// allows for overriding certain functionality. FakeProofSource allows +// intercepting calls to GetProof and ComputeTlsSignature to force them to run +// asynchronously, and allow the caller to see that the call is pending and +// resume the operation at the caller's choosing. FakeProofSource also allows +// the caller to replace the TicketCrypter provided by +// FakeProofSource::GetTicketCrypter. class FakeProofSource : public ProofSource { public: FakeProofSource(); @@ -32,6 +35,7 @@ class FakeProofSource : public ProofSource { // ProofSource interface void GetProof(const QuicSocketAddress& server_address, + const QuicSocketAddress& client_address, const std::string& hostname, const std::string& server_config, QuicTransportVersion transport_version, @@ -39,13 +43,20 @@ class FakeProofSource : public ProofSource { std::unique_ptr<ProofSource::Callback> callback) override; QuicReferenceCountedPointer<Chain> GetCertChain( const QuicSocketAddress& server_address, + const QuicSocketAddress& client_address, const std::string& hostname) override; void ComputeTlsSignature( const QuicSocketAddress& server_address, + const QuicSocketAddress& client_address, const std::string& hostname, uint16_t signature_algorithm, quiche::QuicheStringPiece in, std::unique_ptr<ProofSource::SignatureCallback> callback) override; + TicketCrypter* GetTicketCrypter() override; + + // Sets the TicketCrypter to use. If nullptr, the TicketCrypter from + // ProofSourceForTesting will be returned instead. + void SetTicketCrypter(std::unique_ptr<TicketCrypter> ticket_crypter); // Get the number of callbacks which are pending int NumPendingCallbacks() const; @@ -56,6 +67,7 @@ class FakeProofSource : public ProofSource { private: std::unique_ptr<ProofSource> delegate_; + std::unique_ptr<TicketCrypter> ticket_crypter_; bool active_ = false; class PendingOp { @@ -67,6 +79,7 @@ class FakeProofSource : public ProofSource { class GetProofOp : public PendingOp { public: GetProofOp(const QuicSocketAddress& server_addr, + const QuicSocketAddress& client_address, std::string hostname, std::string server_config, QuicTransportVersion transport_version, @@ -79,6 +92,7 @@ class FakeProofSource : public ProofSource { private: QuicSocketAddress server_address_; + QuicSocketAddress client_address_; std::string hostname_; std::string server_config_; QuicTransportVersion transport_version_; @@ -90,6 +104,7 @@ class FakeProofSource : public ProofSource { class ComputeSignatureOp : public PendingOp { public: ComputeSignatureOp(const QuicSocketAddress& server_address, + const QuicSocketAddress& client_address, std::string hostname, uint16_t sig_alg, quiche::QuicheStringPiece in, @@ -101,6 +116,7 @@ class FakeProofSource : public ProofSource { private: QuicSocketAddress server_address_; + QuicSocketAddress client_address_; std::string hostname_; uint16_t sig_alg_; std::string in_; diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/first_flight.cc b/chromium/net/third_party/quiche/src/quic/test_tools/first_flight.cc new file mode 100644 index 00000000000..e4d28161ac2 --- /dev/null +++ b/chromium/net/third_party/quiche/src/quic/test_tools/first_flight.cc @@ -0,0 +1,140 @@ +// Copyright (c) 2020 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/third_party/quiche/src/quic/test_tools/first_flight.h" + +#include <memory> +#include <vector> + +#include "net/third_party/quiche/src/quic/core/crypto/quic_crypto_client_config.h" +#include "net/third_party/quiche/src/quic/core/http/quic_client_push_promise_index.h" +#include "net/third_party/quiche/src/quic/core/http/quic_spdy_client_session.h" +#include "net/third_party/quiche/src/quic/core/quic_config.h" +#include "net/third_party/quiche/src/quic/core/quic_connection.h" +#include "net/third_party/quiche/src/quic/core/quic_connection_id.h" +#include "net/third_party/quiche/src/quic/core/quic_packet_writer.h" +#include "net/third_party/quiche/src/quic/core/quic_packets.h" +#include "net/third_party/quiche/src/quic/core/quic_versions.h" +#include "net/third_party/quiche/src/quic/platform/api/quic_ip_address.h" +#include "net/third_party/quiche/src/quic/platform/api/quic_socket_address.h" +#include "net/third_party/quiche/src/quic/test_tools/crypto_test_utils.h" +#include "net/third_party/quiche/src/quic/test_tools/quic_test_utils.h" + +namespace quic { +namespace test { + +// Utility class that creates a custom HTTP/3 session and QUIC connection in +// order to extract the first flight of packets it sends. This is meant to only +// be used by GetFirstFlightOfPackets() below. +class FirstFlightExtractor : public DelegatedPacketWriter::Delegate { + public: + FirstFlightExtractor(const ParsedQuicVersion& version, + const QuicConfig& config, + const QuicConnectionId& server_connection_id, + const QuicConnectionId& client_connection_id) + : version_(version), + server_connection_id_(server_connection_id), + client_connection_id_(client_connection_id), + writer_(this), + config_(config), + crypto_config_(crypto_test_utils::ProofVerifierForTesting()) { + EXPECT_NE(version_, UnsupportedQuicVersion()); + } + + void GenerateFirstFlight() { + crypto_config_.set_alpn(AlpnForVersion(version_)); + connection_ = + new QuicConnection(server_connection_id_, + QuicSocketAddress(TestPeerIPAddress(), kTestPort), + &connection_helper_, &alarm_factory_, &writer_, + /*owns_writer=*/false, Perspective::IS_CLIENT, + ParsedQuicVersionVector{version_}); + connection_->set_client_connection_id(client_connection_id_); + session_ = std::make_unique<QuicSpdyClientSession>( + config_, ParsedQuicVersionVector{version_}, + connection_, // session_ takes ownership of connection_ here. + TestServerId(), &crypto_config_, &push_promise_index_); + session_->Initialize(); + session_->CryptoConnect(); + } + + void OnDelegatedPacket(const char* buffer, + size_t buf_len, + const QuicIpAddress& /*self_client_address*/, + const QuicSocketAddress& /*peer_client_address*/, + PerPacketOptions* /*options*/) override { + packets_.emplace_back( + QuicReceivedPacket(buffer, buf_len, + connection_helper_.GetClock()->ApproximateNow(), + /*owns_buffer=*/false) + .Clone()); + } + + std::vector<std::unique_ptr<QuicReceivedPacket>>&& ConsumePackets() { + return std::move(packets_); + } + + private: + ParsedQuicVersion version_; + QuicConnectionId server_connection_id_; + QuicConnectionId client_connection_id_; + MockQuicConnectionHelper connection_helper_; + MockAlarmFactory alarm_factory_; + DelegatedPacketWriter writer_; + QuicConfig config_; + QuicCryptoClientConfig crypto_config_; + QuicClientPushPromiseIndex push_promise_index_; + QuicConnection* connection_; // Owned by session_. + std::unique_ptr<QuicSpdyClientSession> session_; + std::vector<std::unique_ptr<QuicReceivedPacket>> packets_; +}; + +std::vector<std::unique_ptr<QuicReceivedPacket>> GetFirstFlightOfPackets( + const ParsedQuicVersion& version, + const QuicConfig& config, + const QuicConnectionId& server_connection_id, + const QuicConnectionId& client_connection_id) { + FirstFlightExtractor first_flight_extractor( + version, config, server_connection_id, client_connection_id); + first_flight_extractor.GenerateFirstFlight(); + return first_flight_extractor.ConsumePackets(); +} + +std::vector<std::unique_ptr<QuicReceivedPacket>> GetFirstFlightOfPackets( + const ParsedQuicVersion& version, + const QuicConfig& config, + const QuicConnectionId& server_connection_id) { + return GetFirstFlightOfPackets(version, config, server_connection_id, + EmptyQuicConnectionId()); +} + +std::vector<std::unique_ptr<QuicReceivedPacket>> GetFirstFlightOfPackets( + const ParsedQuicVersion& version, + const QuicConfig& config) { + return GetFirstFlightOfPackets(version, config, TestConnectionId()); +} + +std::vector<std::unique_ptr<QuicReceivedPacket>> GetFirstFlightOfPackets( + const ParsedQuicVersion& version, + const QuicConnectionId& server_connection_id, + const QuicConnectionId& client_connection_id) { + return GetFirstFlightOfPackets(version, DefaultQuicConfig(), + server_connection_id, client_connection_id); +} + +std::vector<std::unique_ptr<QuicReceivedPacket>> GetFirstFlightOfPackets( + const ParsedQuicVersion& version, + const QuicConnectionId& server_connection_id) { + return GetFirstFlightOfPackets(version, DefaultQuicConfig(), + server_connection_id, EmptyQuicConnectionId()); +} + +std::vector<std::unique_ptr<QuicReceivedPacket>> GetFirstFlightOfPackets( + const ParsedQuicVersion& version) { + return GetFirstFlightOfPackets(version, DefaultQuicConfig(), + TestConnectionId()); +} + +} // namespace test +} // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/first_flight.h b/chromium/net/third_party/quiche/src/quic/test_tools/first_flight.h new file mode 100644 index 00000000000..b2a4ebd36be --- /dev/null +++ b/chromium/net/third_party/quiche/src/quic/test_tools/first_flight.h @@ -0,0 +1,111 @@ +// Copyright (c) 2020 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef QUICHE_QUIC_TEST_TOOLS_FIRST_FLIGHT_H_ +#define QUICHE_QUIC_TEST_TOOLS_FIRST_FLIGHT_H_ + +#include <memory> +#include <vector> + +#include "net/third_party/quiche/src/quic/core/quic_config.h" +#include "net/third_party/quiche/src/quic/core/quic_connection_id.h" +#include "net/third_party/quiche/src/quic/core/quic_packet_writer.h" +#include "net/third_party/quiche/src/quic/core/quic_packets.h" +#include "net/third_party/quiche/src/quic/core/quic_versions.h" +#include "net/third_party/quiche/src/quic/platform/api/quic_ip_address.h" +#include "net/third_party/quiche/src/quic/platform/api/quic_socket_address.h" + +namespace quic { +namespace test { + +// Implementation of QuicPacketWriter that sends all packets to a delegate. +class QUIC_NO_EXPORT DelegatedPacketWriter : public QuicPacketWriter { + public: + class QUIC_NO_EXPORT Delegate { + public: + virtual ~Delegate() {} + // Note that |buffer| may be released after this call completes so overrides + // that want to use the data after the call is complete MUST copy it. + virtual void OnDelegatedPacket(const char* buffer, + size_t buf_len, + const QuicIpAddress& self_client_address, + const QuicSocketAddress& peer_client_address, + PerPacketOptions* options) = 0; + }; + + // |delegate| MUST be valid for the duration of the DelegatedPacketWriter's + // lifetime. + explicit DelegatedPacketWriter(Delegate* delegate) : delegate_(delegate) { + CHECK_NE(delegate_, nullptr); + } + + // Overrides for QuicPacketWriter. + bool IsWriteBlocked() const override { return false; } + void SetWritable() override {} + QuicByteCount GetMaxPacketSize( + const QuicSocketAddress& /*peer_address*/) const override { + return kMaxOutgoingPacketSize; + } + bool SupportsReleaseTime() const override { return false; } + bool IsBatchMode() const override { return false; } + char* GetNextWriteLocation( + const QuicIpAddress& /*self_address*/, + const QuicSocketAddress& /*peer_address*/) override { + return nullptr; + } + WriteResult Flush() override { return WriteResult(WRITE_STATUS_OK, 0); } + + WriteResult WritePacket(const char* buffer, + size_t buf_len, + const QuicIpAddress& self_client_address, + const QuicSocketAddress& peer_client_address, + PerPacketOptions* options) override { + delegate_->OnDelegatedPacket(buffer, buf_len, self_client_address, + peer_client_address, options); + return WriteResult(WRITE_STATUS_OK, buf_len); + } + + private: + Delegate* delegate_; // Unowned. +}; + +// Returns an array of packets that represent the first flight of a real +// HTTP/3 connection. In most cases, this array will only contain one packet +// that carries the CHLO. +std::vector<std::unique_ptr<QuicReceivedPacket>> GetFirstFlightOfPackets( + const ParsedQuicVersion& version, + const QuicConfig& config, + const QuicConnectionId& server_connection_id, + const QuicConnectionId& client_connection_id); + +// Below are various convenience overloads that use default values for the +// omitted parameters: +// |config| = DefaultQuicConfig(), +// |server_connection_id| = TestConnectionId(), +// |client_connection_id| = EmptyQuicConnectionId(). +std::vector<std::unique_ptr<QuicReceivedPacket>> GetFirstFlightOfPackets( + const ParsedQuicVersion& version, + const QuicConfig& config, + const QuicConnectionId& server_connection_id); + +std::vector<std::unique_ptr<QuicReceivedPacket>> GetFirstFlightOfPackets( + const ParsedQuicVersion& version, + const QuicConnectionId& server_connection_id, + const QuicConnectionId& client_connection_id); + +std::vector<std::unique_ptr<QuicReceivedPacket>> GetFirstFlightOfPackets( + const ParsedQuicVersion& version, + const QuicConnectionId& server_connection_id); + +std::vector<std::unique_ptr<QuicReceivedPacket>> GetFirstFlightOfPackets( + const ParsedQuicVersion& version, + const QuicConfig& config); + +std::vector<std::unique_ptr<QuicReceivedPacket>> GetFirstFlightOfPackets( + const ParsedQuicVersion& version); + +} // namespace test +} // namespace quic + +#endif // QUICHE_QUIC_TEST_TOOLS_FIRST_FLIGHT_H_ diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/mock_quic_client_promised_info.h b/chromium/net/third_party/quiche/src/quic/test_tools/mock_quic_client_promised_info.h index 1cb9019033c..f89d5797d7f 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/mock_quic_client_promised_info.h +++ b/chromium/net/third_party/quiche/src/quic/test_tools/mock_quic_client_promised_info.h @@ -21,9 +21,11 @@ class MockQuicClientPromisedInfo : public QuicClientPromisedInfo { std::string url); ~MockQuicClientPromisedInfo() override; - MOCK_METHOD2(HandleClientRequest, - QuicAsyncStatus(const spdy::SpdyHeaderBlock& headers, - QuicClientPushPromiseIndex::Delegate* delegate)); + MOCK_METHOD(QuicAsyncStatus, + HandleClientRequest, + (const spdy::SpdyHeaderBlock& headers, + QuicClientPushPromiseIndex::Delegate*), + (override)); }; } // namespace test diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/mock_quic_dispatcher.h b/chromium/net/third_party/quiche/src/quic/test_tools/mock_quic_dispatcher.h index b2ab45329d6..21c3dca7143 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/mock_quic_dispatcher.h +++ b/chromium/net/third_party/quiche/src/quic/test_tools/mock_quic_dispatcher.h @@ -30,10 +30,12 @@ class MockQuicDispatcher : public QuicSimpleDispatcher { ~MockQuicDispatcher() override; - MOCK_METHOD3(ProcessPacket, - void(const QuicSocketAddress& server_address, - const QuicSocketAddress& client_address, - const QuicReceivedPacket& packet)); + MOCK_METHOD(void, + ProcessPacket, + (const QuicSocketAddress& server_address, + const QuicSocketAddress& client_address, + const QuicReceivedPacket& packet), + (override)); }; } // namespace test diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/mock_quic_session_visitor.h b/chromium/net/third_party/quiche/src/quic/test_tools/mock_quic_session_visitor.h index 0cc10d1d3d5..5cc8476fe5e 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/mock_quic_session_visitor.h +++ b/chromium/net/third_party/quiche/src/quic/test_tools/mock_quic_session_visitor.h @@ -18,17 +18,26 @@ class MockQuicSessionVisitor : public QuicTimeWaitListManager::Visitor { MockQuicSessionVisitor(const MockQuicSessionVisitor&) = delete; MockQuicSessionVisitor& operator=(const MockQuicSessionVisitor&) = delete; ~MockQuicSessionVisitor() override; - MOCK_METHOD4(OnConnectionClosed, - void(QuicConnectionId connection_id, - QuicErrorCode error, - const std::string& error_details, - ConnectionCloseSource source)); - MOCK_METHOD1(OnWriteBlocked, - void(QuicBlockedWriterInterface* blocked_writer)); - MOCK_METHOD1(OnRstStreamReceived, void(const QuicRstStreamFrame& frame)); - MOCK_METHOD1(OnStopSendingReceived, void(const QuicStopSendingFrame& frame)); - MOCK_METHOD1(OnConnectionAddedToTimeWaitList, - void(QuicConnectionId connection_id)); + MOCK_METHOD(void, + OnConnectionClosed, + (QuicConnectionId connection_id, + QuicErrorCode error, + const std::string& error_details, + ConnectionCloseSource source), + (override)); + MOCK_METHOD(void, OnWriteBlocked, (QuicBlockedWriterInterface*), (override)); + MOCK_METHOD(void, + OnRstStreamReceived, + (const QuicRstStreamFrame& frame), + (override)); + MOCK_METHOD(void, + OnStopSendingReceived, + (const QuicStopSendingFrame& frame), + (override)); + MOCK_METHOD(void, + OnConnectionAddedToTimeWaitList, + (QuicConnectionId connection_id), + (override)); }; class MockQuicCryptoServerStreamHelper @@ -40,12 +49,14 @@ class MockQuicCryptoServerStreamHelper MockQuicCryptoServerStreamHelper& operator=( const MockQuicCryptoServerStreamHelper&) = delete; ~MockQuicCryptoServerStreamHelper() override; - MOCK_CONST_METHOD5(CanAcceptClientHello, - bool(const CryptoHandshakeMessage& message, - const QuicSocketAddress& client_address, - const QuicSocketAddress& peer_address, - const QuicSocketAddress& self_address, - std::string* error_details)); + MOCK_METHOD(bool, + CanAcceptClientHello, + (const CryptoHandshakeMessage& message, + const QuicSocketAddress& client_address, + const QuicSocketAddress& peer_address, + const QuicSocketAddress& self_address, + std::string*), + (const, override)); }; } // namespace test diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/mock_quic_spdy_client_stream.h b/chromium/net/third_party/quiche/src/quic/test_tools/mock_quic_spdy_client_stream.h index 02fe74ecb70..f72822ef963 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/mock_quic_spdy_client_stream.h +++ b/chromium/net/third_party/quiche/src/quic/test_tools/mock_quic_spdy_client_stream.h @@ -20,12 +20,14 @@ class MockQuicSpdyClientStream : public QuicSpdyClientStream { StreamType type); ~MockQuicSpdyClientStream() override; - MOCK_METHOD1(OnStreamFrame, void(const QuicStreamFrame& frame)); - MOCK_METHOD3(OnPromiseHeaderList, - void(QuicStreamId promised_stream_id, - size_t frame_len, - const QuicHeaderList& list)); - MOCK_METHOD0(OnDataAvailable, void()); + MOCK_METHOD(void, OnStreamFrame, (const QuicStreamFrame& frame), (override)); + MOCK_METHOD(void, + OnPromiseHeaderList, + (QuicStreamId promised_stream_id, + size_t frame_len, + const QuicHeaderList& list), + (override)); + MOCK_METHOD(void, OnDataAvailable, (), (override)); }; } // namespace test diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/mock_quic_time_wait_list_manager.h b/chromium/net/third_party/quiche/src/quic/test_tools/mock_quic_time_wait_list_manager.h index b8a9776381a..54bd6d478ff 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/mock_quic_time_wait_list_manager.h +++ b/chromium/net/third_party/quiche/src/quic/test_tools/mock_quic_time_wait_list_manager.h @@ -19,13 +19,14 @@ class MockTimeWaitListManager : public QuicTimeWaitListManager { QuicAlarmFactory* alarm_factory); ~MockTimeWaitListManager() override; - MOCK_METHOD5(AddConnectionIdToTimeWait, - void(QuicConnectionId connection_id, - bool ietf_quic, - QuicTimeWaitListManager::TimeWaitAction action, - EncryptionLevel encryption_level, - std::vector<std::unique_ptr<QuicEncryptedPacket>>* - termination_packets)); + MOCK_METHOD(void, + AddConnectionIdToTimeWait, + (QuicConnectionId connection_id, + bool ietf_quic, + QuicTimeWaitListManager::TimeWaitAction action, + EncryptionLevel encryption_level, + std::vector<std::unique_ptr<QuicEncryptedPacket>>*), + (override)); void QuicTimeWaitListManager_AddConnectionIdToTimeWait( QuicConnectionId connection_id, @@ -38,34 +39,42 @@ class MockTimeWaitListManager : public QuicTimeWaitListManager { termination_packets); } - MOCK_METHOD5(ProcessPacket, - void(const QuicSocketAddress& server_address, - const QuicSocketAddress& client_address, - QuicConnectionId connection_id, - PacketHeaderFormat header_format, - std::unique_ptr<QuicPerPacketContext> packet_context)); + MOCK_METHOD(void, + ProcessPacket, + (const QuicSocketAddress& server_address, + const QuicSocketAddress& client_address, + QuicConnectionId connection_id, + PacketHeaderFormat header_format, + std::unique_ptr<QuicPerPacketContext> packet_context), + (override)); - MOCK_METHOD8(SendVersionNegotiationPacket, - void(QuicConnectionId server_connection_id, - QuicConnectionId client_connection_id, - bool ietf_quic, - bool has_length_prefix, - const ParsedQuicVersionVector& supported_versions, - const QuicSocketAddress& server_address, - const QuicSocketAddress& client_address, - std::unique_ptr<QuicPerPacketContext> packet_context)); + MOCK_METHOD(void, + SendVersionNegotiationPacket, + (QuicConnectionId server_connection_id, + QuicConnectionId client_connection_id, + bool ietf_quic, + bool has_length_prefix, + const ParsedQuicVersionVector& supported_versions, + const QuicSocketAddress& server_address, + const QuicSocketAddress& client_address, + std::unique_ptr<QuicPerPacketContext> packet_context), + (override)); - MOCK_METHOD5(SendPublicReset, - void(const QuicSocketAddress&, - const QuicSocketAddress&, - QuicConnectionId, - bool, - std::unique_ptr<QuicPerPacketContext>)); + MOCK_METHOD(void, + SendPublicReset, + (const QuicSocketAddress&, + const QuicSocketAddress&, + QuicConnectionId, + bool, + std::unique_ptr<QuicPerPacketContext>), + (override)); - MOCK_METHOD3(SendPacket, - void(const QuicSocketAddress&, - const QuicSocketAddress&, - const QuicEncryptedPacket&)); + MOCK_METHOD(void, + SendPacket, + (const QuicSocketAddress&, + const QuicSocketAddress&, + const QuicEncryptedPacket&), + (override)); }; } // namespace test diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/qpack/qpack_decoder_test_utils.h b/chromium/net/third_party/quiche/src/quic/test_tools/qpack/qpack_decoder_test_utils.h index 2bd80ef65ed..9741b05bdf5 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/qpack/qpack_decoder_test_utils.h +++ b/chromium/net/third_party/quiche/src/quic/test_tools/qpack/qpack_decoder_test_utils.h @@ -32,8 +32,10 @@ class MockEncoderStreamErrorDelegate public: ~MockEncoderStreamErrorDelegate() override = default; - MOCK_METHOD1(OnEncoderStreamError, - void(quiche::QuicheStringPiece error_message)); + MOCK_METHOD(void, + OnEncoderStreamError, + (quiche::QuicheStringPiece error_message), + (override)); }; // HeadersHandlerInterface implementation that collects decoded headers @@ -74,12 +76,15 @@ class MockHeadersHandler MockHeadersHandler& operator=(const MockHeadersHandler&) = delete; ~MockHeadersHandler() override = default; - MOCK_METHOD2(OnHeaderDecoded, - void(quiche::QuicheStringPiece name, - quiche::QuicheStringPiece value)); - MOCK_METHOD0(OnDecodingCompleted, void()); - MOCK_METHOD1(OnDecodingErrorDetected, - void(quiche::QuicheStringPiece error_message)); + MOCK_METHOD(void, + OnHeaderDecoded, + (quiche::QuicheStringPiece name, quiche::QuicheStringPiece value), + (override)); + MOCK_METHOD(void, OnDecodingCompleted, (), (override)); + MOCK_METHOD(void, + OnDecodingErrorDetected, + (quiche::QuicheStringPiece error_message), + (override)); }; class NoOpHeadersHandler diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/qpack/qpack_encoder_test_utils.h b/chromium/net/third_party/quiche/src/quic/test_tools/qpack/qpack_encoder_test_utils.h index 0ea978f7b40..9b188150796 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/qpack/qpack_encoder_test_utils.h +++ b/chromium/net/third_party/quiche/src/quic/test_tools/qpack/qpack_encoder_test_utils.h @@ -31,8 +31,10 @@ class MockDecoderStreamErrorDelegate public: ~MockDecoderStreamErrorDelegate() override = default; - MOCK_METHOD1(OnDecoderStreamError, - void(quiche::QuicheStringPiece error_message)); + MOCK_METHOD(void, + OnDecoderStreamError, + (quiche::QuicheStringPiece error_message), + (override)); }; } // namespace test diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/qpack/qpack_test_utils.h b/chromium/net/third_party/quiche/src/quic/test_tools/qpack/qpack_test_utils.h index 074095048d7..b9f4adfb6d9 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/qpack/qpack_test_utils.h +++ b/chromium/net/third_party/quiche/src/quic/test_tools/qpack/qpack_test_utils.h @@ -32,7 +32,10 @@ class MockQpackStreamSenderDelegate : public QpackStreamSenderDelegate { public: ~MockQpackStreamSenderDelegate() override = default; - MOCK_METHOD1(WriteStreamData, void(quiche::QuicheStringPiece data)); + MOCK_METHOD(void, + WriteStreamData, + (quiche::QuicheStringPiece data), + (override)); }; class NoopQpackStreamSenderDelegate : public QpackStreamSenderDelegate { diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/quic_config_peer.cc b/chromium/net/third_party/quiche/src/quic/test_tools/quic_config_peer.cc index 20463ab4592..3e752154f27 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/quic_config_peer.cc +++ b/chromium/net/third_party/quiche/src/quic/test_tools/quic_config_peer.cc @@ -5,6 +5,7 @@ #include "net/third_party/quiche/src/quic/test_tools/quic_config_peer.h" #include "net/third_party/quiche/src/quic/core/quic_config.h" +#include "net/third_party/quiche/src/quic/core/quic_connection_id.h" namespace quic { namespace test { @@ -98,12 +99,22 @@ void QuicConfigPeer::SetReceivedMaxPacketSize(QuicConfig* config, } // static -void QuicConfigPeer::ReceiveIdleNetworkTimeout(QuicConfig* config, - HelloType hello_type, - uint32_t idle_timeout_seconds) { - std::string error_details; - config->idle_network_timeout_seconds_.ReceiveValue( - idle_timeout_seconds, hello_type, &error_details); +void QuicConfigPeer::SetNegotiated(QuicConfig* config, bool negotiated) { + config->negotiated_ = negotiated; +} + +// static +void QuicConfigPeer::SetReceivedOriginalConnectionId( + QuicConfig* config, + const QuicConnectionId& original_connection_id) { + config->received_original_connection_id_ = original_connection_id; +} + +// static +void QuicConfigPeer::SetReceivedMaxDatagramFrameSize( + QuicConfig* config, + uint64_t max_datagram_frame_size) { + config->max_datagram_frame_size_.SetReceivedValue(max_datagram_frame_size); } } // namespace test diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/quic_config_peer.h b/chromium/net/third_party/quiche/src/quic/test_tools/quic_config_peer.h index b52bf42085b..c435f2282da 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/quic_config_peer.h +++ b/chromium/net/third_party/quiche/src/quic/test_tools/quic_config_peer.h @@ -6,6 +6,7 @@ #define QUICHE_QUIC_TEST_TOOLS_QUIC_CONFIG_PEER_H_ #include "net/third_party/quiche/src/quic/core/quic_config.h" +#include "net/third_party/quiche/src/quic/core/quic_connection_id.h" #include "net/third_party/quiche/src/quic/core/quic_packets.h" #include "net/third_party/quiche/src/quic/platform/api/quic_uint128.h" @@ -59,9 +60,14 @@ class QuicConfigPeer { static void SetReceivedMaxPacketSize(QuicConfig* config, uint32_t max_packet_size); - static void ReceiveIdleNetworkTimeout(QuicConfig* config, - HelloType hello_type, - uint32_t idle_timeout_seconds); + static void SetNegotiated(QuicConfig* config, bool negotiated); + + static void SetReceivedOriginalConnectionId( + QuicConfig* config, + const QuicConnectionId& original_connection_id); + + static void SetReceivedMaxDatagramFrameSize(QuicConfig* config, + uint64_t max_datagram_frame_size); }; } // namespace test diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/quic_connection_peer.cc b/chromium/net/third_party/quiche/src/quic/test_tools/quic_connection_peer.cc index 6b6387f47c1..d276f6327ea 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/quic_connection_peer.cc +++ b/chromium/net/third_party/quiche/src/quic/test_tools/quic_connection_peer.cc @@ -91,12 +91,6 @@ void QuicConnectionPeer::SetEffectivePeerAddress( } // static -bool QuicConnectionPeer::IsSilentCloseEnabled(QuicConnection* connection) { - return connection->idle_timeout_connection_close_behavior_ == - ConnectionCloseBehavior::SILENT_CLOSE; -} - -// static void QuicConnectionPeer::SwapCrypters(QuicConnection* connection, QuicFramer* framer) { QuicFramerPeer::SwapCrypters(framer, &connection->framer_); @@ -160,12 +154,6 @@ QuicAlarm* QuicConnectionPeer::GetMtuDiscoveryAlarm( } // static -QuicAlarm* QuicConnectionPeer::GetPathDegradingAlarm( - QuicConnection* connection) { - return connection->path_degrading_alarm_.get(); -} - -// static QuicAlarm* QuicConnectionPeer::GetProcessUndecryptablePacketsAlarm( QuicConnection* connection) { return connection->process_undecryptable_packets_alarm_.get(); @@ -381,5 +369,13 @@ QuicAlarm* QuicConnectionPeer::GetIdleNetworkDetectorAlarm( return connection->idle_network_detector_.alarm_.get(); } +// static +void QuicConnectionPeer::SetServerConnectionId( + QuicConnection* connection, + const QuicConnectionId& server_connection_id) { + connection->server_connection_id_ = server_connection_id; + connection->InstallInitialCrypters(server_connection_id); +} + } // namespace test } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/quic_connection_peer.h b/chromium/net/third_party/quiche/src/quic/test_tools/quic_connection_peer.h index d6d6b3cc3c0..9882f62ee35 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/quic_connection_peer.h +++ b/chromium/net/third_party/quiche/src/quic/test_tools/quic_connection_peer.h @@ -64,8 +64,6 @@ class QuicConnectionPeer { QuicConnection* connection, const QuicSocketAddress& effective_peer_address); - static bool IsSilentCloseEnabled(QuicConnection* connection); - static void SwapCrypters(QuicConnection* connection, QuicFramer* framer); static void SetCurrentPacket(QuicConnection* connection, @@ -83,7 +81,6 @@ class QuicConnectionPeer { static QuicAlarm* GetSendAlarm(QuicConnection* connection); static QuicAlarm* GetTimeoutAlarm(QuicConnection* connection); static QuicAlarm* GetMtuDiscoveryAlarm(QuicConnection* connection); - static QuicAlarm* GetPathDegradingAlarm(QuicConnection* connection); static QuicAlarm* GetProcessUndecryptablePacketsAlarm( QuicConnection* connection); @@ -146,6 +143,10 @@ class QuicConnectionPeer { static QuicTime GetBlackholeDetectionDeadline(QuicConnection* connection); static QuicAlarm* GetIdleNetworkDetectorAlarm(QuicConnection* connection); + + static void SetServerConnectionId( + QuicConnection* connection, + const QuicConnectionId& server_connection_id); }; } // namespace test diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/quic_dispatcher_peer.cc b/chromium/net/third_party/quiche/src/quic/test_tools/quic_dispatcher_peer.cc index b460165d906..467c689af94 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/quic_dispatcher_peer.cc +++ b/chromium/net/third_party/quiche/src/quic/test_tools/quic_dispatcher_peer.cc @@ -112,5 +112,12 @@ void QuicDispatcherPeer::RestorePerPacketContext( dispatcher->RestorePerPacketContext(std::move(context)); } +// static +std::string QuicDispatcherPeer::SelectAlpn( + QuicDispatcher* dispatcher, + const std::vector<std::string>& alpns) { + return dispatcher->SelectAlpn(alpns); +} + } // namespace test } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/quic_dispatcher_peer.h b/chromium/net/third_party/quiche/src/quic/test_tools/quic_dispatcher_peer.h index 7cb4c92c5a9..ec22f94f480 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/quic_dispatcher_peer.h +++ b/chromium/net/third_party/quiche/src/quic/test_tools/quic_dispatcher_peer.h @@ -66,6 +66,9 @@ class QuicDispatcherPeer { static void RestorePerPacketContext(QuicDispatcher* dispatcher, std::unique_ptr<QuicPerPacketContext>); + + static std::string SelectAlpn(QuicDispatcher* dispatcher, + const std::vector<std::string>& alpns); }; } // namespace test diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/quic_packet_creator_peer.cc b/chromium/net/third_party/quiche/src/quic/test_tools/quic_packet_creator_peer.cc index 822401272e2..44fed8809ec 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/quic_packet_creator_peer.cc +++ b/chromium/net/third_party/quiche/src/quic/test_tools/quic_packet_creator_peer.cc @@ -119,14 +119,14 @@ SerializedPacket QuicPacketCreatorPeer::SerializeAllFrames( } // static -OwningSerializedPacketPointer +std::unique_ptr<SerializedPacket> QuicPacketCreatorPeer::SerializeConnectivityProbingPacket( QuicPacketCreator* creator) { return creator->SerializeConnectivityProbingPacket(); } // static -OwningSerializedPacketPointer +std::unique_ptr<SerializedPacket> QuicPacketCreatorPeer::SerializePathChallengeConnectivityProbingPacket( QuicPacketCreator* creator, QuicPathFrameBuffer* payload) { @@ -149,5 +149,10 @@ std::string QuicPacketCreatorPeer::GetRetryToken(QuicPacketCreator* creator) { return creator->retry_token_; } +// static +QuicFrames& QuicPacketCreatorPeer::QueuedFrames(QuicPacketCreator* creator) { + return creator->queued_frames_; +} + } // namespace test } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/quic_packet_creator_peer.h b/chromium/net/third_party/quiche/src/quic/test_tools/quic_packet_creator_peer.h index bdadc2b9ad9..2dc941388a0 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/quic_packet_creator_peer.h +++ b/chromium/net/third_party/quiche/src/quic/test_tools/quic_packet_creator_peer.h @@ -50,15 +50,16 @@ class QuicPacketCreatorPeer { const QuicFrames& frames, char* buffer, size_t buffer_len); - static OwningSerializedPacketPointer SerializeConnectivityProbingPacket( + static std::unique_ptr<SerializedPacket> SerializeConnectivityProbingPacket( QuicPacketCreator* creator); - static OwningSerializedPacketPointer + static std::unique_ptr<SerializedPacket> SerializePathChallengeConnectivityProbingPacket(QuicPacketCreator* creator, QuicPathFrameBuffer* payload); static EncryptionLevel GetEncryptionLevel(QuicPacketCreator* creator); static QuicFramer* framer(QuicPacketCreator* creator); static std::string GetRetryToken(QuicPacketCreator* creator); + static QuicFrames& QueuedFrames(QuicPacketCreator* creator); }; } // namespace test diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/quic_session_peer.cc b/chromium/net/third_party/quiche/src/quic/test_tools/quic_session_peer.cc index cbaf5d62be9..ab28828cc14 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/quic_session_peer.cc +++ b/chromium/net/third_party/quiche/src/quic/test_tools/quic_session_peer.cc @@ -143,12 +143,6 @@ QuicSession::ZombieStreamMap& QuicSessionPeer::zombie_streams( } // static -QuicUnorderedSet<QuicStreamId>* QuicSessionPeer::GetDrainingStreams( - QuicSession* session) { - return &session->draining_streams_; -} - -// static void QuicSessionPeer::ActivateStream(QuicSession* session, std::unique_ptr<QuicStream> stream) { return session->ActivateStream(std::move(stream)); @@ -239,5 +233,21 @@ void QuicSessionPeer::SetPerspective(QuicSession* session, session->perspective_ = perspective; } +// static +size_t QuicSessionPeer::GetNumOpenDynamicStreams(QuicSession* session) { + size_t result = 0; + for (const auto& it : session->stream_map_) { + if (!it.second->is_static()) { + ++result; + } + } + // Exclude draining streams. + result -= session->GetNumDrainingStreams(); + // Add locally closed streams. + result += session->locally_closed_streams_highest_offset_.size(); + + return result; +} + } // namespace test } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/quic_session_peer.h b/chromium/net/third_party/quiche/src/quic/test_tools/quic_session_peer.h index 72caa9135b9..ffb6a46446d 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/quic_session_peer.h +++ b/chromium/net/third_party/quiche/src/quic/test_tools/quic_session_peer.h @@ -59,8 +59,6 @@ class QuicSessionPeer { static QuicSession::StreamMap& stream_map(QuicSession* session); static const QuicSession::ClosedStreams& closed_streams(QuicSession* session); static QuicSession::ZombieStreamMap& zombie_streams(QuicSession* session); - static QuicUnorderedSet<QuicStreamId>* GetDrainingStreams( - QuicSession* session); static void ActivateStream(QuicSession* session, std::unique_ptr<QuicStream> stream); @@ -83,6 +81,7 @@ class QuicSessionPeer { QuicStreamId stream_id); static void set_is_configured(QuicSession* session, bool value); static void SetPerspective(QuicSession* session, Perspective perspective); + static size_t GetNumOpenDynamicStreams(QuicSession* session); }; } // namespace test diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/quic_stream_peer.cc b/chromium/net/third_party/quiche/src/quic/test_tools/quic_stream_peer.cc index 42961984527..50eec57aa6c 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/quic_stream_peer.cc +++ b/chromium/net/third_party/quiche/src/quic/test_tools/quic_stream_peer.cc @@ -58,5 +58,15 @@ QuicStreamSendBuffer& QuicStreamPeer::SendBuffer(QuicStream* stream) { return stream->send_buffer_; } +// static +void QuicStreamPeer::SetFinReceived(QuicStream* stream) { + stream->fin_received_ = true; +} + +// static +void QuicStreamPeer::SetFinSent(QuicStream* stream) { + stream->fin_sent_ = true; +} + } // namespace test } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/quic_stream_peer.h b/chromium/net/third_party/quiche/src/quic/test_tools/quic_stream_peer.h index f4b1de3165b..e57825f24f9 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/quic_stream_peer.h +++ b/chromium/net/third_party/quiche/src/quic/test_tools/quic_stream_peer.h @@ -32,6 +32,8 @@ class QuicStreamPeer { static QuicStreamSequencer* sequencer(QuicStream* stream); static QuicSession* session(QuicStream* stream); + static void SetFinReceived(QuicStream* stream); + static void SetFinSent(QuicStream* stream); static QuicStreamSendBuffer& SendBuffer(QuicStream* stream); }; diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/quic_test_client.cc b/chromium/net/third_party/quiche/src/quic/test_tools/quic_test_client.cc index 5ddc879af62..22e65b822ee 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/quic_test_client.cc +++ b/chromium/net/third_party/quiche/src/quic/test_tools/quic_test_client.cc @@ -74,6 +74,7 @@ class RecordingProofVerifier : public ProofVerifier { QuicAsyncStatus VerifyCertChain( const std::string& /*hostname*/, + const uint16_t /*port*/, const std::vector<std::string>& certs, const std::string& /*ocsp_response*/, const std::string& cert_sct, @@ -357,10 +358,6 @@ void QuicTestClient::Initialize() { num_requests_ = 0; num_responses_ = 0; ClearPerConnectionState(); - // TODO(b/142715651): Figure out how to use QPACK in tests. - // Do not use the QPACK dynamic table in tests to avoid flakiness due to the - // uncertain order of receiving the SETTINGS frame and sending headers. - client_->disable_qpack_dynamic_table(); // As chrome will generally do this, we want it to be the default when it's // not overridden. if (!client_->config()->HasSetBytesForConnectionIdToSend()) { @@ -393,8 +390,13 @@ ssize_t QuicTestClient::SendRequestAndRstTogether(const std::string& uri) { QuicStreamId stream_id = GetNthClientInitiatedBidirectionalStreamId( session->transport_version(), 0); QuicStream* stream = session->GetOrCreateStream(stream_id); - session->SendRstStream(stream_id, QUIC_STREAM_CANCELLED, + if (session->break_close_loop()) { + session->ResetStream(stream_id, QUIC_STREAM_CANCELLED, stream->stream_bytes_written()); + } else { + session->SendRstStream(stream_id, QUIC_STREAM_CANCELLED, + stream->stream_bytes_written()); + } return ret; } diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/quic_test_server.cc b/chromium/net/third_party/quiche/src/quic/test_tools/quic_test_server.cc index d85fe1fdeac..1b6452eb0ec 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/quic_test_server.cc +++ b/chromium/net/third_party/quiche/src/quic/test_tools/quic_test_server.cc @@ -119,11 +119,6 @@ class QuicTestDispatcher : public QuicSimpleDispatcher { config(), connection, this, session_helper(), crypto_config(), compressed_certs_cache(), server_backend()); } - // TODO(b/142715651): Figure out how to use QPACK in tests. - // Do not use the QPACK dynamic table in tests to avoid flakiness due to the - // uncertain order of receiving the SETTINGS frame and sending headers. - session->set_qpack_maximum_dynamic_table_capacity(0); - session->set_qpack_maximum_blocked_streams(0); session->Initialize(); return session; } @@ -240,14 +235,27 @@ void ImmediateGoAwaySession::OnStreamFrame(const QuicStreamFrame& frame) { } void ImmediateGoAwaySession::OnCryptoFrame(const QuicCryptoFrame& frame) { - // In IETF QUIC, GOAWAY lives up in HTTP/3 layer. Even if it's a immediate - // goaway session, goaway shouldn't be sent when crypto frame is received. + // In IETF QUIC, GOAWAY lives up in HTTP/3 layer. It's sent in a QUIC stream + // and requires encryption. Thus the sending is done in + // OnNewEncryptionKeyAvailable(). if (!VersionUsesHttp3(transport_version())) { SendGoAway(QUIC_PEER_GOING_AWAY, ""); } QuicSimpleServerSession::OnCryptoFrame(frame); } +void ImmediateGoAwaySession::OnNewEncryptionKeyAvailable( + EncryptionLevel level, + std::unique_ptr<QuicEncrypter> encrypter) { + QuicSimpleServerSession::OnNewEncryptionKeyAvailable(level, + std::move(encrypter)); + if (VersionUsesHttp3(transport_version())) { + if (IsEncryptionEstablished() && !http3_goaway_sent()) { + SendHttp3GoAway(); + } + } +} + } // namespace test } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/quic_test_server.h b/chromium/net/third_party/quiche/src/quic/test_tools/quic_test_server.h index d88337a623e..2fa3e2077e9 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/quic_test_server.h +++ b/chromium/net/third_party/quiche/src/quic/test_tools/quic_test_server.h @@ -105,6 +105,9 @@ class ImmediateGoAwaySession : public QuicSimpleServerSession { // Override to send GoAway. void OnStreamFrame(const QuicStreamFrame& frame) override; void OnCryptoFrame(const QuicCryptoFrame& frame) override; + void OnNewEncryptionKeyAvailable( + EncryptionLevel level, + std::unique_ptr<QuicEncrypter> encrypter) override; }; } // namespace test diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/quic_test_utils.cc b/chromium/net/third_party/quiche/src/quic/test_tools/quic_test_utils.cc index d8a043611d1..7d88ccdaae7 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/quic_test_utils.cc +++ b/chromium/net/third_party/quiche/src/quic/test_tools/quic_test_utils.cc @@ -17,13 +17,16 @@ #include "net/third_party/quiche/src/quic/core/crypto/null_encrypter.h" #include "net/third_party/quiche/src/quic/core/crypto/quic_decrypter.h" #include "net/third_party/quiche/src/quic/core/crypto/quic_encrypter.h" +#include "net/third_party/quiche/src/quic/core/http/quic_spdy_client_session.h" #include "net/third_party/quiche/src/quic/core/quic_buffer_allocator.h" +#include "net/third_party/quiche/src/quic/core/quic_config.h" #include "net/third_party/quiche/src/quic/core/quic_data_writer.h" #include "net/third_party/quiche/src/quic/core/quic_framer.h" #include "net/third_party/quiche/src/quic/core/quic_packet_creator.h" #include "net/third_party/quiche/src/quic/core/quic_simple_buffer_allocator.h" #include "net/third_party/quiche/src/quic/core/quic_types.h" #include "net/third_party/quiche/src/quic/core/quic_utils.h" +#include "net/third_party/quiche/src/quic/core/quic_versions.h" #include "net/third_party/quiche/src/quic/platform/api/quic_flags.h" #include "net/third_party/quiche/src/quic/platform/api/quic_logging.h" #include "net/third_party/quiche/src/quic/test_tools/crypto_test_utils.h" @@ -74,6 +77,14 @@ uint64_t TestConnectionIdToUInt64(QuicConnectionId connection_id) { return quiche::QuicheEndian::NetToHost64(connection_id64_net); } +std::string TestHostname() { + return "test.example.org"; +} + +QuicServerId TestServerId() { + return QuicServerId(TestHostname(), kTestPort); +} + QuicAckFrame InitAckFrame(const std::vector<QuicAckBlock>& ack_blocks) { DCHECK_GT(ack_blocks.size(), 0u); @@ -549,14 +560,14 @@ PacketSavingConnection::PacketSavingConnection( PacketSavingConnection::~PacketSavingConnection() {} -void PacketSavingConnection::SendOrQueuePacket(SerializedPacket* packet) { +void PacketSavingConnection::SendOrQueuePacket(SerializedPacket packet) { encrypted_packets_.push_back(std::make_unique<QuicEncryptedPacket>( - CopyBuffer(*packet), packet->encrypted_length, true)); + CopyBuffer(packet), packet.encrypted_length, true)); clock_.AdvanceTime(QuicTime::Delta::FromMilliseconds(10)); // Transfer ownership of the packet to the SentPacketManager and the // ack notifier to the AckNotifierManager. QuicConnectionPeer::GetSentPacketManager(this)->OnPacketSent( - packet, clock_.ApproximateNow(), NOT_RETRANSMISSION, + &packet, clock_.ApproximateNow(), NOT_RETRANSMISSION, HAS_RETRANSMITTABLE_DATA); } @@ -649,6 +660,15 @@ MockQuicSpdySession::MockQuicSpdySession(QuicConnection* connection, ON_CALL(*this, WritevData(_, _, _, _, _, _)) .WillByDefault(testing::Return(QuicConsumedData(0, false))); + + ON_CALL(*this, SendWindowUpdate(_, _)) + .WillByDefault([this](QuicStreamId id, QuicStreamOffset byte_offset) { + return QuicSpdySession::SendWindowUpdate(id, byte_offset); + }); + + ON_CALL(*this, SendBlocked(_)).WillByDefault([this](QuicStreamId id) { + return QuicSpdySession::SendBlocked(id); + }); } MockQuicSpdySession::~MockQuicSpdySession() { @@ -735,9 +755,11 @@ TestQuicSpdyClientSession::TestQuicSpdyClientSession( &push_promise_index_, config, supported_versions) { + // TODO(b/153726130): Consider adding OnApplicationState calls in tests and + // set |has_application_state| to true. crypto_stream_ = std::make_unique<QuicCryptoClientStream>( server_id, this, crypto_test_utils::ProofVerifyContextForTesting(), - crypto_config, this); + crypto_config, this, /*has_application_state = */ false); Initialize(); } @@ -780,6 +802,7 @@ MockPacketWriter::MockPacketWriter() { .WillByDefault(testing::Return(nullptr)); ON_CALL(*this, Flush()) .WillByDefault(testing::Return(WriteResult(WRITE_STATUS_OK, 0))); + ON_CALL(*this, SupportsReleaseTime()).WillByDefault(testing::Return(false)); } MockPacketWriter::~MockPacketWriter() {} @@ -817,6 +840,12 @@ ParsedQuicVersion QuicVersionMin() { return AllSupportedVersions().back(); } +void DisableQuicVersionsWithTls() { + SetQuicReloadableFlag(quic_enable_version_draft_27, false); + SetQuicReloadableFlag(quic_enable_version_draft_25_v3, false); + SetQuicReloadableFlag(quic_enable_version_t050_v2, false); +} + QuicEncryptedPacket* ConstructEncryptedPacket( QuicConnectionId destination_connection_id, QuicConnectionId source_connection_id, @@ -962,6 +991,49 @@ QuicEncryptedPacket* ConstructEncryptedPacket( return new QuicEncryptedPacket(buffer, encrypted_length, true); } +std::unique_ptr<QuicEncryptedPacket> GetUndecryptableEarlyPacket( + const ParsedQuicVersion& version, + const QuicConnectionId& server_connection_id) { + QuicPacketHeader header; + header.destination_connection_id = server_connection_id; + header.destination_connection_id_included = CONNECTION_ID_PRESENT; + header.source_connection_id = EmptyQuicConnectionId(); + header.source_connection_id_included = CONNECTION_ID_PRESENT; + if (!version.SupportsClientConnectionIds()) { + header.source_connection_id_included = CONNECTION_ID_ABSENT; + } + header.version_flag = true; + header.reset_flag = false; + header.packet_number_length = PACKET_4BYTE_PACKET_NUMBER; + header.packet_number = QuicPacketNumber(33); + header.long_packet_type = ZERO_RTT_PROTECTED; + if (version.HasLongHeaderLengths()) { + header.retry_token_length_length = VARIABLE_LENGTH_INTEGER_LENGTH_1; + header.length_length = VARIABLE_LENGTH_INTEGER_LENGTH_2; + } + + QuicFrames frames; + frames.push_back(QuicFrame(QuicPingFrame())); + frames.push_back(QuicFrame(QuicPaddingFrame(100))); + QuicFramer framer({version}, QuicTime::Zero(), Perspective::IS_CLIENT, + kQuicDefaultConnectionIdLength); + framer.SetInitialObfuscators(server_connection_id); + + framer.SetEncrypter(ENCRYPTION_ZERO_RTT, + std::make_unique<NullEncrypter>(Perspective::IS_CLIENT)); + std::unique_ptr<QuicPacket> packet( + BuildUnsizedDataPacket(&framer, header, frames)); + EXPECT_TRUE(packet != nullptr); + char* buffer = new char[kMaxOutgoingPacketSize]; + size_t encrypted_length = + framer.EncryptPayload(ENCRYPTION_ZERO_RTT, header.packet_number, *packet, + buffer, kMaxOutgoingPacketSize); + EXPECT_NE(0u, encrypted_length); + DeleteFrames(&frames); + return std::make_unique<QuicEncryptedPacket>(buffer, encrypted_length, + /*owns_buffer=*/true); +} + QuicReceivedPacket* ConstructReceivedPacket( const QuicEncryptedPacket& encrypted_packet, QuicTime receipt_time) { @@ -1085,6 +1157,12 @@ MockPacketCreatorDelegate::~MockPacketCreatorDelegate() {} MockSessionNotifier::MockSessionNotifier() {} MockSessionNotifier::~MockSessionNotifier() {} +// static +QuicCryptoClientStream::HandshakerInterface* +QuicCryptoClientStreamPeer::GetHandshaker(QuicCryptoClientStream* stream) { + return stream->handshaker_.get(); +} + void CreateClientSessionForTest( QuicServerId server_id, QuicTime::Delta connection_start_time, diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/quic_test_utils.h b/chromium/net/third_party/quiche/src/quic/test_tools/quic_test_utils.h index e30f484b067..7d1d9db4459 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/quic_test_utils.h +++ b/chromium/net/third_party/quiche/src/quic/test_tools/quic_test_utils.h @@ -19,9 +19,11 @@ #include "net/third_party/quiche/src/quic/core/http/quic_server_session_base.h" #include "net/third_party/quiche/src/quic/core/http/quic_spdy_session.h" #include "net/third_party/quiche/src/quic/core/quic_connection.h" +#include "net/third_party/quiche/src/quic/core/quic_connection_id.h" #include "net/third_party/quiche/src/quic/core/quic_framer.h" #include "net/third_party/quiche/src/quic/core/quic_packet_writer.h" #include "net/third_party/quiche/src/quic/core/quic_sent_packet_manager.h" +#include "net/third_party/quiche/src/quic/core/quic_server_id.h" #include "net/third_party/quiche/src/quic/core/quic_simple_buffer_allocator.h" #include "net/third_party/quiche/src/quic/core/quic_types.h" #include "net/third_party/quiche/src/quic/platform/api/quic_mem_slice_storage.h" @@ -50,11 +52,17 @@ QuicConnectionId TestConnectionIdNineBytesLong(uint64_t connection_number); // Extracts the connection number passed to TestConnectionId(). uint64_t TestConnectionIdToUInt64(QuicConnectionId connection_id); -static const uint16_t kTestPort = 12345; -static const uint32_t kInitialStreamFlowControlWindowForTest = - 1024 * 1024; // 1 MB -static const uint32_t kInitialSessionFlowControlWindowForTest = - 1536 * 1024; // 1.5 MB +enum : uint16_t { kTestPort = 12345 }; +enum : uint32_t { + kInitialStreamFlowControlWindowForTest = 1024 * 1024, // 1 MB + kInitialSessionFlowControlWindowForTest = 1536 * 1024, // 1.5 MB +}; + +// A hostname useful for testing, returns "test.example.org". +std::string TestHostname(); + +// A server ID useful for testing, returns test.example.org:12345. +QuicServerId TestServerId(); // Returns the test peer IP address. QuicIpAddress TestPeerIPAddress(); @@ -65,6 +73,11 @@ ParsedQuicVersion QuicVersionMax(); // Lower limit on versions we support. ParsedQuicVersion QuicVersionMin(); +// Disables all flags that enable QUIC versions that use TLS. +// This is only meant as a temporary measure to prevent some broken tests +// from running with TLS. +void DisableQuicVersionsWithTls(); + // Create an encrypted packet for testing. // If versions == nullptr, uses &AllSupportedVersions(). // Note that the packet is encrypted with NullEncrypter, so to decrypt the @@ -135,8 +148,13 @@ QuicEncryptedPacket* ConstructEncryptedPacket( uint64_t packet_number, const std::string& data); -// Constructs a received packet for testing. The caller must take ownership of -// the returned pointer. +// Creates a client-to-server ZERO-RTT packet that will fail to decrypt. +std::unique_ptr<QuicEncryptedPacket> GetUndecryptableEarlyPacket( + const ParsedQuicVersion& version, + const QuicConnectionId& server_connection_id); + +// Constructs a received packet for testing. The caller must take ownership +// of the returned pointer. QuicReceivedPacket* ConstructReceivedPacket( const QuicEncryptedPacket& encrypted_packet, QuicTime receipt_time); @@ -251,63 +269,141 @@ class MockFramerVisitor : public QuicFramerVisitorInterface { MockFramerVisitor& operator=(const MockFramerVisitor&) = delete; ~MockFramerVisitor() override; - MOCK_METHOD1(OnError, void(QuicFramer* framer)); + MOCK_METHOD(void, OnError, (QuicFramer*), (override)); // The constructor sets this up to return false by default. - MOCK_METHOD1(OnProtocolVersionMismatch, bool(ParsedQuicVersion version)); - MOCK_METHOD0(OnPacket, void()); - MOCK_METHOD1(OnPublicResetPacket, void(const QuicPublicResetPacket& header)); - MOCK_METHOD1(OnVersionNegotiationPacket, - void(const QuicVersionNegotiationPacket& packet)); - MOCK_METHOD5(OnRetryPacket, - void(QuicConnectionId original_connection_id, - QuicConnectionId new_connection_id, - quiche::QuicheStringPiece retry_token, - quiche::QuicheStringPiece retry_integrity_tag, - quiche::QuicheStringPiece retry_without_tag)); + MOCK_METHOD(bool, + OnProtocolVersionMismatch, + (ParsedQuicVersion version), + (override)); + MOCK_METHOD(void, OnPacket, (), (override)); + MOCK_METHOD(void, + OnPublicResetPacket, + (const QuicPublicResetPacket& header), + (override)); + MOCK_METHOD(void, + OnVersionNegotiationPacket, + (const QuicVersionNegotiationPacket& packet), + (override)); + MOCK_METHOD(void, + OnRetryPacket, + (QuicConnectionId original_connection_id, + QuicConnectionId new_connection_id, + quiche::QuicheStringPiece retry_token, + quiche::QuicheStringPiece retry_integrity_tag, + quiche::QuicheStringPiece retry_without_tag), + (override)); // The constructor sets this up to return true by default. - MOCK_METHOD1(OnUnauthenticatedHeader, bool(const QuicPacketHeader& header)); + MOCK_METHOD(bool, + OnUnauthenticatedHeader, + (const QuicPacketHeader& header), + (override)); // The constructor sets this up to return true by default. - MOCK_METHOD1(OnUnauthenticatedPublicHeader, - bool(const QuicPacketHeader& header)); - MOCK_METHOD1(OnDecryptedPacket, void(EncryptionLevel level)); - MOCK_METHOD1(OnPacketHeader, bool(const QuicPacketHeader& header)); - MOCK_METHOD1(OnCoalescedPacket, void(const QuicEncryptedPacket& packet)); - MOCK_METHOD3(OnUndecryptablePacket, - void(const QuicEncryptedPacket& packet, - EncryptionLevel decryption_level, - bool has_decryption_key)); - MOCK_METHOD1(OnStreamFrame, bool(const QuicStreamFrame& frame)); - MOCK_METHOD1(OnCryptoFrame, bool(const QuicCryptoFrame& frame)); - MOCK_METHOD2(OnAckFrameStart, bool(QuicPacketNumber, QuicTime::Delta)); - MOCK_METHOD2(OnAckRange, bool(QuicPacketNumber, QuicPacketNumber)); - MOCK_METHOD2(OnAckTimestamp, bool(QuicPacketNumber, QuicTime)); - MOCK_METHOD1(OnAckFrameEnd, bool(QuicPacketNumber)); - MOCK_METHOD1(OnStopWaitingFrame, bool(const QuicStopWaitingFrame& frame)); - MOCK_METHOD1(OnPaddingFrame, bool(const QuicPaddingFrame& frame)); - MOCK_METHOD1(OnPingFrame, bool(const QuicPingFrame& frame)); - MOCK_METHOD1(OnRstStreamFrame, bool(const QuicRstStreamFrame& frame)); - MOCK_METHOD1(OnConnectionCloseFrame, - bool(const QuicConnectionCloseFrame& frame)); - MOCK_METHOD1(OnNewConnectionIdFrame, - bool(const QuicNewConnectionIdFrame& frame)); - MOCK_METHOD1(OnRetireConnectionIdFrame, - bool(const QuicRetireConnectionIdFrame& frame)); - MOCK_METHOD1(OnNewTokenFrame, bool(const QuicNewTokenFrame& frame)); - MOCK_METHOD1(OnStopSendingFrame, bool(const QuicStopSendingFrame& frame)); - MOCK_METHOD1(OnPathChallengeFrame, bool(const QuicPathChallengeFrame& frame)); - MOCK_METHOD1(OnPathResponseFrame, bool(const QuicPathResponseFrame& frame)); - MOCK_METHOD1(OnGoAwayFrame, bool(const QuicGoAwayFrame& frame)); - MOCK_METHOD1(OnMaxStreamsFrame, bool(const QuicMaxStreamsFrame& frame)); - MOCK_METHOD1(OnStreamsBlockedFrame, - bool(const QuicStreamsBlockedFrame& frame)); - MOCK_METHOD1(OnWindowUpdateFrame, bool(const QuicWindowUpdateFrame& frame)); - MOCK_METHOD1(OnBlockedFrame, bool(const QuicBlockedFrame& frame)); - MOCK_METHOD1(OnMessageFrame, bool(const QuicMessageFrame& frame)); - MOCK_METHOD1(OnHandshakeDoneFrame, bool(const QuicHandshakeDoneFrame& frame)); - MOCK_METHOD0(OnPacketComplete, void()); - MOCK_CONST_METHOD1(IsValidStatelessResetToken, bool(QuicUint128)); - MOCK_METHOD1(OnAuthenticatedIetfStatelessResetPacket, - void(const QuicIetfStatelessResetPacket&)); + MOCK_METHOD(bool, + OnUnauthenticatedPublicHeader, + (const QuicPacketHeader& header), + (override)); + MOCK_METHOD(void, OnDecryptedPacket, (EncryptionLevel level), (override)); + MOCK_METHOD(bool, + OnPacketHeader, + (const QuicPacketHeader& header), + (override)); + MOCK_METHOD(void, + OnCoalescedPacket, + (const QuicEncryptedPacket& packet), + (override)); + MOCK_METHOD(void, + OnUndecryptablePacket, + (const QuicEncryptedPacket& packet, + EncryptionLevel decryption_level, + bool has_decryption_key), + (override)); + MOCK_METHOD(bool, OnStreamFrame, (const QuicStreamFrame& frame), (override)); + MOCK_METHOD(bool, OnCryptoFrame, (const QuicCryptoFrame& frame), (override)); + MOCK_METHOD(bool, + OnAckFrameStart, + (QuicPacketNumber, QuicTime::Delta), + (override)); + MOCK_METHOD(bool, + OnAckRange, + (QuicPacketNumber, QuicPacketNumber), + (override)); + MOCK_METHOD(bool, OnAckTimestamp, (QuicPacketNumber, QuicTime), (override)); + MOCK_METHOD(bool, OnAckFrameEnd, (QuicPacketNumber), (override)); + MOCK_METHOD(bool, + OnStopWaitingFrame, + (const QuicStopWaitingFrame& frame), + (override)); + MOCK_METHOD(bool, + OnPaddingFrame, + (const QuicPaddingFrame& frame), + (override)); + MOCK_METHOD(bool, OnPingFrame, (const QuicPingFrame& frame), (override)); + MOCK_METHOD(bool, + OnRstStreamFrame, + (const QuicRstStreamFrame& frame), + (override)); + MOCK_METHOD(bool, + OnConnectionCloseFrame, + (const QuicConnectionCloseFrame& frame), + (override)); + MOCK_METHOD(bool, + OnNewConnectionIdFrame, + (const QuicNewConnectionIdFrame& frame), + (override)); + MOCK_METHOD(bool, + OnRetireConnectionIdFrame, + (const QuicRetireConnectionIdFrame& frame), + (override)); + MOCK_METHOD(bool, + OnNewTokenFrame, + (const QuicNewTokenFrame& frame), + (override)); + MOCK_METHOD(bool, + OnStopSendingFrame, + (const QuicStopSendingFrame& frame), + (override)); + MOCK_METHOD(bool, + OnPathChallengeFrame, + (const QuicPathChallengeFrame& frame), + (override)); + MOCK_METHOD(bool, + OnPathResponseFrame, + (const QuicPathResponseFrame& frame), + (override)); + MOCK_METHOD(bool, OnGoAwayFrame, (const QuicGoAwayFrame& frame), (override)); + MOCK_METHOD(bool, + OnMaxStreamsFrame, + (const QuicMaxStreamsFrame& frame), + (override)); + MOCK_METHOD(bool, + OnStreamsBlockedFrame, + (const QuicStreamsBlockedFrame& frame), + (override)); + MOCK_METHOD(bool, + OnWindowUpdateFrame, + (const QuicWindowUpdateFrame& frame), + (override)); + MOCK_METHOD(bool, + OnBlockedFrame, + (const QuicBlockedFrame& frame), + (override)); + MOCK_METHOD(bool, + OnMessageFrame, + (const QuicMessageFrame& frame), + (override)); + MOCK_METHOD(bool, + OnHandshakeDoneFrame, + (const QuicHandshakeDoneFrame& frame), + (override)); + MOCK_METHOD(void, OnPacketComplete, (), (override)); + MOCK_METHOD(bool, + IsValidStatelessResetToken, + (QuicUint128), + (const, override)); + MOCK_METHOD(void, + OnAuthenticatedIetfStatelessResetPacket, + (const QuicIetfStatelessResetPacket&), + (override)); }; class NoOpFramerVisitor : public QuicFramerVisitorInterface { @@ -377,44 +473,70 @@ class MockQuicConnectionVisitor : public QuicConnectionVisitorInterface { delete; ~MockQuicConnectionVisitor() override; - MOCK_METHOD1(OnStreamFrame, void(const QuicStreamFrame& frame)); - MOCK_METHOD1(OnCryptoFrame, void(const QuicCryptoFrame& frame)); - MOCK_METHOD1(OnWindowUpdateFrame, void(const QuicWindowUpdateFrame& frame)); - MOCK_METHOD1(OnBlockedFrame, void(const QuicBlockedFrame& frame)); - MOCK_METHOD1(OnRstStream, void(const QuicRstStreamFrame& frame)); - MOCK_METHOD1(OnGoAway, void(const QuicGoAwayFrame& frame)); - MOCK_METHOD1(OnMessageReceived, void(quiche::QuicheStringPiece message)); - MOCK_METHOD0(OnHandshakeDoneReceived, void()); - MOCK_METHOD2(OnConnectionClosed, - void(const QuicConnectionCloseFrame& frame, - ConnectionCloseSource source)); - MOCK_METHOD0(OnWriteBlocked, void()); - MOCK_METHOD0(OnCanWrite, void()); - MOCK_METHOD0(SendProbingData, bool()); - MOCK_METHOD1(OnCongestionWindowChange, void(QuicTime now)); - MOCK_METHOD1(OnConnectionMigration, void(AddressChangeType type)); - MOCK_METHOD0(OnPathDegrading, void()); - MOCK_CONST_METHOD0(WillingAndAbleToWrite, bool()); - MOCK_CONST_METHOD0(HasPendingHandshake, bool()); - MOCK_CONST_METHOD0(ShouldKeepConnectionAlive, bool()); - MOCK_METHOD1(OnSuccessfulVersionNegotiation, - void(const ParsedQuicVersion& version)); - MOCK_METHOD3(OnPacketReceived, - void(const QuicSocketAddress& self_address, - const QuicSocketAddress& peer_address, - bool is_connectivity_probe)); - MOCK_METHOD0(OnConfigNegotiated, void()); - MOCK_METHOD0(OnAckNeedsRetransmittableFrame, void()); - MOCK_METHOD0(SendPing, void()); - MOCK_CONST_METHOD0(AllowSelfAddressChange, bool()); - MOCK_CONST_METHOD0(GetHandshakeState, HandshakeState()); - MOCK_METHOD0(OnForwardProgressConfirmed, void()); - MOCK_METHOD1(OnMaxStreamsFrame, bool(const QuicMaxStreamsFrame& frame)); - MOCK_METHOD1(OnStreamsBlockedFrame, - bool(const QuicStreamsBlockedFrame& frame)); - MOCK_METHOD1(OnStopSendingFrame, void(const QuicStopSendingFrame& frame)); - MOCK_METHOD1(OnPacketDecrypted, void(EncryptionLevel)); - MOCK_METHOD0(OnOneRttPacketAcknowledged, void()); + MOCK_METHOD(void, OnStreamFrame, (const QuicStreamFrame& frame), (override)); + MOCK_METHOD(void, OnCryptoFrame, (const QuicCryptoFrame& frame), (override)); + MOCK_METHOD(void, + OnWindowUpdateFrame, + (const QuicWindowUpdateFrame& frame), + (override)); + MOCK_METHOD(void, + OnBlockedFrame, + (const QuicBlockedFrame& frame), + (override)); + MOCK_METHOD(void, OnRstStream, (const QuicRstStreamFrame& frame), (override)); + MOCK_METHOD(void, OnGoAway, (const QuicGoAwayFrame& frame), (override)); + MOCK_METHOD(void, + OnMessageReceived, + (quiche::QuicheStringPiece message), + (override)); + MOCK_METHOD(void, OnHandshakeDoneReceived, (), (override)); + MOCK_METHOD(void, + OnConnectionClosed, + (const QuicConnectionCloseFrame& frame, + ConnectionCloseSource source), + (override)); + MOCK_METHOD(void, OnWriteBlocked, (), (override)); + MOCK_METHOD(void, OnCanWrite, (), (override)); + MOCK_METHOD(bool, SendProbingData, (), (override)); + MOCK_METHOD(void, OnCongestionWindowChange, (QuicTime now), (override)); + MOCK_METHOD(void, + OnConnectionMigration, + (AddressChangeType type), + (override)); + MOCK_METHOD(void, OnPathDegrading, (), (override)); + MOCK_METHOD(bool, WillingAndAbleToWrite, (), (const, override)); + MOCK_METHOD(bool, HasPendingHandshake, (), (const, override)); + MOCK_METHOD(bool, ShouldKeepConnectionAlive, (), (const, override)); + MOCK_METHOD(void, + OnSuccessfulVersionNegotiation, + (const ParsedQuicVersion& version), + (override)); + MOCK_METHOD(void, + OnPacketReceived, + (const QuicSocketAddress& self_address, + const QuicSocketAddress& peer_address, + bool is_connectivity_probe), + (override)); + MOCK_METHOD(void, OnAckNeedsRetransmittableFrame, (), (override)); + MOCK_METHOD(void, SendPing, (), (override)); + MOCK_METHOD(bool, AllowSelfAddressChange, (), (const, override)); + MOCK_METHOD(HandshakeState, GetHandshakeState, (), (const, override)); + MOCK_METHOD(void, OnForwardProgressConfirmed, (), (override)); + MOCK_METHOD(bool, + OnMaxStreamsFrame, + (const QuicMaxStreamsFrame& frame), + (override)); + MOCK_METHOD(bool, + OnStreamsBlockedFrame, + (const QuicStreamsBlockedFrame& frame), + (override)); + MOCK_METHOD(void, + OnStopSendingFrame, + (const QuicStopSendingFrame& frame), + (override)); + MOCK_METHOD(void, OnPacketDecrypted, (EncryptionLevel), (override)); + MOCK_METHOD(void, OnOneRttPacketAcknowledged, (), (override)); + MOCK_METHOD(void, OnHandshakePacketSent, (), (override)); }; class MockQuicConnectionHelper : public QuicConnectionHelperInterface { @@ -499,50 +621,53 @@ class MockQuicConnection : public QuicConnection { // will advance the time of the MockClock. void AdvanceTime(QuicTime::Delta delta); - MOCK_METHOD3(ProcessUdpPacket, - void(const QuicSocketAddress& self_address, - const QuicSocketAddress& peer_address, - const QuicReceivedPacket& packet)); - MOCK_METHOD1(SendConnectionClose, void(QuicErrorCode error)); - MOCK_METHOD3(CloseConnection, - void(QuicErrorCode error, - const std::string& details, - ConnectionCloseBehavior connection_close_behavior)); - MOCK_METHOD2(SendConnectionClosePacket, - void(QuicErrorCode error, const std::string& details)); - MOCK_METHOD3(SendRstStream, - void(QuicStreamId id, - QuicRstStreamErrorCode error, - QuicStreamOffset bytes_written)); - MOCK_METHOD3(SendGoAway, - void(QuicErrorCode error, - QuicStreamId last_good_stream_id, - const std::string& reason)); - MOCK_METHOD1(SendBlocked, void(QuicStreamId id)); - MOCK_METHOD2(SendWindowUpdate, - void(QuicStreamId id, QuicStreamOffset byte_offset)); - MOCK_METHOD0(OnCanWrite, void()); - MOCK_METHOD1(SendConnectivityProbingResponsePacket, - void(const QuicSocketAddress& peer_address)); - MOCK_METHOD2(SendConnectivityProbingPacket, - bool(QuicPacketWriter* probing_writer, - const QuicSocketAddress& peer_address)); - - MOCK_METHOD1(OnSendConnectionState, void(const CachedNetworkParameters&)); - MOCK_METHOD2(ResumeConnectionState, - void(const CachedNetworkParameters&, bool)); - MOCK_METHOD1(SetMaxPacingRate, void(QuicBandwidth)); - - MOCK_METHOD2(OnStreamReset, void(QuicStreamId, QuicRstStreamErrorCode)); - MOCK_METHOD1(SendControlFrame, bool(const QuicFrame& frame)); - MOCK_METHOD3(SendMessage, - MessageStatus(QuicMessageId, QuicMemSliceSpan, bool)); - MOCK_METHOD3(OnConnectionClosed, - void(QuicErrorCode error, - const std::string& error_details, - ConnectionCloseSource source)); - - MOCK_METHOD1(OnError, void(QuicFramer* framer)); + MOCK_METHOD(void, + ProcessUdpPacket, + (const QuicSocketAddress& self_address, + const QuicSocketAddress& peer_address, + const QuicReceivedPacket& packet), + (override)); + MOCK_METHOD(void, + CloseConnection, + (QuicErrorCode error, + const std::string& details, + ConnectionCloseBehavior connection_close_behavior), + (override)); + MOCK_METHOD(void, + SendConnectionClosePacket, + (QuicErrorCode error, const std::string& details), + (override)); + MOCK_METHOD(void, OnCanWrite, (), (override)); + MOCK_METHOD(void, + SendConnectivityProbingResponsePacket, + (const QuicSocketAddress& peer_address), + (override)); + MOCK_METHOD(bool, + SendConnectivityProbingPacket, + (QuicPacketWriter*, const QuicSocketAddress& peer_address), + (override)); + + MOCK_METHOD(void, + OnSendConnectionState, + (const CachedNetworkParameters&), + (override)); + MOCK_METHOD(void, + ResumeConnectionState, + (const CachedNetworkParameters&, bool), + (override)); + MOCK_METHOD(void, SetMaxPacingRate, (QuicBandwidth), (override)); + + MOCK_METHOD(void, + OnStreamReset, + (QuicStreamId, QuicRstStreamErrorCode), + (override)); + MOCK_METHOD(bool, SendControlFrame, (const QuicFrame& frame), (override)); + MOCK_METHOD(MessageStatus, + SendMessage, + (QuicMessageId, QuicMemSliceSpan, bool), + (override)); + + MOCK_METHOD(void, OnError, (QuicFramer*), (override)); void QuicConnection_OnError(QuicFramer* framer) { QuicConnection::OnError(framer); } @@ -577,10 +702,18 @@ class MockQuicConnection : public QuicConnection { const QuicSocketAddress& peer_address) { QuicConnection::SendConnectivityProbingResponsePacket(peer_address); } - MOCK_METHOD1(OnPathResponseFrame, bool(const QuicPathResponseFrame&)); - MOCK_METHOD1(OnStopSendingFrame, bool(const QuicStopSendingFrame& frame)); - MOCK_METHOD3(SendCryptoData, - size_t(EncryptionLevel, size_t, QuicStreamOffset)); + MOCK_METHOD(bool, + OnPathResponseFrame, + (const QuicPathResponseFrame&), + (override)); + MOCK_METHOD(bool, + OnStopSendingFrame, + (const QuicStopSendingFrame& frame), + (override)); + MOCK_METHOD(size_t, + SendCryptoData, + (EncryptionLevel, size_t, QuicStreamOffset), + (override)); size_t QuicConnection_SendCryptoData(EncryptionLevel level, size_t write_length, QuicStreamOffset offset) { @@ -603,7 +736,7 @@ class PacketSavingConnection : public MockQuicConnection { ~PacketSavingConnection() override; - void SendOrQueuePacket(SerializedPacket* packet) override; + void SendOrQueuePacket(SerializedPacket packet) override; std::vector<std::unique_ptr<QuicEncryptedPacket>> encrypted_packets_; MockClock clock_; @@ -624,43 +757,47 @@ class MockQuicSession : public QuicSession { const QuicCryptoStream* GetCryptoStream() const override; void SetCryptoStream(QuicCryptoStream* crypto_stream); - MOCK_METHOD2(OnConnectionClosed, - void(const QuicConnectionCloseFrame& frame, - ConnectionCloseSource source)); - MOCK_METHOD1(CreateIncomingStream, QuicStream*(QuicStreamId id)); - MOCK_METHOD1(CreateIncomingStream, QuicSpdyStream*(PendingStream* stream)); - MOCK_METHOD1(ShouldCreateIncomingStream2, bool(QuicStreamId id)); - MOCK_METHOD0(ShouldCreateOutgoingBidirectionalStream, bool()); - MOCK_METHOD0(ShouldCreateOutgoingUnidirectionalStream, bool()); - MOCK_METHOD6(WritevData, - QuicConsumedData(QuicStreamId id, - size_t write_length, - QuicStreamOffset offset, - StreamSendingState state, - TransmissionType type, - quiche::QuicheOptional<EncryptionLevel> level)); - - MOCK_METHOD3(SendRstStream, - void(QuicStreamId stream_id, - QuicRstStreamErrorCode error, - QuicStreamOffset bytes_written)); - - MOCK_METHOD2(OnStreamHeaders, - void(QuicStreamId stream_id, - quiche::QuicheStringPiece headers_data)); - MOCK_METHOD2(OnStreamHeadersPriority, - void(QuicStreamId stream_id, spdy::SpdyPriority priority)); - MOCK_METHOD3(OnStreamHeadersComplete, - void(QuicStreamId stream_id, bool fin, size_t frame_len)); - MOCK_CONST_METHOD0(ShouldKeepConnectionAlive, bool()); - MOCK_METHOD2(SendStopSending, void(uint16_t code, QuicStreamId stream_id)); - MOCK_CONST_METHOD0(GetAlpnsToOffer, std::vector<std::string>()); - MOCK_CONST_METHOD1(SelectAlpn, - std::vector<quiche::QuicheStringPiece>::const_iterator( - const std::vector<quiche::QuicheStringPiece>&)); - MOCK_METHOD1(OnAlpnSelected, void(quiche::QuicheStringPiece)); + MOCK_METHOD(void, + OnConnectionClosed, + (const QuicConnectionCloseFrame& frame, + ConnectionCloseSource source), + (override)); + MOCK_METHOD(QuicStream*, CreateIncomingStream, (QuicStreamId id), (override)); + MOCK_METHOD(QuicSpdyStream*, + CreateIncomingStream, + (PendingStream*), + (override)); + MOCK_METHOD(QuicConsumedData, + WritevData, + (QuicStreamId id, + size_t write_length, + QuicStreamOffset offset, + StreamSendingState state, + TransmissionType type, + quiche::QuicheOptional<EncryptionLevel> level), + (override)); + + MOCK_METHOD(void, + SendRstStream, + (QuicStreamId stream_id, + QuicRstStreamErrorCode error, + QuicStreamOffset bytes_written), + (override)); + + MOCK_METHOD(bool, ShouldKeepConnectionAlive, (), (const, override)); + MOCK_METHOD(void, + SendStopSending, + (uint16_t code, QuicStreamId stream_id), + (override)); + MOCK_METHOD(std::vector<std::string>, GetAlpnsToOffer, (), (const, override)); + MOCK_METHOD(std::vector<quiche::QuicheStringPiece>::const_iterator, + SelectAlpn, + (const std::vector<quiche::QuicheStringPiece>&), + (const, override)); + MOCK_METHOD(void, OnAlpnSelected, (quiche::QuicheStringPiece), (override)); using QuicSession::ActivateStream; + using QuicSession::GetNumDrainingStreams; // Returns a QuicConsumedData that indicates all of |write_length| (and |fin| // if set) has been consumed. @@ -694,6 +831,7 @@ class MockQuicCryptoStream : public QuicCryptoStream { CryptoMessageParser* crypto_message_parser() override; void OnPacketDecrypted(EncryptionLevel /*level*/) override {} void OnOneRttPacketAcknowledged() override {} + void OnHandshakePacketSent() override {} void OnHandshakeDoneReceived() override {} HandshakeState GetHandshakeState() const override { return HANDSHAKE_START; } @@ -723,62 +861,73 @@ class MockQuicSpdySession : public QuicSpdySession { } // From QuicSession. - MOCK_METHOD2(OnConnectionClosed, - void(const QuicConnectionCloseFrame& frame, - ConnectionCloseSource source)); - MOCK_METHOD1(CreateIncomingStream, QuicSpdyStream*(QuicStreamId id)); - MOCK_METHOD1(CreateIncomingStream, QuicSpdyStream*(PendingStream* stream)); - MOCK_METHOD0(CreateOutgoingBidirectionalStream, QuicSpdyStream*()); - MOCK_METHOD0(CreateOutgoingUnidirectionalStream, QuicSpdyStream*()); - MOCK_METHOD1(ShouldCreateIncomingStream, bool(QuicStreamId id)); - MOCK_METHOD0(ShouldCreateOutgoingBidirectionalStream, bool()); - MOCK_METHOD0(ShouldCreateOutgoingUnidirectionalStream, bool()); - MOCK_METHOD6(WritevData, - QuicConsumedData(QuicStreamId id, - size_t write_length, - QuicStreamOffset offset, - StreamSendingState state, - TransmissionType type, - quiche::QuicheOptional<EncryptionLevel> level)); - - MOCK_METHOD3(SendRstStream, - void(QuicStreamId stream_id, - QuicRstStreamErrorCode error, - QuicStreamOffset bytes_written)); - - MOCK_METHOD2(OnStreamHeaders, - void(QuicStreamId stream_id, - quiche::QuicheStringPiece headers_data)); - MOCK_METHOD2(OnStreamHeadersPriority, - void(QuicStreamId stream_id, - const spdy::SpdyStreamPrecedence& precedence)); - MOCK_METHOD3(OnStreamHeadersComplete, - void(QuicStreamId stream_id, bool fin, size_t frame_len)); - MOCK_METHOD4(OnStreamHeaderList, - void(QuicStreamId stream_id, - bool fin, - size_t frame_len, - const QuicHeaderList& header_list)); - MOCK_METHOD2(OnPromiseHeaders, - void(QuicStreamId stream_id, - quiche::QuicheStringPiece headers_data)); - MOCK_METHOD3(OnPromiseHeadersComplete, - void(QuicStreamId stream_id, - QuicStreamId promised_stream_id, - size_t frame_len)); - MOCK_METHOD4(OnPromiseHeaderList, - void(QuicStreamId stream_id, - QuicStreamId promised_stream_id, - size_t frame_len, - const QuicHeaderList& header_list)); - MOCK_METHOD2(OnPriorityFrame, - void(QuicStreamId id, - const spdy::SpdyStreamPrecedence& precedence)); - - MOCK_METHOD1(OnHeadersHeadOfLineBlocking, void(QuicTime::Delta delta)); - MOCK_METHOD4( - OnStreamFrameData, - void(QuicStreamId stream_id, const char* data, size_t len, bool fin)); + MOCK_METHOD(void, + OnConnectionClosed, + (const QuicConnectionCloseFrame& frame, + ConnectionCloseSource source), + (override)); + MOCK_METHOD(QuicSpdyStream*, + CreateIncomingStream, + (QuicStreamId id), + (override)); + MOCK_METHOD(QuicSpdyStream*, + CreateIncomingStream, + (PendingStream*), + (override)); + MOCK_METHOD(QuicSpdyStream*, + CreateOutgoingBidirectionalStream, + (), + (override)); + MOCK_METHOD(QuicSpdyStream*, + CreateOutgoingUnidirectionalStream, + (), + (override)); + MOCK_METHOD(bool, ShouldCreateIncomingStream, (QuicStreamId id), (override)); + MOCK_METHOD(bool, ShouldCreateOutgoingBidirectionalStream, (), (override)); + MOCK_METHOD(bool, ShouldCreateOutgoingUnidirectionalStream, (), (override)); + MOCK_METHOD(QuicConsumedData, + WritevData, + (QuicStreamId id, + size_t write_length, + QuicStreamOffset offset, + StreamSendingState state, + TransmissionType type, + quiche::QuicheOptional<EncryptionLevel> level), + (override)); + MOCK_METHOD(void, + SendRstStream, + (QuicStreamId stream_id, + QuicRstStreamErrorCode error, + QuicStreamOffset bytes_written), + (override)); + MOCK_METHOD(void, + SendWindowUpdate, + (QuicStreamId id, QuicStreamOffset byte_offset), + (override)); + MOCK_METHOD(void, SendBlocked, (QuicStreamId id), (override)); + MOCK_METHOD(void, + OnStreamHeadersPriority, + (QuicStreamId stream_id, + const spdy::SpdyStreamPrecedence& precedence), + (override)); + MOCK_METHOD(void, + OnStreamHeaderList, + (QuicStreamId stream_id, + bool fin, + size_t frame_len, + const QuicHeaderList& header_list), + (override)); + MOCK_METHOD(void, + OnPromiseHeaderList, + (QuicStreamId stream_id, + QuicStreamId promised_stream_id, + size_t frame_len, + const QuicHeaderList& header_list), + (override)); + MOCK_METHOD(void, + OnPriorityFrame, + (QuicStreamId id, const spdy::SpdyStreamPrecedence& precedence), + (override)); // Returns a QuicConsumedData that indicates all of |write_length| (and |fin| // if set) has been consumed. @@ -797,39 +946,79 @@ class MockQuicSpdySession : public QuicSpdySession { class MockHttp3DebugVisitor : public Http3DebugVisitor { public: - MOCK_METHOD1(OnControlStreamCreated, void(QuicStreamId)); - MOCK_METHOD1(OnQpackEncoderStreamCreated, void(QuicStreamId)); - MOCK_METHOD1(OnQpackDecoderStreamCreated, void(QuicStreamId)); - MOCK_METHOD1(OnPeerControlStreamCreated, void(QuicStreamId)); - MOCK_METHOD1(OnPeerQpackEncoderStreamCreated, void(QuicStreamId)); - MOCK_METHOD1(OnPeerQpackDecoderStreamCreated, void(QuicStreamId)); - - MOCK_METHOD1(OnCancelPushFrameReceived, void(const CancelPushFrame&)); - MOCK_METHOD1(OnSettingsFrameReceived, void(const SettingsFrame&)); - MOCK_METHOD1(OnGoAwayFrameReceived, void(const GoAwayFrame&)); - MOCK_METHOD1(OnMaxPushIdFrameReceived, void(const MaxPushIdFrame&)); - MOCK_METHOD1(OnPriorityUpdateFrameReceived, void(const PriorityUpdateFrame&)); - - MOCK_METHOD2(OnDataFrameReceived, void(QuicStreamId, QuicByteCount)); - MOCK_METHOD2(OnHeadersFrameReceived, void(QuicStreamId, QuicByteCount)); - MOCK_METHOD2(OnHeadersDecoded, void(QuicStreamId, QuicHeaderList)); - MOCK_METHOD3(OnPushPromiseFrameReceived, - void(QuicStreamId, QuicStreamId, QuicByteCount)); - MOCK_METHOD3(OnPushPromiseDecoded, - void(QuicStreamId, QuicStreamId, QuicHeaderList)); - MOCK_METHOD3(OnUnknownFrameReceived, - void(QuicStreamId, uint64_t, QuicByteCount)); - - MOCK_METHOD1(OnSettingsFrameSent, void(const SettingsFrame&)); - MOCK_METHOD1(OnGoAwayFrameSent, void(QuicStreamId)); - MOCK_METHOD1(OnMaxPushIdFrameSent, void(const MaxPushIdFrame&)); - MOCK_METHOD1(OnPriorityUpdateFrameSent, void(const PriorityUpdateFrame&)); - - MOCK_METHOD2(OnDataFrameSent, void(QuicStreamId, QuicByteCount)); - MOCK_METHOD2(OnHeadersFrameSent, - void(QuicStreamId, const spdy::SpdyHeaderBlock&)); - MOCK_METHOD3(OnPushPromiseFrameSent, - void(QuicStreamId, QuicStreamId, const spdy::SpdyHeaderBlock&)); + MOCK_METHOD(void, OnControlStreamCreated, (QuicStreamId), (override)); + MOCK_METHOD(void, OnQpackEncoderStreamCreated, (QuicStreamId), (override)); + MOCK_METHOD(void, OnQpackDecoderStreamCreated, (QuicStreamId), (override)); + MOCK_METHOD(void, OnPeerControlStreamCreated, (QuicStreamId), (override)); + MOCK_METHOD(void, + OnPeerQpackEncoderStreamCreated, + (QuicStreamId), + (override)); + MOCK_METHOD(void, + OnPeerQpackDecoderStreamCreated, + (QuicStreamId), + (override)); + + MOCK_METHOD(void, + OnCancelPushFrameReceived, + (const CancelPushFrame&), + (override)); + MOCK_METHOD(void, + OnSettingsFrameReceived, + (const SettingsFrame&), + (override)); + MOCK_METHOD(void, OnGoAwayFrameReceived, (const GoAwayFrame&), (override)); + MOCK_METHOD(void, + OnMaxPushIdFrameReceived, + (const MaxPushIdFrame&), + (override)); + MOCK_METHOD(void, + OnPriorityUpdateFrameReceived, + (const PriorityUpdateFrame&), + (override)); + + MOCK_METHOD(void, + OnDataFrameReceived, + (QuicStreamId, QuicByteCount), + (override)); + MOCK_METHOD(void, + OnHeadersFrameReceived, + (QuicStreamId, QuicByteCount), + (override)); + MOCK_METHOD(void, + OnHeadersDecoded, + (QuicStreamId, QuicHeaderList), + (override)); + MOCK_METHOD(void, + OnPushPromiseFrameReceived, + (QuicStreamId, QuicStreamId, QuicByteCount), + (override)); + MOCK_METHOD(void, + OnPushPromiseDecoded, + (QuicStreamId, QuicStreamId, QuicHeaderList), + (override)); + MOCK_METHOD(void, + OnUnknownFrameReceived, + (QuicStreamId, uint64_t, QuicByteCount), + (override)); + + MOCK_METHOD(void, OnSettingsFrameSent, (const SettingsFrame&), (override)); + MOCK_METHOD(void, OnGoAwayFrameSent, (QuicStreamId), (override)); + MOCK_METHOD(void, OnMaxPushIdFrameSent, (const MaxPushIdFrame&), (override)); + MOCK_METHOD(void, + OnPriorityUpdateFrameSent, + (const PriorityUpdateFrame&), + (override)); + + MOCK_METHOD(void, OnDataFrameSent, (QuicStreamId, QuicByteCount), (override)); + MOCK_METHOD(void, + OnHeadersFrameSent, + (QuicStreamId, const spdy::SpdyHeaderBlock&), + (override)); + MOCK_METHOD(void, + OnPushPromiseFrameSent, + (QuicStreamId, QuicStreamId, const spdy::SpdyHeaderBlock&), + (override)); }; class TestQuicSpdyServerSession : public QuicServerSessionBase { @@ -845,13 +1034,27 @@ class TestQuicSpdyServerSession : public QuicServerSessionBase { delete; ~TestQuicSpdyServerSession() override; - MOCK_METHOD1(CreateIncomingStream, QuicSpdyStream*(QuicStreamId id)); - MOCK_METHOD1(CreateIncomingStream, QuicSpdyStream*(PendingStream* stream)); - MOCK_METHOD0(CreateOutgoingBidirectionalStream, QuicSpdyStream*()); - MOCK_METHOD0(CreateOutgoingUnidirectionalStream, QuicSpdyStream*()); - MOCK_CONST_METHOD1(SelectAlpn, - std::vector<quiche::QuicheStringPiece>::const_iterator( - const std::vector<quiche::QuicheStringPiece>&)); + MOCK_METHOD(QuicSpdyStream*, + CreateIncomingStream, + (QuicStreamId id), + (override)); + MOCK_METHOD(QuicSpdyStream*, + CreateIncomingStream, + (PendingStream*), + (override)); + MOCK_METHOD(QuicSpdyStream*, + CreateOutgoingBidirectionalStream, + (), + (override)); + MOCK_METHOD(QuicSpdyStream*, + CreateOutgoingUnidirectionalStream, + (), + (override)); + MOCK_METHOD(std::vector<quiche::QuicheStringPiece>::const_iterator, + SelectAlpn, + (const std::vector<quiche::QuicheStringPiece>&), + (const, override)); + MOCK_METHOD(void, OnAlpnSelected, (quiche::QuicheStringPiece), (override)); std::unique_ptr<QuicCryptoServerStreamBase> CreateQuicCryptoServerStream( const QuicCryptoServerConfig* crypto_config, QuicCompressedCertsCache* compressed_certs_cache) override; @@ -904,20 +1107,37 @@ class TestQuicSpdyClientSession : public QuicSpdyClientSessionBase { bool IsAuthorized(const std::string& authority) override; // QuicSpdyClientSessionBase - MOCK_METHOD1(OnProofValid, - void(const QuicCryptoClientConfig::CachedState& cached)); - MOCK_METHOD1(OnProofVerifyDetailsAvailable, - void(const ProofVerifyDetails& verify_details)); + MOCK_METHOD(void, + OnProofValid, + (const QuicCryptoClientConfig::CachedState& cached), + (override)); + MOCK_METHOD(void, + OnProofVerifyDetailsAvailable, + (const ProofVerifyDetails& verify_details), + (override)); // TestQuicSpdyClientSession - MOCK_METHOD1(CreateIncomingStream, QuicSpdyStream*(QuicStreamId id)); - MOCK_METHOD1(CreateIncomingStream, QuicSpdyStream*(PendingStream* stream)); - MOCK_METHOD0(CreateOutgoingBidirectionalStream, QuicSpdyStream*()); - MOCK_METHOD0(CreateOutgoingUnidirectionalStream, QuicSpdyStream*()); - MOCK_METHOD1(ShouldCreateIncomingStream, bool(QuicStreamId id)); - MOCK_METHOD0(ShouldCreateOutgoingBidirectionalStream, bool()); - MOCK_METHOD0(ShouldCreateOutgoingUnidirectionalStream, bool()); - MOCK_CONST_METHOD0(GetAlpnsToOffer, std::vector<std::string>()); + MOCK_METHOD(QuicSpdyStream*, + CreateIncomingStream, + (QuicStreamId id), + (override)); + MOCK_METHOD(QuicSpdyStream*, + CreateIncomingStream, + (PendingStream*), + (override)); + MOCK_METHOD(QuicSpdyStream*, + CreateOutgoingBidirectionalStream, + (), + (override)); + MOCK_METHOD(QuicSpdyStream*, + CreateOutgoingUnidirectionalStream, + (), + (override)); + MOCK_METHOD(bool, ShouldCreateIncomingStream, (QuicStreamId id), (override)); + MOCK_METHOD(bool, ShouldCreateOutgoingBidirectionalStream, (), (override)); + MOCK_METHOD(bool, ShouldCreateOutgoingUnidirectionalStream, (), (override)); + MOCK_METHOD(std::vector<std::string>, GetAlpnsToOffer, (), (const, override)); + MOCK_METHOD(void, OnAlpnSelected, (quiche::QuicheStringPiece), (override)); QuicCryptoClientStream* GetMutableCryptoStream() override; const QuicCryptoClientStream* GetCryptoStream() const override; @@ -946,22 +1166,28 @@ class MockPacketWriter : public QuicPacketWriter { MockPacketWriter& operator=(const MockPacketWriter&) = delete; ~MockPacketWriter() override; - MOCK_METHOD5(WritePacket, - WriteResult(const char* buffer, - size_t buf_len, - const QuicIpAddress& self_address, - const QuicSocketAddress& peer_address, - PerPacketOptions* options)); - MOCK_CONST_METHOD0(IsWriteBlocked, bool()); - MOCK_METHOD0(SetWritable, void()); - MOCK_CONST_METHOD1(GetMaxPacketSize, - QuicByteCount(const QuicSocketAddress& peer_address)); - MOCK_CONST_METHOD0(SupportsReleaseTime, bool()); - MOCK_CONST_METHOD0(IsBatchMode, bool()); - MOCK_METHOD2(GetNextWriteLocation, - char*(const QuicIpAddress& self_address, - const QuicSocketAddress& peer_address)); - MOCK_METHOD0(Flush, WriteResult()); + MOCK_METHOD(WriteResult, + WritePacket, + (const char*, + size_t buf_len, + const QuicIpAddress& self_address, + const QuicSocketAddress& peer_address, + PerPacketOptions*), + (override)); + MOCK_METHOD(bool, IsWriteBlocked, (), (const, override)); + MOCK_METHOD(void, SetWritable, (), (override)); + MOCK_METHOD(QuicByteCount, + GetMaxPacketSize, + (const QuicSocketAddress& peer_address), + (const, override)); + MOCK_METHOD(bool, SupportsReleaseTime, (), (const, override)); + MOCK_METHOD(bool, IsBatchMode, (), (const, override)); + MOCK_METHOD(char*, + GetNextWriteLocation, + (const QuicIpAddress& self_address, + const QuicSocketAddress& peer_address), + (override)); + MOCK_METHOD(WriteResult, Flush, (), (override)); }; class MockSendAlgorithm : public SendAlgorithmInterface { @@ -971,45 +1197,59 @@ class MockSendAlgorithm : public SendAlgorithmInterface { MockSendAlgorithm& operator=(const MockSendAlgorithm&) = delete; ~MockSendAlgorithm() override; - MOCK_METHOD2(SetFromConfig, - void(const QuicConfig& config, Perspective perspective)); - MOCK_METHOD1(SetInitialCongestionWindowInPackets, - void(QuicPacketCount packets)); - MOCK_METHOD1(SetMaxCongestionWindow, - void(QuicByteCount max_congestion_window)); - MOCK_METHOD5(OnCongestionEvent, - void(bool rtt_updated, - QuicByteCount bytes_in_flight, - QuicTime event_time, - const AckedPacketVector& acked_packets, - const LostPacketVector& lost_packets)); - MOCK_METHOD5(OnPacketSent, - void(QuicTime, - QuicByteCount, - QuicPacketNumber, - QuicByteCount, - HasRetransmittableData)); - MOCK_METHOD1(OnPacketNeutered, void(QuicPacketNumber)); - MOCK_METHOD1(OnRetransmissionTimeout, void(bool)); - MOCK_METHOD0(OnConnectionMigration, void()); - MOCK_METHOD0(RevertRetransmissionTimeout, void()); - MOCK_METHOD1(CanSend, bool(QuicByteCount)); - MOCK_CONST_METHOD1(PacingRate, QuicBandwidth(QuicByteCount)); - MOCK_CONST_METHOD0(BandwidthEstimate, QuicBandwidth(void)); - MOCK_CONST_METHOD0(HasReliableBandwidthEstimate, bool()); - MOCK_METHOD1(OnRttUpdated, void(QuicPacketNumber)); - MOCK_CONST_METHOD0(GetCongestionWindow, QuicByteCount()); - MOCK_CONST_METHOD0(GetDebugState, std::string()); - MOCK_CONST_METHOD0(InSlowStart, bool()); - MOCK_CONST_METHOD0(InRecovery, bool()); - MOCK_CONST_METHOD0(ShouldSendProbingPacket, bool()); - MOCK_CONST_METHOD0(GetSlowStartThreshold, QuicByteCount()); - MOCK_CONST_METHOD0(GetCongestionControlType, CongestionControlType()); - MOCK_METHOD3(AdjustNetworkParameters, - void(QuicBandwidth, QuicTime::Delta, bool)); - MOCK_METHOD1(AdjustNetworkParameters, void(const NetworkParams&)); - MOCK_METHOD1(OnApplicationLimited, void(QuicByteCount)); - MOCK_CONST_METHOD1(PopulateConnectionStats, void(QuicConnectionStats*)); + MOCK_METHOD(void, + SetFromConfig, + (const QuicConfig& config, Perspective perspective), + (override)); + MOCK_METHOD(void, + ApplyConnectionOptions, + (const QuicTagVector& connection_options), + (override)); + MOCK_METHOD(void, + SetInitialCongestionWindowInPackets, + (QuicPacketCount packets), + (override)); + MOCK_METHOD(void, + OnCongestionEvent, + (bool rtt_updated, + QuicByteCount bytes_in_flight, + QuicTime event_time, + const AckedPacketVector& acked_packets, + const LostPacketVector& lost_packets), + (override)); + MOCK_METHOD(void, + OnPacketSent, + (QuicTime, + QuicByteCount, + QuicPacketNumber, + QuicByteCount, + HasRetransmittableData), + (override)); + MOCK_METHOD(void, OnPacketNeutered, (QuicPacketNumber), (override)); + MOCK_METHOD(void, OnRetransmissionTimeout, (bool), (override)); + MOCK_METHOD(void, OnConnectionMigration, (), (override)); + MOCK_METHOD(bool, CanSend, (QuicByteCount), (override)); + MOCK_METHOD(QuicBandwidth, PacingRate, (QuicByteCount), (const, override)); + MOCK_METHOD(QuicBandwidth, BandwidthEstimate, (), (const, override)); + MOCK_METHOD(QuicByteCount, GetCongestionWindow, (), (const, override)); + MOCK_METHOD(std::string, GetDebugState, (), (const, override)); + MOCK_METHOD(bool, InSlowStart, (), (const, override)); + MOCK_METHOD(bool, InRecovery, (), (const, override)); + MOCK_METHOD(bool, ShouldSendProbingPacket, (), (const, override)); + MOCK_METHOD(QuicByteCount, GetSlowStartThreshold, (), (const, override)); + MOCK_METHOD(CongestionControlType, + GetCongestionControlType, + (), + (const, override)); + MOCK_METHOD(void, + AdjustNetworkParameters, + (const NetworkParams&), + (override)); + MOCK_METHOD(void, OnApplicationLimited, (QuicByteCount), (override)); + MOCK_METHOD(void, + PopulateConnectionStats, + (QuicConnectionStats*), + (const, override)); }; class MockLossAlgorithm : public LossDetectionInterface { @@ -1019,24 +1259,33 @@ class MockLossAlgorithm : public LossDetectionInterface { MockLossAlgorithm& operator=(const MockLossAlgorithm&) = delete; ~MockLossAlgorithm() override; - MOCK_METHOD6(DetectLosses, - void(const QuicUnackedPacketMap& unacked_packets, - QuicTime time, - const RttStats& rtt_stats, - QuicPacketNumber largest_recently_acked, - const AckedPacketVector& packets_acked, - LostPacketVector* packets_lost)); - MOCK_CONST_METHOD0(GetLossTimeout, QuicTime()); - MOCK_METHOD5(SpuriousLossDetected, - void(const QuicUnackedPacketMap&, - const RttStats&, - QuicTime, - QuicPacketNumber, - QuicPacketNumber)); - - MOCK_METHOD0(OnConfigNegotiated, void()); - MOCK_METHOD0(OnMinRttAvailable, void()); - MOCK_METHOD0(OnConnectionClosed, void()); + MOCK_METHOD(void, + SetFromConfig, + (const QuicConfig& config, Perspective perspective), + (override)); + + MOCK_METHOD(DetectionStats, + DetectLosses, + (const QuicUnackedPacketMap& unacked_packets, + QuicTime time, + const RttStats& rtt_stats, + QuicPacketNumber largest_recently_acked, + const AckedPacketVector& packets_acked, + LostPacketVector*), + (override)); + MOCK_METHOD(QuicTime, GetLossTimeout, (), (const, override)); + MOCK_METHOD(void, + SpuriousLossDetected, + (const QuicUnackedPacketMap&, + const RttStats&, + QuicTime, + QuicPacketNumber, + QuicPacketNumber), + (override)); + + MOCK_METHOD(void, OnConfigNegotiated, (), (override)); + MOCK_METHOD(void, OnMinRttAvailable, (), (override)); + MOCK_METHOD(void, OnConnectionClosed, (), (override)); }; class MockAckListener : public QuicAckListenerInterface { @@ -1045,10 +1294,15 @@ class MockAckListener : public QuicAckListenerInterface { MockAckListener(const MockAckListener&) = delete; MockAckListener& operator=(const MockAckListener&) = delete; - MOCK_METHOD2(OnPacketAcked, - void(int acked_bytes, QuicTime::Delta ack_delay_time)); + MOCK_METHOD(void, + OnPacketAcked, + (int acked_bytes, QuicTime::Delta ack_delay_time), + (override)); - MOCK_METHOD1(OnPacketRetransmitted, void(int retransmitted_bytes)); + MOCK_METHOD(void, + OnPacketRetransmitted, + (int retransmitted_bytes), + (override)); protected: // Object is ref counted. @@ -1063,8 +1317,8 @@ class MockNetworkChangeVisitor MockNetworkChangeVisitor& operator=(const MockNetworkChangeVisitor&) = delete; ~MockNetworkChangeVisitor() override; - MOCK_METHOD0(OnCongestionChange, void()); - MOCK_METHOD1(OnPathMtuIncreased, void(QuicPacketLength)); + MOCK_METHOD(void, OnCongestionChange, (), (override)); + MOCK_METHOD(void, OnPathMtuIncreased, (QuicPacketLength), (override)); }; class MockQuicConnectionDebugVisitor : public QuicConnectionDebugVisitor { @@ -1072,66 +1326,95 @@ class MockQuicConnectionDebugVisitor : public QuicConnectionDebugVisitor { MockQuicConnectionDebugVisitor(); ~MockQuicConnectionDebugVisitor() override; - MOCK_METHOD1(OnFrameAddedToPacket, void(const QuicFrame&)); - - MOCK_METHOD3(OnPacketSent, - void(const SerializedPacket&, TransmissionType, QuicTime)); + MOCK_METHOD(void, + OnPacketSent, + (const SerializedPacket&, TransmissionType, QuicTime), + (override)); - MOCK_METHOD2(OnCoalescedPacketSent, void(const QuicCoalescedPacket&, size_t)); + MOCK_METHOD(void, + OnCoalescedPacketSent, + (const QuicCoalescedPacket&, size_t), + (override)); - MOCK_METHOD0(OnPingSent, void()); + MOCK_METHOD(void, OnPingSent, (), (override)); - MOCK_METHOD3(OnPacketReceived, - void(const QuicSocketAddress&, - const QuicSocketAddress&, - const QuicEncryptedPacket&)); + MOCK_METHOD(void, + OnPacketReceived, + (const QuicSocketAddress&, + const QuicSocketAddress&, + const QuicEncryptedPacket&), + (override)); - MOCK_METHOD1(OnIncorrectConnectionId, void(QuicConnectionId)); + MOCK_METHOD(void, OnIncorrectConnectionId, (QuicConnectionId), (override)); - MOCK_METHOD1(OnProtocolVersionMismatch, void(ParsedQuicVersion)); + MOCK_METHOD(void, OnProtocolVersionMismatch, (ParsedQuicVersion), (override)); - MOCK_METHOD1(OnPacketHeader, void(const QuicPacketHeader& header)); + MOCK_METHOD(void, + OnPacketHeader, + (const QuicPacketHeader& header), + (override)); - MOCK_METHOD1(OnSuccessfulVersionNegotiation, void(const ParsedQuicVersion&)); + MOCK_METHOD(void, + OnSuccessfulVersionNegotiation, + (const ParsedQuicVersion&), + (override)); - MOCK_METHOD1(OnStreamFrame, void(const QuicStreamFrame&)); + MOCK_METHOD(void, OnStreamFrame, (const QuicStreamFrame&), (override)); - MOCK_METHOD1(OnCryptoFrame, void(const QuicCryptoFrame&)); + MOCK_METHOD(void, OnCryptoFrame, (const QuicCryptoFrame&), (override)); - MOCK_METHOD1(OnStopWaitingFrame, void(const QuicStopWaitingFrame&)); + MOCK_METHOD(void, + OnStopWaitingFrame, + (const QuicStopWaitingFrame&), + (override)); - MOCK_METHOD1(OnRstStreamFrame, void(const QuicRstStreamFrame&)); + MOCK_METHOD(void, OnRstStreamFrame, (const QuicRstStreamFrame&), (override)); - MOCK_METHOD1(OnConnectionCloseFrame, void(const QuicConnectionCloseFrame&)); + MOCK_METHOD(void, + OnConnectionCloseFrame, + (const QuicConnectionCloseFrame&), + (override)); - MOCK_METHOD1(OnBlockedFrame, void(const QuicBlockedFrame&)); + MOCK_METHOD(void, OnBlockedFrame, (const QuicBlockedFrame&), (override)); - MOCK_METHOD1(OnNewConnectionIdFrame, void(const QuicNewConnectionIdFrame&)); + MOCK_METHOD(void, + OnNewConnectionIdFrame, + (const QuicNewConnectionIdFrame&), + (override)); - MOCK_METHOD1(OnRetireConnectionIdFrame, - void(const QuicRetireConnectionIdFrame&)); + MOCK_METHOD(void, + OnRetireConnectionIdFrame, + (const QuicRetireConnectionIdFrame&), + (override)); - MOCK_METHOD1(OnNewTokenFrame, void(const QuicNewTokenFrame&)); + MOCK_METHOD(void, OnNewTokenFrame, (const QuicNewTokenFrame&), (override)); - MOCK_METHOD1(OnMessageFrame, void(const QuicMessageFrame&)); + MOCK_METHOD(void, OnMessageFrame, (const QuicMessageFrame&), (override)); - MOCK_METHOD1(OnStopSendingFrame, void(const QuicStopSendingFrame&)); + MOCK_METHOD(void, + OnStopSendingFrame, + (const QuicStopSendingFrame&), + (override)); - MOCK_METHOD1(OnPathChallengeFrame, void(const QuicPathChallengeFrame&)); + MOCK_METHOD(void, + OnPathChallengeFrame, + (const QuicPathChallengeFrame&), + (override)); - MOCK_METHOD1(OnPathResponseFrame, void(const QuicPathResponseFrame&)); + MOCK_METHOD(void, + OnPathResponseFrame, + (const QuicPathResponseFrame&), + (override)); - MOCK_METHOD1(OnPublicResetPacket, void(const QuicPublicResetPacket&)); + MOCK_METHOD(void, + OnPublicResetPacket, + (const QuicPublicResetPacket&), + (override)); - MOCK_METHOD1(OnVersionNegotiationPacket, - void(const QuicVersionNegotiationPacket&)); - - MOCK_METHOD5(OnRetryPacket, - void(QuicConnectionId, - QuicConnectionId, - quiche::QuicheStringPiece, - quiche::QuicheStringPiece, - quiche::QuicheStringPiece)); + MOCK_METHOD(void, + OnVersionNegotiationPacket, + (const QuicVersionNegotiationPacket&), + (override)); }; class MockReceivedPacketManager : public QuicReceivedPacketManager { @@ -1139,14 +1422,17 @@ class MockReceivedPacketManager : public QuicReceivedPacketManager { explicit MockReceivedPacketManager(QuicConnectionStats* stats); ~MockReceivedPacketManager() override; - MOCK_METHOD2(RecordPacketReceived, - void(const QuicPacketHeader& header, QuicTime receipt_time)); - MOCK_METHOD1(IsMissing, bool(QuicPacketNumber packet_number)); - MOCK_CONST_METHOD1(IsAwaitingPacket, bool(QuicPacketNumber packet_number)); - MOCK_METHOD1(UpdatePacketInformationSentByPeer, - void(const QuicStopWaitingFrame& stop_waiting)); - MOCK_CONST_METHOD0(HasNewMissingPackets, bool(void)); - MOCK_CONST_METHOD0(ack_frame_updated, bool(void)); + MOCK_METHOD(void, + RecordPacketReceived, + (const QuicPacketHeader& header, QuicTime receipt_time), + (override)); + MOCK_METHOD(bool, IsMissing, (QuicPacketNumber packet_number), (override)); + MOCK_METHOD(bool, + IsAwaitingPacket, + (QuicPacketNumber packet_number), + (const, override)); + MOCK_METHOD(bool, HasNewMissingPackets, (), (const, override)); + MOCK_METHOD(bool, ack_frame_updated, (), (const, override)); }; class MockPacketCreatorDelegate : public QuicPacketCreator::DelegateInterface { @@ -1157,13 +1443,20 @@ class MockPacketCreatorDelegate : public QuicPacketCreator::DelegateInterface { delete; ~MockPacketCreatorDelegate() override; - MOCK_METHOD0(GetPacketBuffer, char*()); - MOCK_METHOD1(OnSerializedPacket, void(SerializedPacket* packet)); - MOCK_METHOD2(OnUnrecoverableError, void(QuicErrorCode, const std::string&)); - MOCK_METHOD2(ShouldGeneratePacket, - bool(HasRetransmittableData retransmittable, - IsHandshake handshake)); - MOCK_METHOD0(MaybeBundleAckOpportunistically, const QuicFrames()); + MOCK_METHOD(char*, GetPacketBuffer, (), (override)); + MOCK_METHOD(void, OnSerializedPacket, (SerializedPacket), (override)); + MOCK_METHOD(void, + OnUnrecoverableError, + (QuicErrorCode, const std::string&), + (override)); + MOCK_METHOD(bool, + ShouldGeneratePacket, + (HasRetransmittableData retransmittable, IsHandshake handshake), + (override)); + MOCK_METHOD(const QuicFrames, + MaybeBundleAckOpportunistically, + (), + (override)); }; class MockSessionNotifier : public SessionNotifierInterface { @@ -1171,14 +1464,30 @@ class MockSessionNotifier : public SessionNotifierInterface { MockSessionNotifier(); ~MockSessionNotifier() override; - MOCK_METHOD3(OnFrameAcked, bool(const QuicFrame&, QuicTime::Delta, QuicTime)); - MOCK_METHOD1(OnStreamFrameRetransmitted, void(const QuicStreamFrame&)); - MOCK_METHOD1(OnFrameLost, void(const QuicFrame&)); - MOCK_METHOD2(RetransmitFrames, - void(const QuicFrames&, TransmissionType type)); - MOCK_CONST_METHOD1(IsFrameOutstanding, bool(const QuicFrame&)); - MOCK_CONST_METHOD0(HasUnackedCryptoData, bool()); - MOCK_CONST_METHOD0(HasUnackedStreamData, bool()); + MOCK_METHOD(bool, + OnFrameAcked, + (const QuicFrame&, QuicTime::Delta, QuicTime), + (override)); + MOCK_METHOD(void, + OnStreamFrameRetransmitted, + (const QuicStreamFrame&), + (override)); + MOCK_METHOD(void, OnFrameLost, (const QuicFrame&), (override)); + MOCK_METHOD(void, + RetransmitFrames, + (const QuicFrames&, TransmissionType type), + (override)); + MOCK_METHOD(bool, IsFrameOutstanding, (const QuicFrame&), (const, override)); + MOCK_METHOD(bool, HasUnackedCryptoData, (), (const, override)); + MOCK_METHOD(bool, HasUnackedStreamData, (), (const, override)); +}; + +class QuicCryptoClientStreamPeer { + public: + QuicCryptoClientStreamPeer() = delete; + + static QuicCryptoClientStream::HandshakerInterface* GetHandshaker( + QuicCryptoClientStream* stream); }; // Creates a client session for testing. @@ -1321,12 +1630,12 @@ MATCHER_P2(InRange, min, max, "") { // A GMock matcher that prints expected and actual QuicErrorCode strings // upon failure. Example usage: -// EXPECT_THAT(stream_->connection_error()), IsError(QUIC_INTERNAL_ERROR)); +// EXPECT_THAT(stream_->connection_error(), IsError(QUIC_INTERNAL_ERROR)); MATCHER_P(IsError, expected, quiche::QuicheStrCat(negation ? "isn't equal to " : "is equal to ", QuicErrorCodeToString(expected))) { - *result_listener << QuicErrorCodeToString(arg); + *result_listener << QuicErrorCodeToString(static_cast<QuicErrorCode>(arg)); return arg == expected; } diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/quic_transport_test_tools.h b/chromium/net/third_party/quiche/src/quic/test_tools/quic_transport_test_tools.h index e7e01f78377..50db80aec5d 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/quic_transport_test_tools.h +++ b/chromium/net/third_party/quiche/src/quic/test_tools/quic_transport_test_tools.h @@ -14,25 +14,28 @@ namespace test { class MockClientVisitor : public QuicTransportClientSession::ClientVisitor { public: - MOCK_METHOD0(OnSessionReady, void()); - MOCK_METHOD0(OnIncomingBidirectionalStreamAvailable, void()); - MOCK_METHOD0(OnIncomingUnidirectionalStreamAvailable, void()); - MOCK_METHOD1(OnDatagramReceived, void(quiche::QuicheStringPiece)); - MOCK_METHOD0(OnCanCreateNewOutgoingBidirectionalStream, void()); - MOCK_METHOD0(OnCanCreateNewOutgoingUnidirectionalStream, void()); + MOCK_METHOD(void, OnSessionReady, (), (override)); + MOCK_METHOD(void, OnIncomingBidirectionalStreamAvailable, (), (override)); + MOCK_METHOD(void, OnIncomingUnidirectionalStreamAvailable, (), (override)); + MOCK_METHOD(void, + OnDatagramReceived, + (quiche::QuicheStringPiece), + (override)); + MOCK_METHOD(void, OnCanCreateNewOutgoingBidirectionalStream, (), (override)); + MOCK_METHOD(void, OnCanCreateNewOutgoingUnidirectionalStream, (), (override)); }; class MockServerVisitor : public QuicTransportServerSession::ServerVisitor { public: - MOCK_METHOD1(CheckOrigin, bool(url::Origin)); - MOCK_METHOD1(ProcessPath, bool(const GURL&)); + MOCK_METHOD(bool, CheckOrigin, (url::Origin), (override)); + MOCK_METHOD(bool, ProcessPath, (const GURL&), (override)); }; class MockStreamVisitor : public QuicTransportStream::Visitor { public: - MOCK_METHOD0(OnCanRead, void()); - MOCK_METHOD0(OnFinRead, void()); - MOCK_METHOD0(OnCanWrite, void()); + MOCK_METHOD(void, OnCanRead, (), (override)); + MOCK_METHOD(void, OnFinRead, (), (override)); + MOCK_METHOD(void, OnCanWrite, (), (override)); }; } // namespace test diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/simple_data_producer.h b/chromium/net/third_party/quiche/src/quic/test_tools/simple_data_producer.h index be0d8469fb6..626d1e991ea 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/simple_data_producer.h +++ b/chromium/net/third_party/quiche/src/quic/test_tools/simple_data_producer.h @@ -59,12 +59,12 @@ class SimpleDataProducer : public QuicStreamFrameDataProducer { private: using SendBufferMap = - QuicUnorderedMap<QuicStreamId, std::unique_ptr<QuicStreamSendBuffer>>; + QuicHashMap<QuicStreamId, std::unique_ptr<QuicStreamSendBuffer>>; using CryptoBufferMap = - QuicUnorderedMap<std::pair<EncryptionLevel, QuicStreamOffset>, - quiche::QuicheStringPiece, - PairHash>; + QuicHashMap<std::pair<EncryptionLevel, QuicStreamOffset>, + quiche::QuicheStringPiece, + PairHash>; SimpleBufferAllocator allocator_; diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/simple_session_cache.cc b/chromium/net/third_party/quiche/src/quic/test_tools/simple_session_cache.cc index 7787fbeb059..6a0cafb4177 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/simple_session_cache.cc +++ b/chromium/net/third_party/quiche/src/quic/test_tools/simple_session_cache.cc @@ -3,13 +3,28 @@ // found in the LICENSE file. #include "net/third_party/quiche/src/quic/test_tools/simple_session_cache.h" +#include <memory> +#include "net/third_party/quiche/src/quic/core/crypto/quic_crypto_client_config.h" namespace quic { namespace test { void SimpleSessionCache::Insert(const QuicServerId& server_id, - std::unique_ptr<QuicResumptionState> state) { - cache_entries_.insert(std::make_pair(server_id, std::move(state))); + bssl::UniquePtr<SSL_SESSION> session, + const TransportParameters& params, + const ApplicationState* application_state) { + auto it = cache_entries_.find(server_id); + if (it == cache_entries_.end()) { + it = cache_entries_.insert(std::make_pair(server_id, Entry())).first; + } + if (session != nullptr) { + it->second.session = std::move(session); + } + if (application_state != nullptr) { + it->second.application_state = + std::make_unique<ApplicationState>(*application_state); + } + it->second.params = std::make_unique<TransportParameters>(params); } std::unique_ptr<QuicResumptionState> SimpleSessionCache::Lookup( @@ -19,8 +34,10 @@ std::unique_ptr<QuicResumptionState> SimpleSessionCache::Lookup( if (it == cache_entries_.end()) { return nullptr; } - std::unique_ptr<QuicResumptionState> state = std::move(it->second); - cache_entries_.erase(it); + auto state = std::make_unique<QuicResumptionState>(); + state->tls_session = std::move(it->second.session); + state->application_state = it->second.application_state.get(); + state->transport_params = it->second.params.get(); return state; } diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/simple_session_cache.h b/chromium/net/third_party/quiche/src/quic/test_tools/simple_session_cache.h index 40a6946dfde..cfe3f4a5454 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/simple_session_cache.h +++ b/chromium/net/third_party/quiche/src/quic/test_tools/simple_session_cache.h @@ -5,7 +5,9 @@ #ifndef QUICHE_QUIC_TEST_TOOLS_SIMPLE_SESSION_CACHE_H_ #define QUICHE_QUIC_TEST_TOOLS_SIMPLE_SESSION_CACHE_H_ +#include <memory> #include "net/third_party/quiche/src/quic/core/crypto/quic_crypto_client_config.h" +#include "net/third_party/quiche/src/quic/core/crypto/transport_parameters.h" namespace quic { namespace test { @@ -21,12 +23,19 @@ class SimpleSessionCache : public SessionCache { ~SimpleSessionCache() override = default; void Insert(const QuicServerId& server_id, - std::unique_ptr<QuicResumptionState> state) override; + bssl::UniquePtr<SSL_SESSION> session, + const TransportParameters& params, + const ApplicationState* application_state) override; std::unique_ptr<QuicResumptionState> Lookup(const QuicServerId& server_id, const SSL_CTX* ctx) override; private: - std::map<QuicServerId, std::unique_ptr<QuicResumptionState>> cache_entries_; + struct Entry { + bssl::UniquePtr<SSL_SESSION> session; + std::unique_ptr<TransportParameters> params; + std::unique_ptr<ApplicationState> application_state; + }; + std::map<QuicServerId, Entry> cache_entries_; }; } // namespace test diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/simple_session_notifier.h b/chromium/net/third_party/quiche/src/quic/test_tools/simple_session_notifier.h index 7366ed8df12..1237f424499 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/simple_session_notifier.h +++ b/chromium/net/third_party/quiche/src/quic/test_tools/simple_session_notifier.h @@ -101,7 +101,7 @@ class SimpleSessionNotifier : public SessionNotifierInterface { friend std::ostream& operator<<(std::ostream& os, const StreamState& s); - using StreamMap = QuicUnorderedMap<QuicStreamId, StreamState>; + using StreamMap = QuicHashMap<QuicStreamId, StreamState>; void OnStreamDataConsumed(QuicStreamId id, QuicStreamOffset offset, diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/simple_session_notifier_test.cc b/chromium/net/third_party/quiche/src/quic/test_tools/simple_session_notifier_test.cc index 4dc48a7c1d5..b72a9522036 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/simple_session_notifier_test.cc +++ b/chromium/net/third_party/quiche/src/quic/test_tools/simple_session_notifier_test.cc @@ -29,11 +29,13 @@ class MockQuicConnectionWithSendStreamData : public MockQuicConnection { Perspective perspective) : MockQuicConnection(helper, alarm_factory, perspective) {} - MOCK_METHOD4(SendStreamData, - QuicConsumedData(QuicStreamId id, - size_t write_length, - QuicStreamOffset offset, - StreamSendingState state)); + MOCK_METHOD(QuicConsumedData, + SendStreamData, + (QuicStreamId id, + size_t write_length, + QuicStreamOffset offset, + StreamSendingState state), + (override)); }; class SimpleSessionNotifierTest : public QuicTest { diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/simulator/quic_endpoint.h b/chromium/net/third_party/quiche/src/quic/test_tools/simulator/quic_endpoint.h index f3a9f029c85..8b9fd1f480d 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/simulator/quic_endpoint.h +++ b/chromium/net/third_party/quiche/src/quic/test_tools/simulator/quic_endpoint.h @@ -87,6 +87,7 @@ class QuicEndpoint : public QuicEndpointBase, void OnStopSendingFrame(const QuicStopSendingFrame& /*frame*/) override {} void OnPacketDecrypted(EncryptionLevel /*level*/) override {} void OnOneRttPacketAcknowledged() override {} + void OnHandshakePacketSent() override {} // End QuicConnectionVisitorInterface implementation. diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/simulator/quic_endpoint_base.h b/chromium/net/third_party/quiche/src/quic/test_tools/simulator/quic_endpoint_base.h index ae9f69b95fc..f4fe33be429 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/simulator/quic_endpoint_base.h +++ b/chromium/net/third_party/quiche/src/quic/test_tools/simulator/quic_endpoint_base.h @@ -149,7 +149,7 @@ class QuicEndpointMultiplexer : public Endpoint, void Act() override {} private: - QuicUnorderedMap<std::string, QuicEndpointBase*> mapping_; + QuicHashMap<std::string, QuicEndpointBase*> mapping_; }; } // namespace simulator diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/simulator/quic_endpoint_test.cc b/chromium/net/third_party/quiche/src/quic/test_tools/simulator/quic_endpoint_test.cc index 0989a3bc0f7..967a9b157ad 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/simulator/quic_endpoint_test.cc +++ b/chromium/net/third_party/quiche/src/quic/test_tools/simulator/quic_endpoint_test.cc @@ -155,8 +155,6 @@ TEST_F(QuicEndpointTest, TwoWayTransmission) { // Simulate three hosts trying to send data to a fourth one simultaneously. TEST_F(QuicEndpointTest, Competition) { - // TODO(63765788): Turn back on this flag when the issue if fixed. - SetQuicReloadableFlag(quic_bbr_one_mss_conservation, false); auto endpoint_a = std::make_unique<QuicEndpoint>( &simulator_, "Endpoint A", "Endpoint D (A)", Perspective::IS_CLIENT, test::TestConnectionId(42)); diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/simulator/simulator.h b/chromium/net/third_party/quiche/src/quic/test_tools/simulator/simulator.h index 46f80778fd4..c1ce07397fc 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/simulator/simulator.h +++ b/chromium/net/third_party/quiche/src/quic/test_tools/simulator/simulator.h @@ -130,8 +130,8 @@ class Simulator : public QuicConnectionHelperInterface { std::multimap<QuicTime, Actor*> schedule_; // For each actor, maintain the time it is scheduled at. The value for // unscheduled actors is QuicTime::Infinite(). - QuicUnorderedMap<Actor*, QuicTime> scheduled_times_; - QuicUnorderedSet<std::string> actor_names_; + QuicHashMap<Actor*, QuicTime> scheduled_times_; + QuicHashSet<std::string> actor_names_; }; template <class TerminationPredicate> diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/simulator/simulator_test.cc b/chromium/net/third_party/quiche/src/quic/test_tools/simulator/simulator_test.cc index 06ef4b235b0..0bfce16c433 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/simulator/simulator_test.cc +++ b/chromium/net/third_party/quiche/src/quic/test_tools/simulator/simulator_test.cc @@ -595,7 +595,7 @@ class MockPacketFilter : public PacketFilter { public: MockPacketFilter(Simulator* simulator, std::string name, Endpoint* endpoint) : PacketFilter(simulator, name, endpoint) {} - MOCK_METHOD1(FilterPacket, bool(const Packet&)); + MOCK_METHOD(bool, FilterPacket, (const Packet&), (override)); }; // Set up two trivial packet filters, one allowing any packets, and one dropping diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/simulator/switch.h b/chromium/net/third_party/quiche/src/quic/test_tools/simulator/switch.h index dea8a860969..3e4cc205bd7 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/simulator/switch.h +++ b/chromium/net/third_party/quiche/src/quic/test_tools/simulator/switch.h @@ -80,7 +80,7 @@ class Switch { // This can not be a QuicCircularDeque since pointers into this are // assumed to be stable. std::deque<Port> ports_; - QuicUnorderedMap<std::string, Port*> switching_table_; + QuicHashMap<std::string, Port*> switching_table_; }; } // namespace simulator diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/simulator/traffic_policer.h b/chromium/net/third_party/quiche/src/quic/test_tools/simulator/traffic_policer.h index 1696d5d884c..e33f51b6c23 100644 --- a/chromium/net/third_party/quiche/src/quic/test_tools/simulator/traffic_policer.h +++ b/chromium/net/third_party/quiche/src/quic/test_tools/simulator/traffic_policer.h @@ -44,7 +44,7 @@ class TrafficPolicer : public PacketFilter { QuicTime last_refill_time_; // Maps each destination to the number of tokens it has left. - QuicUnorderedMap<std::string, QuicByteCount> token_buckets_; + QuicHashMap<std::string, QuicByteCount> token_buckets_; }; } // namespace simulator diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/test_certificates.cc b/chromium/net/third_party/quiche/src/quic/test_tools/test_certificates.cc new file mode 100644 index 00000000000..2a733b43ae9 --- /dev/null +++ b/chromium/net/third_party/quiche/src/quic/test_tools/test_certificates.cc @@ -0,0 +1,696 @@ +// Copyright 2020 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/third_party/quiche/src/quic/test_tools/test_certificates.h" + +namespace quic { +namespace test { + +// A test certificate generated by //net/tools/quic/certs/generate-certs.sh. +QUIC_CONST_INIT const char kTestCertificateRaw[] = { + '\x30', '\x82', '\x03', '\xb4', '\x30', '\x82', '\x02', '\x9c', '\xa0', + '\x03', '\x02', '\x01', '\x02', '\x02', '\x01', '\x01', '\x30', '\x0d', + '\x06', '\x09', '\x2a', '\x86', '\x48', '\x86', '\xf7', '\x0d', '\x01', + '\x01', '\x0b', '\x05', '\x00', '\x30', '\x1e', '\x31', '\x1c', '\x30', + '\x1a', '\x06', '\x03', '\x55', '\x04', '\x03', '\x0c', '\x13', '\x51', + '\x55', '\x49', '\x43', '\x20', '\x53', '\x65', '\x72', '\x76', '\x65', + '\x72', '\x20', '\x52', '\x6f', '\x6f', '\x74', '\x20', '\x43', '\x41', + '\x30', '\x1e', '\x17', '\x0d', '\x32', '\x30', '\x30', '\x31', '\x33', + '\x30', '\x31', '\x38', '\x31', '\x33', '\x35', '\x39', '\x5a', '\x17', + '\x0d', '\x32', '\x30', '\x30', '\x32', '\x30', '\x32', '\x31', '\x38', + '\x31', '\x33', '\x35', '\x39', '\x5a', '\x30', '\x64', '\x31', '\x0b', + '\x30', '\x09', '\x06', '\x03', '\x55', '\x04', '\x06', '\x13', '\x02', + '\x55', '\x53', '\x31', '\x13', '\x30', '\x11', '\x06', '\x03', '\x55', + '\x04', '\x08', '\x0c', '\x0a', '\x43', '\x61', '\x6c', '\x69', '\x66', + '\x6f', '\x72', '\x6e', '\x69', '\x61', '\x31', '\x16', '\x30', '\x14', + '\x06', '\x03', '\x55', '\x04', '\x07', '\x0c', '\x0d', '\x4d', '\x6f', + '\x75', '\x6e', '\x74', '\x61', '\x69', '\x6e', '\x20', '\x56', '\x69', + '\x65', '\x77', '\x31', '\x14', '\x30', '\x12', '\x06', '\x03', '\x55', + '\x04', '\x0a', '\x0c', '\x0b', '\x51', '\x55', '\x49', '\x43', '\x20', + '\x53', '\x65', '\x72', '\x76', '\x65', '\x72', '\x31', '\x12', '\x30', + '\x10', '\x06', '\x03', '\x55', '\x04', '\x03', '\x0c', '\x09', '\x31', + '\x32', '\x37', '\x2e', '\x30', '\x2e', '\x30', '\x2e', '\x31', '\x30', + '\x82', '\x01', '\x22', '\x30', '\x0d', '\x06', '\x09', '\x2a', '\x86', + '\x48', '\x86', '\xf7', '\x0d', '\x01', '\x01', '\x01', '\x05', '\x00', + '\x03', '\x82', '\x01', '\x0f', '\x00', '\x30', '\x82', '\x01', '\x0a', + '\x02', '\x82', '\x01', '\x01', '\x00', '\xc5', '\xe2', '\x51', '\x6d', + '\x3f', '\xd6', '\x28', '\xf2', '\xad', '\x34', '\x73', '\x87', '\x64', + '\xca', '\x33', '\x19', '\x33', '\xb7', '\x75', '\x91', '\xab', '\x31', + '\x19', '\x2b', '\xe3', '\xa4', '\x26', '\x09', '\x29', '\x8b', '\x2d', + '\xf7', '\x52', '\x75', '\xa7', '\x55', '\x15', '\xf0', '\x11', '\xc7', + '\xc2', '\xc4', '\xed', '\x18', '\x1b', '\x33', '\x0b', '\x71', '\x32', + '\xe6', '\x35', '\x89', '\xcd', '\x2d', '\x5a', '\x05', '\x57', '\x4e', + '\xc2', '\x78', '\x75', '\x65', '\x72', '\x2d', '\x8a', '\x17', '\x83', + '\xd6', '\x32', '\x90', '\x85', '\xf8', '\x22', '\xe2', '\x65', '\xa9', + '\xe0', '\xa0', '\xfe', '\x19', '\xb2', '\x39', '\x2d', '\x14', '\x03', + '\x10', '\x2f', '\xcc', '\x8b', '\x5e', '\xaa', '\x25', '\x27', '\x0d', + '\xa3', '\x37', '\x10', '\x0c', '\x17', '\xec', '\xf0', '\x8b', '\xc5', + '\x6b', '\xed', '\x6b', '\x5e', '\xb2', '\xe2', '\x35', '\x3e', '\x46', + '\x3b', '\xf7', '\xf6', '\x59', '\xb1', '\xe0', '\x16', '\xa6', '\xfb', + '\x03', '\xbf', '\x84', '\x4f', '\xce', '\x64', '\x15', '\x0d', '\x59', + '\x99', '\xa6', '\xf0', '\x7f', '\x8a', '\x33', '\x4b', '\xbb', '\x0b', + '\xb8', '\xf2', '\xd1', '\x27', '\x90', '\x8f', '\x38', '\xf8', '\x5a', + '\x41', '\x82', '\x07', '\x9b', '\x0d', '\xd9', '\x52', '\xe0', '\x70', + '\xff', '\xde', '\xda', '\xd8', '\x25', '\x4e', '\x2f', '\x2d', '\x9f', + '\xaf', '\x92', '\x63', '\xc7', '\x42', '\xb4', '\xdc', '\x16', '\x95', + '\x23', '\x05', '\x02', '\x6b', '\xb0', '\xe8', '\xc5', '\xfe', '\x15', + '\x9a', '\xe8', '\x7d', '\x2f', '\xdc', '\x43', '\xf4', '\x70', '\x91', + '\x1a', '\x93', '\xbe', '\x71', '\xaf', '\x85', '\x84', '\xdb', '\xcf', + '\x6b', '\x5c', '\x80', '\xb2', '\xd3', '\xf3', '\x42', '\x6e', '\x24', + '\xec', '\x2a', '\x62', '\x99', '\xc6', '\x3c', '\xe5', '\x32', '\xe5', + '\x72', '\x37', '\x30', '\x9b', '\x0b', '\xe4', '\x06', '\xb4', '\x64', + '\x26', '\x95', '\x59', '\xba', '\xf1', '\x53', '\x83', '\x3d', '\x99', + '\x6d', '\xf0', '\x80', '\xe2', '\xdb', '\x6b', '\x34', '\x52', '\x06', + '\x77', '\x3c', '\x73', '\xbe', '\xc6', '\xe3', '\xce', '\xb2', '\x11', + '\x02', '\x03', '\x01', '\x00', '\x01', '\xa3', '\x81', '\xb6', '\x30', + '\x81', '\xb3', '\x30', '\x0c', '\x06', '\x03', '\x55', '\x1d', '\x13', + '\x01', '\x01', '\xff', '\x04', '\x02', '\x30', '\x00', '\x30', '\x1d', + '\x06', '\x03', '\x55', '\x1d', '\x0e', '\x04', '\x16', '\x04', '\x14', + '\xc8', '\x54', '\x28', '\xf6', '\xd2', '\xd5', '\x12', '\x35', '\x89', + '\x15', '\x75', '\xb8', '\xbf', '\xdd', '\xfb', '\x4a', '\xfc', '\x6c', + '\x89', '\xde', '\x30', '\x1f', '\x06', '\x03', '\x55', '\x1d', '\x23', + '\x04', '\x18', '\x30', '\x16', '\x80', '\x14', '\x50', '\xe4', '\x1d', + '\xc3', '\x1a', '\xfb', '\xfd', '\x38', '\xdd', '\xa2', '\x05', '\xfd', + '\xc8', '\xfa', '\x57', '\x0a', '\xc1', '\x06', '\x0f', '\xae', '\x30', + '\x1d', '\x06', '\x03', '\x55', '\x1d', '\x25', '\x04', '\x16', '\x30', + '\x14', '\x06', '\x08', '\x2b', '\x06', '\x01', '\x05', '\x05', '\x07', + '\x03', '\x01', '\x06', '\x08', '\x2b', '\x06', '\x01', '\x05', '\x05', + '\x07', '\x03', '\x02', '\x30', '\x44', '\x06', '\x03', '\x55', '\x1d', + '\x11', '\x04', '\x3d', '\x30', '\x3b', '\x82', '\x0f', '\x77', '\x77', + '\x77', '\x2e', '\x65', '\x78', '\x61', '\x6d', '\x70', '\x6c', '\x65', + '\x2e', '\x6f', '\x72', '\x67', '\x82', '\x10', '\x6d', '\x61', '\x69', + '\x6c', '\x2e', '\x65', '\x78', '\x61', '\x6d', '\x70', '\x6c', '\x65', + '\x2e', '\x6f', '\x72', '\x67', '\x82', '\x10', '\x6d', '\x61', '\x69', + '\x6c', '\x2e', '\x65', '\x78', '\x61', '\x6d', '\x70', '\x6c', '\x65', + '\x2e', '\x63', '\x6f', '\x6d', '\x87', '\x04', '\x7f', '\x00', '\x00', + '\x01', '\x30', '\x0d', '\x06', '\x09', '\x2a', '\x86', '\x48', '\x86', + '\xf7', '\x0d', '\x01', '\x01', '\x0b', '\x05', '\x00', '\x03', '\x82', + '\x01', '\x01', '\x00', '\x45', '\x41', '\x7a', '\x68', '\xe0', '\xa7', + '\x59', '\xa1', '\x62', '\x54', '\x73', '\x74', '\x14', '\x4f', '\xde', + '\x9c', '\x51', '\xac', '\x25', '\x97', '\x70', '\xf7', '\x09', '\x51', + '\x39', '\x72', '\x39', '\x3c', '\xd0', '\x31', '\xe1', '\xc3', '\x02', + '\x91', '\x14', '\x4d', '\x8f', '\x1d', '\x31', '\xab', '\x98', '\x7e', + '\xe6', '\xbb', '\xab', '\x6a', '\xd9', '\xc5', '\x86', '\xaa', '\x4e', + '\x6a', '\x48', '\xe9', '\xf8', '\xd7', '\xb3', '\x1d', '\xa0', '\xc5', + '\xe6', '\xbf', '\x4c', '\x5a', '\x9b', '\xb5', '\x78', '\x01', '\xa3', + '\x39', '\x7b', '\x5f', '\xbc', '\xb8', '\xa7', '\xc2', '\x71', '\xb0', + '\x7b', '\xdd', '\xa1', '\x87', '\xa6', '\x54', '\x9c', '\xf6', '\x59', + '\x81', '\xb1', '\x2c', '\xde', '\xc5', '\x8a', '\xa2', '\x06', '\x89', + '\xb5', '\xc1', '\x7a', '\xbe', '\x0c', '\x9f', '\x3d', '\xde', '\x81', + '\x48', '\x53', '\x71', '\x7b', '\x8d', '\xc7', '\xea', '\x87', '\xd7', + '\xd1', '\xda', '\x94', '\xb4', '\xc5', '\xac', '\x1e', '\x83', '\xa3', + '\x42', '\x7d', '\xe6', '\xab', '\x3f', '\xd6', '\x1c', '\xd6', '\x65', + '\xc3', '\x60', '\xe9', '\x76', '\x54', '\x79', '\x3f', '\xeb', '\x65', + '\x85', '\x4f', '\x60', '\x7d', '\xbb', '\x96', '\x03', '\x54', '\x2e', + '\xd0', '\x1b', '\xe2', '\x6c', '\x2d', '\x91', '\xae', '\x33', '\x9c', + '\x04', '\xc4', '\x44', '\x0a', '\x7d', '\x5f', '\xbb', '\x80', '\xa2', + '\x01', '\xbc', '\x90', '\x81', '\xa5', '\xdc', '\x4a', '\xc8', '\x77', + '\xc9', '\x8d', '\x34', '\x17', '\xe6', '\x2a', '\x7d', '\x02', '\x1e', + '\x32', '\x3f', '\x7d', '\xd7', '\x0c', '\x80', '\x5b', '\xc6', '\x94', + '\x6a', '\x42', '\x36', '\x05', '\x9f', '\x9e', '\xc5', '\x85', '\x9f', + '\x60', '\xe3', '\x72', '\x73', '\x34', '\x39', '\x44', '\x75', '\x55', + '\x60', '\x24', '\x7a', '\x8b', '\x09', '\x74', '\x84', '\x72', '\xfd', + '\x91', '\x68', '\x93', '\x57', '\x9e', '\x70', '\x46', '\x4d', '\xe4', + '\x30', '\x84', '\x5f', '\x20', '\x07', '\xad', '\xfd', '\x86', '\x32', + '\xd3', '\xfb', '\xba', '\xaf', '\xd9', '\x61', '\x14', '\x3c', '\xe0', + '\xa1', '\xa9', '\x51', '\x51', '\x0f', '\xad', '\x60'}; + +QUIC_CONST_INIT const quiche::QuicheStringPiece kTestCertificate( + kTestCertificateRaw, + sizeof(kTestCertificateRaw)); + +QUIC_CONST_INIT const char kTestCertificatePem[] = + R"(Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=QUIC Server Root CA + Validity + Not Before: Jan 30 18:13:59 2020 GMT + Not After : Feb 2 18:13:59 2020 GMT + Subject: C=US, ST=California, L=Mountain View, O=QUIC Server, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c5:e2:51:6d:3f:d6:28:f2:ad:34:73:87:64:ca: + 33:19:33:b7:75:91:ab:31:19:2b:e3:a4:26:09:29: + 8b:2d:f7:52:75:a7:55:15:f0:11:c7:c2:c4:ed:18: + 1b:33:0b:71:32:e6:35:89:cd:2d:5a:05:57:4e:c2: + 78:75:65:72:2d:8a:17:83:d6:32:90:85:f8:22:e2: + 65:a9:e0:a0:fe:19:b2:39:2d:14:03:10:2f:cc:8b: + 5e:aa:25:27:0d:a3:37:10:0c:17:ec:f0:8b:c5:6b: + ed:6b:5e:b2:e2:35:3e:46:3b:f7:f6:59:b1:e0:16: + a6:fb:03:bf:84:4f:ce:64:15:0d:59:99:a6:f0:7f: + 8a:33:4b:bb:0b:b8:f2:d1:27:90:8f:38:f8:5a:41: + 82:07:9b:0d:d9:52:e0:70:ff:de:da:d8:25:4e:2f: + 2d:9f:af:92:63:c7:42:b4:dc:16:95:23:05:02:6b: + b0:e8:c5:fe:15:9a:e8:7d:2f:dc:43:f4:70:91:1a: + 93:be:71:af:85:84:db:cf:6b:5c:80:b2:d3:f3:42: + 6e:24:ec:2a:62:99:c6:3c:e5:32:e5:72:37:30:9b: + 0b:e4:06:b4:64:26:95:59:ba:f1:53:83:3d:99:6d: + f0:80:e2:db:6b:34:52:06:77:3c:73:be:c6:e3:ce: + b2:11 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + C8:54:28:F6:D2:D5:12:35:89:15:75:B8:BF:DD:FB:4A:FC:6C:89:DE + X509v3 Authority Key Identifier: + keyid:50:E4:1D:C3:1A:FB:FD:38:DD:A2:05:FD:C8:FA:57:0A:C1:06:0F:AE + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + DNS:www.example.org, DNS:mail.example.org, DNS:mail.example.com, IP Address:127.0.0.1 + Signature Algorithm: sha256WithRSAEncryption + 45:41:7a:68:e0:a7:59:a1:62:54:73:74:14:4f:de:9c:51:ac: + 25:97:70:f7:09:51:39:72:39:3c:d0:31:e1:c3:02:91:14:4d: + 8f:1d:31:ab:98:7e:e6:bb:ab:6a:d9:c5:86:aa:4e:6a:48:e9: + f8:d7:b3:1d:a0:c5:e6:bf:4c:5a:9b:b5:78:01:a3:39:7b:5f: + bc:b8:a7:c2:71:b0:7b:dd:a1:87:a6:54:9c:f6:59:81:b1:2c: + de:c5:8a:a2:06:89:b5:c1:7a:be:0c:9f:3d:de:81:48:53:71: + 7b:8d:c7:ea:87:d7:d1:da:94:b4:c5:ac:1e:83:a3:42:7d:e6: + ab:3f:d6:1c:d6:65:c3:60:e9:76:54:79:3f:eb:65:85:4f:60: + 7d:bb:96:03:54:2e:d0:1b:e2:6c:2d:91:ae:33:9c:04:c4:44: + 0a:7d:5f:bb:80:a2:01:bc:90:81:a5:dc:4a:c8:77:c9:8d:34: + 17:e6:2a:7d:02:1e:32:3f:7d:d7:0c:80:5b:c6:94:6a:42:36: + 05:9f:9e:c5:85:9f:60:e3:72:73:34:39:44:75:55:60:24:7a: + 8b:09:74:84:72:fd:91:68:93:57:9e:70:46:4d:e4:30:84:5f: + 20:07:ad:fd:86:32:d3:fb:ba:af:d9:61:14:3c:e0:a1:a9:51: + 51:0f:ad:60 +-----BEGIN CERTIFICATE----- +MIIDtDCCApygAwIBAgIBATANBgkqhkiG9w0BAQsFADAeMRwwGgYDVQQDDBNRVUlD +IFNlcnZlciBSb290IENBMB4XDTIwMDEzMDE4MTM1OVoXDTIwMDIwMjE4MTM1OVow +ZDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v +dW50YWluIFZpZXcxFDASBgNVBAoMC1FVSUMgU2VydmVyMRIwEAYDVQQDDAkxMjcu +MC4wLjEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDF4lFtP9Yo8q00 +c4dkyjMZM7d1kasxGSvjpCYJKYst91J1p1UV8BHHwsTtGBszC3Ey5jWJzS1aBVdO +wnh1ZXItiheD1jKQhfgi4mWp4KD+GbI5LRQDEC/Mi16qJScNozcQDBfs8IvFa+1r +XrLiNT5GO/f2WbHgFqb7A7+ET85kFQ1Zmabwf4ozS7sLuPLRJ5CPOPhaQYIHmw3Z +UuBw/97a2CVOLy2fr5Jjx0K03BaVIwUCa7Doxf4Vmuh9L9xD9HCRGpO+ca+FhNvP +a1yAstPzQm4k7CpimcY85TLlcjcwmwvkBrRkJpVZuvFTgz2ZbfCA4ttrNFIGdzxz +vsbjzrIRAgMBAAGjgbYwgbMwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUyFQo9tLV +EjWJFXW4v937Svxsid4wHwYDVR0jBBgwFoAUUOQdwxr7/TjdogX9yPpXCsEGD64w +HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEQGA1UdEQQ9MDuCD3d3dy5l +eGFtcGxlLm9yZ4IQbWFpbC5leGFtcGxlLm9yZ4IQbWFpbC5leGFtcGxlLmNvbYcE +fwAAATANBgkqhkiG9w0BAQsFAAOCAQEARUF6aOCnWaFiVHN0FE/enFGsJZdw9wlR +OXI5PNAx4cMCkRRNjx0xq5h+5ruratnFhqpOakjp+NezHaDF5r9MWpu1eAGjOXtf +vLinwnGwe92hh6ZUnPZZgbEs3sWKogaJtcF6vgyfPd6BSFNxe43H6ofX0dqUtMWs +HoOjQn3mqz/WHNZlw2DpdlR5P+tlhU9gfbuWA1Qu0BvibC2RrjOcBMRECn1fu4Ci +AbyQgaXcSsh3yY00F+YqfQIeMj991wyAW8aUakI2BZ+exYWfYONyczQ5RHVVYCR6 +iwl0hHL9kWiTV55wRk3kMIRfIAet/YYy0/u6r9lhFDzgoalRUQ+tYA== +-----END CERTIFICATE-----)"; + +// Same leaf as above, but with an intermediary attached. +QUIC_CONST_INIT const char kTestCertificateChainPem[] = + R"(-----BEGIN CERTIFICATE----- +MIIDtDCCApygAwIBAgIBATANBgkqhkiG9w0BAQsFADAeMRwwGgYDVQQDDBNRVUlD +IFNlcnZlciBSb290IENBMB4XDTIwMDEzMDE4MTM1OVoXDTIwMDIwMjE4MTM1OVow +ZDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v +dW50YWluIFZpZXcxFDASBgNVBAoMC1FVSUMgU2VydmVyMRIwEAYDVQQDDAkxMjcu +MC4wLjEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDF4lFtP9Yo8q00 +c4dkyjMZM7d1kasxGSvjpCYJKYst91J1p1UV8BHHwsTtGBszC3Ey5jWJzS1aBVdO +wnh1ZXItiheD1jKQhfgi4mWp4KD+GbI5LRQDEC/Mi16qJScNozcQDBfs8IvFa+1r +XrLiNT5GO/f2WbHgFqb7A7+ET85kFQ1Zmabwf4ozS7sLuPLRJ5CPOPhaQYIHmw3Z +UuBw/97a2CVOLy2fr5Jjx0K03BaVIwUCa7Doxf4Vmuh9L9xD9HCRGpO+ca+FhNvP +a1yAstPzQm4k7CpimcY85TLlcjcwmwvkBrRkJpVZuvFTgz2ZbfCA4ttrNFIGdzxz +vsbjzrIRAgMBAAGjgbYwgbMwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUyFQo9tLV +EjWJFXW4v937Svxsid4wHwYDVR0jBBgwFoAUUOQdwxr7/TjdogX9yPpXCsEGD64w +HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEQGA1UdEQQ9MDuCD3d3dy5l +eGFtcGxlLm9yZ4IQbWFpbC5leGFtcGxlLm9yZ4IQbWFpbC5leGFtcGxlLmNvbYcE +fwAAATANBgkqhkiG9w0BAQsFAAOCAQEARUF6aOCnWaFiVHN0FE/enFGsJZdw9wlR +OXI5PNAx4cMCkRRNjx0xq5h+5ruratnFhqpOakjp+NezHaDF5r9MWpu1eAGjOXtf +vLinwnGwe92hh6ZUnPZZgbEs3sWKogaJtcF6vgyfPd6BSFNxe43H6ofX0dqUtMWs +HoOjQn3mqz/WHNZlw2DpdlR5P+tlhU9gfbuWA1Qu0BvibC2RrjOcBMRECn1fu4Ci +AbyQgaXcSsh3yY00F+YqfQIeMj991wyAW8aUakI2BZ+exYWfYONyczQ5RHVVYCR6 +iwl0hHL9kWiTV55wRk3kMIRfIAet/YYy0/u6r9lhFDzgoalRUQ+tYA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDDDCCAfSgAwIBAgIUfVS7RH+aVGqZhrjyuyD4qCnTS+MwDQYJKoZIhvcNAQEL +BQAwHjEcMBoGA1UEAwwTUVVJQyBTZXJ2ZXIgUm9vdCBDQTAeFw0yMDAxMzAxODEz +NTlaFw0yMDAyMDIxODEzNTlaMB4xHDAaBgNVBAMME1FVSUMgU2VydmVyIFJvb3Qg +Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc3k0GGpCBf6jXHxia +QM4ntB6pWkT+NbaZUNHb1SkG2Cp9dN5dEKOXiqOi9306j4WNWTq/q0Ku9lCPPPFs +JTIVC3tKY8Nbiczw+mohgW4rwLgpAP5rjjVzTxSFpDWZlgkH54HpqLjJFVl4Fklg +vzSj+rYfqP+ueesi7z7KwPwzd30jjsJlpr2rlkZkidWT5vRTD3uYhNOW7IIT0lRP +MDTwdxTEU5unyxESAsZyckNuJDeNF0y1Aw5Xiw/Bww+CyRH+tX6OUcWNtA+ZSDU8 +oVH5m4rxYK/DaHAZrA672/ywvUcPQaNaRxsAWRVjhktgyGPT3pjqiHDCN8+42uhH +SgrbAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFDkHcMa+/04 +3aIF/cj6VwrBBg+uMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEA +iX+tn1Zfxx4M5YqZlPgXFB219agrJP2vM0fzW0E4zqDvA2ALaQN+lwdnFueN3tDk +3IJvxd2W5k1Qh7LqWFUbBghDAP43XffW/yNy0+nuR2n3nRYdNStSMrGQm7oywhBd +5jQl0GQUyYf1jcbD76HA5JraBjEXnQyJe6gJYHiRiMaMURWyzcngOPv5w3XBzIe3 +sRM0Rk/TTZP1Qx7fDY3ikFe1w9LzAMGbKDTKfc1+F0GZByJ3pdWakUNXZvtGFhIF +hTXMooR/wD7an6gtnXD8ixCh7bP0TyPiBhNsUb12WrvSEAm/UyciQbQlR7P+K0Z7 +Cmn1Mj4hQ+pT0t+pw/DMOw== +-----END CERTIFICATE-----)"; + +QUIC_CONST_INIT const char kTestCertificatePrivateKeyRaw[] = { + '\x30', '\x82', '\x04', '\xbc', '\x02', '\x01', '\x00', '\x30', '\x0d', + '\x06', '\x09', '\x2a', '\x86', '\x48', '\x86', '\xf7', '\x0d', '\x01', + '\x01', '\x01', '\x05', '\x00', '\x04', '\x82', '\x04', '\xa6', '\x30', + '\x82', '\x04', '\xa2', '\x02', '\x01', '\x00', '\x02', '\x82', '\x01', + '\x01', '\x00', '\xc5', '\xe2', '\x51', '\x6d', '\x3f', '\xd6', '\x28', + '\xf2', '\xad', '\x34', '\x73', '\x87', '\x64', '\xca', '\x33', '\x19', + '\x33', '\xb7', '\x75', '\x91', '\xab', '\x31', '\x19', '\x2b', '\xe3', + '\xa4', '\x26', '\x09', '\x29', '\x8b', '\x2d', '\xf7', '\x52', '\x75', + '\xa7', '\x55', '\x15', '\xf0', '\x11', '\xc7', '\xc2', '\xc4', '\xed', + '\x18', '\x1b', '\x33', '\x0b', '\x71', '\x32', '\xe6', '\x35', '\x89', + '\xcd', '\x2d', '\x5a', '\x05', '\x57', '\x4e', '\xc2', '\x78', '\x75', + '\x65', '\x72', '\x2d', '\x8a', '\x17', '\x83', '\xd6', '\x32', '\x90', + '\x85', '\xf8', '\x22', '\xe2', '\x65', '\xa9', '\xe0', '\xa0', '\xfe', + '\x19', '\xb2', '\x39', '\x2d', '\x14', '\x03', '\x10', '\x2f', '\xcc', + '\x8b', '\x5e', '\xaa', '\x25', '\x27', '\x0d', '\xa3', '\x37', '\x10', + '\x0c', '\x17', '\xec', '\xf0', '\x8b', '\xc5', '\x6b', '\xed', '\x6b', + '\x5e', '\xb2', '\xe2', '\x35', '\x3e', '\x46', '\x3b', '\xf7', '\xf6', + '\x59', '\xb1', '\xe0', '\x16', '\xa6', '\xfb', '\x03', '\xbf', '\x84', + '\x4f', '\xce', '\x64', '\x15', '\x0d', '\x59', '\x99', '\xa6', '\xf0', + '\x7f', '\x8a', '\x33', '\x4b', '\xbb', '\x0b', '\xb8', '\xf2', '\xd1', + '\x27', '\x90', '\x8f', '\x38', '\xf8', '\x5a', '\x41', '\x82', '\x07', + '\x9b', '\x0d', '\xd9', '\x52', '\xe0', '\x70', '\xff', '\xde', '\xda', + '\xd8', '\x25', '\x4e', '\x2f', '\x2d', '\x9f', '\xaf', '\x92', '\x63', + '\xc7', '\x42', '\xb4', '\xdc', '\x16', '\x95', '\x23', '\x05', '\x02', + '\x6b', '\xb0', '\xe8', '\xc5', '\xfe', '\x15', '\x9a', '\xe8', '\x7d', + '\x2f', '\xdc', '\x43', '\xf4', '\x70', '\x91', '\x1a', '\x93', '\xbe', + '\x71', '\xaf', '\x85', '\x84', '\xdb', '\xcf', '\x6b', '\x5c', '\x80', + '\xb2', '\xd3', '\xf3', '\x42', '\x6e', '\x24', '\xec', '\x2a', '\x62', + '\x99', '\xc6', '\x3c', '\xe5', '\x32', '\xe5', '\x72', '\x37', '\x30', + '\x9b', '\x0b', '\xe4', '\x06', '\xb4', '\x64', '\x26', '\x95', '\x59', + '\xba', '\xf1', '\x53', '\x83', '\x3d', '\x99', '\x6d', '\xf0', '\x80', + '\xe2', '\xdb', '\x6b', '\x34', '\x52', '\x06', '\x77', '\x3c', '\x73', + '\xbe', '\xc6', '\xe3', '\xce', '\xb2', '\x11', '\x02', '\x03', '\x01', + '\x00', '\x01', '\x02', '\x82', '\x01', '\x00', '\x39', '\x75', '\xac', + '\x1b', '\x43', '\x0c', '\x16', '\xbb', '\xd0', '\xdb', '\x88', '\x28', + '\x6a', '\x75', '\xe4', '\x3c', '\x8f', '\x2d', '\xd8', '\x6f', '\xc1', + '\xfb', '\xf1', '\xc9', '\x32', '\xc2', '\xb9', '\x60', '\xb3', '\xb5', + '\x7c', '\x55', '\x72', '\x96', '\x43', '\x4e', '\x8b', '\x9e', '\x38', + '\x2b', '\x7f', '\x3c', '\xdb', '\x73', '\xc2', '\x82', '\x21', '\xf2', + '\x6e', '\xcb', '\x36', '\x04', '\x9b', '\x95', '\x6d', '\xac', '\x5b', + '\x5b', '\xbd', '\x50', '\x69', '\x16', '\x59', '\xff', '\x2b', '\x38', + '\x04', '\xca', '\x2f', '\xc8', '\x93', '\x7e', '\x27', '\xf3', '\x01', + '\x7e', '\x40', '\x81', '\xbf', '\x07', '\x0b', '\x1f', '\x5b', '\x1d', + '\x92', '\x7e', '\x22', '\xc3', '\x0c', '\x3d', '\x22', '\xbe', '\xc3', + '\x06', '\x4c', '\xbc', '\x72', '\x66', '\x70', '\x94', '\x16', '\x8d', + '\x1f', '\x78', '\x65', '\x6a', '\x66', '\x07', '\x1f', '\x74', '\x42', + '\x6e', '\xf6', '\x7e', '\xdc', '\x03', '\xd3', '\x88', '\xb4', '\x4b', + '\x2c', '\x5c', '\x3c', '\x42', '\x59', '\x42', '\x1f', '\x01', '\x13', + '\x31', '\xc5', '\x22', '\xe7', '\x6a', '\x96', '\xf2', '\xfb', '\x66', + '\xfe', '\xc8', '\xa1', '\x7e', '\x24', '\x96', '\x5f', '\x02', '\xee', + '\x38', '\x21', '\xa5', '\x14', '\xd2', '\xa6', '\x35', '\x70', '\x6c', + '\x8d', '\xa6', '\xd8', '\x2a', '\xd2', '\x45', '\x31', '\x5f', '\x67', + '\x9e', '\x35', '\x57', '\x6a', '\xc4', '\x15', '\xe7', '\xba', '\x60', + '\x2f', '\x8e', '\x52', '\x4e', '\xfc', '\x6f', '\xa0', '\x08', '\x91', + '\x31', '\x71', '\x06', '\x68', '\x19', '\x48', '\xc7', '\x81', '\x0d', + '\x5e', '\x52', '\x93', '\x57', '\xcc', '\xfe', '\x46', '\xac', '\xa9', + '\x4f', '\xe2', '\x96', '\x4f', '\xaf', '\x12', '\xfb', '\xc2', '\x4b', + '\xc4', '\x8d', '\x3b', '\xb0', '\x38', '\xe4', '\xbb', '\x8d', '\x19', + '\x81', '\xe4', '\x74', '\x63', '\x9c', '\x8d', '\xaa', '\x84', '\x82', + '\x91', '\xdf', '\xdc', '\x45', '\xf0', '\x39', '\xb2', '\xb4', '\xac', + '\x45', '\xda', '\x3f', '\x30', '\x4d', '\x46', '\xb1', '\xe1', '\xb2', + '\x9d', '\xdf', '\xd8', '\xc4', '\xa2', '\xef', '\xe9', '\x1a', '\x97', + '\x79', '\x02', '\x81', '\x81', '\x00', '\xe5', '\x23', '\xb8', '\xd7', + '\x09', '\x54', '\x54', '\x3b', '\xb6', '\x78', '\x78', '\x67', '\x57', + '\x65', '\xc5', '\xd4', '\x74', '\xaf', '\x05', '\x4f', '\xb5', '\xc8', + '\x8c', '\x1b', '\xd1', '\x9a', '\x2c', '\xd6', '\xe4', '\x68', '\xd1', + '\xaf', '\x3d', '\x72', '\x42', '\x50', '\xc8', '\xdd', '\xb1', '\xee', + '\x77', '\x52', '\xb8', '\xb1', '\x31', '\xbe', '\xf0', '\x74', '\x78', + '\x42', '\x59', '\xea', '\x13', '\x8b', '\x82', '\x00', '\x54', '\x22', + '\xd2', '\x0a', '\x24', '\xb0', '\x1f', '\x1e', '\x76', '\x27', '\xae', + '\x63', '\xc6', '\x6b', '\x59', '\x28', '\x1d', '\xa0', '\x9f', '\x42', + '\x30', '\xf1', '\xe3', '\x59', '\x1c', '\x4f', '\x31', '\x49', '\xff', + '\x45', '\x7e', '\x6b', '\xef', '\xe9', '\x6f', '\xde', '\xaf', '\x1e', + '\x04', '\x96', '\x61', '\x4e', '\x9f', '\x58', '\xf5', '\x0d', '\x64', + '\x08', '\x48', '\x0a', '\xae', '\xac', '\xe4', '\x76', '\x91', '\xdd', + '\x6e', '\x33', '\x97', '\xc5', '\x96', '\xda', '\xff', '\xbc', '\x42', + '\x5b', '\x71', '\xb5', '\x76', '\xae', '\x01', '\xb3', '\x02', '\x81', + '\x81', '\x00', '\xdd', '\x14', '\xa5', '\x6c', '\x89', '\x2b', '\x80', + '\x78', '\xf6', '\xc3', '\x80', '\x4d', '\x53', '\x54', '\xb3', '\x2b', + '\x40', '\xce', '\x98', '\x16', '\xa0', '\xbf', '\x72', '\xf1', '\xe3', + '\xdc', '\xe9', '\x0b', '\x45', '\x23', '\x86', '\x38', '\x4c', '\x29', + '\xf1', '\xa0', '\xe0', '\x2c', '\xfa', '\x86', '\x3f', '\x01', '\x90', + '\xc5', '\x1b', '\x96', '\x10', '\x44', '\x84', '\xfb', '\xec', '\x3c', + '\x74', '\x6c', '\x0d', '\xcc', '\xc3', '\xcd', '\x1b', '\x28', '\x12', + '\xaa', '\xb4', '\x67', '\x80', '\xc8', '\xd9', '\x1b', '\x7d', '\xe7', + '\x54', '\x39', '\x03', '\x6d', '\xba', '\xaa', '\x6f', '\xf7', '\x93', + '\x1f', '\x94', '\x76', '\xd6', '\xab', '\x9b', '\xda', '\x3d', '\x89', + '\x37', '\x83', '\xfe', '\x72', '\x2a', '\xbb', '\x6f', '\x36', '\xc5', + '\xe0', '\xae', '\x65', '\xf9', '\xbb', '\xc6', '\xe2', '\x98', '\x0f', + '\xbd', '\xf6', '\x22', '\xf8', '\x35', '\x5b', '\x99', '\xe6', '\xff', + '\x6d', '\x6e', '\xb2', '\x92', '\x93', '\x64', '\x25', '\xc1', '\xe8', + '\x9c', '\x6b', '\x73', '\x2b', '\x02', '\x81', '\x80', '\x13', '\x30', + '\x1a', '\x9a', '\x67', '\x3d', '\x98', '\x90', '\x27', '\x87', '\x8f', + '\x0d', '\x98', '\x53', '\xfd', '\x6c', '\xfd', '\x18', '\x6a', '\xe9', + '\x71', '\xdf', '\x89', '\x5c', '\x0b', '\x01', '\x4e', '\x1f', '\xf0', + '\xa0', '\x96', '\x6e', '\x86', '\x46', '\xbb', '\x26', '\xe8', '\xab', + '\x27', '\xeb', '\x40', '\x32', '\xbd', '\x24', '\x99', '\x75', '\xd3', + '\xcc', '\xed', '\x05', '\x21', '\x62', '\x68', '\xa0', '\x96', '\x12', + '\x50', '\xf9', '\x59', '\x7d', '\x5f', '\xf5', '\x1f', '\xa5', '\xfd', + '\x5e', '\xf5', '\x4b', '\x85', '\xa2', '\x17', '\xa5', '\x34', '\x55', + '\xef', '\x00', '\x2b', '\xf9', '\x15', '\x80', '\xb0', '\xce', '\x30', + '\xe2', '\x71', '\x6d', '\xf0', '\x58', '\x39', '\x8e', '\xe2', '\xbf', + '\x53', '\x0a', '\xc0', '\x77', '\x97', '\x4e', '\x6e', '\x29', '\x94', + '\xdb', '\xba', '\x34', '\xb7', '\x53', '\xad', '\xac', '\xec', '\xb4', + '\xc1', '\x22', '\x39', '\xc8', '\x38', '\x3d', '\x63', '\x94', '\x93', + '\x35', '\xc0', '\x98', '\xc7', '\xbc', '\xda', '\x63', '\x57', '\xe1', + '\x02', '\x81', '\x80', '\x51', '\x71', '\x7c', '\xab', '\x6a', '\x30', + '\xe3', '\x68', '\x2c', '\x87', '\xc2', '\xe9', '\x39', '\x8c', '\x97', + '\x60', '\x94', '\xc4', '\x46', '\xd4', '\xf7', '\x2c', '\xf0', '\x1c', + '\x5a', '\x34', '\x14', '\x89', '\xf9', '\x53', '\x67', '\xeb', '\xaf', + '\x6b', '\x38', '\x3f', '\x6a', '\xb6', '\x47', '\x28', '\x53', '\x67', + '\xb1', '\x3c', '\x5b', '\xb8', '\x41', '\x8f', '\xec', '\x69', '\x9e', + '\x12', '\x7b', '\x55', '\x1f', '\x14', '\x53', '\x01', '\x69', '\x42', + '\xae', '\xf5', '\xc1', '\xf5', '\xeb', '\x44', '\x92', '\x6e', '\x85', + '\x48', '\x46', '\x07', '\xa6', '\xd2', '\xb2', '\x94', '\x7d', '\x20', + '\xf8', '\x4b', '\x06', '\xf7', '\x6c', '\x87', '\xd5', '\xa7', '\x65', + '\x49', '\xfa', '\x70', '\x9e', '\xb8', '\xd2', '\x33', '\x30', '\x7a', + '\x3e', '\x15', '\x52', '\x49', '\xf0', '\xe1', '\x13', '\x18', '\x80', + '\xaa', '\x33', '\xf1', '\xcb', '\xda', '\x22', '\x55', '\xf7', '\x71', + '\x58', '\xa1', '\xa8', '\xc9', '\x12', '\x24', '\x48', '\x1d', '\x7c', + '\xbc', '\xc3', '\x7a', '\xf5', '\xf7', '\x02', '\x81', '\x80', '\x41', + '\x7c', '\xae', '\x6e', '\x48', '\x3f', '\xb5', '\x0b', '\x99', '\xaa', + '\xc5', '\xea', '\x81', '\xad', '\x84', '\x6b', '\x29', '\x78', '\x4b', + '\x18', '\xdb', '\x0e', '\xd3', '\x3e', '\x60', '\x8b', '\xef', '\x65', + '\x4d', '\x58', '\x25', '\x3a', '\x08', '\xb5', '\x21', '\xb6', '\x61', + '\x0c', '\xfa', '\xf0', '\x69', '\x78', '\x4e', '\x68', '\x36', '\xdb', + '\x41', '\x4b', '\x50', '\xd8', '\xd3', '\x8e', '\x3d', '\x74', '\x80', + '\x8e', '\xa0', '\xe6', '\xda', '\xec', '\x70', '\x89', '\x77', '\xb2', + '\x9d', '\xd6', '\x6e', '\x0a', '\xc4', '\xbd', '\xf6', '\x9a', '\x07', + '\x15', '\xba', '\x55', '\x9f', '\xd4', '\x4d', '\x3a', '\x0f', '\x51', + '\x12', '\xa4', '\xd9', '\xc2', '\x98', '\x76', '\xc5', '\xb7', '\x29', + '\x40', '\xca', '\xf4', '\xbb', '\x74', '\x2d', '\x71', '\x03', '\x4d', + '\xe7', '\x05', '\x75', '\xc0', '\x8d', '\x96', '\x7e', '\x59', '\xa1', + '\x8b', '\x3b', '\xa3', '\x2b', '\xa5', '\xa3', '\xc8', '\xf7', '\xd3', + '\x3e', '\x6b', '\x2e', '\xfa', '\x4f', '\x4d', '\xe6', '\xbe', '\xd3', + '\x59'}; + +QUIC_CONST_INIT const quiche::QuicheStringPiece kTestCertificatePrivateKey( + kTestCertificatePrivateKeyRaw, + sizeof(kTestCertificatePrivateKeyRaw)); + +QUIC_CONST_INIT const char kTestCertificatePrivateKeyPem[] = + R"(-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDF4lFtP9Yo8q00 +c4dkyjMZM7d1kasxGSvjpCYJKYst91J1p1UV8BHHwsTtGBszC3Ey5jWJzS1aBVdO +wnh1ZXItiheD1jKQhfgi4mWp4KD+GbI5LRQDEC/Mi16qJScNozcQDBfs8IvFa+1r +XrLiNT5GO/f2WbHgFqb7A7+ET85kFQ1Zmabwf4ozS7sLuPLRJ5CPOPhaQYIHmw3Z +UuBw/97a2CVOLy2fr5Jjx0K03BaVIwUCa7Doxf4Vmuh9L9xD9HCRGpO+ca+FhNvP +a1yAstPzQm4k7CpimcY85TLlcjcwmwvkBrRkJpVZuvFTgz2ZbfCA4ttrNFIGdzxz +vsbjzrIRAgMBAAECggEAOXWsG0MMFrvQ24goanXkPI8t2G/B+/HJMsK5YLO1fFVy +lkNOi544K38823PCgiHybss2BJuVbaxbW71QaRZZ/ys4BMovyJN+J/MBfkCBvwcL +H1sdkn4iwww9Ir7DBky8cmZwlBaNH3hlamYHH3RCbvZ+3APTiLRLLFw8QllCHwET +McUi52qW8vtm/sihfiSWXwLuOCGlFNKmNXBsjabYKtJFMV9nnjVXasQV57pgL45S +TvxvoAiRMXEGaBlIx4ENXlKTV8z+RqypT+KWT68S+8JLxI07sDjku40ZgeR0Y5yN +qoSCkd/cRfA5srSsRdo/ME1GseGynd/YxKLv6RqXeQKBgQDlI7jXCVRUO7Z4eGdX +ZcXUdK8FT7XIjBvRmizW5GjRrz1yQlDI3bHud1K4sTG+8HR4QlnqE4uCAFQi0gok +sB8edieuY8ZrWSgdoJ9CMPHjWRxPMUn/RX5r7+lv3q8eBJZhTp9Y9Q1kCEgKrqzk +dpHdbjOXxZba/7xCW3G1dq4BswKBgQDdFKVsiSuAePbDgE1TVLMrQM6YFqC/cvHj +3OkLRSOGOEwp8aDgLPqGPwGQxRuWEESE++w8dGwNzMPNGygSqrRngMjZG33nVDkD +bbqqb/eTH5R21qub2j2JN4P+ciq7bzbF4K5l+bvG4pgPvfYi+DVbmeb/bW6ykpNk +JcHonGtzKwKBgBMwGppnPZiQJ4ePDZhT/Wz9GGrpcd+JXAsBTh/woJZuhka7Juir +J+tAMr0kmXXTzO0FIWJooJYSUPlZfV/1H6X9XvVLhaIXpTRV7wAr+RWAsM4w4nFt +8Fg5juK/UwrAd5dObimU27o0t1OtrOy0wSI5yDg9Y5STNcCYx7zaY1fhAoGAUXF8 +q2ow42gsh8LpOYyXYJTERtT3LPAcWjQUiflTZ+uvazg/arZHKFNnsTxbuEGP7Gme +EntVHxRTAWlCrvXB9etEkm6FSEYHptKylH0g+EsG92yH1adlSfpwnrjSMzB6PhVS +SfDhExiAqjPxy9oiVfdxWKGoyRIkSB18vMN69fcCgYBBfK5uSD+1C5mqxeqBrYRr +KXhLGNsO0z5gi+9lTVglOgi1IbZhDPrwaXhOaDbbQUtQ2NOOPXSAjqDm2uxwiXey +ndZuCsS99poHFbpVn9RNOg9REqTZwph2xbcpQMr0u3QtcQNN5wV1wI2Wflmhizuj +K6WjyPfTPmsu+k9N5r7TWQ== +-----END PRIVATE KEY-----)"; + +// The legacy version was manually generated from the one above using der2ascii. +QUIC_CONST_INIT const char kTestCertificatePrivateKeyLegacyPem[] = + R"(-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAxeJRbT/WKPKtNHOHZMozGTO3dZGrMRkr46QmCSmLLfdSdadVFfARx8LE7Rgb +MwtxMuY1ic0tWgVXTsJ4dWVyLYoXg9YykIX4IuJlqeCg/hmyOS0UAxAvzIteqiUnDaM3EAwX7PCL +xWvta16y4jU+Rjv39lmx4Bam+wO/hE/OZBUNWZmm8H+KM0u7C7jy0SeQjzj4WkGCB5sN2VLgcP/e +2tglTi8tn6+SY8dCtNwWlSMFAmuw6MX+FZrofS/cQ/RwkRqTvnGvhYTbz2tcgLLT80JuJOwqYpnG +POUy5XI3MJsL5Aa0ZCaVWbrxU4M9mW3wgOLbazRSBnc8c77G486yEQIDAQABAoIBADl1rBtDDBa7 +0NuIKGp15DyPLdhvwfvxyTLCuWCztXxVcpZDToueOCt/PNtzwoIh8m7LNgSblW2sW1u9UGkWWf8r +OATKL8iTfifzAX5Agb8HCx9bHZJ+IsMMPSK+wwZMvHJmcJQWjR94ZWpmBx90Qm72ftwD04i0Syxc +PEJZQh8BEzHFIudqlvL7Zv7IoX4kll8C7jghpRTSpjVwbI2m2CrSRTFfZ541V2rEFee6YC+OUk78 +b6AIkTFxBmgZSMeBDV5Sk1fM/kasqU/ilk+vEvvCS8SNO7A45LuNGYHkdGOcjaqEgpHf3EXwObK0 +rEXaPzBNRrHhsp3f2MSi7+kal3kCgYEA5SO41wlUVDu2eHhnV2XF1HSvBU+1yIwb0Zos1uRo0a89 +ckJQyN2x7ndSuLExvvB0eEJZ6hOLggBUItIKJLAfHnYnrmPGa1koHaCfQjDx41kcTzFJ/0V+a+/p +b96vHgSWYU6fWPUNZAhICq6s5HaR3W4zl8WW2v+8QltxtXauAbMCgYEA3RSlbIkrgHj2w4BNU1Sz +K0DOmBagv3Lx49zpC0UjhjhMKfGg4Cz6hj8BkMUblhBEhPvsPHRsDczDzRsoEqq0Z4DI2Rt951Q5 +A226qm/3kx+Udtarm9o9iTeD/nIqu282xeCuZfm7xuKYD732Ivg1W5nm/21uspKTZCXB6JxrcysC +gYATMBqaZz2YkCeHjw2YU/1s/Rhq6XHfiVwLAU4f8KCWboZGuyboqyfrQDK9JJl108ztBSFiaKCW +ElD5WX1f9R+l/V71S4WiF6U0Ve8AK/kVgLDOMOJxbfBYOY7iv1MKwHeXTm4plNu6NLdTrazstMEi +Ocg4PWOUkzXAmMe82mNX4QKBgFFxfKtqMONoLIfC6TmMl2CUxEbU9yzwHFo0FIn5U2frr2s4P2q2 +RyhTZ7E8W7hBj+xpnhJ7VR8UUwFpQq71wfXrRJJuhUhGB6bSspR9IPhLBvdsh9WnZUn6cJ640jMw +ej4VUknw4RMYgKoz8cvaIlX3cVihqMkSJEgdfLzDevX3AoGAQXyubkg/tQuZqsXqga2Eayl4Sxjb +DtM+YIvvZU1YJToItSG2YQz68Gl4Tmg220FLUNjTjj10gI6g5trscIl3sp3WbgrEvfaaBxW6VZ/U +TToPURKk2cKYdsW3KUDK9Lt0LXEDTecFdcCNln5ZoYs7oyulo8j30z5rLvpPTea+01k= +-----END RSA PRIVATE KEY-----)"; + +QUIC_CONST_INIT const char kWildcardCertificateRaw[] = { + '\x30', '\x82', '\x03', '\x5f', '\x30', '\x82', '\x02', '\x47', '\xa0', + '\x03', '\x02', '\x01', '\x02', '\x02', '\x14', '\x36', '\x1d', '\xe3', + '\xd2', '\x39', '\x35', '\x20', '\xb1', '\xae', '\x18', '\xdd', '\x71', + '\xc9', '\x5b', '\x4a', '\x17', '\xbe', '\x00', '\xb4', '\x15', '\x30', + '\x0d', '\x06', '\x09', '\x2a', '\x86', '\x48', '\x86', '\xf7', '\x0d', + '\x01', '\x01', '\x0b', '\x05', '\x00', '\x30', '\x24', '\x31', '\x0b', + '\x30', '\x09', '\x06', '\x03', '\x55', '\x04', '\x06', '\x13', '\x02', + '\x55', '\x53', '\x31', '\x15', '\x30', '\x13', '\x06', '\x03', '\x55', + '\x04', '\x03', '\x0c', '\x0c', '\x77', '\x77', '\x77', '\x2e', '\x66', + '\x6f', '\x6f', '\x2e', '\x74', '\x65', '\x73', '\x74', '\x30', '\x1e', + '\x17', '\x0d', '\x32', '\x30', '\x30', '\x34', '\x32', '\x31', '\x30', + '\x32', '\x31', '\x38', '\x34', '\x35', '\x5a', '\x17', '\x0d', '\x32', + '\x31', '\x30', '\x34', '\x32', '\x31', '\x30', '\x32', '\x31', '\x38', + '\x34', '\x35', '\x5a', '\x30', '\x24', '\x31', '\x0b', '\x30', '\x09', + '\x06', '\x03', '\x55', '\x04', '\x06', '\x13', '\x02', '\x55', '\x53', + '\x31', '\x15', '\x30', '\x13', '\x06', '\x03', '\x55', '\x04', '\x03', + '\x0c', '\x0c', '\x77', '\x77', '\x77', '\x2e', '\x66', '\x6f', '\x6f', + '\x2e', '\x74', '\x65', '\x73', '\x74', '\x30', '\x82', '\x01', '\x22', + '\x30', '\x0d', '\x06', '\x09', '\x2a', '\x86', '\x48', '\x86', '\xf7', + '\x0d', '\x01', '\x01', '\x01', '\x05', '\x00', '\x03', '\x82', '\x01', + '\x0f', '\x00', '\x30', '\x82', '\x01', '\x0a', '\x02', '\x82', '\x01', + '\x01', '\x00', '\xcc', '\xd5', '\x5d', '\xa0', '\x4a', '\x03', '\x9d', + '\x89', '\xa2', '\xae', '\x7a', '\x59', '\x15', '\xf7', '\x27', '\x67', + '\x49', '\xa4', '\xc1', '\x87', '\xcd', '\x9c', '\x02', '\x9e', '\xb9', + '\x2f', '\xd1', '\xa1', '\x0d', '\x57', '\xff', '\xd6', '\xc0', '\x6a', + '\x7b', '\xaa', '\x52', '\xb2', '\x6e', '\xa6', '\x12', '\x34', '\xcf', + '\xdc', '\xd3', '\x1e', '\x32', '\xc1', '\x8d', '\x42', '\xa3', '\x0b', + '\xd6', '\xaf', '\xe9', '\x37', '\x42', '\xf8', '\x78', '\xdc', '\xcb', + '\x2d', '\x0e', '\x42', '\x5a', '\xe2', '\xbf', '\xd2', '\xe4', '\x9c', + '\xb4', '\x34', '\x38', '\x97', '\x5e', '\x4d', '\x5e', '\x8a', '\x0b', + '\xd8', '\x42', '\x11', '\x88', '\x19', '\xa2', '\x23', '\x4b', '\xec', + '\x3b', '\x0a', '\xc9', '\x67', '\x49', '\x2c', '\x8e', '\x1c', '\x5e', + '\x7f', '\x42', '\xe7', '\x73', '\x0b', '\x86', '\x68', '\xf0', '\xaa', + '\x3f', '\x1e', '\x17', '\x3e', '\x29', '\xc4', '\x57', '\x6e', '\x34', + '\x78', '\xaf', '\x15', '\x03', '\x39', '\x32', '\x27', '\x80', '\x76', + '\xb1', '\xda', '\x08', '\xe5', '\x4d', '\x3f', '\x4c', '\xfc', '\x1e', + '\x23', '\x5a', '\xb3', '\xd4', '\x99', '\xdc', '\x5c', '\x2b', '\xf1', + '\xa8', '\xe3', '\x02', '\x0a', '\xc8', '\x4d', '\x63', '\x27', '\xb9', + '\x0d', '\x6c', '\xc2', '\x34', '\x82', '\x82', '\x5d', '\x56', '\xa8', + '\x93', '\x44', '\x8b', '\xf4', '\x8b', '\xf0', '\x63', '\xe5', '\x23', + '\x7f', '\x8d', '\x5f', '\x3a', '\x4a', '\xa5', '\x50', '\xb9', '\xc6', + '\x5c', '\xe6', '\x33', '\xe3', '\xfc', '\xc8', '\x96', '\x88', '\x88', + '\xe9', '\x53', '\xaf', '\x0d', '\xbb', '\x80', '\x9c', '\xbb', '\xed', + '\x4d', '\x06', '\xfa', '\xe9', '\x7c', '\x25', '\x1c', '\x59', '\xee', + '\x19', '\xcc', '\xa9', '\x7c', '\x1d', '\x86', '\xd9', '\x95', '\x78', + '\x2d', '\x3a', '\x95', '\x49', '\x11', '\x45', '\xfa', '\xd6', '\xef', + '\xd5', '\x07', '\x1c', '\x23', '\xeb', '\xad', '\xd3', '\x3b', '\x95', + '\xcf', '\x53', '\xa3', '\x47', '\xa9', '\xa7', '\x90', '\xde', '\x34', + '\xa4', '\xbb', '\x05', '\xdc', '\x54', '\x87', '\x97', '\x30', '\xea', + '\x25', '\xf0', '\xfd', '\xba', '\xa1', '\x1b', '\x02', '\x03', '\x01', + '\x00', '\x01', '\xa3', '\x81', '\x88', '\x30', '\x81', '\x85', '\x30', + '\x1d', '\x06', '\x03', '\x55', '\x1d', '\x0e', '\x04', '\x16', '\x04', + '\x14', '\x09', '\xfb', '\x77', '\xbb', '\xc8', '\x8f', '\xd6', '\xa4', + '\xf0', '\x74', '\xb2', '\x90', '\x46', '\x0a', '\x8d', '\x09', '\x4b', + '\x89', '\x2e', '\x41', '\x30', '\x1f', '\x06', '\x03', '\x55', '\x1d', + '\x23', '\x04', '\x18', '\x30', '\x16', '\x80', '\x14', '\x09', '\xfb', + '\x77', '\xbb', '\xc8', '\x8f', '\xd6', '\xa4', '\xf0', '\x74', '\xb2', + '\x90', '\x46', '\x0a', '\x8d', '\x09', '\x4b', '\x89', '\x2e', '\x41', + '\x30', '\x0f', '\x06', '\x03', '\x55', '\x1d', '\x13', '\x01', '\x01', + '\xff', '\x04', '\x05', '\x30', '\x03', '\x01', '\x01', '\xff', '\x30', + '\x32', '\x06', '\x03', '\x55', '\x1d', '\x11', '\x04', '\x2b', '\x30', + '\x29', '\x82', '\x08', '\x66', '\x6f', '\x6f', '\x2e', '\x74', '\x65', + '\x73', '\x74', '\x82', '\x0c', '\x77', '\x77', '\x77', '\x2e', '\x66', + '\x6f', '\x6f', '\x2e', '\x74', '\x65', '\x73', '\x74', '\x82', '\x0f', + '\x2a', '\x2e', '\x77', '\x69', '\x6c', '\x64', '\x63', '\x61', '\x72', + '\x64', '\x2e', '\x74', '\x65', '\x73', '\x74', '\x30', '\x0d', '\x06', + '\x09', '\x2a', '\x86', '\x48', '\x86', '\xf7', '\x0d', '\x01', '\x01', + '\x0b', '\x05', '\x00', '\x03', '\x82', '\x01', '\x01', '\x00', '\x93', + '\xbc', '\x33', '\x4c', '\xa4', '\xdf', '\xdc', '\xed', '\x4b', '\x4d', + '\x5e', '\xdb', '\xdd', '\x4a', '\xb7', '\xbc', '\x50', '\x1f', '\xca', + '\x66', '\x4d', '\x28', '\x96', '\x42', '\x4e', '\x84', '\x44', '\x80', + '\x25', '\x17', '\x2c', '\x05', '\x93', '\xe0', '\x2a', '\x29', '\xef', + '\xe4', '\x26', '\x19', '\x63', '\xdf', '\xb2', '\x72', '\xb1', '\x82', + '\x7e', '\x5f', '\xce', '\x82', '\x41', '\xad', '\x96', '\x78', '\x94', + '\xa8', '\x21', '\xee', '\xf2', '\x4a', '\xf5', '\x41', '\xa8', '\xfb', + '\xe0', '\xe1', '\x22', '\x89', '\xf1', '\x40', '\x85', '\x86', '\x53', + '\x61', '\x57', '\x0f', '\x31', '\xae', '\x0c', '\xc3', '\x8d', '\xe8', + '\x29', '\xac', '\xe0', '\x03', '\x2d', '\x69', '\x44', '\x3d', '\xd6', + '\x3b', '\x2b', '\x0f', '\xb3', '\xf5', '\x83', '\x1b', '\x4e', '\x65', + '\x60', '\x6b', '\xa2', '\x01', '\x03', '\x1e', '\x98', '\xca', '\xca', + '\x32', '\xd4', '\x5b', '\xde', '\x45', '\xe2', '\x35', '\xd2', '\x54', + '\x1a', '\x2a', '\x38', '\xa7', '\x42', '\xa0', '\xf3', '\xef', '\x28', + '\xe3', '\x6e', '\x23', '\x77', '\x07', '\xd5', '\xef', '\xfd', '\x30', + '\xd6', '\x31', '\xfa', '\xf2', '\x94', '\x95', '\x2f', '\x03', '\x7a', + '\x43', '\xe0', '\xb3', '\x82', '\xca', '\x7e', '\xb4', '\x00', '\xc9', + '\x08', '\x15', '\x7b', '\x2e', '\x51', '\xec', '\xab', '\x68', '\xca', + '\xc2', '\xca', '\x44', '\xe1', '\xbe', '\xe4', '\x06', '\x98', '\x87', + '\x9b', '\x58', '\xbc', '\xf1', '\xea', '\x55', '\xf6', '\x64', '\x92', + '\xe6', '\x73', '\xc9', '\xf6', '\xc5', '\x7a', '\x90', '\x42', '\x83', + '\x39', '\x9e', '\xd0', '\xca', '\x85', '\x6c', '\x53', '\x99', '\x64', + '\xbb', '\x49', '\xdc', '\xae', '\x1c', '\xe5', '\x00', '\x65', '\x13', + '\xdd', '\xdc', '\xde', '\x3f', '\xf9', '\x14', '\x91', '\x0d', '\xe6', + '\xba', '\xc1', '\x7d', '\x5f', '\xd5', '\x6d', '\xe8', '\x65', '\x9c', + '\xfb', '\xda', '\x82', '\xf7', '\x4d', '\x45', '\x81', '\x8c', '\x54', + '\xec', '\x50', '\xbb', '\x14', '\xe9', '\x06', '\xda', '\x76', '\xb3', + '\xf0', '\xb7', '\xbb', '\x58', '\x4c', '\x8f', '\x6a', '\x5d', '\x8e', + '\x93', '\x5f', '\x35'}; + +QUIC_CONST_INIT const quiche::QuicheStringPiece kWildcardCertificate( + kWildcardCertificateRaw, + sizeof(kWildcardCertificateRaw)); + +QUIC_CONST_INIT const char kWildcardCertificatePrivateKeyRaw[] = { + '\x30', '\x82', '\x04', '\xbe', '\x02', '\x01', '\x00', '\x30', '\x0d', + '\x06', '\x09', '\x2a', '\x86', '\x48', '\x86', '\xf7', '\x0d', '\x01', + '\x01', '\x01', '\x05', '\x00', '\x04', '\x82', '\x04', '\xa8', '\x30', + '\x82', '\x04', '\xa4', '\x02', '\x01', '\x00', '\x02', '\x82', '\x01', + '\x01', '\x00', '\xcc', '\xd5', '\x5d', '\xa0', '\x4a', '\x03', '\x9d', + '\x89', '\xa2', '\xae', '\x7a', '\x59', '\x15', '\xf7', '\x27', '\x67', + '\x49', '\xa4', '\xc1', '\x87', '\xcd', '\x9c', '\x02', '\x9e', '\xb9', + '\x2f', '\xd1', '\xa1', '\x0d', '\x57', '\xff', '\xd6', '\xc0', '\x6a', + '\x7b', '\xaa', '\x52', '\xb2', '\x6e', '\xa6', '\x12', '\x34', '\xcf', + '\xdc', '\xd3', '\x1e', '\x32', '\xc1', '\x8d', '\x42', '\xa3', '\x0b', + '\xd6', '\xaf', '\xe9', '\x37', '\x42', '\xf8', '\x78', '\xdc', '\xcb', + '\x2d', '\x0e', '\x42', '\x5a', '\xe2', '\xbf', '\xd2', '\xe4', '\x9c', + '\xb4', '\x34', '\x38', '\x97', '\x5e', '\x4d', '\x5e', '\x8a', '\x0b', + '\xd8', '\x42', '\x11', '\x88', '\x19', '\xa2', '\x23', '\x4b', '\xec', + '\x3b', '\x0a', '\xc9', '\x67', '\x49', '\x2c', '\x8e', '\x1c', '\x5e', + '\x7f', '\x42', '\xe7', '\x73', '\x0b', '\x86', '\x68', '\xf0', '\xaa', + '\x3f', '\x1e', '\x17', '\x3e', '\x29', '\xc4', '\x57', '\x6e', '\x34', + '\x78', '\xaf', '\x15', '\x03', '\x39', '\x32', '\x27', '\x80', '\x76', + '\xb1', '\xda', '\x08', '\xe5', '\x4d', '\x3f', '\x4c', '\xfc', '\x1e', + '\x23', '\x5a', '\xb3', '\xd4', '\x99', '\xdc', '\x5c', '\x2b', '\xf1', + '\xa8', '\xe3', '\x02', '\x0a', '\xc8', '\x4d', '\x63', '\x27', '\xb9', + '\x0d', '\x6c', '\xc2', '\x34', '\x82', '\x82', '\x5d', '\x56', '\xa8', + '\x93', '\x44', '\x8b', '\xf4', '\x8b', '\xf0', '\x63', '\xe5', '\x23', + '\x7f', '\x8d', '\x5f', '\x3a', '\x4a', '\xa5', '\x50', '\xb9', '\xc6', + '\x5c', '\xe6', '\x33', '\xe3', '\xfc', '\xc8', '\x96', '\x88', '\x88', + '\xe9', '\x53', '\xaf', '\x0d', '\xbb', '\x80', '\x9c', '\xbb', '\xed', + '\x4d', '\x06', '\xfa', '\xe9', '\x7c', '\x25', '\x1c', '\x59', '\xee', + '\x19', '\xcc', '\xa9', '\x7c', '\x1d', '\x86', '\xd9', '\x95', '\x78', + '\x2d', '\x3a', '\x95', '\x49', '\x11', '\x45', '\xfa', '\xd6', '\xef', + '\xd5', '\x07', '\x1c', '\x23', '\xeb', '\xad', '\xd3', '\x3b', '\x95', + '\xcf', '\x53', '\xa3', '\x47', '\xa9', '\xa7', '\x90', '\xde', '\x34', + '\xa4', '\xbb', '\x05', '\xdc', '\x54', '\x87', '\x97', '\x30', '\xea', + '\x25', '\xf0', '\xfd', '\xba', '\xa1', '\x1b', '\x02', '\x03', '\x01', + '\x00', '\x01', '\x02', '\x82', '\x01', '\x01', '\x00', '\xa3', '\xb3', + '\x01', '\x98', '\x50', '\x8e', '\x83', '\x20', '\xb4', '\x3a', '\xec', + '\xdc', '\xb5', '\x89', '\x48', '\x9c', '\x6b', '\x66', '\x98', '\xa4', + '\x87', '\xd5', '\xde', '\xe2', '\x2a', '\xed', '\xe4', '\x82', '\xe9', + '\xbf', '\x22', '\x5f', '\xe6', '\x77', '\x33', '\x4d', '\xf3', '\xb9', + '\x56', '\x64', '\xb2', '\xb8', '\x32', '\x47', '\x31', '\x12', '\x39', + '\x4e', '\x26', '\x2e', '\xd3', '\x4f', '\x6a', '\xcc', '\x3b', '\x7e', + '\x46', '\xaf', '\x7d', '\x28', '\x37', '\xd8', '\x52', '\x45', '\x05', + '\x8d', '\xa1', '\xf0', '\x51', '\x74', '\x4b', '\x30', '\x50', '\xe9', + '\xe8', '\x1b', '\xbd', '\x2a', '\x66', '\x3c', '\xf6', '\xd0', '\x3c', + '\x0d', '\x00', '\x5f', '\x65', '\x15', '\xee', '\x39', '\xb8', '\xac', + '\x2a', '\xf6', '\xc8', '\xbc', '\x33', '\x69', '\x51', '\x76', '\xd7', + '\xa2', '\xa6', '\x50', '\xc7', '\xc5', '\xc7', '\x9b', '\xac', '\xc7', + '\xa9', '\x69', '\x98', '\xd6', '\x22', '\x69', '\x30', '\xc3', '\x82', + '\x47', '\xfb', '\xa5', '\x46', '\x2d', '\x96', '\x05', '\xc2', '\x84', + '\xd1', '\x1d', '\xd5', '\xa7', '\x5c', '\xdb', '\x6d', '\x35', '\x7b', + '\x1b', '\x80', '\xe4', '\x42', '\x1f', '\x4d', '\x68', '\x2e', '\xbc', + '\x58', '\xb6', '\x7c', '\x7e', '\xc5', '\x07', '\xe1', '\xf5', '\x30', + '\xa9', '\x8f', '\x14', '\x76', '\xad', '\xe2', '\xdf', '\xaf', '\xd3', + '\xf1', '\xba', '\xd5', '\x98', '\xf3', '\x5e', '\x30', '\x79', '\xcb', + '\xe7', '\x7a', '\x83', '\xba', '\xf7', '\x71', '\xb0', '\xb2', '\xd1', + '\xf4', '\x34', '\x5b', '\xe1', '\xe8', '\x60', '\x39', '\x96', '\x12', + '\xdc', '\xb4', '\x0d', '\xf9', '\x8d', '\x8c', '\xd8', '\xbb', '\xb7', + '\xd2', '\x1b', '\x83', '\x10', '\xbd', '\x86', '\xef', '\x5c', '\x6c', + '\xe3', '\xb1', '\x96', '\x7f', '\xab', '\x58', '\xce', '\x87', '\xc9', + '\x48', '\x69', '\xbb', '\xb1', '\xec', '\xa4', '\x3a', '\x06', '\xa3', + '\x33', '\xad', '\x7a', '\xe5', '\x88', '\x6d', '\x32', '\x67', '\x1c', + '\x03', '\xda', '\x9d', '\x3c', '\x73', '\xe0', '\xd7', '\x6c', '\x00', + '\xe4', '\x8d', '\x7d', '\xf2', '\xac', '\xa5', '\xb8', '\x35', '\xb9', + '\xac', '\x81', '\x02', '\x81', '\x81', '\x00', '\xe8', '\xd5', '\x5b', + '\xd0', '\x4f', '\x7c', '\xfc', '\x4b', '\xe6', '\xe8', '\x3c', '\x4c', + '\x24', '\xce', '\x68', '\x73', '\x3b', '\x4b', '\xa0', '\xfb', '\x79', + '\xa5', '\x72', '\x1d', '\x77', '\xb2', '\xdf', '\x2b', '\x0a', '\x11', + '\x28', '\xe8', '\x02', '\x7f', '\x26', '\x40', '\x34', '\x8f', '\x78', + '\x18', '\xad', '\xf4', '\x11', '\x78', '\x45', '\x9f', '\x66', '\x4e', + '\x78', '\x71', '\x60', '\x40', '\xeb', '\x64', '\x28', '\x06', '\xae', + '\x9b', '\x32', '\x73', '\xb5', '\xe1', '\x7e', '\x3c', '\x07', '\x31', + '\x8d', '\x82', '\xed', '\x6a', '\xe6', '\x1e', '\x65', '\x9e', '\x81', + '\x29', '\x08', '\x56', '\x17', '\x4b', '\x31', '\xc3', '\xf5', '\x27', + '\xef', '\xb8', '\xda', '\x58', '\xff', '\x36', '\x47', '\x12', '\xb0', + '\xef', '\x14', '\x20', '\x5c', '\x48', '\xb3', '\x84', '\x0d', '\x64', + '\x22', '\x3e', '\xfe', '\x94', '\x17', '\x6c', '\x45', '\xe7', '\x3f', + '\x4c', '\x90', '\x67', '\x13', '\x1a', '\xa8', '\xbc', '\x5b', '\xd0', + '\xc1', '\x8a', '\xa9', '\x42', '\xbe', '\xe4', '\x0e', '\x59', '\x02', + '\x81', '\x81', '\x00', '\xe1', '\x36', '\xcd', '\x86', '\x1e', '\xcb', + '\x8b', '\x68', '\x65', '\x6b', '\x42', '\xec', '\x50', '\x29', '\xa0', + '\xab', '\x3a', '\xe5', '\x6f', '\xe1', '\x13', '\xe8', '\xa3', '\x6b', + '\x7c', '\x2b', '\xd3', '\x69', '\x89', '\x47', '\x07', '\x39', '\xb2', + '\x0f', '\x03', '\x4e', '\x6f', '\x28', '\x94', '\x1d', '\x1f', '\x22', + '\x47', '\xf9', '\x95', '\xff', '\x3e', '\xa4', '\x26', '\x38', '\x07', + '\x5b', '\xdd', '\xef', '\x0a', '\xa5', '\xe8', '\x99', '\xad', '\x91', + '\x68', '\x83', '\xf2', '\xf5', '\xa5', '\x3d', '\x21', '\x88', '\xa5', + '\x6a', '\x39', '\x3b', '\xca', '\x4c', '\xc9', '\xd1', '\x9a', '\x74', + '\xb2', '\xe3', '\x73', '\x5d', '\xfe', '\xbd', '\x05', '\x1b', '\x9a', + '\x13', '\x98', '\x39', '\x93', '\xf3', '\x88', '\x55', '\x61', '\x85', + '\x7a', '\x53', '\x5a', '\xd9', '\x2c', '\xdb', '\x15', '\x69', '\xa6', + '\x31', '\x09', '\xbb', '\xd1', '\xe8', '\x6e', '\x8c', '\x47', '\x77', + '\x1e', '\x9b', '\xbe', '\xb7', '\x57', '\xd4', '\xaa', '\xd5', '\x92', + '\xa1', '\xd5', '\x55', '\x04', '\x93', '\x02', '\x81', '\x80', '\x06', + '\x84', '\x01', '\xff', '\xc0', '\x59', '\xb5', '\x0d', '\xc2', '\xb6', + '\x79', '\x09', '\x80', '\x76', '\x2e', '\x42', '\x1b', '\x44', '\xb0', + '\x8a', '\x99', '\x0a', '\xe2', '\x38', '\xa4', '\xe2', '\xe2', '\x8f', + '\xe7', '\xc6', '\x37', '\x28', '\xd6', '\xf9', '\x0b', '\xee', '\xfc', + '\x09', '\x8f', '\xc8', '\xd1', '\x05', '\x65', '\x7f', '\xc2', '\x23', + '\x05', '\xcf', '\xe8', '\x5a', '\xf3', '\xe0', '\x9d', '\x35', '\xbe', + '\x51', '\x01', '\x8d', '\xe2', '\x49', '\x8e', '\xab', '\x72', '\xc6', + '\xe7', '\x44', '\xa1', '\xbb', '\x2a', '\x3d', '\xb5', '\x96', '\xe0', + '\x2d', '\x21', '\x5c', '\x2e', '\x99', '\x8a', '\x29', '\x56', '\x89', + '\x2f', '\x51', '\x20', '\xca', '\x41', '\x82', '\x00', '\x12', '\x5a', + '\xc6', '\xd1', '\x20', '\xbf', '\xa5', '\x70', '\x2f', '\xb0', '\xa6', + '\x5f', '\x61', '\x8f', '\xfb', '\xc7', '\x50', '\x09', '\x9f', '\xc4', + '\x0d', '\x06', '\x9e', '\x73', '\xe4', '\x0e', '\x8a', '\xce', '\x72', + '\x06', '\xf7', '\xbe', '\x92', '\xcc', '\xcd', '\xcb', '\x5d', '\xc2', + '\x71', '\x02', '\x81', '\x80', '\x26', '\xf3', '\xba', '\x92', '\x52', + '\xeb', '\x33', '\x7e', '\x67', '\xe4', '\x28', '\x5c', '\x04', '\xf5', + '\x5e', '\x33', '\x9f', '\x69', '\x25', '\x73', '\x91', '\x64', '\xf0', + '\x36', '\xdb', '\xf0', '\x1c', '\x8d', '\xa9', '\x4f', '\x9e', '\xa1', + '\x4c', '\xf9', '\xa9', '\xc1', '\xbc', '\x1a', '\x11', '\x9c', '\x03', + '\xd1', '\x83', '\x0f', '\x58', '\xf1', '\x1f', '\x9d', '\x76', '\x7a', + '\xc4', '\x53', '\x10', '\x4c', '\x92', '\xd3', '\xe5', '\x2a', '\x07', + '\x4a', '\x1a', '\x00', '\x90', '\x5a', '\x0a', '\x2d', '\x4b', '\x8a', + '\x7d', '\xc9', '\xa4', '\x82', '\x81', '\xd7', '\xcc', '\x24', '\x33', + '\x89', '\xb1', '\x93', '\x03', '\x56', '\x23', '\x83', '\xff', '\xc9', + '\x29', '\x59', '\xf0', '\x3f', '\x2d', '\x26', '\xb6', '\xd2', '\xc5', + '\x9e', '\x37', '\x6d', '\x09', '\x4e', '\x7c', '\xa2', '\x9b', '\xce', + '\x7d', '\x0f', '\x08', '\x36', '\xf2', '\xf4', '\x37', '\x82', '\x8d', + '\xad', '\xbd', '\x9e', '\x84', '\x5a', '\xe3', '\x97', '\x05', '\xc1', + '\x10', '\xae', '\x6a', '\xde', '\x5c', '\x7f', '\x02', '\x81', '\x81', + '\x00', '\x9b', '\x8e', '\xa4', '\x2b', '\xcf', '\xb6', '\x30', '\x1c', + '\xb5', '\x82', '\x50', '\x08', '\xc0', '\x0b', '\x57', '\xf4', '\x2d', + '\x82', '\x39', '\x11', '\x1b', '\x02', '\xe6', '\xbe', '\x14', '\x26', + '\x77', '\xd7', '\x26', '\x1f', '\x0d', '\x92', '\xc6', '\x67', '\xa0', + '\x01', '\x6c', '\xd9', '\x7a', '\xdf', '\xc3', '\x3d', '\x50', '\x8d', + '\x43', '\xef', '\x95', '\x50', '\x72', '\x25', '\x06', '\x28', '\x7a', + '\x7e', '\x99', '\xea', '\x4d', '\xe8', '\x87', '\xe5', '\xca', '\x71', + '\x36', '\x8a', '\xce', '\x18', '\x55', '\xe4', '\x87', '\x39', '\x3d', + '\xea', '\x9a', '\x22', '\x99', '\x1a', '\xab', '\xe3', '\x6f', '\x48', + '\x78', '\x49', '\x8f', '\xf6', '\xfa', '\xb1', '\xb8', '\x68', '\xae', + '\xc3', '\x47', '\x1d', '\x8f', '\x1d', '\x11', '\xa1', '\x06', '\xf5', + '\xc0', '\x0d', '\xcf', '\x7b', '\x33', '\xfe', '\x0c', '\x69', '\xca', + '\x46', '\xfe', '\x2c', '\xac', '\xd8', '\x4d', '\x02', '\x79', '\xfe', + '\x47', '\xca', '\x21', '\x30', '\x65', '\xa4', '\xe5', '\xaa', '\x4e', + '\x9c', '\xbc', '\xa5'}; + +QUIC_CONST_INIT const quiche::QuicheStringPiece kWildcardCertificatePrivateKey( + kWildcardCertificatePrivateKeyRaw, + sizeof(kWildcardCertificatePrivateKeyRaw)); + +} // namespace test +} // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/test_certificates.h b/chromium/net/third_party/quiche/src/quic/test_tools/test_certificates.h new file mode 100644 index 00000000000..ec4a4d407d5 --- /dev/null +++ b/chromium/net/third_party/quiche/src/quic/test_tools/test_certificates.h @@ -0,0 +1,45 @@ +// Copyright 2020 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef QUICHE_QUIC_TEST_TOOLS_TEST_CERTIFICATES_H_ +#define QUICHE_QUIC_TEST_TOOLS_TEST_CERTIFICATES_H_ + +#include "net/third_party/quiche/src/quic/platform/api/quic_macros.h" +#include "net/third_party/quiche/src/common/platform/api/quiche_string_piece.h" + +namespace quic { +namespace test { + +// A test certificate generated by //net/tools/quic/certs/generate-certs.sh. +QUIC_CONST_INIT extern const quiche::QuicheStringPiece kTestCertificate; + +// PEM-encoded version of |kTestCertificate|. +QUIC_CONST_INIT extern const char kTestCertificatePem[]; + +// |kTestCertificatePem| with a PEM-encoded root appended to the end. +QUIC_CONST_INIT extern const char kTestCertificateChainPem[]; + +// DER-encoded private key for |kTestCertificate|. +QUIC_CONST_INIT extern const quiche::QuicheStringPiece + kTestCertificatePrivateKey; + +// PEM-encoded version of |kTestCertificatePrivateKey|. +QUIC_CONST_INIT extern const char kTestCertificatePrivateKeyPem[]; + +// The legacy PEM-encoded version of |kTestCertificatePrivateKey| manually +// generated from the one above using der2ascii. +QUIC_CONST_INIT extern const char kTestCertificatePrivateKeyLegacyPem[]; + +// Another DER-encoded test certificate, valid for foo.test, www.foo.test and +// *.wildcard.test. +QUIC_CONST_INIT extern const quiche::QuicheStringPiece kWildcardCertificate; + +// DER-encoded private key for |kWildcardCertificate|. +QUIC_CONST_INIT extern const quiche::QuicheStringPiece + kWildcardCertificatePrivateKey; + +} // namespace test +} // namespace quic + +#endif // QUICHE_QUIC_TEST_TOOLS_TEST_CERTIFICATES_H_ diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/test_ticket_crypter.cc b/chromium/net/third_party/quiche/src/quic/test_tools/test_ticket_crypter.cc new file mode 100644 index 00000000000..4d0d93e8f17 --- /dev/null +++ b/chromium/net/third_party/quiche/src/quic/test_tools/test_ticket_crypter.cc @@ -0,0 +1,74 @@ +// Copyright (c) 2020 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/third_party/quiche/src/quic/test_tools/test_ticket_crypter.h" + +#include <cstring> + +#include "net/third_party/quiche/src/common/platform/api/quiche_arraysize.h" + +namespace quic { +namespace test { + +namespace { + +// A TicketCrypter implementation is supposed to encrypt and decrypt session +// tickets. However, the only requirement that is needed of a test +// implementation is that calling Decrypt(Encrypt(input), callback) results in +// callback being called with input. (The output of Encrypt must also not exceed +// the overhead specified by MaxOverhead.) This test implementation encrypts +// tickets by prepending kTicketPrefix to generate the ciphertext. The decrypt +// function checks that the prefix is present and strips it; otherwise it +// returns an empty vector to signal failure. +constexpr char kTicketPrefix[] = "TEST TICKET"; + +} // namespace + +size_t TestTicketCrypter::MaxOverhead() { + return QUICHE_ARRAYSIZE(kTicketPrefix); +} + +std::vector<uint8_t> TestTicketCrypter::Encrypt(quiche::QuicheStringPiece in) { + size_t prefix_len = QUICHE_ARRAYSIZE(kTicketPrefix); + std::vector<uint8_t> out(prefix_len + in.size()); + memcpy(out.data(), kTicketPrefix, prefix_len); + memcpy(out.data() + prefix_len, in.data(), in.size()); + return out; +} + +std::vector<uint8_t> TestTicketCrypter::Decrypt(quiche::QuicheStringPiece in) { + size_t prefix_len = QUICHE_ARRAYSIZE(kTicketPrefix); + if (fail_decrypt_ || in.size() < prefix_len || + memcmp(kTicketPrefix, in.data(), prefix_len) != 0) { + return std::vector<uint8_t>(); + } + return std::vector<uint8_t>(in.begin() + prefix_len, in.end()); +} + +void TestTicketCrypter::Decrypt( + quiche::QuicheStringPiece in, + std::unique_ptr<ProofSource::DecryptCallback> callback) { + auto decrypted_ticket = Decrypt(in); + if (run_async_) { + pending_callbacks_.push_back({std::move(callback), decrypted_ticket}); + } else { + callback->Run(decrypted_ticket); + } +} + +void TestTicketCrypter::SetRunCallbacksAsync(bool run_async) { + run_async_ = run_async; +} + +size_t TestTicketCrypter::NumPendingCallbacks() { + return pending_callbacks_.size(); +} + +void TestTicketCrypter::RunPendingCallback(size_t n) { + const PendingCallback& callback = pending_callbacks_[n]; + callback.callback->Run(callback.decrypted_ticket); +} + +} // namespace test +} // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/test_tools/test_ticket_crypter.h b/chromium/net/third_party/quiche/src/quic/test_tools/test_ticket_crypter.h new file mode 100644 index 00000000000..b59634856c0 --- /dev/null +++ b/chromium/net/third_party/quiche/src/quic/test_tools/test_ticket_crypter.h @@ -0,0 +1,49 @@ +// Copyright (c) 2020 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef QUICHE_QUIC_TEST_TOOLS_TEST_TICKET_CRYPTER_H_ +#define QUICHE_QUIC_TEST_TOOLS_TEST_TICKET_CRYPTER_H_ + +#include "net/third_party/quiche/src/quic/core/crypto/proof_source.h" + +namespace quic { +namespace test { + +// Provides a simple implementation of ProofSource::TicketCrypter for testing. +// THIS IMPLEMENTATION IS NOT SECURE. It is only intended for testing purposes. +class TestTicketCrypter : public ProofSource::TicketCrypter { + public: + ~TestTicketCrypter() override = default; + + // TicketCrypter interface + size_t MaxOverhead() override; + std::vector<uint8_t> Encrypt(quiche::QuicheStringPiece in) override; + void Decrypt(quiche::QuicheStringPiece in, + std::unique_ptr<ProofSource::DecryptCallback> callback) override; + + void SetRunCallbacksAsync(bool run_async); + size_t NumPendingCallbacks(); + void RunPendingCallback(size_t n); + + // Allows configuring this TestTicketCrypter to fail decryption. + void set_fail_decrypt(bool fail_decrypt) { fail_decrypt_ = fail_decrypt; } + + private: + // Performs the Decrypt operation synchronously. + std::vector<uint8_t> Decrypt(quiche::QuicheStringPiece in); + + struct PendingCallback { + std::unique_ptr<ProofSource::DecryptCallback> callback; + std::vector<uint8_t> decrypted_ticket; + }; + + bool fail_decrypt_ = false; + bool run_async_ = false; + std::vector<PendingCallback> pending_callbacks_; +}; + +} // namespace test +} // namespace quic + +#endif // QUICHE_QUIC_TEST_TOOLS_TEST_TICKET_CRYPTER_H_ diff --git a/chromium/net/third_party/quiche/src/quic/tools/fake_proof_verifier.h b/chromium/net/third_party/quiche/src/quic/tools/fake_proof_verifier.h index a605e071992..7f4a38ea5ec 100644 --- a/chromium/net/third_party/quiche/src/quic/tools/fake_proof_verifier.h +++ b/chromium/net/third_party/quiche/src/quic/tools/fake_proof_verifier.h @@ -31,6 +31,7 @@ class FakeProofVerifier : public ProofVerifier { } QuicAsyncStatus VerifyCertChain( const std::string& /*hostname*/, + const uint16_t /*port*/, const std::vector<std::string>& /*certs*/, const std::string& /*ocsp_response*/, const std::string& /*cert_sct*/, diff --git a/chromium/net/third_party/quiche/src/quic/tools/quic_client_base.cc b/chromium/net/third_party/quiche/src/quic/tools/quic_client_base.cc index 4b511849cb6..11edb195a9d 100644 --- a/chromium/net/third_party/quiche/src/quic/tools/quic_client_base.cc +++ b/chromium/net/third_party/quiche/src/quic/tools/quic_client_base.cc @@ -37,7 +37,9 @@ QuicClientBase::QuicClientBase( connection_error_(QUIC_NO_ERROR), connected_or_attempting_connect_(false), network_helper_(std::move(network_helper)), - connection_debug_visitor_(nullptr) {} + connection_debug_visitor_(nullptr), + server_connection_id_length_(kQuicDefaultConnectionIdLength), + client_connection_id_length_(0) {} QuicClientBase::~QuicClientBase() = default; @@ -306,11 +308,11 @@ QuicConnectionId QuicClientBase::GetNextServerDesignatedConnectionId() { } QuicConnectionId QuicClientBase::GenerateNewConnectionId() { - return QuicUtils::CreateRandomConnectionId(); + return QuicUtils::CreateRandomConnectionId(server_connection_id_length_); } QuicConnectionId QuicClientBase::GetClientConnectionId() { - return EmptyQuicConnectionId(); + return QuicUtils::CreateRandomConnectionId(client_connection_id_length_); } bool QuicClientBase::CanReconnectWithDifferentVersion( diff --git a/chromium/net/third_party/quiche/src/quic/tools/quic_client_base.h b/chromium/net/third_party/quiche/src/quic/tools/quic_client_base.h index 6c1e09a78d0..0a40b82d64a 100644 --- a/chromium/net/third_party/quiche/src/quic/tools/quic_client_base.h +++ b/chromium/net/third_party/quiche/src/quic/tools/quic_client_base.h @@ -230,6 +230,14 @@ class QuicClientBase { connection_debug_visitor_ = connection_debug_visitor; } + void set_server_connection_id_length(uint8_t server_connection_id_length) { + server_connection_id_length_ = server_connection_id_length; + } + + void set_client_connection_id_length(uint8_t client_connection_id_length) { + client_connection_id_length_ = client_connection_id_length; + } + protected: // TODO(rch): Move GetNumSentClientHellosFromSession and // GetNumReceivedServerConfigUpdatesFromSession into a new/better @@ -352,6 +360,14 @@ class QuicClientBase { // The debug visitor set on the connection right after it is constructed. // Not owned, must be valid for the lifetime of the QuicClientBase instance. QuicConnectionDebugVisitor* connection_debug_visitor_; + + // GenerateNewConnectionId creates a random connection ID of this length. + // Defaults to 8. + uint8_t server_connection_id_length_; + + // GetClientConnectionId creates a random connection ID of this length. + // Defaults to 0. + uint8_t client_connection_id_length_; }; } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/tools/quic_client_interop_test_bin.cc b/chromium/net/third_party/quiche/src/quic/tools/quic_client_interop_test_bin.cc index 9745955799f..803e313ea24 100644 --- a/chromium/net/third_party/quiche/src/quic/tools/quic_client_interop_test_bin.cc +++ b/chromium/net/third_party/quiche/src/quic/tools/quic_client_interop_test_bin.cc @@ -105,20 +105,21 @@ class QuicClientInteropRunner : QuicConnectionDebugVisitor { QUIC_LOG(ERROR) << "Received unexpected GoogleQUIC connection close"; break; case IETF_QUIC_TRANSPORT_CONNECTION_CLOSE: - if (frame.transport_error_code == NO_IETF_QUIC_ERROR) { + if (frame.wire_error_code == NO_IETF_QUIC_ERROR) { InsertFeature(Feature::kConnectionClose); } else { QUIC_LOG(ERROR) << "Received transport connection close " << QuicIetfTransportErrorCodeString( - frame.transport_error_code); + static_cast<QuicIetfTransportErrorCodes>( + frame.wire_error_code)); } break; case IETF_QUIC_APPLICATION_CONNECTION_CLOSE: - if (frame.application_error_code == 0) { + if (frame.wire_error_code == 0) { InsertFeature(Feature::kConnectionClose); } else { QUIC_LOG(ERROR) << "Received application connection close " - << frame.application_error_code; + << frame.wire_error_code; } break; } @@ -166,7 +167,7 @@ void QuicClientInteropRunner::AttemptRequest(QuicSocketAddress addr, QuicEpollClock epoll_clock(&epoll_server); QuicConfig config; QuicTime::Delta timeout = QuicTime::Delta::FromSeconds(20); - config.SetIdleNetworkTimeout(timeout, timeout); + config.SetIdleNetworkTimeout(timeout); auto client = std::make_unique<QuicClient>( addr, server_id, versions, config, &epoll_server, std::move(proof_verifier), std::move(session_cache)); @@ -261,7 +262,9 @@ void QuicClientInteropRunner::AttemptRequest(QuicSocketAddress addr, AttemptResumption(client.get()); } -std::set<Feature> ServerSupport(std::string host, int port) { +std::set<Feature> ServerSupport(std::string dns_host, + std::string url_host, + int port) { // Enable IETF version support. QuicVersionInitializeSupportForIetfDraft(); ParsedQuicVersion version = UnsupportedQuicVersion(); @@ -278,13 +281,13 @@ std::set<Feature> ServerSupport(std::string host, int port) { // Build the client, and try to connect. QuicSocketAddress addr = - tools::LookupAddress(host, quiche::QuicheStrCat(port)); + tools::LookupAddress(dns_host, quiche::QuicheStrCat(port)); if (!addr.IsInitialized()) { - QUIC_LOG(ERROR) << "Failed to resolve " << host; + QUIC_LOG(ERROR) << "Failed to resolve " << dns_host; return std::set<Feature>(); } - QuicServerId server_id(host, port, false); - std::string authority = quiche::QuicheStrCat(host, ":", port); + QuicServerId server_id(url_host, port, false); + std::string authority = quiche::QuicheStrCat(url_host, ":", port); QuicClientInteropRunner runner; @@ -307,13 +310,15 @@ int main(int argc, char* argv[]) { quic::QuicPrintCommandLineFlagHelp(usage); exit(1); } - std::string host = GetQuicFlag(FLAGS_host); + std::string dns_host = GetQuicFlag(FLAGS_host); + std::string url_host = ""; int port = GetQuicFlag(FLAGS_port); if (!args.empty()) { quic::QuicUrl url(args[0], "https"); - if (host.empty()) { - host = url.host(); + url_host = url.host(); + if (dns_host.empty()) { + dns_host = url_host; } if (port == 0) { port = url.port(); @@ -322,13 +327,16 @@ int main(int argc, char* argv[]) { if (port == 0) { port = 443; } - if (host.empty()) { + if (dns_host.empty()) { quic::QuicPrintCommandLineFlagHelp(usage); exit(1); } + if (url_host.empty()) { + url_host = dns_host; + } - auto supported_features = quic::ServerSupport(host, port); - std::cout << "Results for " << host << ":" << port << std::endl; + auto supported_features = quic::ServerSupport(dns_host, url_host, port); + std::cout << "Results for " << url_host << ":" << port << std::endl; int current_row = 1; for (auto feature : supported_features) { if (current_row < 2 && feature >= quic::Feature::kRebinding) { diff --git a/chromium/net/third_party/quiche/src/quic/tools/quic_memory_cache_backend.h b/chromium/net/third_party/quiche/src/quic/tools/quic_memory_cache_backend.h index 38d445c6006..56a2323b190 100644 --- a/chromium/net/third_party/quiche/src/quic/tools/quic_memory_cache_backend.h +++ b/chromium/net/third_party/quiche/src/quic/tools/quic_memory_cache_backend.h @@ -178,7 +178,7 @@ class QuicMemoryCacheBackend : public QuicSimpleServerBackend { QuicBackendResponse::ServerPushInfo resource); // Cached responses. - QuicUnorderedMap<std::string, std::unique_ptr<QuicBackendResponse>> responses_ + QuicHashMap<std::string, std::unique_ptr<QuicBackendResponse>> responses_ QUIC_GUARDED_BY(response_mutex_); // The default response for cache misses, if set. diff --git a/chromium/net/third_party/quiche/src/quic/tools/quic_server_test.cc b/chromium/net/third_party/quiche/src/quic/tools/quic_server_test.cc index fb7955f2554..3c4372018fb 100644 --- a/chromium/net/third_party/quiche/src/quic/tools/quic_server_test.cc +++ b/chromium/net/third_party/quiche/src/quic/tools/quic_server_test.cc @@ -48,10 +48,10 @@ class MockQuicSimpleDispatcher : public QuicSimpleDispatcher { kQuicDefaultConnectionIdLength) {} ~MockQuicSimpleDispatcher() override = default; - MOCK_METHOD0(OnCanWrite, void()); - MOCK_CONST_METHOD0(HasPendingWrites, bool()); - MOCK_CONST_METHOD0(HasChlosBuffered, bool()); - MOCK_METHOD1(ProcessBufferedChlos, void(size_t)); + MOCK_METHOD(void, OnCanWrite, (), (override)); + MOCK_METHOD(bool, HasPendingWrites, (), (const, override)); + MOCK_METHOD(bool, HasChlosBuffered, (), (const, override)); + MOCK_METHOD(void, ProcessBufferedChlos, (size_t), (override)); }; class TestQuicServer : public QuicServer { diff --git a/chromium/net/third_party/quiche/src/quic/tools/quic_simple_server_session.cc b/chromium/net/third_party/quiche/src/quic/tools/quic_simple_server_session.cc index 5c83b4800fd..f84a248cda8 100644 --- a/chromium/net/third_party/quiche/src/quic/tools/quic_simple_server_session.cc +++ b/chromium/net/third_party/quiche/src/quic/tools/quic_simple_server_session.cc @@ -75,15 +75,14 @@ void QuicSimpleServerSession::PromisePushResources( spdy::SpdyHeaderBlock headers = SynthesizePushRequestHeaders( request_url, resource, original_request_headers); // TODO(b/136295430): Use sequential push IDs for IETF QUIC. - // TODO(bnc): If |highest_promised_stream_id_| is too large, it will always - // be skipped. Fix it by not incrementing if CanCreatePushStreamWithId() - // returns false. - highest_promised_stream_id_ += + auto new_highest_promised_stream_id = + highest_promised_stream_id_ + QuicUtils::StreamIdDelta(transport_version()); if (VersionUsesHttp3(transport_version()) && - !CanCreatePushStreamWithId(highest_promised_stream_id_)) { + !CanCreatePushStreamWithId(new_highest_promised_stream_id)) { return; } + highest_promised_stream_id_ = new_highest_promised_stream_id; SendPushPromise(original_stream_id, highest_promised_stream_id_, headers.Clone()); promised_streams_.push_back(PromisedStreamInfo( diff --git a/chromium/net/third_party/quiche/src/quic/tools/quic_simple_server_session_test.cc b/chromium/net/third_party/quiche/src/quic/tools/quic_simple_server_session_test.cc index f9c28a701d0..f5dad7d2d3f 100644 --- a/chromium/net/third_party/quiche/src/quic/tools/quic_simple_server_session_test.cc +++ b/chromium/net/third_party/quiche/src/quic/tools/quic_simple_server_session_test.cc @@ -95,8 +95,10 @@ class MockQuicCryptoServerStream : public QuicCryptoServerStream { delete; ~MockQuicCryptoServerStream() override {} - MOCK_METHOD1(SendServerConfigUpdate, - void(const CachedNetworkParameters* cached_network_parameters)); + MOCK_METHOD(void, + SendServerConfigUpdate, + (const CachedNetworkParameters*), + (override)); bool encryption_established() const override { return true; } }; @@ -104,15 +106,16 @@ class MockQuicCryptoServerStream : public QuicCryptoServerStream { class MockTlsServerHandshaker : public TlsServerHandshaker { public: explicit MockTlsServerHandshaker(QuicSession* session, - SSL_CTX* ssl_ctx, - ProofSource* proof_source) - : TlsServerHandshaker(session, ssl_ctx, proof_source) {} + const QuicCryptoServerConfig& crypto_config) + : TlsServerHandshaker(session, crypto_config) {} MockTlsServerHandshaker(const MockTlsServerHandshaker&) = delete; MockTlsServerHandshaker& operator=(const MockTlsServerHandshaker&) = delete; ~MockTlsServerHandshaker() override {} - MOCK_METHOD1(SendServerConfigUpdate, - void(const CachedNetworkParameters* cached_network_parameters)); + MOCK_METHOD(void, + SendServerConfigUpdate, + (const CachedNetworkParameters*), + (override)); bool encryption_established() const override { return true; } }; @@ -127,8 +130,7 @@ QuicCryptoServerStreamBase* CreateMockCryptoServerStream( return new MockQuicCryptoServerStream( crypto_config, compressed_certs_cache, session, helper); case PROTOCOL_TLS1_3: - return new MockTlsServerHandshaker(session, crypto_config->ssl_ctx(), - crypto_config->proof_source()); + return new MockTlsServerHandshaker(session, *crypto_config); case PROTOCOL_UNSUPPORTED: break; } @@ -158,11 +160,13 @@ class MockQuicConnectionWithSendStreamData : public MockQuicConnection { .WillByDefault(Invoke(consume_all_data)); } - MOCK_METHOD4(SendStreamData, - QuicConsumedData(QuicStreamId id, - size_t write_length, - QuicStreamOffset offset, - StreamSendingState state)); + MOCK_METHOD(QuicConsumedData, + SendStreamData, + (QuicStreamId id, + size_t write_length, + QuicStreamOffset offset, + StreamSendingState state), + (override)); }; class MockQuicSimpleServerSession : public QuicSimpleServerSession { @@ -191,12 +195,14 @@ class MockQuicSimpleServerSession : public QuicSimpleServerSession { return WritePushPromiseMock(original_stream_id, promised_stream_id, headers); } - MOCK_METHOD3(WritePushPromiseMock, - void(QuicStreamId original_stream_id, - QuicStreamId promised_stream_id, - const spdy::SpdyHeaderBlock& headers)); - - MOCK_METHOD1(SendBlocked, void(QuicStreamId)); + MOCK_METHOD(void, + WritePushPromiseMock, + (QuicStreamId original_stream_id, + QuicStreamId promised_stream_id, + const spdy::SpdyHeaderBlock& headers), + ()); + + MOCK_METHOD(void, SendBlocked, (QuicStreamId), (override)); }; class QuicSimpleServerSessionTest @@ -323,7 +329,7 @@ TEST_P(QuicSimpleServerSessionTest, CloseStreamDueToReset) { QuicStreamFrame data1(GetNthClientInitiatedBidirectionalId(0), false, 0, quiche::QuicheStringPiece("HT")); session_->OnStreamFrame(data1); - EXPECT_EQ(1u, session_->GetNumOpenIncomingStreams()); + EXPECT_EQ(1u, QuicSessionPeer::GetNumOpenDynamicStreams(session_.get())); // Receive a reset (and send a RST in response). QuicRstStreamFrame rst1(kInvalidControlFrameId, @@ -343,13 +349,13 @@ TEST_P(QuicSimpleServerSessionTest, CloseStreamDueToReset) { // a one-way close. InjectStopSending(GetNthClientInitiatedBidirectionalId(0), QUIC_ERROR_PROCESSING_STREAM); - EXPECT_EQ(0u, session_->GetNumOpenIncomingStreams()); + EXPECT_EQ(0u, QuicSessionPeer::GetNumOpenDynamicStreams(session_.get())); // Send the same two bytes of payload in a new packet. session_->OnStreamFrame(data1); // The stream should not be re-opened. - EXPECT_EQ(0u, session_->GetNumOpenIncomingStreams()); + EXPECT_EQ(0u, QuicSessionPeer::GetNumOpenDynamicStreams(session_.get())); EXPECT_TRUE(connection_->connected()); } @@ -373,7 +379,7 @@ TEST_P(QuicSimpleServerSessionTest, NeverOpenStreamDueToReset) { InjectStopSending(GetNthClientInitiatedBidirectionalId(0), QUIC_ERROR_PROCESSING_STREAM); - EXPECT_EQ(0u, session_->GetNumOpenIncomingStreams()); + EXPECT_EQ(0u, QuicSessionPeer::GetNumOpenDynamicStreams(session_.get())); // Send two bytes of payload. QuicStreamFrame data1(GetNthClientInitiatedBidirectionalId(0), false, 0, @@ -381,7 +387,7 @@ TEST_P(QuicSimpleServerSessionTest, NeverOpenStreamDueToReset) { session_->OnStreamFrame(data1); // The stream should never be opened, now that the reset is received. - EXPECT_EQ(0u, session_->GetNumOpenIncomingStreams()); + EXPECT_EQ(0u, QuicSessionPeer::GetNumOpenDynamicStreams(session_.get())); EXPECT_TRUE(connection_->connected()); } @@ -393,7 +399,7 @@ TEST_P(QuicSimpleServerSessionTest, AcceptClosedStream) { quiche::QuicheStringPiece("\2\0\0\0\0\0\0\0HT")); session_->OnStreamFrame(frame1); session_->OnStreamFrame(frame2); - EXPECT_EQ(2u, session_->GetNumOpenIncomingStreams()); + EXPECT_EQ(2u, QuicSessionPeer::GetNumOpenDynamicStreams(session_.get())); // Send a reset (and expect the peer to send a RST in response). QuicRstStreamFrame rst(kInvalidControlFrameId, @@ -424,7 +430,7 @@ TEST_P(QuicSimpleServerSessionTest, AcceptClosedStream) { session_->OnStreamFrame(frame3); session_->OnStreamFrame(frame4); // The stream should never be opened, now that the reset is received. - EXPECT_EQ(1u, session_->GetNumOpenIncomingStreams()); + EXPECT_EQ(1u, QuicSessionPeer::GetNumOpenDynamicStreams(session_.get())); EXPECT_TRUE(connection_->connected()); } @@ -435,12 +441,14 @@ TEST_P(QuicSimpleServerSessionTest, CreateIncomingStreamDisconnected) { } // Tests that incoming stream creation fails when connection is not connected. - size_t initial_num_open_stream = session_->GetNumOpenIncomingStreams(); + size_t initial_num_open_stream = + QuicSessionPeer::GetNumOpenDynamicStreams(session_.get()); QuicConnectionPeer::TearDownLocalConnectionState(connection_); EXPECT_QUIC_BUG(QuicSimpleServerSessionPeer::CreateIncomingStream( session_.get(), GetNthClientInitiatedBidirectionalId(0)), "ShouldCreateIncomingStream called when disconnected"); - EXPECT_EQ(initial_num_open_stream, session_->GetNumOpenIncomingStreams()); + EXPECT_EQ(initial_num_open_stream, + QuicSessionPeer::GetNumOpenDynamicStreams(session_.get())); } TEST_P(QuicSimpleServerSessionTest, CreateIncomingStream) { @@ -457,14 +465,16 @@ TEST_P(QuicSimpleServerSessionTest, CreateOutgoingDynamicStreamDisconnected) { } // Tests that outgoing stream creation fails when connection is not connected. - size_t initial_num_open_stream = session_->GetNumOpenOutgoingStreams(); + size_t initial_num_open_stream = + QuicSessionPeer::GetNumOpenDynamicStreams(session_.get()); QuicConnectionPeer::TearDownLocalConnectionState(connection_); EXPECT_QUIC_BUG( QuicSimpleServerSessionPeer::CreateOutgoingUnidirectionalStream( session_.get()), "ShouldCreateOutgoingUnidirectionalStream called when disconnected"); - EXPECT_EQ(initial_num_open_stream, session_->GetNumOpenOutgoingStreams()); + EXPECT_EQ(initial_num_open_stream, + QuicSessionPeer::GetNumOpenDynamicStreams(session_.get())); } TEST_P(QuicSimpleServerSessionTest, CreateOutgoingDynamicStreamUnencrypted) { @@ -475,12 +485,14 @@ TEST_P(QuicSimpleServerSessionTest, CreateOutgoingDynamicStreamUnencrypted) { // Tests that outgoing stream creation fails when encryption has not yet been // established. - size_t initial_num_open_stream = session_->GetNumOpenOutgoingStreams(); + size_t initial_num_open_stream = + QuicSessionPeer::GetNumOpenDynamicStreams(session_.get()); EXPECT_QUIC_BUG( QuicSimpleServerSessionPeer::CreateOutgoingUnidirectionalStream( session_.get()), "Encryption not established so no outgoing stream created."); - EXPECT_EQ(initial_num_open_stream, session_->GetNumOpenOutgoingStreams()); + EXPECT_EQ(initial_num_open_stream, + QuicSessionPeer::GetNumOpenDynamicStreams(session_.get())); } TEST_P(QuicSimpleServerSessionTest, CreateOutgoingDynamicStreamUptoLimit) { @@ -493,8 +505,9 @@ TEST_P(QuicSimpleServerSessionTest, CreateOutgoingDynamicStreamUptoLimit) { QuicStreamFrame data1(GetNthClientInitiatedBidirectionalId(0), false, 0, quiche::QuicheStringPiece("HT")); session_->OnStreamFrame(data1); - EXPECT_EQ(1u, session_->GetNumOpenIncomingStreams()); - EXPECT_EQ(0u, session_->GetNumOpenOutgoingStreams()); + EXPECT_EQ(1u, QuicSessionPeer::GetNumOpenDynamicStreams(session_.get())); + EXPECT_EQ(0u, QuicSessionPeer::GetNumOpenDynamicStreams(session_.get()) - + /*incoming=*/1); if (!VersionUsesHttp3(transport_version())) { session_->UnregisterStreamPriority( @@ -525,20 +538,24 @@ TEST_P(QuicSimpleServerSessionTest, CreateOutgoingDynamicStreamUptoLimit) { } else { EXPECT_EQ(GetNthServerInitiatedUnidirectionalId(i), created_stream->id()); } - EXPECT_EQ(i + 1, session_->GetNumOpenOutgoingStreams()); + EXPECT_EQ(i + 1, QuicSessionPeer::GetNumOpenDynamicStreams(session_.get()) - + /*incoming=*/1); } // Continuing creating push stream would fail. EXPECT_EQ(nullptr, QuicSimpleServerSessionPeer::CreateOutgoingUnidirectionalStream( session_.get())); - EXPECT_EQ(kMaxStreamsForTest, session_->GetNumOpenOutgoingStreams()); + EXPECT_EQ(kMaxStreamsForTest, + QuicSessionPeer::GetNumOpenDynamicStreams(session_.get()) - + /*incoming=*/1); // Create peer initiated stream should have no problem. QuicStreamFrame data2(GetNthClientInitiatedBidirectionalId(1), false, 0, quiche::QuicheStringPiece("HT")); session_->OnStreamFrame(data2); - EXPECT_EQ(2u, session_->GetNumOpenIncomingStreams()); + EXPECT_EQ(2u, QuicSessionPeer::GetNumOpenDynamicStreams(session_.get()) - + /*outcoming=*/kMaxStreamsForTest); } TEST_P(QuicSimpleServerSessionTest, OnStreamFrameWithEvenStreamId) { @@ -553,7 +570,8 @@ TEST_P(QuicSimpleServerSessionTest, OnStreamFrameWithEvenStreamId) { // Tests that calling GetOrCreateStream() on an outgoing stream not promised yet // should result close connection. TEST_P(QuicSimpleServerSessionTest, GetEvenIncomingError) { - const size_t initial_num_open_stream = session_->GetNumOpenIncomingStreams(); + const size_t initial_num_open_stream = + QuicSessionPeer::GetNumOpenDynamicStreams(session_.get()); const QuicErrorCode expected_error = VersionUsesHttp3(transport_version()) ? QUIC_HTTP_STREAM_WRONG_DIRECTION : QUIC_INVALID_STREAM_ID; @@ -562,7 +580,8 @@ TEST_P(QuicSimpleServerSessionTest, GetEvenIncomingError) { EXPECT_EQ(nullptr, QuicSessionPeer::GetOrCreateStream( session_.get(), GetNthServerInitiatedUnidirectionalId(3))); - EXPECT_EQ(initial_num_open_stream, session_->GetNumOpenIncomingStreams()); + EXPECT_EQ(initial_num_open_stream, + QuicSessionPeer::GetNumOpenDynamicStreams(session_.get())); } // In order to test the case where server push stream creation goes beyond @@ -761,7 +780,8 @@ TEST_P(QuicSimpleServerSessionServerPushTest, TestPromisePushResources) { } size_t num_resources = kMaxStreamsForTest + 5; PromisePushResources(num_resources); - EXPECT_EQ(kMaxStreamsForTest, session_->GetNumOpenOutgoingStreams()); + EXPECT_EQ(kMaxStreamsForTest, + QuicSessionPeer::GetNumOpenDynamicStreams(session_.get())); } // Tests that after promised stream queued up, when an opened stream is marked @@ -827,13 +847,16 @@ TEST_P(QuicSimpleServerSessionServerPushTest, } if (VersionUsesHttp3(transport_version())) { - session_->StreamDraining(GetNthServerInitiatedUnidirectionalId(3)); + session_->StreamDraining(GetNthServerInitiatedUnidirectionalId(3), + /*unidirectional=*/true); } else { - session_->StreamDraining(GetNthServerInitiatedUnidirectionalId(0)); + session_->StreamDraining(GetNthServerInitiatedUnidirectionalId(0), + /*unidirectional=*/true); } // Number of open outgoing streams should still be the same, because a new // stream is opened. And the queue should be empty. - EXPECT_EQ(kMaxStreamsForTest, session_->GetNumOpenOutgoingStreams()); + EXPECT_EQ(kMaxStreamsForTest, + QuicSessionPeer::GetNumOpenDynamicStreams(session_.get())); } // Tests that after all resources are promised, a RST frame from client can @@ -926,8 +949,10 @@ TEST_P(QuicSimpleServerSessionServerPushTest, session_->OnMaxStreamsFrame( QuicMaxStreamsFrame(0, num_resources + 3, /*unidirectional=*/true)); } - session_->StreamDraining(GetNthServerInitiatedUnidirectionalId(3)); - session_->StreamDraining(GetNthServerInitiatedUnidirectionalId(4)); + session_->StreamDraining(GetNthServerInitiatedUnidirectionalId(3), + /*unidirectional=*/true); + session_->StreamDraining(GetNthServerInitiatedUnidirectionalId(4), + /*unidirectional=*/true); } // Tests that closing a open outgoing stream can trigger a promised resource in diff --git a/chromium/net/third_party/quiche/src/quic/tools/quic_simple_server_stream_test.cc b/chromium/net/third_party/quiche/src/quic/tools/quic_simple_server_stream_test.cc index 06e886680a4..3dfaa1e3d22 100644 --- a/chromium/net/third_party/quiche/src/quic/tools/quic_simple_server_stream_test.cc +++ b/chromium/net/third_party/quiche/src/quic/tools/quic_simple_server_stream_test.cc @@ -55,7 +55,7 @@ class TestStream : public QuicSimpleServerStream { ~TestStream() override = default; - MOCK_METHOD1(WriteHeadersMock, void(bool fin)); + MOCK_METHOD(void, WriteHeadersMock, (bool fin), ()); size_t WriteHeaders(spdy::SpdyHeaderBlock /*header_block*/, bool fin, @@ -120,30 +120,42 @@ class MockQuicSimpleServerSession : public QuicSimpleServerSession { delete; ~MockQuicSimpleServerSession() override = default; - MOCK_METHOD2(OnConnectionClosed, - void(const QuicConnectionCloseFrame& frame, - ConnectionCloseSource source)); - MOCK_METHOD1(CreateIncomingStream, QuicSpdyStream*(QuicStreamId id)); - MOCK_METHOD6(WritevData, - QuicConsumedData(QuicStreamId id, - size_t write_length, - QuicStreamOffset offset, - StreamSendingState state, - TransmissionType type, - quiche::QuicheOptional<EncryptionLevel> level)); - MOCK_METHOD4(OnStreamHeaderList, - void(QuicStreamId stream_id, - bool fin, - size_t frame_len, - const QuicHeaderList& header_list)); - MOCK_METHOD2(OnStreamHeadersPriority, - void(QuicStreamId stream_id, - const spdy::SpdyStreamPrecedence& precedence)); - MOCK_METHOD3(SendRstStream, - void(QuicStreamId stream_id, - QuicRstStreamErrorCode error, - QuicStreamOffset bytes_written)); - MOCK_METHOD1(OnHeadersHeadOfLineBlocking, void(QuicTime::Delta delta)); + MOCK_METHOD(void, + OnConnectionClosed, + (const QuicConnectionCloseFrame& frame, + ConnectionCloseSource source), + (override)); + MOCK_METHOD(QuicSpdyStream*, + CreateIncomingStream, + (QuicStreamId id), + (override)); + MOCK_METHOD(QuicConsumedData, + WritevData, + (QuicStreamId id, + size_t write_length, + QuicStreamOffset offset, + StreamSendingState state, + TransmissionType type, + quiche::QuicheOptional<EncryptionLevel> level), + (override)); + MOCK_METHOD(void, + OnStreamHeaderList, + (QuicStreamId stream_id, + bool fin, + size_t frame_len, + const QuicHeaderList& header_list), + (override)); + MOCK_METHOD(void, + OnStreamHeadersPriority, + (QuicStreamId stream_id, + const spdy::SpdyStreamPrecedence& precedence), + (override)); + MOCK_METHOD(void, + SendRstStream, + (QuicStreamId stream_id, + QuicRstStreamErrorCode error, + QuicStreamOffset bytes_written), + (override)); // Matchers cannot be used on non-copyable types like SpdyHeaderBlock. void PromisePushResources( const std::string& request_url, @@ -155,17 +167,17 @@ class MockQuicSimpleServerSession : public QuicSimpleServerSession { PromisePushResourcesMock(request_url, resources, original_stream_id, original_precedence, original_request_headers); } - MOCK_METHOD5(PromisePushResourcesMock, - void(const std::string&, - const std::list<QuicBackendResponse::ServerPushInfo>&, - QuicStreamId, - const spdy::SpdyStreamPrecedence&, - const spdy::SpdyHeaderBlock&)); + MOCK_METHOD(void, + PromisePushResourcesMock, + (const std::string&, + const std::list<QuicBackendResponse::ServerPushInfo>&, + QuicStreamId, + const spdy::SpdyStreamPrecedence&, + const spdy::SpdyHeaderBlock&), + ()); using QuicSession::ActivateStream; - MOCK_METHOD1(OnStopSendingReceived, void(const QuicStopSendingFrame& frame)); - QuicConsumedData ConsumeData( QuicStreamId id, size_t write_length, @@ -322,7 +334,7 @@ TEST_P(QuicSimpleServerStreamTest, SendQuicRstStreamNoErrorInStopReading) { EXPECT_FALSE(stream_->fin_received()); EXPECT_FALSE(stream_->rst_received()); - stream_->set_fin_sent(true); + QuicStreamPeer::SetFinSent(stream_); stream_->CloseWriteSide(); EXPECT_CALL(session_, SendRstStream(_, QUIC_STREAM_NO_ERROR, _)).Times(1); @@ -383,7 +395,7 @@ TEST_P(QuicSimpleServerStreamTest, SendResponseWithIllegalResponseStatus) { memory_cache_backend_.AddResponse("www.google.com", "/bar", std::move(response_headers_), body); - stream_->set_fin_received(true); + QuicStreamPeer::SetFinReceived(stream_); InSequence s; EXPECT_CALL(*stream_, WriteHeadersMock(false)); @@ -416,7 +428,7 @@ TEST_P(QuicSimpleServerStreamTest, SendResponseWithIllegalResponseStatus2) { memory_cache_backend_.AddResponse("www.google.com", "/bar", std::move(response_headers_), body); - stream_->set_fin_received(true); + QuicStreamPeer::SetFinReceived(stream_); InSequence s; EXPECT_CALL(*stream_, WriteHeadersMock(false)); @@ -476,7 +488,7 @@ TEST_P(QuicSimpleServerStreamTest, SendResponseWithValidHeaders) { memory_cache_backend_.AddResponse("www.google.com", "/bar", std::move(response_headers_), body); - stream_->set_fin_received(true); + QuicStreamPeer::SetFinReceived(stream_); InSequence s; EXPECT_CALL(*stream_, WriteHeadersMock(false)); @@ -514,7 +526,7 @@ TEST_P(QuicSimpleServerStreamTest, SendResponseWithPushResources) { (*request_headers)[":authority"] = host; (*request_headers)[":method"] = "GET"; - stream_->set_fin_received(true); + QuicStreamPeer::SetFinReceived(stream_); InSequence s; EXPECT_CALL(session_, PromisePushResourcesMock( host + request_path, _, @@ -592,7 +604,7 @@ TEST_P(QuicSimpleServerStreamTest, PushResponseOnServerInitiatedStream) { TEST_P(QuicSimpleServerStreamTest, TestSendErrorResponse) { EXPECT_CALL(session_, SendRstStream(_, QUIC_STREAM_NO_ERROR, _)).Times(0); - stream_->set_fin_received(true); + QuicStreamPeer::SetFinReceived(stream_); InSequence s; EXPECT_CALL(*stream_, WriteHeadersMock(false)); diff --git a/chromium/net/third_party/quiche/src/quic/tools/quic_spdy_client_base.cc b/chromium/net/third_party/quiche/src/quic/tools/quic_spdy_client_base.cc index a944d6079df..1bb01efdb72 100644 --- a/chromium/net/third_party/quiche/src/quic/tools/quic_spdy_client_base.cc +++ b/chromium/net/third_party/quiche/src/quic/tools/quic_spdy_client_base.cc @@ -50,8 +50,7 @@ QuicSpdyClientBase::QuicSpdyClientBase( std::move(session_cache)), store_response_(false), latest_response_code_(-1), - max_allowed_push_id_(0), - disable_qpack_dynamic_table_(false) {} + max_allowed_push_id_(0) {} QuicSpdyClientBase::~QuicSpdyClientBase() { // We own the push promise index. We need to explicitly kill @@ -64,10 +63,6 @@ QuicSpdyClientSession* QuicSpdyClientBase::client_session() { } void QuicSpdyClientBase::InitializeSession() { - if (disable_qpack_dynamic_table_) { - client_session()->set_qpack_maximum_dynamic_table_capacity(0); - client_session()->set_qpack_maximum_blocked_streams(0); - } client_session()->Initialize(); client_session()->CryptoConnect(); if (max_allowed_push_id_ > 0 && diff --git a/chromium/net/third_party/quiche/src/quic/tools/quic_spdy_client_base.h b/chromium/net/third_party/quiche/src/quic/tools/quic_spdy_client_base.h index c4381f7538f..a6d4f8690ff 100644 --- a/chromium/net/third_party/quiche/src/quic/tools/quic_spdy_client_base.h +++ b/chromium/net/third_party/quiche/src/quic/tools/quic_spdy_client_base.h @@ -140,11 +140,7 @@ class QuicSpdyClientBase : public QuicClientBase, // Set the max promise id for the client session. // TODO(b/151641466): Rename this method. - void SetMaxAllowedPushId(QuicStreamId max) { max_allowed_push_id_ = max; } - - // Disables the use of the QPACK dynamic table and of blocked streams. - // Must be called before InitializeSession(). - void disable_qpack_dynamic_table() { disable_qpack_dynamic_table_ = true; } + void SetMaxAllowedPushId(PushId max) { max_allowed_push_id_ = max; } bool EarlyDataAccepted() override; bool ReceivedInchoateReject() override; @@ -224,9 +220,7 @@ class QuicSpdyClientBase : public QuicClientBase, bool drop_response_body_ = false; // The max promise id to set on the client session when created. - QuicStreamId max_allowed_push_id_; - - bool disable_qpack_dynamic_table_; + PushId max_allowed_push_id_; }; } // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/tools/quic_tcp_like_trace_converter.h b/chromium/net/third_party/quiche/src/quic/tools/quic_tcp_like_trace_converter.h index 432980531be..46dd7954a25 100644 --- a/chromium/net/third_party/quiche/src/quic/tools/quic_tcp_like_trace_converter.h +++ b/chromium/net/third_party/quiche/src/quic/tools/quic_tcp_like_trace_converter.h @@ -59,9 +59,8 @@ class QuicTcpLikeTraceConverter { bool fin; }; - QuicUnorderedMap<QuicStreamId, StreamInfo> streams_info_; - QuicUnorderedMap<QuicControlFrameId, QuicInterval<uint64_t>> - control_frames_info_; + QuicHashMap<QuicStreamId, StreamInfo> streams_info_; + QuicHashMap<QuicControlFrameId, QuicInterval<uint64_t>> control_frames_info_; QuicControlFrameId largest_observed_control_frame_id_; diff --git a/chromium/net/third_party/quiche/src/quic/tools/quic_toy_client.cc b/chromium/net/third_party/quiche/src/quic/tools/quic_toy_client.cc index 5733e0bb0d7..0018f0524b7 100644 --- a/chromium/net/third_party/quiche/src/quic/tools/quic_toy_client.cc +++ b/chromium/net/third_party/quiche/src/quic/tools/quic_toy_client.cc @@ -165,6 +165,16 @@ DEFINE_QUIC_COMMAND_LINE_FLAG( false, "If true, do not change local port after each request."); +DEFINE_QUIC_COMMAND_LINE_FLAG(int32_t, + server_connection_id_length, + -1, + "Length of the server connection ID used."); + +DEFINE_QUIC_COMMAND_LINE_FLAG(int32_t, + client_connection_id_length, + -1, + "Length of the client connection ID used."); + namespace quic { QuicToyClient::QuicToyClient(ClientFactory* client_factory) @@ -235,6 +245,16 @@ int QuicToyClient::SendRequestsAndPrintResponses( client->set_initial_max_packet_length( initial_mtu != 0 ? initial_mtu : quic::kDefaultMaxPacketSize); client->set_drop_response_body(GetQuicFlag(FLAGS_drop_response_body)); + const int32_t server_connection_id_length = + GetQuicFlag(FLAGS_server_connection_id_length); + if (server_connection_id_length >= 0) { + client->set_server_connection_id_length(server_connection_id_length); + } + const int32_t client_connection_id_length = + GetQuicFlag(FLAGS_client_connection_id_length); + if (client_connection_id_length >= 0) { + client->set_client_connection_id_length(client_connection_id_length); + } if (!client->Initialize()) { std::cerr << "Failed to initialize client." << std::endl; return 1; diff --git a/chromium/net/third_party/quiche/src/quic/tools/simple_ticket_crypter.cc b/chromium/net/third_party/quiche/src/quic/tools/simple_ticket_crypter.cc new file mode 100644 index 00000000000..3da114e5526 --- /dev/null +++ b/chromium/net/third_party/quiche/src/quic/tools/simple_ticket_crypter.cc @@ -0,0 +1,109 @@ +// Copyright 2020 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/third_party/quiche/src/quic/tools/simple_ticket_crypter.h" + +#include "third_party/boringssl/src/include/openssl/aead.h" +#include "third_party/boringssl/src/include/openssl/rand.h" + +namespace quic { + +namespace { + +constexpr QuicTime::Delta kTicketKeyLifetime = + QuicTime::Delta::FromSeconds(60 * 60 * 24 * 7); + +// The format of an encrypted ticket is 1 byte for the key epoch, followed by +// 16 bytes of IV, followed by the output from the AES-GCM Seal operation. The +// seal operation has an overhead of 16 bytes for its auth tag. +constexpr size_t kEpochSize = 1; +constexpr size_t kIVSize = 16; +constexpr size_t kAuthTagSize = 16; + +// Offsets into the ciphertext to make message parsing easier. +constexpr size_t kIVOffset = kEpochSize; +constexpr size_t kMessageOffset = kIVOffset + kIVSize; + +} // namespace + +SimpleTicketCrypter::SimpleTicketCrypter(QuicClock* clock) : clock_(clock) { + RAND_bytes(&key_epoch_, 1); + current_key_ = NewKey(); +} + +SimpleTicketCrypter::~SimpleTicketCrypter() = default; + +size_t SimpleTicketCrypter::MaxOverhead() { + return kEpochSize + kIVSize + kAuthTagSize; +} + +std::vector<uint8_t> SimpleTicketCrypter::Encrypt( + quiche::QuicheStringPiece in) { + MaybeRotateKeys(); + std::vector<uint8_t> out(in.size() + MaxOverhead()); + out[0] = key_epoch_; + RAND_bytes(out.data() + kIVOffset, kIVSize); + size_t out_len; + const EVP_AEAD_CTX* ctx = current_key_->aead_ctx.get(); + if (!EVP_AEAD_CTX_seal(ctx, out.data() + kMessageOffset, &out_len, + out.size() - kMessageOffset, out.data() + kIVOffset, + kIVSize, reinterpret_cast<const uint8_t*>(in.data()), + in.size(), nullptr, 0)) { + return std::vector<uint8_t>(); + } + out.resize(out_len + kMessageOffset); + return out; +} + +std::vector<uint8_t> SimpleTicketCrypter::Decrypt( + quiche::QuicheStringPiece in) { + MaybeRotateKeys(); + if (in.size() < kMessageOffset) { + return std::vector<uint8_t>(); + } + const uint8_t* input = reinterpret_cast<const uint8_t*>(in.data()); + std::vector<uint8_t> out(in.size() - kMessageOffset); + size_t out_len; + const EVP_AEAD_CTX* ctx = current_key_->aead_ctx.get(); + if (input[0] != key_epoch_) { + if (input[0] == static_cast<uint8_t>(key_epoch_ - 1) && previous_key_) { + ctx = previous_key_->aead_ctx.get(); + } else { + return std::vector<uint8_t>(); + } + } + if (!EVP_AEAD_CTX_open(ctx, out.data(), &out_len, out.size(), + input + kIVOffset, kIVSize, input + kMessageOffset, + in.size() - kMessageOffset, nullptr, 0)) { + return std::vector<uint8_t>(); + } + out.resize(out_len); + return out; +} + +void SimpleTicketCrypter::Decrypt( + quiche::QuicheStringPiece in, + std::unique_ptr<quic::ProofSource::DecryptCallback> callback) { + callback->Run(Decrypt(in)); +} + +void SimpleTicketCrypter::MaybeRotateKeys() { + QuicTime now = clock_->ApproximateNow(); + if (current_key_->expiration < now) { + previous_key_ = std::move(current_key_); + current_key_ = NewKey(); + key_epoch_++; + } +} + +std::unique_ptr<SimpleTicketCrypter::Key> SimpleTicketCrypter::NewKey() { + auto key = std::make_unique<SimpleTicketCrypter::Key>(); + RAND_bytes(key->key, kKeySize); + EVP_AEAD_CTX_init(key->aead_ctx.get(), EVP_aead_aes_128_gcm(), key->key, + kKeySize, EVP_AEAD_DEFAULT_TAG_LENGTH, nullptr); + key->expiration = clock_->ApproximateNow() + kTicketKeyLifetime; + return key; +} + +} // namespace quic diff --git a/chromium/net/third_party/quiche/src/quic/tools/simple_ticket_crypter.h b/chromium/net/third_party/quiche/src/quic/tools/simple_ticket_crypter.h new file mode 100644 index 00000000000..330c5091094 --- /dev/null +++ b/chromium/net/third_party/quiche/src/quic/tools/simple_ticket_crypter.h @@ -0,0 +1,55 @@ +// Copyright 2020 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef QUICHE_QUIC_TOOLS_SIMPLE_TICKET_CRYPTER_H_ +#define QUICHE_QUIC_TOOLS_SIMPLE_TICKET_CRYPTER_H_ + +#include "third_party/boringssl/src/include/openssl/aead.h" +#include "net/third_party/quiche/src/quic/core/crypto/proof_source.h" +#include "net/third_party/quiche/src/quic/core/quic_clock.h" +#include "net/third_party/quiche/src/quic/core/quic_time.h" + +namespace quic { + +// SimpleTicketCrypter implements the QUIC ProofSource::TicketCrypter interface. +// It generates a random key at startup and every 7 days it rotates the key, +// keeping track of the previous key used to facilitate decrypting older +// tickets. This implementation is not suitable for server setups where multiple +// servers need to share keys. +class QUIC_NO_EXPORT SimpleTicketCrypter + : public quic::ProofSource::TicketCrypter { + public: + explicit SimpleTicketCrypter(QuicClock* clock); + ~SimpleTicketCrypter() override; + + size_t MaxOverhead() override; + std::vector<uint8_t> Encrypt(quiche::QuicheStringPiece in) override; + void Decrypt( + quiche::QuicheStringPiece in, + std::unique_ptr<quic::ProofSource::DecryptCallback> callback) override; + + private: + std::vector<uint8_t> Decrypt(quiche::QuicheStringPiece in); + + void MaybeRotateKeys(); + + static constexpr size_t kKeySize = 16; + + struct Key { + uint8_t key[kKeySize]; + bssl::ScopedEVP_AEAD_CTX aead_ctx; + QuicTime expiration = QuicTime::Zero(); + }; + + std::unique_ptr<Key> NewKey(); + + std::unique_ptr<Key> current_key_; + std::unique_ptr<Key> previous_key_; + uint8_t key_epoch_ = 0; + QuicClock* clock_; +}; + +} // namespace quic + +#endif // QUICHE_QUIC_TOOLS_SIMPLE_TICKET_CRYPTER_H_ diff --git a/chromium/net/third_party/quiche/src/quic/tools/simple_ticket_crypter_test.cc b/chromium/net/third_party/quiche/src/quic/tools/simple_ticket_crypter_test.cc new file mode 100644 index 00000000000..e609dc03571 --- /dev/null +++ b/chromium/net/third_party/quiche/src/quic/tools/simple_ticket_crypter_test.cc @@ -0,0 +1,112 @@ +// Copyright 2020 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/third_party/quiche/src/quic/tools/simple_ticket_crypter.h" + +#include "net/third_party/quiche/src/quic/platform/api/quic_test.h" +#include "net/third_party/quiche/src/quic/test_tools/mock_clock.h" + +namespace quic { +namespace test { + +namespace { + +constexpr QuicTime::Delta kOneDay = QuicTime::Delta::FromSeconds(60 * 60 * 24); + +} // namespace + +class DecryptCallback : public quic::ProofSource::DecryptCallback { + public: + explicit DecryptCallback(std::vector<uint8_t>* out) : out_(out) {} + + void Run(std::vector<uint8_t> plaintext) override { *out_ = plaintext; } + + private: + std::vector<uint8_t>* out_; +}; + +quiche::QuicheStringPiece StringPiece(const std::vector<uint8_t>& in) { + return quiche::QuicheStringPiece(reinterpret_cast<const char*>(in.data()), + in.size()); +} + +class SimpleTicketCrypterTest : public QuicTest { + public: + SimpleTicketCrypterTest() : ticket_crypter_(&mock_clock_) {} + + protected: + MockClock mock_clock_; + SimpleTicketCrypter ticket_crypter_; +}; + +TEST_F(SimpleTicketCrypterTest, EncryptDecrypt) { + std::vector<uint8_t> plaintext = {1, 2, 3, 4, 5}; + std::vector<uint8_t> ciphertext = + ticket_crypter_.Encrypt(StringPiece(plaintext)); + EXPECT_NE(plaintext, ciphertext); + + std::vector<uint8_t> out_plaintext; + ticket_crypter_.Decrypt(StringPiece(ciphertext), + std::make_unique<DecryptCallback>(&out_plaintext)); + EXPECT_EQ(out_plaintext, plaintext); +} + +TEST_F(SimpleTicketCrypterTest, CiphertextsDiffer) { + std::vector<uint8_t> plaintext = {1, 2, 3, 4, 5}; + std::vector<uint8_t> ciphertext1 = + ticket_crypter_.Encrypt(StringPiece(plaintext)); + std::vector<uint8_t> ciphertext2 = + ticket_crypter_.Encrypt(StringPiece(plaintext)); + EXPECT_NE(ciphertext1, ciphertext2); +} + +TEST_F(SimpleTicketCrypterTest, DecryptionFailureWithModifiedCiphertext) { + std::vector<uint8_t> plaintext = {1, 2, 3, 4, 5}; + std::vector<uint8_t> ciphertext = + ticket_crypter_.Encrypt(StringPiece(plaintext)); + EXPECT_NE(plaintext, ciphertext); + + // Check that a bit flip in any byte will cause a decryption failure. + for (size_t i = 0; i < ciphertext.size(); i++) { + SCOPED_TRACE(i); + std::vector<uint8_t> munged_ciphertext = ciphertext; + munged_ciphertext[i] ^= 1; + std::vector<uint8_t> out_plaintext; + ticket_crypter_.Decrypt(StringPiece(munged_ciphertext), + std::make_unique<DecryptCallback>(&out_plaintext)); + EXPECT_TRUE(out_plaintext.empty()); + } +} + +TEST_F(SimpleTicketCrypterTest, DecryptionFailureWithEmptyCiphertext) { + std::vector<uint8_t> out_plaintext; + ticket_crypter_.Decrypt(quiche::QuicheStringPiece(), + std::make_unique<DecryptCallback>(&out_plaintext)); + EXPECT_TRUE(out_plaintext.empty()); +} + +TEST_F(SimpleTicketCrypterTest, KeyRotation) { + std::vector<uint8_t> plaintext = {1, 2, 3}; + std::vector<uint8_t> ciphertext = + ticket_crypter_.Encrypt(StringPiece(plaintext)); + EXPECT_FALSE(ciphertext.empty()); + + // Advance the clock 8 days, so the key used for |ciphertext| is now the + // previous key. Check that decryption still works. + mock_clock_.AdvanceTime(kOneDay * 8); + std::vector<uint8_t> out_plaintext; + ticket_crypter_.Decrypt(StringPiece(ciphertext), + std::make_unique<DecryptCallback>(&out_plaintext)); + EXPECT_EQ(out_plaintext, plaintext); + + // Advance the clock 8 more days. Now the original key should be expired and + // decryption should fail. + mock_clock_.AdvanceTime(kOneDay * 8); + ticket_crypter_.Decrypt(StringPiece(ciphertext), + std::make_unique<DecryptCallback>(&out_plaintext)); + EXPECT_TRUE(out_plaintext.empty()); +} + +} // namespace test +} // namespace quic diff --git a/chromium/net/third_party/quiche/src/spdy/core/hpack/hpack_decoder_adapter.cc b/chromium/net/third_party/quiche/src/spdy/core/hpack/hpack_decoder_adapter.cc index 8a4e17a0f53..4c44635e938 100644 --- a/chromium/net/third_party/quiche/src/spdy/core/hpack/hpack_decoder_adapter.cc +++ b/chromium/net/third_party/quiche/src/spdy/core/hpack/hpack_decoder_adapter.cc @@ -50,7 +50,6 @@ bool HpackDecoderAdapter::HandleControlFrameHeadersData( header_block_started_ = true; if (!hpack_decoder_.StartDecodingBlock()) { header_block_started_ = false; - SPDY_CODE_COUNT_N(decompress_failure_2, 1, 5); error_ = hpack_decoder_.error(); return false; } @@ -65,14 +64,12 @@ bool HpackDecoderAdapter::HandleControlFrameHeadersData( SPDY_DVLOG(1) << "max_decode_buffer_size_bytes_ < headers_data_length: " << max_decode_buffer_size_bytes_ << " < " << headers_data_length; - SPDY_CODE_COUNT_N(decompress_failure_2, 2, 5); error_ = http2::HpackDecodingError::kFragmentTooLong; return false; } listener_adapter_.AddToTotalHpackBytes(headers_data_length); if (max_header_block_bytes_ != 0 && listener_adapter_.total_hpack_bytes() > max_header_block_bytes_) { - SPDY_CODE_COUNT_N(decompress_failure, 3, 5); error_ = http2::HpackDecodingError::kCompressedHeaderSizeExceedsLimit; return false; } @@ -80,7 +77,6 @@ bool HpackDecoderAdapter::HandleControlFrameHeadersData( bool ok = hpack_decoder_.DecodeFragment(&db); DCHECK(!ok || db.Empty()) << "Remaining=" << db.Remaining(); if (!ok) { - SPDY_CODE_COUNT_N(decompress_failure_2, 4, 5); error_ = hpack_decoder_.error(); } return ok; @@ -96,7 +92,6 @@ bool HpackDecoderAdapter::HandleControlFrameHeadersComplete( } if (!hpack_decoder_.EndDecodingBlock()) { SPDY_DVLOG(3) << "EndDecodingBlock returned false"; - SPDY_CODE_COUNT_N(decompress_failure_2, 5, 5); error_ = hpack_decoder_.error(); return false; } diff --git a/chromium/net/third_party/quiche/src/spdy/core/hpack/hpack_encoder.cc b/chromium/net/third_party/quiche/src/spdy/core/hpack/hpack_encoder.cc index 3835047e8b2..e3bf8f64c15 100644 --- a/chromium/net/third_party/quiche/src/spdy/core/hpack/hpack_encoder.cc +++ b/chromium/net/third_party/quiche/src/spdy/core/hpack/hpack_encoder.cc @@ -13,6 +13,7 @@ #include "net/third_party/quiche/src/spdy/core/hpack/hpack_huffman_table.h" #include "net/third_party/quiche/src/spdy/core/hpack/hpack_output_stream.h" #include "net/third_party/quiche/src/spdy/platform/api/spdy_estimate_memory_usage.h" +#include "net/third_party/quiche/src/spdy/platform/api/spdy_flags.h" #include "net/third_party/quiche/src/spdy/platform/api/spdy_logging.h" namespace spdy { @@ -146,10 +147,10 @@ void HpackEncoder::EncodeRepresentations(RepresentationIterator* iter, } else if (should_index_(header.first, header.second)) { EmitIndexedLiteral(header); } else { - EmitNonIndexedLiteral(header); + EmitNonIndexedLiteral(header, enable_compression_); } } else { - EmitNonIndexedLiteral(header); + EmitNonIndexedLiteral(header, enable_compression_); } } @@ -170,12 +171,25 @@ void HpackEncoder::EmitIndexedLiteral(const Representation& representation) { header_table_.TryAddEntry(representation.first, representation.second); } -void HpackEncoder::EmitNonIndexedLiteral(const Representation& representation) { +void HpackEncoder::EmitNonIndexedLiteral(const Representation& representation, + bool enable_compression) { SPDY_DVLOG(2) << "Emitting nonindexed literal: (" << representation.first << ", " << representation.second << ")"; output_stream_.AppendPrefix(kLiteralNoIndexOpcode); - output_stream_.AppendUint32(0); - EmitString(representation.first); + if (GetSpdyReloadableFlag(spdy_hpack_use_indexed_name)) { + SPDY_CODE_COUNT(spdy_hpack_use_indexed_name); + const HpackEntry* name_entry = + header_table_.GetByName(representation.first); + if (enable_compression && name_entry != nullptr) { + output_stream_.AppendUint32(header_table_.IndexOf(name_entry)); + } else { + output_stream_.AppendUint32(0); + EmitString(representation.first); + } + } else { + output_stream_.AppendUint32(0); + EmitString(representation.first); + } EmitString(representation.second); } @@ -347,14 +361,14 @@ void HpackEncoder::Encoderator::Next(size_t max_encoded_bytes, std::string* output) { SPDY_BUG_IF(!has_next_) << "Encoderator::Next called with nothing left to encode."; - const bool use_compression = encoder_->enable_compression_; + const bool enable_compression = encoder_->enable_compression_; // Encode up to max_encoded_bytes of headers. while (header_it_->HasNext() && encoder_->output_stream_.size() <= max_encoded_bytes) { const Representation header = header_it_->Next(); encoder_->listener_(header.first, header.second); - if (use_compression) { + if (enable_compression) { const HpackEntry* entry = encoder_->header_table_.GetByNameAndValue( header.first, header.second); if (entry != nullptr) { @@ -362,10 +376,10 @@ void HpackEncoder::Encoderator::Next(size_t max_encoded_bytes, } else if (encoder_->should_index_(header.first, header.second)) { encoder_->EmitIndexedLiteral(header); } else { - encoder_->EmitNonIndexedLiteral(header); + encoder_->EmitNonIndexedLiteral(header, enable_compression); } } else { - encoder_->EmitNonIndexedLiteral(header); + encoder_->EmitNonIndexedLiteral(header, enable_compression); } } diff --git a/chromium/net/third_party/quiche/src/spdy/core/hpack/hpack_encoder.h b/chromium/net/third_party/quiche/src/spdy/core/hpack/hpack_encoder.h index c3d3a1974d6..534b9e6c086 100644 --- a/chromium/net/third_party/quiche/src/spdy/core/hpack/hpack_encoder.h +++ b/chromium/net/third_party/quiche/src/spdy/core/hpack/hpack_encoder.h @@ -122,7 +122,8 @@ class QUICHE_EXPORT_PRIVATE HpackEncoder { // Emits a literal representation (Section 7.2). void EmitIndexedLiteral(const Representation& representation); - void EmitNonIndexedLiteral(const Representation& representation); + void EmitNonIndexedLiteral(const Representation& representation, + bool enable_compression); void EmitLiteral(const Representation& representation); // Emits a Huffman or identity string (whichever is smaller). diff --git a/chromium/net/third_party/quiche/src/spdy/core/hpack/hpack_encoder_test.cc b/chromium/net/third_party/quiche/src/spdy/core/hpack/hpack_encoder_test.cc index 2ac0a5f8db4..2b1efe973b8 100644 --- a/chromium/net/third_party/quiche/src/spdy/core/hpack/hpack_encoder_test.cc +++ b/chromium/net/third_party/quiche/src/spdy/core/hpack/hpack_encoder_test.cc @@ -11,6 +11,7 @@ #include "net/third_party/quiche/src/common/platform/api/quiche_test.h" #include "net/third_party/quiche/src/spdy/core/hpack/hpack_huffman_table.h" #include "net/third_party/quiche/src/spdy/core/spdy_simple_arena.h" +#include "net/third_party/quiche/src/spdy/platform/api/spdy_flags.h" namespace spdy { @@ -182,6 +183,12 @@ class HpackEncoderTestBase : public QuicheTest { ExpectString(&expected_, name); ExpectString(&expected_, value); } + void ExpectNonIndexedLiteralWithNameIndex(const HpackEntry* key_entry, + quiche::QuicheStringPiece value) { + expected_.AppendPrefix(kLiteralNoIndexOpcode); + expected_.AppendUint32(IndexOf(key_entry)); + ExpectString(&expected_, value); + } void ExpectString(HpackOutputStream* stream, quiche::QuicheStringPiece str) { const HpackHuffmanTable& huffman_table = peer_.huffman_table(); size_t encoded_size = peer_.compression_enabled() @@ -267,7 +274,12 @@ TEST_F(HpackEncoderTestBase, EncodeRepresentations) { {"accept", "text/html, text/plain,application/xml"}, {"cookie", "val4"}, {"withnul", quiche::QuicheStringPiece("one\0two", 7)}}; - ExpectNonIndexedLiteral(":path", "/home"); + if (GetSpdyReloadableFlag(spdy_hpack_use_indexed_name)) { + ExpectNonIndexedLiteralWithNameIndex(peer_.table()->GetByName(":path"), + "/home"); + } else { + ExpectNonIndexedLiteral(":path", "/home"); + } ExpectIndexedLiteral(peer_.table()->GetByName("cookie"), "val1"); ExpectIndexedLiteral(peer_.table()->GetByName("cookie"), "val2"); ExpectIndexedLiteral(peer_.table()->GetByName("cookie"), "val3"); @@ -554,7 +566,12 @@ TEST_P(HpackEncoderTest, PseudoHeadersFirst) { // Headers are indexed in the order in which they were added. // This entry pushes "cookie: a=bb" back to 63. - ExpectNonIndexedLiteral(":path", "/spam/eggs.html"); + if (GetSpdyReloadableFlag(spdy_hpack_use_indexed_name)) { + ExpectNonIndexedLiteralWithNameIndex(peer_.table()->GetByName(":path"), + "/spam/eggs.html"); + } else { + ExpectNonIndexedLiteral(":path", "/spam/eggs.html"); + } ExpectIndexedLiteral(peer_.table()->GetByName(":authority"), "www.example.com"); ExpectIndexedLiteral("-foo", "bar"); diff --git a/chromium/net/third_party/quiche/src/spdy/core/http2_frame_decoder_adapter.cc b/chromium/net/third_party/quiche/src/spdy/core/http2_frame_decoder_adapter.cc index df600473d7b..f23b583e0f9 100644 --- a/chromium/net/third_party/quiche/src/spdy/core/http2_frame_decoder_adapter.cc +++ b/chromium/net/third_party/quiche/src/spdy/core/http2_frame_decoder_adapter.cc @@ -92,12 +92,6 @@ void CorruptFrameHeader(Http2FrameHeader* /*header*/) {} Http2DecoderAdapter::SpdyFramerError HpackDecodingErrorToSpdyFramerError( HpackDecodingError error) { - if (!GetSpdyReloadableFlag(spdy_enable_granular_decompress_errors)) { - return Http2DecoderAdapter::SpdyFramerError::SPDY_DECOMPRESS_FAILURE; - } - - SPDY_CODE_COUNT(spdy_enable_granular_decompress_errors); - switch (error) { case HpackDecodingError::kOk: return Http2DecoderAdapter::SpdyFramerError::SPDY_NO_ERROR; diff --git a/chromium/net/third_party/quiche/src/spdy/core/spdy_framer_test.cc b/chromium/net/third_party/quiche/src/spdy/core/spdy_framer_test.cc index 3505e8911af..7e76a26d85e 100644 --- a/chromium/net/third_party/quiche/src/spdy/core/spdy_framer_test.cc +++ b/chromium/net/third_party/quiche/src/spdy/core/spdy_framer_test.cc @@ -231,7 +231,7 @@ class TestSpdyVisitor : public SpdyFramerVisitorInterface, public: // This is larger than our max frame size because header blocks that // are too long can spill over into CONTINUATION frames. - static const size_t kDefaultHeaderBufferSize = 16 * 1024 * 1024; + static constexpr size_t kDefaultHeaderBufferSize = 16 * 1024 * 1024; explicit TestSpdyVisitor(SpdyFramer::CompressionOption option) : framer_(option), diff --git a/chromium/net/third_party/quiche/src/spdy/core/spdy_header_storage.cc b/chromium/net/third_party/quiche/src/spdy/core/spdy_header_storage.cc index d6b7abc53e2..90493e11b5a 100644 --- a/chromium/net/third_party/quiche/src/spdy/core/spdy_header_storage.cc +++ b/chromium/net/third_party/quiche/src/spdy/core/spdy_header_storage.cc @@ -1,5 +1,7 @@ #include "net/third_party/quiche/src/spdy/core/spdy_header_storage.h" +#include <cstring> + #include "net/third_party/quiche/src/spdy/platform/api/spdy_logging.h" namespace spdy { diff --git a/chromium/net/third_party/quiche/src/spdy/core/spdy_protocol.h b/chromium/net/third_party/quiche/src/spdy/core/spdy_protocol.h index 54723da996e..0bf8bb9d69f 100644 --- a/chromium/net/third_party/quiche/src/spdy/core/spdy_protocol.h +++ b/chromium/net/third_party/quiche/src/spdy/core/spdy_protocol.h @@ -319,8 +319,6 @@ const size_t kGetAltSvcFrameMinimumSize = kFrameHeaderSize + 2; const size_t kMaxFrameSizeLimit = kSpdyMaxFrameSizeLimit + kFrameHeaderSize; // Size of a header block size field. const size_t kSizeOfSizeField = sizeof(uint32_t); -// Per-header overhead for block size accounting in bytes. -const size_t kPerHeaderOverhead = 32; // Initial window size for a stream in bytes. const int32_t kInitialStreamWindowSize = 64 * 1024 - 1; // Initial window size for a session in bytes. diff --git a/chromium/net/third_party/quiche/src/spdy/core/spdy_simple_arena.cc b/chromium/net/third_party/quiche/src/spdy/core/spdy_simple_arena.cc index f7d48b47017..d6745bf09fc 100644 --- a/chromium/net/third_party/quiche/src/spdy/core/spdy_simple_arena.cc +++ b/chromium/net/third_party/quiche/src/spdy/core/spdy_simple_arena.cc @@ -5,6 +5,7 @@ #include "net/third_party/quiche/src/spdy/core/spdy_simple_arena.h" #include <algorithm> +#include <cstring> #include "net/third_party/quiche/src/spdy/platform/api/spdy_logging.h" diff --git a/chromium/net/tools/cachetool/cachetool.cc b/chromium/net/tools/cachetool/cachetool.cc index c9a761356f8..dcf94f74d6c 100644 --- a/chromium/net/tools/cachetool/cachetool.cc +++ b/chromium/net/tools/cachetool/cachetool.cc @@ -46,7 +46,7 @@ constexpr int kResponseContentIndex = 1; const char* const kCommandNames[] = { "stop", "get_size", "list_keys", "get_stream", "delete_stream", "delete_key", "update_raw_headers", "list_dups", -}; + "set_header"}; // Prints the command line help. void PrintHelp() { @@ -70,6 +70,8 @@ void PrintHelp() { << "cache." << std::endl; std::cout << " update_raw_headers <key>: Update stdin as the key's raw " << "response headers." << std::endl; + std::cout << " set_header <key> <name> <value>: Set one of key's raw " + << "response headers." << std::endl; std::cout << " stop: Verify that the cache can be opened and return, " << "confirming the cache exists and is of the right type." << std::endl; @@ -173,7 +175,7 @@ class ProgramArgumentCommandMarshal final : public CommandMarshal { if (args_id_ < command_line_args_.size()) return command_line_args_[args_id_++]; if (!has_failed()) - ReturnFailure("Command line arguments to short."); + ReturnFailure("Command line arguments too short."); return ""; } @@ -405,6 +407,31 @@ std::string GetMD5ForResponseBody(disk_cache::Entry* entry) { return ""; } +void PersistResponseInfo(CommandMarshal* command_marshal, + const std::string& key, + const net::HttpResponseInfo& response_info) { + scoped_refptr<net::PickledIOBuffer> data = + base::MakeRefCounted<net::PickledIOBuffer>(); + response_info.Persist(data->pickle(), false, false); + data->Done(); + + TestEntryResultCompletionCallback cb_open; + EntryResult result = command_marshal->cache_backend()->OpenEntry( + key, net::HIGHEST, cb_open.callback()); + result = cb_open.GetResult(std::move(result)); + CHECK_EQ(result.net_error(), net::OK); + Entry* cache_entry = result.ReleaseEntry(); + + int data_len = data->pickle()->size(); + net::TestCompletionCallback cb; + int rv = cache_entry->WriteData(kResponseInfoIndex, 0, data.get(), data_len, + cb.callback(), true); + if (cb.GetResult(rv) != data_len) + return command_marshal->ReturnFailure("Couldn't write headers."); + command_marshal->ReturnSuccess(); + cache_entry->Close(); +} + void ListDups(CommandMarshal* command_marshal) { std::unique_ptr<Backend::Iterator> entry_iterator = command_marshal->cache_backend()->CreateIterator(); @@ -578,26 +605,40 @@ void UpdateRawResponseHeaders(CommandMarshal* command_marshal) { std::cerr << "WARNING: Truncated HTTP response." << std::endl; response_info.headers = new net::HttpResponseHeaders(raw_headers); - scoped_refptr<net::PickledIOBuffer> data = - base::MakeRefCounted<net::PickledIOBuffer>(); - response_info.Persist(data->pickle(), false, false); - data->Done(); + PersistResponseInfo(command_marshal, key, response_info); +} - TestEntryResultCompletionCallback cb_open; - EntryResult result = command_marshal->cache_backend()->OpenEntry( - key, net::HIGHEST, cb_open.callback()); - result = cb_open.GetResult(std::move(result)); - CHECK_EQ(result.net_error(), net::OK); - Entry* cache_entry = result.ReleaseEntry(); +// Sets a response header for a key. +void SetHeader(CommandMarshal* command_marshal) { + std::string key = command_marshal->ReadString(); + std::string header_name = command_marshal->ReadString(); + std::string header_value = command_marshal->ReadString(); + if (command_marshal->has_failed()) + return; - int data_len = data->pickle()->size(); - net::TestCompletionCallback cb; - int rv = cache_entry->WriteData(kResponseInfoIndex, 0, data.get(), data_len, - cb.callback(), true); - if (cb.GetResult(rv) != data_len) - return command_marshal->ReturnFailure("Couldn't write headers."); - command_marshal->ReturnSuccess(); - cache_entry->Close(); + // Open the existing entry. + scoped_refptr<net::GrowableIOBuffer> buffer( + GetStreamForKeyBuffer(command_marshal, key, kResponseInfoIndex)); + if (command_marshal->has_failed()) + return; + + // Read the entry into |response_info|. + net::HttpResponseInfo response_info; + bool truncated_response_info = false; + if (!net::HttpCache::ParseResponseInfo(buffer->StartOfBuffer(), + buffer->offset(), &response_info, + &truncated_response_info)) { + command_marshal->ReturnFailure("Couldn't read response info"); + return; + } + if (truncated_response_info) + std::cerr << "WARNING: Truncated HTTP response." << std::endl; + + // Update the header. + response_info.headers->SetHeader(header_name, header_value); + + // Write the entry. + PersistResponseInfo(command_marshal, key, response_info); } // Deletes a specified key stream from the cache. @@ -665,6 +706,8 @@ bool ExecuteCommands(CommandMarshal* command_marshal) { ListKeys(command_marshal); } else if (subcommand == "update_raw_headers") { UpdateRawResponseHeaders(command_marshal); + } else if (subcommand == "set_header") { + SetHeader(command_marshal); } else if (subcommand == "list_dups") { ListDups(command_marshal); } else { diff --git a/chromium/net/tools/cert_verify_tool/cert_verify_tool.cc b/chromium/net/tools/cert_verify_tool/cert_verify_tool.cc index 69d70e4dcd4..dd39fcbcd4a 100644 --- a/chromium/net/tools/cert_verify_tool/cert_verify_tool.cc +++ b/chromium/net/tools/cert_verify_tool/cert_verify_tool.cc @@ -34,11 +34,6 @@ #include "net/proxy_resolution/proxy_config_service_fixed.h" #endif -#if defined(USE_NSS_CERTS) -#include "net/cert_net/nss_ocsp.h" -#include "net/cert_net/nss_ocsp_session_url_request.h" -#endif - namespace { std::string GetUserAgent() { @@ -62,9 +57,6 @@ void SetUpOnNetworkThread( #endif *context = url_request_context_builder.Build(); -#if defined(USE_NSS_CERTS) - net::SetURLRequestContextForNSSHttpIO(context->get()); -#endif // TODO(mattm): add command line flag to configure using // CertNetFetcher *cert_net_fetcher = base::MakeRefCounted<net::CertNetFetcherURLRequest>(); @@ -200,7 +192,7 @@ std::unique_ptr<CertVerifyImpl> CreateCertVerifyImplFromName( base::StringPiece impl_name, scoped_refptr<net::CertNetFetcher> cert_net_fetcher, bool use_system_roots) { -#if !defined(OS_FUCHSIA) +#if !(defined(OS_FUCHSIA) || defined(OS_LINUX) || defined(OS_CHROMEOS)) if (impl_name == "platform") { if (!use_system_roots) { std::cerr << "WARNING: platform verifier not supported with " diff --git a/chromium/net/tools/cert_verify_tool/verify_using_path_builder.cc b/chromium/net/tools/cert_verify_tool/verify_using_path_builder.cc index 3088739d7cb..6a3801b443c 100644 --- a/chromium/net/tools/cert_verify_tool/verify_using_path_builder.cc +++ b/chromium/net/tools/cert_verify_tool/verify_using_path_builder.cc @@ -7,7 +7,6 @@ #include <iostream> #include <memory> -#include "base/logging.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_util.h" #include "crypto/sha2.h" diff --git a/chromium/net/tools/crash_cache/crash_cache.cc b/chromium/net/tools/crash_cache/crash_cache.cc index 44fef743b86..358e29f5ab5 100644 --- a/chromium/net/tools/crash_cache/crash_cache.cc +++ b/chromium/net/tools/crash_cache/crash_cache.cc @@ -10,9 +10,9 @@ #include <string> #include "base/at_exit.h" +#include "base/check.h" #include "base/command_line.h" #include "base/files/file_util.h" -#include "base/logging.h" #include "base/message_loop/message_pump_type.h" #include "base/path_service.h" #include "base/process/kill.h" diff --git a/chromium/net/tools/huffman_trie/bit_writer.cc b/chromium/net/tools/huffman_trie/bit_writer.cc index 1b238f4c042..74f5e5ecfb8 100644 --- a/chromium/net/tools/huffman_trie/bit_writer.cc +++ b/chromium/net/tools/huffman_trie/bit_writer.cc @@ -4,7 +4,7 @@ #include "net/tools/huffman_trie/bit_writer.h" -#include "base/logging.h" +#include "base/check.h" namespace net { diff --git a/chromium/net/tools/huffman_trie/huffman/huffman_builder.cc b/chromium/net/tools/huffman_trie/huffman/huffman_builder.cc index b1124c6d7ec..8551d8effe9 100644 --- a/chromium/net/tools/huffman_trie/huffman/huffman_builder.cc +++ b/chromium/net/tools/huffman_trie/huffman/huffman_builder.cc @@ -5,8 +5,9 @@ #include "net/tools/huffman_trie/huffman/huffman_builder.h" #include <algorithm> +#include <ostream> -#include "base/logging.h" +#include "base/check.h" namespace net { diff --git a/chromium/net/tools/huffman_trie/trie/trie_bit_buffer.cc b/chromium/net/tools/huffman_trie/trie/trie_bit_buffer.cc index 3e3ef70985c..88e38b4095e 100644 --- a/chromium/net/tools/huffman_trie/trie/trie_bit_buffer.cc +++ b/chromium/net/tools/huffman_trie/trie/trie_bit_buffer.cc @@ -4,7 +4,9 @@ #include "net/tools/huffman_trie/trie/trie_bit_buffer.h" -#include "base/logging.h" +#include <ostream> + +#include "base/check.h" #include "net/tools/huffman_trie/bit_writer.h" namespace net { diff --git a/chromium/net/tools/huffman_trie/trie/trie_writer.cc b/chromium/net/tools/huffman_trie/trie/trie_writer.cc index 54021663e1c..6c4ff8b0092 100644 --- a/chromium/net/tools/huffman_trie/trie/trie_writer.cc +++ b/chromium/net/tools/huffman_trie/trie/trie_writer.cc @@ -5,8 +5,9 @@ #include "net/tools/huffman_trie/trie/trie_writer.h" #include <algorithm> +#include <ostream> -#include "base/logging.h" +#include "base/check.h" #include "net/tools/huffman_trie/trie/trie_bit_buffer.h" namespace net { diff --git a/chromium/net/tools/quic/quic_simple_client.cc b/chromium/net/tools/quic/quic_simple_client.cc index ee8d31eb85d..5d8bf33b2a1 100644 --- a/chromium/net/tools/quic/quic_simple_client.cc +++ b/chromium/net/tools/quic/quic_simple_client.cc @@ -6,7 +6,6 @@ #include <utility> -#include "base/logging.h" #include "base/run_loop.h" #include "base/threading/thread_task_runner_handle.h" #include "net/base/net_errors.h" diff --git a/chromium/net/tools/quic/quic_simple_server_packet_writer.cc b/chromium/net/tools/quic/quic_simple_server_packet_writer.cc index 648689abf15..b4599eba584 100644 --- a/chromium/net/tools/quic/quic_simple_server_packet_writer.cc +++ b/chromium/net/tools/quic/quic_simple_server_packet_writer.cc @@ -7,8 +7,8 @@ #include <utility> #include "base/bind.h" +#include "base/check_op.h" #include "base/location.h" -#include "base/logging.h" #include "base/metrics/histogram_functions.h" #include "net/base/io_buffer.h" #include "net/base/net_errors.h" diff --git a/chromium/net/tools/quic/quic_transport_simple_server.cc b/chromium/net/tools/quic/quic_transport_simple_server.cc index c83ec1fd682..6f9095ab9e1 100644 --- a/chromium/net/tools/quic/quic_transport_simple_server.cc +++ b/chromium/net/tools/quic/quic_transport_simple_server.cc @@ -33,6 +33,17 @@ constexpr size_t kMaxReadsPerEvent = 32; constexpr size_t kMaxNewConnectionsPerEvent = 32; constexpr int kReadBufferSize = 2 * quic::kMaxIncomingPacketSize; +// TODO(vasilvv): move this into the shared code. +quic::ParsedQuicVersionVector AllVersionsValidForQuicTransport() { + quic::ParsedQuicVersionVector result; + for (quic::ParsedQuicVersion version : quic::AllSupportedVersions()) { + if (!quic::IsVersionValidForQuicTransport(version)) + continue; + result.push_back(version); + } + return result; +} + } // namespace class QuicTransportSimpleServerSessionHelper @@ -52,7 +63,7 @@ QuicTransportSimpleServer::QuicTransportSimpleServer( std::vector<url::Origin> accepted_origins, std::unique_ptr<quic::ProofSource> proof_source) : port_(port), - version_manager_({quic::DefaultVersionForQuicTransport()}), + version_manager_(AllVersionsValidForQuicTransport()), clock_(QuicChromiumClock::GetInstance()), crypto_config_(kSourceAddressTokenSecret, quic::QuicRandom::GetInstance(), diff --git a/chromium/net/tools/transport_security_state_generator/input_file_parsers.cc b/chromium/net/tools/transport_security_state_generator/input_file_parsers.cc index 4dfbca49c31..aa0401cc3c9 100644 --- a/chromium/net/tools/transport_security_state_generator/input_file_parsers.cc +++ b/chromium/net/tools/transport_security_state_generator/input_file_parsers.cc @@ -9,6 +9,7 @@ #include <vector> #include "base/json/json_reader.h" +#include "base/logging.h" #include "base/strings/strcat.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_piece.h" diff --git a/chromium/net/tools/transport_security_state_generator/spki_hash.cc b/chromium/net/tools/transport_security_state_generator/spki_hash.cc index 1fcc61e8469..6374aedc7fc 100644 --- a/chromium/net/tools/transport_security_state_generator/spki_hash.cc +++ b/chromium/net/tools/transport_security_state_generator/spki_hash.cc @@ -7,7 +7,6 @@ #include <string> #include "base/base64.h" -#include "base/logging.h" #include "base/strings/string_util.h" #include "third_party/boringssl/src/include/openssl/sha.h" diff --git a/chromium/net/url_request/ftp_protocol_handler.cc b/chromium/net/url_request/ftp_protocol_handler.cc index 4b96c5aae73..1adbb8a6de5 100644 --- a/chromium/net/url_request/ftp_protocol_handler.cc +++ b/chromium/net/url_request/ftp_protocol_handler.cc @@ -4,7 +4,7 @@ #include "net/url_request/ftp_protocol_handler.h" -#include "base/logging.h" +#include "base/check_op.h" #include "base/memory/ptr_util.h" #include "net/base/net_errors.h" #include "net/base/port_util.h" diff --git a/chromium/net/url_request/http_with_dns_over_https_unittest.cc b/chromium/net/url_request/http_with_dns_over_https_unittest.cc index f74083fa988..4e21e2566dc 100644 --- a/chromium/net/url_request/http_with_dns_over_https_unittest.cc +++ b/chromium/net/url_request/http_with_dns_over_https_unittest.cc @@ -4,7 +4,6 @@ #include "base/big_endian.h" #include "base/bind.h" -#include "base/logging.h" #include "base/memory/scoped_refptr.h" #include "net/base/privacy_mode.h" #include "net/base/proxy_server.h" diff --git a/chromium/net/url_request/url_fetcher.cc b/chromium/net/url_request/url_fetcher.cc index 331420fad2e..c52c281672a 100644 --- a/chromium/net/url_request/url_fetcher.cc +++ b/chromium/net/url_request/url_fetcher.cc @@ -11,6 +11,16 @@ namespace net { URLFetcher::~URLFetcher() = default; +// static +void URLFetcher::CancelAll() { + URLFetcherImpl::CancelAll(); +} + +// static +void URLFetcher::SetIgnoreCertificateRequests(bool ignored) { + URLFetcherImpl::SetIgnoreCertificateRequests(ignored); +} + #if (!defined(OS_WIN) && !defined(OS_LINUX)) || defined(OS_CHROMEOS) // static std::unique_ptr<URLFetcher> URLFetcher::Create( @@ -53,14 +63,4 @@ std::unique_ptr<URLFetcher> URLFetcher::Create( url, request_type, d, traffic_annotation)); } -// static -void URLFetcher::CancelAll() { - URLFetcherImpl::CancelAll(); -} - -// static -void URLFetcher::SetIgnoreCertificateRequests(bool ignored) { - URLFetcherImpl::SetIgnoreCertificateRequests(ignored); -} - } // namespace net diff --git a/chromium/net/url_request/url_fetcher.h b/chromium/net/url_request/url_fetcher.h index 98887b7d638..2a0b0ac1a4f 100644 --- a/chromium/net/url_request/url_fetcher.h +++ b/chromium/net/url_request/url_fetcher.h @@ -19,6 +19,7 @@ #include "net/base/net_export.h" #include "net/traffic_annotation/network_traffic_annotation.h" #include "net/url_request/url_request.h" +#include "net/url_request/url_request_status.h" class GURL; @@ -33,12 +34,27 @@ namespace url { class Origin; } +namespace cloud_print { +class CloudPrintURLFetcher; +} + +namespace cr_fuchsia { +class DevToolsListFetcher; +} + +namespace device { +class UsbTestGadgetImpl; +} + +namespace remoting { +class GstaticJsonFetcher; +} + namespace net { class HttpResponseHeaders; class URLFetcherDelegate; class URLFetcherResponseWriter; class URLRequestContextGetter; -class URLRequestStatus; // NOTE: This class should not be used by content embedders, as it requires an // in-process network stack. Content embedders should use @@ -111,59 +127,6 @@ class NET_EXPORT URLFetcher { virtual ~URLFetcher(); - // The unannotated Create() methods are not available on desktop Linux + - // Windows. They are available on other platforms, since we only audit network - // annotations on Linux & Windows. -#if (!defined(OS_WIN) && !defined(OS_LINUX)) || defined(OS_CHROMEOS) - // |url| is the URL to send the request to. It must be valid. - // |request_type| is the type of request to make. - // |d| the object that will receive the callback on fetch completion. - // This function should not be used in Chromium, please use the version with - // NetworkTrafficAnnotationTag below instead. - static std::unique_ptr<URLFetcher> Create( - const GURL& url, - URLFetcher::RequestType request_type, - URLFetcherDelegate* d); - - // Like above, but if there's a URLFetcherFactory registered with the - // implementation it will be used. |id| may be used during testing to identify - // who is creating the URLFetcher. - // This function should not be used in Chromium, please use the version with - // NetworkTrafficAnnotationTag below instead. - static std::unique_ptr<URLFetcher> Create( - int id, - const GURL& url, - URLFetcher::RequestType request_type, - URLFetcherDelegate* d); -#endif - - // |url| is the URL to send the request to. It must be valid. - // |request_type| is the type of request to make. - // |d| the object that will receive the callback on fetch completion. - // |traffic_annotation| metadata about the network traffic send via this - // URLFetcher, see net::DefineNetworkTrafficAnnotation. Note that: - // - net provides the API for tagging requests with an opaque identifier. - // - tools/traffic_annotation/traffic_annotation.proto contains the Chrome - // specific .proto describing the verbose annotation format that Chrome's - // callsites are expected to follow. - // - tools/traffic_annotation/ contains sample and template for annotation and - // tools will be added for verification following crbug.com/690323. - static std::unique_ptr<URLFetcher> Create( - const GURL& url, - URLFetcher::RequestType request_type, - URLFetcherDelegate* d, - NetworkTrafficAnnotationTag traffic_annotation); - - // Like above, but if there's a URLFetcherFactory registered with the - // implementation it will be used. |id| may be used during testing to identify - // who is creating the URLFetcher. - static std::unique_ptr<URLFetcher> Create( - int id, - const GURL& url, - URLFetcher::RequestType request_type, - URLFetcherDelegate* d, - NetworkTrafficAnnotationTag traffic_annotation); - // Cancels all existing URLFetchers. Will notify the URLFetcherDelegates. // Note that any new URLFetchers created while this is running will not be // cancelled. Typically, one would call this in the CleanUp() method of an IO @@ -380,6 +343,67 @@ class NET_EXPORT URLFetcher { virtual bool GetResponseAsFilePath( bool take_ownership, base::FilePath* out_response_path) const = 0; + + private: + // This class is deprecated, and no new code should be using it. Construction + // methods are private and pre-existing consumers are friended. + friend class cloud_print::CloudPrintURLFetcher; + friend class cr_fuchsia::DevToolsListFetcher; + friend class device::UsbTestGadgetImpl; + friend class remoting::GstaticJsonFetcher; + + // The unannotated Create() methods are not available on desktop Linux + + // Windows. They are available on other platforms, since we only audit network + // annotations on Linux & Windows. +#if (!defined(OS_WIN) && !defined(OS_LINUX)) || defined(OS_CHROMEOS) + // |url| is the URL to send the request to. It must be valid. + // |request_type| is the type of request to make. + // |d| the object that will receive the callback on fetch completion. + // This function should not be used in Chromium, please use the version with + // NetworkTrafficAnnotationTag below instead. + static std::unique_ptr<URLFetcher> Create( + const GURL& url, + URLFetcher::RequestType request_type, + URLFetcherDelegate* d); + + // Like above, but if there's a URLFetcherFactory registered with the + // implementation it will be used. |id| may be used during testing to identify + // who is creating the URLFetcher. + // This function should not be used in Chromium, please use the version with + // NetworkTrafficAnnotationTag below instead. + static std::unique_ptr<URLFetcher> Create( + int id, + const GURL& url, + URLFetcher::RequestType request_type, + URLFetcherDelegate* d); +#endif + + // |url| is the URL to send the request to. It must be valid. + // |request_type| is the type of request to make. + // |d| the object that will receive the callback on fetch completion. + // |traffic_annotation| metadata about the network traffic send via this + // URLFetcher, see net::DefineNetworkTrafficAnnotation. Note that: + // - net provides the API for tagging requests with an opaque identifier. + // - tools/traffic_annotation/traffic_annotation.proto contains the Chrome + // specific .proto describing the verbose annotation format that Chrome's + // callsites are expected to follow. + // - tools/traffic_annotation/ contains sample and template for annotation and + // tools will be added for verification following crbug.com/690323. + static std::unique_ptr<URLFetcher> Create( + const GURL& url, + URLFetcher::RequestType request_type, + URLFetcherDelegate* d, + NetworkTrafficAnnotationTag traffic_annotation); + + // Like above, but if there's a URLFetcherFactory registered with the + // implementation it will be used. |id| may be used during testing to identify + // who is creating the URLFetcher. + static std::unique_ptr<URLFetcher> Create( + int id, + const GURL& url, + URLFetcher::RequestType request_type, + URLFetcherDelegate* d, + NetworkTrafficAnnotationTag traffic_annotation); }; } // namespace net diff --git a/chromium/net/url_request/url_fetcher_core.cc b/chromium/net/url_request/url_fetcher_core.cc index 18fe37b0214..f4e1f4bb91d 100644 --- a/chromium/net/url_request/url_fetcher_core.cc +++ b/chromium/net/url_request/url_fetcher_core.cc @@ -9,7 +9,8 @@ #include "base/bind.h" #include "base/bind_helpers.h" -#include "base/logging.h" +#include "base/check_op.h" +#include "base/notreached.h" #include "base/sequenced_task_runner.h" #include "base/single_thread_task_runner.h" #include "base/stl_util.h" @@ -406,6 +407,7 @@ void URLFetcherCore::OnReceivedRedirect(URLRequest* request, stopped_on_redirect_ = true; url_ = redirect_info.new_url; response_code_ = request_->GetResponseCode(); + response_headers_ = request_->response_headers(); proxy_server_ = request_->proxy_server(); was_cached_ = request_->was_cached(); total_received_bytes_ += request_->GetTotalReceivedBytes(); diff --git a/chromium/net/url_request/url_fetcher_impl.cc b/chromium/net/url_request/url_fetcher_impl.cc index b26da6b9b7b..0c82b35bc62 100644 --- a/chromium/net/url_request/url_fetcher_impl.cc +++ b/chromium/net/url_request/url_fetcher_impl.cc @@ -17,14 +17,6 @@ namespace net { static URLFetcherFactory* g_factory = nullptr; -URLFetcherImpl::URLFetcherImpl( - const GURL& url, - RequestType request_type, - URLFetcherDelegate* d, - net::NetworkTrafficAnnotationTag traffic_annotation) - : core_( - new URLFetcherCore(this, url, request_type, d, traffic_annotation)) {} - URLFetcherImpl::~URLFetcherImpl() { core_->Stop(); } @@ -238,4 +230,12 @@ void URLFetcherImpl::set_factory(URLFetcherFactory* factory) { g_factory = factory; } +URLFetcherImpl::URLFetcherImpl( + const GURL& url, + RequestType request_type, + URLFetcherDelegate* d, + net::NetworkTrafficAnnotationTag traffic_annotation) + : core_( + new URLFetcherCore(this, url, request_type, d, traffic_annotation)) {} + } // namespace net diff --git a/chromium/net/url_request/url_fetcher_impl.h b/chromium/net/url_request/url_fetcher_impl.h index 32795049907..c9c8a3c39b1 100644 --- a/chromium/net/url_request/url_fetcher_impl.h +++ b/chromium/net/url_request/url_fetcher_impl.h @@ -32,13 +32,6 @@ class URLFetcherFactory; class NET_EXPORT_PRIVATE URLFetcherImpl : public URLFetcher { public: - // |url| is the URL to send the request to. - // |request_type| is the type of request to make. - // |d| the object that will receive the callback on fetch completion. - URLFetcherImpl(const GURL& url, - RequestType request_type, - URLFetcherDelegate* d, - net::NetworkTrafficAnnotationTag traffic_annotation); ~URLFetcherImpl() override; // URLFetcher implementation: @@ -121,6 +114,16 @@ class NET_EXPORT_PRIVATE URLFetcherImpl : public URLFetcher { private: friend class URLFetcherTest; + friend class URLFetcher; + friend class WaitingURLFetcherDelegate; + + // |url| is the URL to send the request to. + // |request_type| is the type of request to make. + // |d| the object that will receive the callback on fetch completion. + URLFetcherImpl(const GURL& url, + RequestType request_type, + URLFetcherDelegate* d, + net::NetworkTrafficAnnotationTag traffic_annotation); // Only used by URLFetcherTest, returns the number of URLFetcher::Core objects // actively running. diff --git a/chromium/net/url_request/url_fetcher_impl_unittest.cc b/chromium/net/url_request/url_fetcher_impl_unittest.cc index d987b9a75a7..7c9741922b2 100644 --- a/chromium/net/url_request/url_fetcher_impl_unittest.cc +++ b/chromium/net/url_request/url_fetcher_impl_unittest.cc @@ -60,31 +60,6 @@ using base::TimeDelta; using net::test::IsError; using net::test::IsOk; -// TODO(eroman): Add a regression test for http://crbug.com/40505. - -namespace { - -// TODO(akalin): Move all the test data to somewhere under net/. -const base::FilePath::CharType kDocRoot[] = - FILE_PATH_LITERAL("net/data/url_fetcher_impl_unittest"); -const char kTestServerFilePrefix[] = "/"; - -// Test server path and response body for the default URL used by many of the -// tests. -const char kDefaultResponsePath[] = "/defaultresponse"; -const char kDefaultResponseBody[] = - "Default response given for path: /defaultresponse"; - -// Request body for streams created by CreateUploadStream. -const char kCreateUploadStreamBody[] = "rosebud"; - -base::FilePath GetUploadFileTestPath() { - base::FilePath path; - base::PathService::Get(base::DIR_SOURCE_ROOT, &path); - return path.Append( - FILE_PATH_LITERAL("net/data/url_request_unittest/BullRunSpeech.txt")); -} - // Simple URLRequestDelegate that waits for the specified fetcher to complete. // Can only be used once. class WaitingURLFetcherDelegate : public URLFetcherDelegate { @@ -184,6 +159,29 @@ class WaitingURLFetcherDelegate : public URLFetcherDelegate { DISALLOW_COPY_AND_ASSIGN(WaitingURLFetcherDelegate); }; +namespace { + +// TODO(akalin): Move all the test data to somewhere under net/. +const base::FilePath::CharType kDocRoot[] = + FILE_PATH_LITERAL("net/data/url_fetcher_impl_unittest"); +const char kTestServerFilePrefix[] = "/"; + +// Test server path and response body for the default URL used by many of the +// tests. +const char kDefaultResponsePath[] = "/defaultresponse"; +const char kDefaultResponseBody[] = + "Default response given for path: /defaultresponse"; + +// Request body for streams created by CreateUploadStream. +const char kCreateUploadStreamBody[] = "rosebud"; + +base::FilePath GetUploadFileTestPath() { + base::FilePath path; + base::PathService::Get(base::DIR_SOURCE_ROOT, &path); + return path.Append( + FILE_PATH_LITERAL("net/data/url_request_unittest/BullRunSpeech.txt")); +} + // A TestURLRequestContext with a ThrottleManager and a MockHostResolver. class FetcherTestURLRequestContext : public TestURLRequestContext { public: @@ -1185,6 +1183,9 @@ TEST_F(URLFetcherTest, StopOnRedirect) { delegate.fetcher()->GetStatus().status()); EXPECT_THAT(delegate.fetcher()->GetStatus().error(), IsError(ERR_ABORTED)); EXPECT_EQ(301, delegate.fetcher()->GetResponseCode()); + ASSERT_TRUE(delegate.fetcher()->GetResponseHeaders()); + EXPECT_TRUE(delegate.fetcher()->GetResponseHeaders()->HasHeaderValue( + "Location", std::string(kRedirectTarget))); } TEST_F(URLFetcherTest, ThrottleOnRepeatedFetches) { diff --git a/chromium/net/url_request/url_request.cc b/chromium/net/url_request/url_request.cc index e1296e21964..40927b586fa 100644 --- a/chromium/net/url_request/url_request.cc +++ b/chromium/net/url_request/url_request.cc @@ -181,8 +181,8 @@ URLRequest::~URLRequest() { int net_error = OK; // Log error only on failure, not cancellation, as even successful requests // are "cancelled" on destruction. - if (status_.status() == URLRequestStatus::FAILED) - net_error = status_.error(); + if (status_ != ERR_ABORTED) + net_error = status_; net_log_.EndEventWithNetErrorCode(NetLogEventType::REQUEST_ALIVE, net_error); } @@ -285,25 +285,8 @@ base::Value URLRequest::GetStateAsValue() const { dict.SetIntKey("traffic_annotation", traffic_annotation_.unique_id_hash_code); - // Add the status of the request. The status should always be IO_PENDING, and - // the error should always be OK, unless something is holding onto a request - // that has finished or a request was leaked. Neither of these should happen. - switch (status_.status()) { - case URLRequestStatus::SUCCESS: - dict.SetStringKey("status", "SUCCESS"); - break; - case URLRequestStatus::IO_PENDING: - dict.SetStringKey("status", "IO_PENDING"); - break; - case URLRequestStatus::CANCELED: - dict.SetStringKey("status", "CANCELED"); - break; - case URLRequestStatus::FAILED: - dict.SetStringKey("status", "FAILED"); - break; - } - if (status_.error() != OK) - dict.SetIntKey("net_error", status_.error()); + if (status_ != OK) + dict.SetIntKey("net_error", status_); return dict; } @@ -502,7 +485,7 @@ void URLRequest::set_allow_credentials(bool allow_credentials) { void URLRequest::Start() { DCHECK(delegate_); - if (!status_.is_success()) + if (status_ != OK) return; // Some values can be NULL, but the job factory must not be. @@ -551,7 +534,7 @@ URLRequest::URLRequest(const GURL& url, net_log_(NetLogWithSource::Make(context->net_log(), NetLogSourceType::URL_REQUEST)), url_chain_(1, url), - attach_same_site_cookies_(false), + force_ignore_site_for_cookies_(false), method_("GET"), referrer_policy_(CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE), first_party_url_policy_(NEVER_CHANGE_FIRST_PARTY_URL), @@ -562,7 +545,7 @@ URLRequest::URLRequest(const GURL& url, reporting_upload_depth_(0), #endif delegate_(delegate), - status_(URLRequestStatus::FromError(OK)), + status_(OK), is_pending_(false), is_redirecting_(false), redirect_limit_(kMaxRedirects), @@ -590,8 +573,8 @@ void URLRequest::BeforeRequestComplete(int error) { DCHECK(!job_.get()); DCHECK_NE(ERR_IO_PENDING, error); - // Check that there are no callbacks to already canceled requests. - DCHECK_NE(URLRequestStatus::CANCELED, status_.status()); + // Check that there are no callbacks to already failed or canceled requests. + DCHECK(!failed()); OnCallToDelegateComplete(); @@ -674,7 +657,7 @@ void URLRequest::StartJob(URLRequestJob* job) { // directly into the URLRequestJob subclass, so URLRequestJob can't set it // here. // TODO(mmenke): Make the URLRequest manage its own status. - status_ = URLRequestStatus::FromError(ERR_IO_PENDING); + status_ = ERR_IO_PENDING; job_->Start(); } @@ -711,8 +694,8 @@ int URLRequest::DoCancel(int error, const SSLInfo& ssl_info) { // If the URL request already has an error status, then canceling is a no-op. // Plus, we don't want to change the error status once it has been set. - if (status_.is_success()) { - status_ = URLRequestStatus(URLRequestStatus::CANCELED, error); + if (!failed()) { + status_ = error; response_info_.ssl_info = ssl_info; // If the request hasn't already been completed, log a cancellation event. @@ -735,25 +718,26 @@ int URLRequest::DoCancel(int error, const SSLInfo& ssl_info) { // that the Delegate implementation can call Cancel without having to worry // about being called recursively. - return status_.error(); + return status_; } int URLRequest::Read(IOBuffer* dest, int dest_size) { DCHECK(job_.get()); + DCHECK_NE(ERR_IO_PENDING, status_); // If this is the first read, end the delegate call that may have started in // OnResponseStarted. OnCallToDelegateComplete(); // If the request has failed, Read() will return actual network error code. - if (!status_.is_success()) - return status_.error(); + if (status_ != OK) + return status_; // This handles reads after the request already completed successfully. // TODO(ahendrickson): DCHECK() that it is not done after // http://crbug.com/115705 is fixed. if (job_->is_done()) - return status_.error(); + return status_; if (dest_size == 0) { // Caller is not too bright. I guess we've done what they asked. @@ -762,16 +746,26 @@ int URLRequest::Read(IOBuffer* dest, int dest_size) { int rv = job_->Read(dest, dest_size); if (rv == ERR_IO_PENDING) { - set_status(URLRequestStatus::FromError(ERR_IO_PENDING)); + set_status(ERR_IO_PENDING); } else if (rv <= 0) { NotifyRequestCompleted(); } // If rv is not 0 or actual bytes read, the status cannot be success. - DCHECK(rv >= 0 || status_.status() != URLRequestStatus::SUCCESS); + DCHECK(rv >= 0 || status_ != OK); return rv; } +void URLRequest::set_status(int status) { + DCHECK_LE(status, 0); + DCHECK(!failed() || (status != OK && status != ERR_IO_PENDING)); + status_ = status; +} + +bool URLRequest::failed() const { + return (status_ != OK && status_ != ERR_IO_PENDING); +} + void URLRequest::NotifyReceivedRedirect(const RedirectInfo& redirect_info, bool* defer_redirect) { is_redirecting_ = true; @@ -780,30 +774,29 @@ void URLRequest::NotifyReceivedRedirect(const RedirectInfo& redirect_info, // |this| may be have been destroyed here. } -void URLRequest::NotifyResponseStarted(const URLRequestStatus& status) { +void URLRequest::NotifyResponseStarted(int net_error) { + DCHECK_LE(net_error, 0); + // Change status if there was an error. - if (status.status() != URLRequestStatus::SUCCESS) - set_status(status); + if (net_error != OK) + set_status(net_error); // |status_| should not be ERR_IO_PENDING when calling into the // URLRequest::Delegate(). - DCHECK(!status_.is_io_pending()); + DCHECK_NE(ERR_IO_PENDING, status_); - int net_error = OK; - if (!status_.is_success()) - net_error = status_.error(); net_log_.EndEventWithNetErrorCode(NetLogEventType::URL_REQUEST_START_JOB, net_error); // In some cases (e.g. an event was canceled), we might have sent the // completion event and receive a NotifyResponseStarted() later. - if (!has_notified_completion_ && status_.is_success()) { + if (!has_notified_completion_ && net_error == OK) { if (network_delegate_) network_delegate_->NotifyResponseStarted(this, net_error); } // Notify in case the entire URL Request has been finished. - if (!has_notified_completion_ && !status_.is_success()) + if (!has_notified_completion_ && net_error != OK) NotifyRequestCompleted(); OnCallToDelegate(NetLogEventType::URL_REQUEST_DELEGATE_RESPONSE_STARTED); @@ -816,12 +809,12 @@ void URLRequest::FollowDeferredRedirect( const base::Optional<std::vector<std::string>>& removed_headers, const base::Optional<net::HttpRequestHeaders>& modified_headers) { DCHECK(job_.get()); - DCHECK(status_.is_success()); + DCHECK_EQ(OK, status_); maybe_sent_cookies_.clear(); maybe_stored_cookies_.clear(); - status_ = URLRequestStatus::FromError(ERR_IO_PENDING); + status_ = ERR_IO_PENDING; job_->FollowDeferredRedirect(removed_headers, modified_headers); } @@ -832,7 +825,7 @@ void URLRequest::SetAuth(const AuthCredentials& credentials) { maybe_sent_cookies_.clear(); maybe_stored_cookies_.clear(); - status_ = URLRequestStatus::FromError(ERR_IO_PENDING); + status_ = ERR_IO_PENDING; job_->SetAuth(credentials); } @@ -840,7 +833,7 @@ void URLRequest::CancelAuth() { DCHECK(job_.get()); DCHECK(job_->NeedsAuth()); - status_ = URLRequestStatus::FromError(ERR_IO_PENDING); + status_ = ERR_IO_PENDING; job_->CancelAuth(); } @@ -852,7 +845,7 @@ void URLRequest::ContinueWithCertificate( // Matches the call in NotifyCertificateRequested. OnCallToDelegateComplete(); - status_ = URLRequestStatus::FromError(ERR_IO_PENDING); + status_ = ERR_IO_PENDING; job_->ContinueWithCertificate(std::move(client_cert), std::move(client_private_key)); } @@ -863,7 +856,7 @@ void URLRequest::ContinueDespiteLastError() { // Matches the call in NotifySSLCertificateError. OnCallToDelegateComplete(); - status_ = URLRequestStatus::FromError(ERR_IO_PENDING); + status_ = ERR_IO_PENDING; job_->ContinueDespiteLastError(); } @@ -883,7 +876,7 @@ void URLRequest::PrepareToRestart() { load_timing_info_.request_start_time = response_info_.request_time; load_timing_info_.request_start = base::TimeTicks::Now(); - status_ = URLRequestStatus(); + status_ = OK; is_pending_ = false; proxy_server_ = ProxyServer(); } @@ -968,15 +961,15 @@ void URLRequest::SetPriority(RequestPriority priority) { void URLRequest::NotifyAuthRequired( std::unique_ptr<AuthChallengeInfo> auth_info) { DCHECK(auth_info); - // Check that there are no callbacks to already canceled requests. - DCHECK_NE(URLRequestStatus::CANCELED, status_.status()); + // Check that there are no callbacks to already failed or cancelled requests. + DCHECK(!failed()); delegate_->OnAuthRequired(this, *auth_info.get()); } void URLRequest::NotifyCertificateRequested( SSLCertRequestInfo* cert_request_info) { - status_ = URLRequestStatus(); + status_ = OK; OnCallToDelegate(NetLogEventType::URL_REQUEST_DELEGATE_CERTIFICATE_REQUESTED); delegate_->OnCertificateRequested(this, cert_request_info); @@ -985,7 +978,7 @@ void URLRequest::NotifyCertificateRequested( void URLRequest::NotifySSLCertificateError(int net_error, const SSLInfo& ssl_info, bool fatal) { - status_ = URLRequestStatus(); + status_ = OK; OnCallToDelegate(NetLogEventType::URL_REQUEST_DELEGATE_SSL_CERTIFICATE_ERROR); delegate_->OnSSLCertificateError(this, net_error, ssl_info, fatal); } @@ -1039,7 +1032,7 @@ net::PrivacyMode URLRequest::DeterminePrivacyMode() const { void URLRequest::NotifyReadCompleted(int bytes_read) { if (bytes_read > 0) - set_status(URLRequestStatus()); + set_status(OK); // Notify in case the entire URL Request has been finished. if (bytes_read <= 0) NotifyRequestCompleted(); @@ -1049,8 +1042,11 @@ void URLRequest::NotifyReadCompleted(int bytes_read) { // here. // TODO(maksims): NotifyReadCompleted take the error code as an argument on // failure, rather than -1. - if (bytes_read == -1) - bytes_read = status_.error(); + if (bytes_read == -1) { + // |status_| should indicate an error. + DCHECK(failed()); + bytes_read = status_; + } delegate_->OnReadCompleted(this, bytes_read); @@ -1058,7 +1054,7 @@ void URLRequest::NotifyReadCompleted(int bytes_read) { } void URLRequest::OnHeadersComplete() { - set_status(URLRequestStatus()); + set_status(OK); // Cache load timing information now, as information will be lost once the // socket is closed and the ClientSocketHandle is Reset, which will happen // once the body is complete. The start times should already be populated. @@ -1090,8 +1086,7 @@ void URLRequest::NotifyRequestCompleted() { is_redirecting_ = false; has_notified_completion_ = true; if (network_delegate_) - network_delegate_->NotifyCompleted(this, job_.get() != nullptr, - status_.error()); + network_delegate_->NotifyCompleted(this, job_.get() != nullptr, status_); } void URLRequest::OnCallToDelegate(NetLogEventType type) { @@ -1162,12 +1157,6 @@ void URLRequest::set_socket_tag(const SocketTag& socket_tag) { socket_tag_ = socket_tag; } -void URLRequest::set_status(URLRequestStatus status) { - DCHECK(status_.is_io_pending() || status_.is_success() || - (!status.is_success() && !status.is_io_pending())); - status_ = status; -} - base::WeakPtr<URLRequest> URLRequest::GetWeakPtr() { return weak_factory_.GetWeakPtr(); } diff --git a/chromium/net/url_request/url_request.h b/chromium/net/url_request/url_request.h index c1dfbab4ce3..e967a680d6e 100644 --- a/chromium/net/url_request/url_request.h +++ b/chromium/net/url_request/url_request.h @@ -44,7 +44,6 @@ #include "net/socket/connection_attempts.h" #include "net/socket/socket_tag.h" #include "net/traffic_annotation/network_traffic_annotation.h" -#include "net/url_request/url_request_status.h" #include "url/gurl.h" #include "url/origin.h" @@ -290,9 +289,11 @@ class NET_EXPORT URLRequest : public base::SupportsUserData { // Indicate whether SameSite cookies should be attached even though the // request is cross-site. - bool attach_same_site_cookies() const { return attach_same_site_cookies_; } - void set_attach_same_site_cookies(bool attach) { - attach_same_site_cookies_ = attach; + bool force_ignore_site_for_cookies() const { + return force_ignore_site_for_cookies_; + } + void set_force_ignore_site_for_cookies(bool attach) { + force_ignore_site_for_cookies_ = attach; } // The first-party URL policy to apply when updating the first party URL @@ -729,11 +730,15 @@ class NET_EXPORT URLRequest : public base::SupportsUserData { // Allow the URLRequestJob class to control the is_pending() flag. void set_is_pending(bool value) { is_pending_ = value; } - // Allow the URLRequestJob class to set our status too. - void set_status(URLRequestStatus status); + // Setter / getter for the status of the request. Status is represented as a + // net::Error code. See |status_|. + int status() const { return status_; } + void set_status(int status); + + // Returns true if the request failed or was cancelled. + bool failed() const; // Returns the error status of the request. - const URLRequestStatus& status() const { return status_; } // Allow the URLRequestJob to redirect this request. If non-null, // |removed_headers| and |modified_headers| are changes @@ -796,7 +801,7 @@ class NET_EXPORT URLRequest : public base::SupportsUserData { // Called by URLRequestJob to allow interception when the final response // occurs. - void NotifyResponseStarted(const URLRequestStatus& status); + void NotifyResponseStarted(int net_error); // These functions delegate to |delegate_|. See URLRequest::Delegate for the // meaning of these functions. @@ -847,7 +852,7 @@ class NET_EXPORT URLRequest : public base::SupportsUserData { IsolationInfo isolation_info_; - bool attach_same_site_cookies_; + bool force_ignore_site_for_cookies_; base::Optional<url::Origin> initiator_; GURL delegate_redirect_url_; std::string method_; // "GET", "POST", etc. Should be all uppercase. @@ -871,10 +876,18 @@ class NET_EXPORT URLRequest : public base::SupportsUserData { // Notify... methods for this. Delegate* delegate_; - // Current error status of the job. When no error has been encountered, this - // will be SUCCESS. If multiple errors have been encountered, this will be - // the first non-SUCCESS status seen. - URLRequestStatus status_; + // Current error status of the job, as a net::Error code. When the job is + // busy, it is ERR_IO_PENDING. When the job is idle (either completed, or + // awaiting a call from the URLRequestDelegate before continuing the request), + // it is OK. If the request has been cancelled without a specific error, it is + // ERR_ABORTED. And on failure, it's the corresponding error code for that + // error. + // + // |status_| may bounce between ERR_IO_PENDING and OK as a request proceeds, + // but once an error is encountered or the request is canceled, it will take + // the appropriate error code and never change again. If multiple failures + // have been encountered, this will be the first error encountered. + int status_; // The HTTP response info, lazily initialized. HttpResponseInfo response_info_; diff --git a/chromium/net/url_request/url_request_context.cc b/chromium/net/url_request/url_request_context.cc index 9a13359a030..66e582eb517 100644 --- a/chromium/net/url_request/url_request_context.cc +++ b/chromium/net/url_request/url_request_context.cc @@ -55,6 +55,7 @@ URLRequestContext::URLRequestContext() url_requests_(std::make_unique<std::set<const URLRequest*>>()), enable_brotli_(false), check_cleartext_permitted_(false), + require_network_isolation_key_(false), name_("unknown") { base::trace_event::MemoryDumpManager::GetInstance()->RegisterDumpProvider( this, "URLRequestContext", base::ThreadTaskRunnerHandle::Get()); diff --git a/chromium/net/url_request/url_request_context.h b/chromium/net/url_request/url_request_context.h index f2bfa716843..c1d56098cb4 100644 --- a/chromium/net/url_request/url_request_context.h +++ b/chromium/net/url_request/url_request_context.h @@ -284,6 +284,13 @@ class NET_EXPORT URLRequestContext // Returns current value of the |check_cleartext_permitted| flag. bool check_cleartext_permitted() const { return check_cleartext_permitted_; } + void set_require_network_isolation_key(bool require_network_isolation_key) { + require_network_isolation_key_ = require_network_isolation_key; + } + bool require_network_isolation_key() const { + return require_network_isolation_key_; + } + #if !BUILDFLAG(DISABLE_FTP_SUPPORT) void set_ftp_auth_cache(FtpAuthCache* auth_cache) { ftp_auth_cache_ = auth_cache; @@ -345,6 +352,10 @@ class NET_EXPORT URLRequestContext // request. Only used on Android. bool check_cleartext_permitted_; + // Triggers a DCHECK if a NetworkIsolationKey/IsolationInfo is not provided to + // a request when true. + bool require_network_isolation_key_; + // An optional name which can be set to describe this URLRequestContext. // Used in MemoryDumpProvier to annotate memory usage. The name does not need // to be unique. diff --git a/chromium/net/url_request/url_request_context_builder.cc b/chromium/net/url_request/url_request_context_builder.cc index 2e255cba20d..943423b3f81 100644 --- a/chromium/net/url_request/url_request_context_builder.cc +++ b/chromium/net/url_request/url_request_context_builder.cc @@ -8,9 +8,10 @@ #include <utility> #include <vector> +#include "base/check_op.h" #include "base/compiler_specific.h" -#include "base/logging.h" #include "base/macros.h" +#include "base/notreached.h" #include "base/single_thread_task_runner.h" #include "base/strings/string_util.h" #include "base/task/post_task.h" @@ -498,17 +499,7 @@ std::unique_ptr<URLRequestContext> URLRequestContextBuilder::Build() { proxy_resolution_service_ = CreateProxyResolutionService( std::move(proxy_config_service_), context.get(), context->host_resolver(), context->network_delegate(), - context->net_log()); - - // Although CreateProxyResolutionService() tries its best to set the PAC - // quick check flag, it may be overridden by a child class. We should make - // sure we set that value here if applicable. - ConfiguredProxyResolutionService* configured_proxy_resolution_service = - nullptr; - if (proxy_resolution_service_->CastToConfiguredProxyResolutionService( - &configured_proxy_resolution_service)) - configured_proxy_resolution_service->set_quick_check_enabled( - pac_quick_check_enabled_); + context->net_log(), pac_quick_check_enabled_); } ProxyResolutionService* proxy_resolution_service = proxy_resolution_service_.get(); @@ -634,9 +625,10 @@ URLRequestContextBuilder::CreateProxyResolutionService( URLRequestContext* url_request_context, HostResolver* host_resolver, NetworkDelegate* network_delegate, - NetLog* net_log) { + NetLog* net_log, + bool pac_quick_check_enabled) { return ConfiguredProxyResolutionService::CreateUsingSystemProxyResolver( - std::move(proxy_config_service), pac_quick_check_enabled_, net_log); + std::move(proxy_config_service), net_log, pac_quick_check_enabled); } } // namespace net diff --git a/chromium/net/url_request/url_request_context_builder.h b/chromium/net/url_request/url_request_context_builder.h index f3ab4235453..1c21cbe3737 100644 --- a/chromium/net/url_request/url_request_context_builder.h +++ b/chromium/net/url_request/url_request_context_builder.h @@ -326,7 +326,8 @@ class NET_EXPORT URLRequestContextBuilder { URLRequestContext* url_request_context, HostResolver* host_resolver, NetworkDelegate* network_delegate, - NetLog* net_log); + NetLog* net_log, + bool pac_quick_check_enabled); private: std::string name_; diff --git a/chromium/net/url_request/url_request_context_getter.cc b/chromium/net/url_request/url_request_context_getter.cc index 028a449acfd..cd698a3cd0d 100644 --- a/chromium/net/url_request/url_request_context_getter.cc +++ b/chromium/net/url_request/url_request_context_getter.cc @@ -61,22 +61,4 @@ void URLRequestContextGetter::NotifyContextShuttingDown() { observer.OnContextShuttingDown(); } -TrivialURLRequestContextGetter::TrivialURLRequestContextGetter( - URLRequestContext* context, - const scoped_refptr<base::SingleThreadTaskRunner>& main_task_runner) - : context_(context), main_task_runner_(main_task_runner) { -} - -TrivialURLRequestContextGetter::~TrivialURLRequestContextGetter() = default; - -URLRequestContext* TrivialURLRequestContextGetter::GetURLRequestContext() { - return context_; -} - -scoped_refptr<base::SingleThreadTaskRunner> -TrivialURLRequestContextGetter::GetNetworkTaskRunner() const { - return main_task_runner_; -} - - } // namespace net diff --git a/chromium/net/url_request/url_request_context_getter.h b/chromium/net/url_request/url_request_context_getter.h index def76d3902f..6726c8c8c08 100644 --- a/chromium/net/url_request/url_request_context_getter.h +++ b/chromium/net/url_request/url_request_context_getter.h @@ -100,29 +100,6 @@ struct URLRequestContextGetterTraits { } }; -// For use in shimming a URLRequestContext into a URLRequestContextGetter. -class NET_EXPORT TrivialURLRequestContextGetter - : public URLRequestContextGetter { - public: - TrivialURLRequestContextGetter( - URLRequestContext* context, - const scoped_refptr<base::SingleThreadTaskRunner>& main_task_runner); - - // URLRequestContextGetter implementation: - URLRequestContext* GetURLRequestContext() override; - - scoped_refptr<base::SingleThreadTaskRunner> GetNetworkTaskRunner() - const override; - - private: - ~TrivialURLRequestContextGetter() override; - - URLRequestContext* context_; - const scoped_refptr<base::SingleThreadTaskRunner> main_task_runner_; - - DISALLOW_COPY_AND_ASSIGN(TrivialURLRequestContextGetter); -}; - } // namespace net #endif // NET_URL_REQUEST_URL_REQUEST_CONTEXT_GETTER_H_ diff --git a/chromium/net/url_request/url_request_context_storage.cc b/chromium/net/url_request/url_request_context_storage.cc index 258c5700f5b..746fc674338 100644 --- a/chromium/net/url_request/url_request_context_storage.cc +++ b/chromium/net/url_request/url_request_context_storage.cc @@ -6,7 +6,7 @@ #include <utility> -#include "base/logging.h" +#include "base/check.h" #include "net/base/http_user_agent_settings.h" #include "net/base/network_delegate.h" #include "net/base/proxy_delegate.h" diff --git a/chromium/net/url_request/url_request_error_job.cc b/chromium/net/url_request/url_request_error_job.cc index aba7e5783bd..e47d6cddcd8 100644 --- a/chromium/net/url_request/url_request_error_job.cc +++ b/chromium/net/url_request/url_request_error_job.cc @@ -10,7 +10,6 @@ #include "base/single_thread_task_runner.h" #include "base/threading/thread_task_runner_handle.h" #include "net/base/net_errors.h" -#include "net/url_request/url_request_status.h" namespace net { @@ -33,7 +32,7 @@ void URLRequestErrorJob::Kill() { } void URLRequestErrorJob::StartAsync() { - NotifyStartError(URLRequestStatus(URLRequestStatus::FAILED, error_)); + NotifyStartError(error_); } } // namespace net diff --git a/chromium/net/url_request/url_request_ftp_job.cc b/chromium/net/url_request/url_request_ftp_job.cc index 2f6f3cfd8a3..8a23199daa9 100644 --- a/chromium/net/url_request/url_request_ftp_job.cc +++ b/chromium/net/url_request/url_request_ftp_job.cc @@ -199,7 +199,7 @@ void URLRequestFtpJob::OnStartCompleted(int result) { HandleAuthNeededResponse(); } else { LogFtpStartResult(FTPStartResult::kFailed); - NotifyStartError(URLRequestStatus(URLRequestStatus::FAILED, result)); + NotifyStartError(result); } } diff --git a/chromium/net/url_request/url_request_http_job.cc b/chromium/net/url_request/url_request_http_job.cc index 221d7cd946d..0e88cd83a0c 100644 --- a/chromium/net/url_request/url_request_http_job.cc +++ b/chromium/net/url_request/url_request_http_job.cc @@ -390,8 +390,8 @@ void URLRequestHttpJob::StartTransaction() { } void URLRequestHttpJob::NotifyBeforeStartTransactionCallback(int result) { - // Check that there are no callbacks to already canceled requests. - DCHECK_NE(URLRequestStatus::CANCELED, GetStatus().status()); + // The request should not have been cancelled or have already completed. + DCHECK(!is_done()); MaybeStartTransactionInternal(result); } @@ -405,10 +405,8 @@ void URLRequestHttpJob::MaybeStartTransactionInternal(int result) { "source", "delegate"); // Don't call back synchronously to the delegate. base::ThreadTaskRunnerHandle::Get()->PostTask( - FROM_HERE, - base::BindOnce(&URLRequestHttpJob::NotifyStartError, - weak_factory_.GetWeakPtr(), - URLRequestStatus(URLRequestStatus::FAILED, result))); + FROM_HERE, base::BindOnce(&URLRequestHttpJob::NotifyStartError, + weak_factory_.GetWeakPtr(), result)); } } @@ -531,17 +529,18 @@ void URLRequestHttpJob::AddCookieHeaderAndStart() { CookieOptions options; options.set_return_excluded_cookies(); options.set_include_httponly(); - bool attach_same_site_cookies = request_->attach_same_site_cookies(); + bool force_ignore_site_for_cookies = + request_->force_ignore_site_for_cookies(); if (cookie_store->cookie_access_delegate() && cookie_store->cookie_access_delegate() ->ShouldIgnoreSameSiteRestrictions(request_->url(), request_->site_for_cookies())) { - attach_same_site_cookies = true; + force_ignore_site_for_cookies = true; } options.set_same_site_cookie_context( net::cookie_util::ComputeSameSiteContextForRequest( request_->method(), request_->url(), request_->site_for_cookies(), - request_->initiator(), attach_same_site_cookies)); + request_->initiator(), force_ignore_site_for_cookies)); cookie_store->GetCookieListWithOptionsAsync( request_->url(), options, base::BindOnce(&URLRequestHttpJob::SetCookieHeaderAndStart, @@ -659,7 +658,7 @@ void URLRequestHttpJob::SaveCookiesAndNotifyHeadersComplete(int result) { if (result != OK) { request_->net_log().AddEventWithStringParams(NetLogEventType::CANCELLED, "source", "delegate"); - NotifyStartError(URLRequestStatus(URLRequestStatus::FAILED, result)); + NotifyStartError(result); return; } @@ -677,16 +676,17 @@ void URLRequestHttpJob::SaveCookiesAndNotifyHeadersComplete(int result) { CookieOptions options; options.set_include_httponly(); - bool attach_same_site_cookies = request_->attach_same_site_cookies(); + bool force_ignore_site_for_cookies = + request_->force_ignore_site_for_cookies(); if (cookie_store->cookie_access_delegate() && cookie_store->cookie_access_delegate()->ShouldIgnoreSameSiteRestrictions( request_->url(), request_->site_for_cookies())) { - attach_same_site_cookies = true; + force_ignore_site_for_cookies = true; } options.set_same_site_cookie_context( net::cookie_util::ComputeSameSiteContextForResponse( request_->url(), request_->site_for_cookies(), request_->initiator(), - attach_same_site_cookies)); + force_ignore_site_for_cookies)); options.set_return_excluded_cookies(); @@ -732,7 +732,7 @@ void URLRequestHttpJob::SaveCookiesAndNotifyHeadersComplete(int result) { } request_->context()->cookie_store()->SetCanonicalCookieAsync( - std::move(cookie), request_->url().scheme(), options, + std::move(cookie), request_->url(), options, base::BindOnce(&URLRequestHttpJob::OnSetCookieResult, weak_factory_.GetWeakPtr(), options, cookie_to_return, cookie_string)); @@ -876,7 +876,7 @@ void URLRequestHttpJob::OnStartCompleted(int result) { request_->net_log().AddEventWithStringParams( NetLogEventType::CANCELLED, "source", "delegate"); OnCallToDelegateComplete(); - NotifyStartError(URLRequestStatus(URLRequestStatus::FAILED, error)); + NotifyStartError(error); } return; } @@ -899,15 +899,15 @@ void URLRequestHttpJob::OnStartCompleted(int result) { // info (e.g. whether there's a cached copy). if (transaction_.get()) response_info_ = transaction_->GetResponseInfo(); - NotifyStartError(URLRequestStatus(URLRequestStatus::FAILED, result)); + NotifyStartError(result); } } void URLRequestHttpJob::OnHeadersReceivedCallback(int result) { - awaiting_callback_ = false; + // The request should not have been cancelled or have already completed. + DCHECK(!is_done()); - // Check that there are no callbacks to already canceled requests. - DCHECK_NE(URLRequestStatus::CANCELED, GetStatus().status()); + awaiting_callback_ = false; SaveCookiesAndNotifyHeadersComplete(result); } diff --git a/chromium/net/url_request/url_request_http_job_unittest.cc b/chromium/net/url_request/url_request_http_job_unittest.cc index 5b175d2bdc1..f70cf685f69 100644 --- a/chromium/net/url_request/url_request_http_job_unittest.cc +++ b/chromium/net/url_request/url_request_http_job_unittest.cc @@ -44,7 +44,6 @@ #include "net/traffic_annotation/network_traffic_annotation_test_helper.h" #include "net/url_request/url_request.h" #include "net/url_request/url_request_job_factory_impl.h" -#include "net/url_request/url_request_status.h" #include "net/url_request/url_request_test_util.h" #include "net/url_request/websocket_handshake_userdata_key.h" #include "net/websockets/websocket_test_util.h" @@ -1662,7 +1661,7 @@ bool CreateAndSetCookie(CookieStore* cs, return false; DCHECK(cs); ResultSavingCookieCallback<CanonicalCookie::CookieInclusionStatus> callback; - cs->SetCanonicalCookieAsync(std::move(cookie), url.scheme(), + cs->SetCanonicalCookieAsync(std::move(cookie), url, CookieOptions::MakeAllInclusive(), callback.MakeCallback()); callback.WaitUntilDone(); diff --git a/chromium/net/url_request/url_request_job.cc b/chromium/net/url_request/url_request_job.cc index bd7141c6737..3430a8dd62f 100644 --- a/chromium/net/url_request/url_request_job.cc +++ b/chromium/net/url_request/url_request_job.cc @@ -353,7 +353,7 @@ void URLRequestJob::NotifyHeadersComplete() { // The URLRequest status should still be IO_PENDING, which it was set to // before the URLRequestJob was started. On error or cancellation, this // method should not be called. - DCHECK(request_->status().is_io_pending()); + DCHECK_EQ(ERR_IO_PENDING, request_->status()); // Initialize to the current time, and let the subclass optionally override // the time stamps if it has that information. The default request_time is @@ -377,9 +377,9 @@ void URLRequestJob::NotifyHeadersComplete() { // NotifyReceivedRedirect. This means the delegate can assume that, if it // accepts the redirect, future calls to OnResponseStarted correspond to // |redirect_info.new_url|. - int redirect_valid = CanFollowRedirect(new_location); - if (redirect_valid != OK) { - OnDone(URLRequestStatus::FromError(redirect_valid), true); + int redirect_check_result = CanFollowRedirect(new_location); + if (redirect_check_result != OK) { + OnDone(redirect_check_result, true /* notify_done */); return; } @@ -401,7 +401,7 @@ void URLRequestJob::NotifyHeadersComplete() { // Ensure that the request wasn't detached, destroyed, or canceled in // NotifyReceivedRedirect. - if (!weak_this || !request_->status().is_success()) + if (!weak_this || request_->failed()) return; if (defer_redirect) { @@ -437,18 +437,16 @@ void URLRequestJob::NotifyFinalHeadersReceived() { // While the request's status is normally updated in NotifyHeadersComplete(), // URLRequestHttpJob::CancelAuth() posts a task to invoke this method // directly, which bypasses that logic. - if (request_->status().is_io_pending()) - request_->set_status(URLRequestStatus()); + if (request_->status() == ERR_IO_PENDING) + request_->set_status(OK); has_handled_response_ = true; - if (request_->status().is_success()) { + if (request_->status() == OK) { DCHECK(!source_stream_); source_stream_ = SetUpSourceStream(); if (!source_stream_) { - OnDone(URLRequestStatus(URLRequestStatus::FAILED, - ERR_CONTENT_DECODING_INIT_FAILED), - true); + OnDone(ERR_CONTENT_DECODING_INIT_FAILED, true /* notify_done */); return; } if (source_stream_->type() == SourceStream::TYPE_NONE) { @@ -468,7 +466,7 @@ void URLRequestJob::NotifyFinalHeadersReceived() { } } - request_->NotifyResponseStarted(URLRequestStatus()); + request_->NotifyResponseStarted(OK); // |this| may be destroyed at this point. } @@ -483,7 +481,7 @@ void URLRequestJob::ConvertResultToError(int result, Error* error, int* count) { } void URLRequestJob::ReadRawDataComplete(int result) { - DCHECK(request_->status().is_io_pending()); + DCHECK_EQ(ERR_IO_PENDING, request_->status()); DCHECK_NE(ERR_IO_PENDING, result); // The headers should be complete before reads complete @@ -498,20 +496,21 @@ void URLRequestJob::ReadRawDataComplete(int result) { // |this| may be destroyed at this point. } -void URLRequestJob::NotifyStartError(const URLRequestStatus &status) { +void URLRequestJob::NotifyStartError(int net_error) { DCHECK(!has_handled_response_); - DCHECK(request_->status().is_io_pending()); + DCHECK_EQ(ERR_IO_PENDING, request_->status()); has_handled_response_ = true; // There may be relevant information in the response info even in the // error case. GetResponseInfo(&request_->response_info_); - request_->NotifyResponseStarted(status); + request_->NotifyResponseStarted(net_error); // |this| may have been deleted here. } -void URLRequestJob::OnDone(const URLRequestStatus& status, bool notify_done) { +void URLRequestJob::OnDone(int net_error, bool notify_done) { + DCHECK_NE(ERR_IO_PENDING, net_error); DCHECK(!done_) << "Job sending done notification twice"; if (done_) return; @@ -519,7 +518,7 @@ void URLRequestJob::OnDone(const URLRequestStatus& status, bool notify_done) { // Unless there was an error, we should have at least tried to handle // the response before getting here. - DCHECK(has_handled_response_ || !status.is_success()); + DCHECK(has_handled_response_ || net_error != OK); request_->set_is_pending(false); // With async IO, it's quite possible to have a few outstanding @@ -528,11 +527,12 @@ void URLRequestJob::OnDone(const URLRequestStatus& status, bool notify_done) { // an error, we do not change the status back to success. To // enforce this, only set the status if the job is so far // successful. - if (request_->status().is_success()) { - if (status.status() == URLRequestStatus::FAILED) + if (!request_->failed()) { + if (net_error != net::OK && net_error != ERR_ABORTED) { request_->net_log().AddEventWithNetErrorCode(NetLogEventType::FAILED, - status.error()); - request_->set_status(status); + net_error); + } + request_->set_status(net_error); } if (notify_done) { @@ -547,7 +547,7 @@ void URLRequestJob::OnDone(const URLRequestStatus& status, bool notify_done) { void URLRequestJob::NotifyDone() { // Check if we should notify the URLRequest that we're done because of an // error. - if (!request_->status().is_success()) { + if (request_->failed()) { // We report the error differently depending on whether we've called // OnResponseStarted yet. if (has_handled_response_) { @@ -555,15 +555,16 @@ void URLRequestJob::NotifyDone() { request_->NotifyReadCompleted(-1); } else { has_handled_response_ = true; - request_->NotifyResponseStarted(URLRequestStatus()); + // Error code doesn't actually matter here, since the status has already + // been updated. + request_->NotifyResponseStarted(request_->status()); } } } void URLRequestJob::NotifyCanceled() { - if (!done_) { - OnDone(URLRequestStatus(URLRequestStatus::CANCELED, ERR_ABORTED), true); - } + if (!done_) + OnDone(ERR_ABORTED, true /* notify_done */); } void URLRequestJob::OnCallToDelegate(NetLogEventType type) { @@ -589,10 +590,6 @@ std::unique_ptr<SourceStream> URLRequestJob::SetUpSourceStream() { return std::make_unique<URLRequestJobSourceStream>(this); } -const URLRequestStatus URLRequestJob::GetStatus() { - return request_->status(); -} - void URLRequestJob::SetProxyServer(const ProxyServer& proxy_server) { request_->proxy_server_ = proxy_server; } @@ -608,7 +605,7 @@ void URLRequestJob::SourceStreamReadComplete(bool synchronous, int result) { pending_read_buffer_ = nullptr; if (result < 0) { - OnDone(URLRequestStatus::FromError(result), !synchronous); + OnDone(result, !synchronous /* notify_done */); return; } @@ -620,7 +617,7 @@ void URLRequestJob::SourceStreamReadComplete(bool synchronous, int result) { // In the synchronous case, the caller will notify the URLRequest of // completion. In the async case, the NotifyReadCompleted call will. // TODO(mmenke): Can this be combined with the error case? - OnDone(URLRequestStatus(), false); + OnDone(OK, false /* notify_done */); } if (!synchronous) diff --git a/chromium/net/url_request/url_request_job.h b/chromium/net/url_request/url_request_job.h index 52d355baf47..caabaeab232 100644 --- a/chromium/net/url_request/url_request_job.h +++ b/chromium/net/url_request/url_request_job.h @@ -45,7 +45,6 @@ class SSLCertRequestInfo; class SSLInfo; class SSLPrivateKey; class UploadDataStream; -class URLRequestStatus; class X509Certificate; class NET_EXPORT URLRequestJob { @@ -284,7 +283,7 @@ class NET_EXPORT URLRequestJob { // Notifies the request that a start error has occurred. // NOTE: Must not be called synchronously from |Start|. - void NotifyStartError(const URLRequestStatus& status); + void NotifyStartError(int net_error); // Used as an asynchronous callback for Kill to notify the URLRequest // that we were canceled. @@ -325,9 +324,6 @@ class NET_EXPORT URLRequestJob { // Provides derived classes with access to the request's network delegate. NetworkDelegate* network_delegate() { return network_delegate_; } - // The status of the job. - const URLRequestStatus GetStatus(); - // Set the proxy server that was used, if any. void SetProxyServer(const ProxyServer& proxy_server); @@ -394,7 +390,7 @@ class NET_EXPORT URLRequestJob { // asynchronously. Otherwise, the caller will need to do this itself, // possibly through a synchronous return value. // TODO(mmenke): Remove |notify_done|, and make caller handle notification. - void OnDone(const URLRequestStatus& status, bool notify_done); + void OnDone(int net_error, bool notify_done); // Takes care of the notification initiated by OnDone() to avoid re-entering // the URLRequest::Delegate. diff --git a/chromium/net/url_request/url_request_quic_unittest.cc b/chromium/net/url_request/url_request_quic_unittest.cc index dd512dac4bc..c282944895a 100644 --- a/chromium/net/url_request/url_request_quic_unittest.cc +++ b/chromium/net/url_request/url_request_quic_unittest.cc @@ -307,12 +307,6 @@ INSTANTIATE_TEST_SUITE_P(Version, ::testing::PrintToStringParamName()); TEST_P(URLRequestQuicTest, TestGetRequest) { - if (version().handshake_protocol == quic::PROTOCOL_TLS1_3) { - // TODO(crbug.com/1032263): Make this work with TLS. - Init(); - return; - } - Init(); CheckLoadTimingDelegate delegate(false); std::unique_ptr<URLRequest> request = @@ -328,12 +322,6 @@ TEST_P(URLRequestQuicTest, TestGetRequest) { } TEST_P(URLRequestQuicTest, CancelPushIfCached_SomeCached) { - if (version().handshake_protocol == quic::PROTOCOL_TLS1_3) { - // TODO(crbug.com/1032263): Make this work with TLS. - Init(); - return; - } - if (VersionUsesHttp3(version().transport_version)) { Init(); return; @@ -429,12 +417,6 @@ TEST_P(URLRequestQuicTest, CancelPushIfCached_SomeCached) { } TEST_P(URLRequestQuicTest, CancelPushIfCached_AllCached) { - if (version().handshake_protocol == quic::PROTOCOL_TLS1_3) { - // TODO(crbug.com/1032263): Make this work with TLS. - Init(); - return; - } - if (VersionUsesHttp3(version().transport_version)) { Init(); return; @@ -540,12 +522,6 @@ TEST_P(URLRequestQuicTest, CancelPushIfCached_AllCached) { } TEST_P(URLRequestQuicTest, DoNotCancelPushIfNotFoundInCache) { - if (version().handshake_protocol == quic::PROTOCOL_TLS1_3) { - // TODO(crbug.com/1032263): Make this work with TLS. - Init(); - return; - } - if (VersionUsesHttp3(version().transport_version)) { Init(); return; @@ -571,7 +547,7 @@ TEST_P(URLRequestQuicTest, DoNotCancelPushIfNotFoundInCache) { auto entries = net_log_.GetEntriesWithType( NetLogEventType::SERVER_PUSH_LOOKUP_TRANSACTION); - EXPECT_EQ(4u, entries.size()); + ASSERT_EQ(4u, entries.size()); std::string value; std::string push_url_1 = UrlFromPath(kKittenPath); @@ -597,12 +573,6 @@ TEST_P(URLRequestQuicTest, DoNotCancelPushIfNotFoundInCache) { // Tests that if two requests use the same QUIC session, the second request // should not have |LoadTimingInfo::connect_timing|. TEST_P(URLRequestQuicTest, TestTwoRequests) { - if (version().handshake_protocol == quic::PROTOCOL_TLS1_3) { - // TODO(crbug.com/1032263): Make this work with TLS. - Init(); - return; - } - base::RunLoop run_loop; WaitForCompletionNetworkDelegate network_delegate( run_loop.QuitClosure(), /*num_expected_requests=*/2); @@ -630,12 +600,6 @@ TEST_P(URLRequestQuicTest, TestTwoRequests) { } TEST_P(URLRequestQuicTest, RequestHeadersCallback) { - if (version().handshake_protocol == quic::PROTOCOL_TLS1_3) { - // TODO(crbug.com/1032263): Make this work with TLS. - Init(); - return; - } - Init(); HttpRawRequestHeaders raw_headers; TestDelegate delegate; diff --git a/chromium/net/url_request/url_request_redirect_job.cc b/chromium/net/url_request/url_request_redirect_job.cc index 76f5582d1a4..58fefd341a2 100644 --- a/chromium/net/url_request/url_request_redirect_job.cc +++ b/chromium/net/url_request/url_request_redirect_job.cc @@ -7,9 +7,9 @@ #include <string> #include "base/bind.h" +#include "base/check.h" #include "base/compiler_specific.h" #include "base/location.h" -#include "base/logging.h" #include "base/single_thread_task_runner.h" #include "base/strings/stringprintf.h" #include "base/threading/thread_task_runner_handle.h" diff --git a/chromium/net/url_request/url_request_status.cc b/chromium/net/url_request/url_request_status.cc index 7207df2fa52..a29fbee3532 100644 --- a/chromium/net/url_request/url_request_status.cc +++ b/chromium/net/url_request/url_request_status.cc @@ -4,7 +4,8 @@ #include "net/url_request/url_request_status.h" -#include "base/logging.h" +#include "base/check_op.h" +#include "base/notreached.h" #include "net/base/net_errors.h" namespace net { diff --git a/chromium/net/url_request/url_request_test_job.cc b/chromium/net/url_request/url_request_test_job.cc index 45861e5386d..a08827f607b 100644 --- a/chromium/net/url_request/url_request_test_job.cc +++ b/chromium/net/url_request/url_request_test_job.cc @@ -223,13 +223,8 @@ void URLRequestTestJob::StartAsync() { } else { AdvanceJob(); - // unexpected url, return error - // FIXME(brettw) we may want to use WININET errors or have some more types - // of errors - NotifyStartError( - URLRequestStatus(URLRequestStatus::FAILED, ERR_INVALID_URL)); - // FIXME(brettw): this should emulate a network error, and not just fail - // initiating a connection + // Return an error on unexpected urls. + NotifyStartError(ERR_INVALID_URL); return; } } diff --git a/chromium/net/url_request/url_request_test_util.cc b/chromium/net/url_request/url_request_test_util.cc index 8b1dd674ca9..702f6a8d0de 100644 --- a/chromium/net/url_request/url_request_test_util.cc +++ b/chromium/net/url_request/url_request_test_util.cc @@ -6,9 +6,9 @@ #include <utility> +#include "base/check_op.h" #include "base/compiler_specific.h" #include "base/location.h" -#include "base/logging.h" #include "base/run_loop.h" #include "base/single_thread_task_runner.h" #include "base/supports_user_data.h" @@ -392,7 +392,6 @@ TestNetworkDelegate::TestNetworkDelegate() before_start_transaction_count_(0), headers_received_count_(0), has_load_timing_info_before_redirect_(false), - experimental_cookie_features_enabled_(false), cancel_request_with_policy_violating_referrer_(false), before_start_transaction_fails_(false), add_header_to_first_response_(false), @@ -485,8 +484,8 @@ int TestNetworkDelegate::OnHeadersReceived( new HttpResponseHeaders(original_response_headers->raw_headers()); (*override_response_headers)->ReplaceStatusLine("HTTP/1.1 302 Found"); (*override_response_headers)->RemoveHeader("Location"); - (*override_response_headers)->AddHeader( - "Location: " + redirect_on_headers_received_url_.spec()); + (*override_response_headers) + ->AddHeader("Location", redirect_on_headers_received_url_.spec()); redirect_on_headers_received_url_ = GURL(); @@ -496,7 +495,7 @@ int TestNetworkDelegate::OnHeadersReceived( *override_response_headers = new HttpResponseHeaders(original_response_headers->raw_headers()); (*override_response_headers) - ->AddHeader("X-Network-Delegate: Greetings, planet"); + ->AddHeader("X-Network-Delegate", "Greetings, planet"); } headers_received_count_++; diff --git a/chromium/net/url_request/url_request_test_util.h b/chromium/net/url_request/url_request_test_util.h index d37c8f4b4e8..064be87739f 100644 --- a/chromium/net/url_request/url_request_test_util.h +++ b/chromium/net/url_request/url_request_test_util.h @@ -307,10 +307,6 @@ class TestNetworkDelegate : public NetworkDelegateImpl { int blocked_set_cookie_count() const { return blocked_set_cookie_count_; } int set_cookie_count() const { return set_cookie_count_; } - void set_experimental_cookie_features_enabled(bool val) { - experimental_cookie_features_enabled_ = val; - } - void set_cancel_request_with_policy_violating_referrer(bool val) { cancel_request_with_policy_violating_referrer_ = val; } @@ -394,7 +390,6 @@ class TestNetworkDelegate : public NetworkDelegateImpl { LoadTimingInfo load_timing_info_before_redirect_; bool has_load_timing_info_before_redirect_; - bool experimental_cookie_features_enabled_; // false by default bool cancel_request_with_policy_violating_referrer_; // false by default bool before_start_transaction_fails_; bool add_header_to_first_response_; diff --git a/chromium/net/url_request/url_request_throttler_entry.cc b/chromium/net/url_request/url_request_throttler_entry.cc index 9f8ddc7beaf..c50ed002547 100644 --- a/chromium/net/url_request/url_request_throttler_entry.cc +++ b/chromium/net/url_request/url_request_throttler_entry.cc @@ -8,7 +8,7 @@ #include <utility> #include "base/bind.h" -#include "base/logging.h" +#include "base/check_op.h" #include "base/metrics/field_trial.h" #include "base/metrics/histogram_macros.h" #include "base/rand_util.h" diff --git a/chromium/net/url_request/url_request_throttler_manager.cc b/chromium/net/url_request/url_request_throttler_manager.cc index 9b91c881e7a..1aff5e820b0 100644 --- a/chromium/net/url_request/url_request_throttler_manager.cc +++ b/chromium/net/url_request/url_request_throttler_manager.cc @@ -4,7 +4,7 @@ #include "net/url_request/url_request_throttler_manager.h" -#include "base/logging.h" +#include "base/check_op.h" #include "base/strings/string_util.h" #include "net/base/url_util.h" #include "net/log/net_log.h" diff --git a/chromium/net/url_request/url_request_unittest.cc b/chromium/net/url_request/url_request_unittest.cc index ff7575f6720..c9d24bfe0a3 100644 --- a/chromium/net/url_request/url_request_unittest.cc +++ b/chromium/net/url_request/url_request_unittest.cc @@ -83,7 +83,6 @@ #include "net/cert/test_root_certs.h" #include "net/cert/x509_util.h" #include "net/cert_net/cert_net_fetcher_url_request.h" -#include "net/cert_net/nss_ocsp_session_url_request.h" #include "net/cookies/canonical_cookie_test_helpers.h" #include "net/cookies/cookie_monster.h" #include "net/cookies/cookie_store_test_helpers.h" @@ -160,10 +159,6 @@ #include "net/network_error_logging/network_error_logging_test_util.h" #endif // BUILDFLAG(ENABLE_REPORTING) -#if defined(USE_NSS_CERTS) -#include "net/cert_net/nss_ocsp.h" -#endif - using net::test::IsError; using net::test::IsOk; using testing::AnyOf; @@ -1643,13 +1638,13 @@ TEST_F(URLRequestTest, DelayedCookieCallbackAsync) { auto cookie1 = CanonicalCookie::Create(url, "AlreadySetCookie=1;Secure", base::Time::Now(), base::nullopt /* server_time */); - delayed_cm->SetCanonicalCookieAsync(std::move(cookie1), url.scheme(), + delayed_cm->SetCanonicalCookieAsync(std::move(cookie1), url, net::CookieOptions::MakeAllInclusive(), CookieStore::SetCookiesCallback()); auto cookie2 = CanonicalCookie::Create(url, "AlreadySetCookie=1;Secure", base::Time::Now(), base::nullopt /* server_time */); - cm->SetCanonicalCookieAsync(std::move(cookie2), url.scheme(), + cm->SetCanonicalCookieAsync(std::move(cookie2), url, net::CookieOptions::MakeAllInclusive(), CookieStore::SetCookiesCallback()); @@ -2688,8 +2683,7 @@ int FixedDateNetworkDelegate::OnHeadersReceived( HttpResponseHeaders* new_response_headers = new HttpResponseHeaders(original_response_headers->raw_headers()); - new_response_headers->RemoveHeader("Date"); - new_response_headers->AddHeader("Date: " + fixed_date_); + new_response_headers->SetHeader("Date", fixed_date_); *override_response_headers = new_response_headers; return TestNetworkDelegate::OnHeadersReceived( @@ -6952,7 +6946,7 @@ TEST_F(URLRequestTest, NoCookieInclusionStatusWarningIfWouldBeExcludedAnyway) { base::RunLoop run_loop; CanonicalCookie::CookieInclusionStatus status; cm.SetCanonicalCookieAsync( - std::move(cookie1), url.scheme(), CookieOptions::MakeAllInclusive(), + std::move(cookie1), url, CookieOptions::MakeAllInclusive(), base::BindLambdaForTesting( [&](CanonicalCookie::CookieInclusionStatus result) { status = result; @@ -6996,7 +6990,7 @@ TEST_F(URLRequestTest, NoCookieInclusionStatusWarningIfWouldBeExcludedAnyway) { // Note: cookie1 from the previous testcase is still in the cookie store. CanonicalCookie::CookieInclusionStatus status; cm.SetCanonicalCookieAsync( - std::move(cookie2), url.scheme(), CookieOptions::MakeAllInclusive(), + std::move(cookie2), url, CookieOptions::MakeAllInclusive(), base::BindLambdaForTesting( [&](CanonicalCookie::CookieInclusionStatus result) { status = result; @@ -7140,7 +7134,7 @@ TEST_F(URLRequestTestHTTP, AuthChallengeWithFilteredCookies) { url_requiring_auth_wo_cookies, "another_cookie=true", base::Time::Now(), base::nullopt /* server_time */); cm->SetCanonicalCookieAsync(std::move(another_cookie), - url_requiring_auth_wo_cookies.scheme(), + url_requiring_auth_wo_cookies, net::CookieOptions::MakeAllInclusive(), CookieStore::SetCookiesCallback()); context.set_cookie_store(cm.get()); @@ -7172,7 +7166,7 @@ TEST_F(URLRequestTestHTTP, AuthChallengeWithFilteredCookies) { url_requiring_auth_wo_cookies, "one_more_cookie=true", base::Time::Now(), base::nullopt /* server_time */); cm->SetCanonicalCookieAsync(std::move(one_more_cookie), - url_requiring_auth_wo_cookies.scheme(), + url_requiring_auth_wo_cookies, net::CookieOptions::MakeAllInclusive(), CookieStore::SetCookiesCallback()); @@ -7550,8 +7544,7 @@ TEST_F(URLRequestTestHTTP, RedirectWithFilteredCookies) { auto another_cookie = CanonicalCookie::Create( original_url, "another_cookie=true", base::Time::Now(), base::nullopt /* server_time */); - cm->SetCanonicalCookieAsync(std::move(another_cookie), - original_url.scheme(), + cm->SetCanonicalCookieAsync(std::move(another_cookie), original_url, net::CookieOptions::MakeAllInclusive(), CookieStore::SetCookiesCallback()); context.set_cookie_store(cm.get()); @@ -7581,7 +7574,7 @@ TEST_F(URLRequestTestHTTP, RedirectWithFilteredCookies) { original_url_wo_cookie, "one_more_cookie=true", base::Time::Now(), base::nullopt /* server_time */); cm->SetCanonicalCookieAsync(std::move(one_more_cookie), - original_url_wo_cookie.scheme(), + original_url_wo_cookie, net::CookieOptions::MakeAllInclusive(), CookieStore::SetCookiesCallback()); @@ -9544,66 +9537,9 @@ TEST_F(HTTPSSessionTest, DontResumeSessionsForInvalidCertificates) { } } -class HTTPSCertNetFetchingTest : public HTTPSRequestTest { - public: - HTTPSCertNetFetchingTest() : context_(true) {} - - void SetUp() override { - cert_net_fetcher_ = base::MakeRefCounted<CertNetFetcherURLRequest>(); - cert_verifier_ = CertVerifier::CreateDefault(cert_net_fetcher_); - context_.set_cert_verifier(cert_verifier_.get()); - context_.SetCTPolicyEnforcer(std::make_unique<DefaultCTPolicyEnforcer>()); - context_.Init(); - - cert_net_fetcher_->SetURLRequestContext(&context_); - context_.cert_verifier()->SetConfig(GetCertVerifierConfig()); -#if defined(USE_NSS_CERTS) - SetURLRequestContextForNSSHttpIO(&context_); -#endif - } - - void TearDown() override { - cert_net_fetcher_->Shutdown(); -#if defined(USE_NSS_CERTS) - SetURLRequestContextForNSSHttpIO(nullptr); -#endif - } - - protected: - // GetCertVerifierConfig() configures the URLRequestContext that will be used - // for making connections to the testserver. This can be overridden in test - // subclasses for different behaviour. - virtual CertVerifier::Config GetCertVerifierConfig() { - CertVerifier::Config config; - return config; - } - - scoped_refptr<CertNetFetcherURLRequest> cert_net_fetcher_; - std::unique_ptr<CertVerifier> cert_verifier_; - TestURLRequestContext context_; -}; - -// This the fingerprint of the "Testing CA" certificate used by the testserver. -// See net/data/ssl/certificates/ocsp-test-root.pem. -static const SHA256HashValue kOCSPTestCertFingerprint = {{ - 0x0c, 0xa9, 0x05, 0x11, 0xb0, 0xa2, 0xc0, 0x1d, 0x40, 0x6a, 0x99, - 0x04, 0x21, 0x36, 0x45, 0x3f, 0x59, 0x12, 0x5c, 0x80, 0x64, 0x2d, - 0x46, 0x6a, 0x3b, 0x78, 0x9e, 0x84, 0xea, 0x54, 0x0f, 0x8b, -}}; - -// This is the SHA256, SPKI hash of the "Testing CA" certificate used by the -// testserver. -static const SHA256HashValue kOCSPTestCertSPKI = {{ - 0x05, 0xa8, 0xf6, 0xfd, 0x8e, 0x10, 0xfe, 0x92, 0x2f, 0x22, 0x75, - 0x46, 0x40, 0xf4, 0xc4, 0x57, 0x06, 0x0d, 0x95, 0xfd, 0x60, 0x31, - 0x3b, 0xf3, 0xfc, 0x12, 0x47, 0xe7, 0x66, 0x1a, 0x82, 0xa3, -}}; - -// This is the policy OID contained in the certificates that testserver -// generates. -static const char kOCSPTestCertPolicy[] = "1.3.6.1.4.1.11129.2.4.1"; - -// Interceptor to check that secure DNS has been disabled. +// Interceptor to check that secure DNS has been disabled. Secure DNS should be +// disabled for any network fetch triggered during certificate verification as +// it could cause a deadlock. class SecureDnsInterceptor : public net::URLRequestInterceptor { public: SecureDnsInterceptor() = default; @@ -9619,15 +9555,9 @@ class SecureDnsInterceptor : public net::URLRequestInterceptor { } }; -class HTTPSOCSPTest : public HTTPSRequestTest { +class HTTPSCertNetFetchingTest : public HTTPSRequestTest { public: - HTTPSOCSPTest() - : context_(true), - ev_test_policy_( - new ScopedTestEVPolicy(EVRootCAMetadata::GetInstance(), - kOCSPTestCertFingerprint, - kOCSPTestCertPolicy)) { - } + HTTPSCertNetFetchingTest() : context_(true) {} void SetUp() override { cert_net_fetcher_ = base::MakeRefCounted<CertNetFetcherURLRequest>(); @@ -9636,36 +9566,28 @@ class HTTPSOCSPTest : public HTTPSRequestTest { context_.SetCTPolicyEnforcer(std::make_unique<DefaultCTPolicyEnforcer>()); context_.Init(); - cert_net_fetcher_->SetURLRequestContext(&context_); - context_.cert_verifier()->SetConfig(GetCertVerifierConfig()); - net::URLRequestFilter::GetInstance()->AddHostnameInterceptor( "http", "127.0.0.1", std::make_unique<SecureDnsInterceptor>()); - scoped_refptr<X509Certificate> root_cert = - ImportCertFromFile(GetTestCertsDirectory(), "ocsp-test-root.pem"); - ASSERT_TRUE(root_cert); - test_root_.reset(new ScopedTestRoot(root_cert.get())); - -#if defined(USE_NSS_CERTS) - SetURLRequestContextForNSSHttpIO(&context_); -#endif + cert_net_fetcher_->SetURLRequestContext(&context_); + context_.cert_verifier()->SetConfig(GetCertVerifierConfig()); } void TearDown() override { + cert_net_fetcher_->Shutdown(); net::URLRequestFilter::GetInstance()->ClearHandlers(); } void DoConnectionWithDelegate( - const SpawnedTestServer::SSLOptions& ssl_options, + const EmbeddedTestServer::ServerCertificateConfig& cert_config, TestDelegate* delegate, SSLInfo* out_ssl_info) { // Always overwrite |out_ssl_info|. out_ssl_info->Reset(); - SpawnedTestServer test_server( - SpawnedTestServer::TYPE_HTTPS, - ssl_options, + EmbeddedTestServer test_server(EmbeddedTestServer::TYPE_HTTPS); + test_server.SetSSLConfig(cert_config); + test_server.AddDefaultHandlers( base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); ASSERT_TRUE(test_server.Start()); @@ -9681,46 +9603,77 @@ class HTTPSOCSPTest : public HTTPSRequestTest { *out_ssl_info = r->ssl_info(); } - void DoConnection(const SpawnedTestServer::SSLOptions& ssl_options, - CertStatus* out_cert_status) { + void DoConnection( + const EmbeddedTestServer::ServerCertificateConfig& cert_config, + CertStatus* out_cert_status) { // Always overwrite |out_cert_status|. *out_cert_status = 0; TestDelegate d; SSLInfo ssl_info; ASSERT_NO_FATAL_FAILURE( - DoConnectionWithDelegate(ssl_options, &d, &ssl_info)); + DoConnectionWithDelegate(cert_config, &d, &ssl_info)); *out_cert_status = ssl_info.cert_status; } - ~HTTPSOCSPTest() override { - cert_net_fetcher_->Shutdown(); -#if defined(USE_NSS_CERTS) - SetURLRequestContextForNSSHttpIO(nullptr); -#endif - } - protected: // GetCertVerifierConfig() configures the URLRequestContext that will be used // for making connections to the testserver. This can be overridden in test // subclasses for different behaviour. virtual CertVerifier::Config GetCertVerifierConfig() { CertVerifier::Config config; - config.enable_rev_checking = true; return config; } - std::unique_ptr<ScopedTestRoot> test_root_; - std::unique_ptr<TestSSLConfigService> ssl_config_service_; scoped_refptr<CertNetFetcherURLRequest> cert_net_fetcher_; std::unique_ptr<CertVerifier> cert_verifier_; TestURLRequestContext context_; +}; + +// SHA256 hash of the testserver root_ca_cert DER. +// openssl x509 -in root_ca_cert.pem -outform der | \ +// openssl dgst -sha256 -binary | xxd -i +static const SHA256HashValue kTestRootCertHash = { + {0xb2, 0xab, 0xa3, 0xa5, 0xd4, 0x11, 0x56, 0xcb, 0xb9, 0x23, 0x35, + 0x07, 0x6d, 0x0b, 0x51, 0xbe, 0xd3, 0xee, 0x2e, 0xab, 0xe7, 0xab, + 0x6b, 0xad, 0xcc, 0x2a, 0xfa, 0x35, 0xfb, 0x8e, 0x31, 0x5e}}; + +// SHA256 hash of the DER SPKI of the testserver root_ca_cert. +// openssl x509 -in root_ca_cert.pem -pubkey -noout | \ +// openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | xxd -i +static const SHA256HashValue kTestRootCertSPKIHash = { + {0x57, 0x2a, 0x4f, 0xdd, 0x55, 0x8b, 0xec, 0xe6, 0xaa, 0x4c, 0x9e, + 0xe6, 0x20, 0x17, 0xa1, 0x59, 0x89, 0x6f, 0xf2, 0x48, 0x4f, 0xb8, + 0x51, 0xe9, 0x5a, 0x27, 0x9a, 0xad, 0x92, 0x36, 0x62, 0x32}}; + +// The test EV policy OID used for generated certs. +static const char kOCSPTestCertPolicy[] = "1.3.6.1.4.1.11129.2.4.1"; + +class HTTPSOCSPTest : public HTTPSCertNetFetchingTest { + public: + void SetUp() override { + HTTPSCertNetFetchingTest::SetUp(); + + ev_test_policy_ = std::make_unique<ScopedTestEVPolicy>( + EVRootCAMetadata::GetInstance(), kTestRootCertHash, + kOCSPTestCertPolicy); + } + + void TearDown() override { HTTPSCertNetFetchingTest::TearDown(); } + + CertVerifier::Config GetCertVerifierConfig() override { + CertVerifier::Config config; + config.enable_rev_checking = true; + return config; + } + + private: std::unique_ptr<ScopedTestEVPolicy> ev_test_policy_; }; static bool UsingBuiltinCertVerifier() { -#if defined(OS_FUCHSIA) +#if defined(OS_FUCHSIA) || defined(OS_LINUX) || defined(OS_CHROMEOS) return true; #elif BUILDFLAG(BUILTIN_CERT_VERIFIER_FEATURE_SUPPORTED) if (base::FeatureList::IsEnabled(features::kCertVerifierBuiltinFeature)) @@ -9739,7 +9692,7 @@ static bool UsingBuiltinCertVerifier() { static bool SystemSupportsHardFailRevocationChecking() { if (UsingBuiltinCertVerifier()) return true; -#if defined(OS_WIN) || defined(USE_NSS_CERTS) +#if defined(OS_WIN) return true; #else return false; @@ -9801,12 +9754,14 @@ TEST_F(HTTPSOCSPTest, Valid) { return; } - SpawnedTestServer::SSLOptions ssl_options( - SpawnedTestServer::SSLOptions::CERT_AUTO); - ssl_options.ocsp_status = SpawnedTestServer::SSLOptions::OCSP_OK; + EmbeddedTestServer::ServerCertificateConfig cert_config; + cert_config.policy_oids = {kOCSPTestCertPolicy}; + cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::GOOD, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}}); CertStatus cert_status; - DoConnection(ssl_options, &cert_status); + DoConnection(cert_config, &cert_status); EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS); @@ -9822,12 +9777,14 @@ TEST_F(HTTPSOCSPTest, Revoked) { return; } - SpawnedTestServer::SSLOptions ssl_options( - SpawnedTestServer::SSLOptions::CERT_AUTO); - ssl_options.ocsp_status = SpawnedTestServer::SSLOptions::OCSP_REVOKED; + EmbeddedTestServer::ServerCertificateConfig cert_config; + cert_config.policy_oids = {kOCSPTestCertPolicy}; + cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::REVOKED, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}}); CertStatus cert_status; - DoConnection(ssl_options, &cert_status); + DoConnection(cert_config, &cert_status); EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS); EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); @@ -9840,13 +9797,13 @@ TEST_F(HTTPSOCSPTest, Invalid) { return; } - SpawnedTestServer::SSLOptions ssl_options( - SpawnedTestServer::SSLOptions::CERT_AUTO); - ssl_options.ocsp_status = - SpawnedTestServer::SSLOptions::OCSP_INVALID_RESPONSE; + EmbeddedTestServer::ServerCertificateConfig cert_config; + cert_config.policy_oids = {kOCSPTestCertPolicy}; + cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig( + EmbeddedTestServer::OCSPConfig::ResponseType::kInvalidResponse); CertStatus cert_status; - DoConnection(ssl_options, &cert_status); + DoConnection(cert_config, &cert_status); // Without a positive OCSP response, we shouldn't show the EV status, but also // should not show any revocation checking errors. @@ -9861,13 +9818,18 @@ TEST_F(HTTPSOCSPTest, IntermediateValid) { return; } - SpawnedTestServer::SSLOptions ssl_options( - SpawnedTestServer::SSLOptions::CERT_AUTO_WITH_INTERMEDIATE); - ssl_options.ocsp_status = SpawnedTestServer::SSLOptions::OCSP_OK; - ssl_options.ocsp_intermediate_status = SpawnedTestServer::SSLOptions::OCSP_OK; + EmbeddedTestServer::ServerCertificateConfig cert_config; + cert_config.policy_oids = {kOCSPTestCertPolicy}; + cert_config.intermediate = EmbeddedTestServer::IntermediateType::kInHandshake; + cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::GOOD, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}}); + cert_config.intermediate_ocsp_config = EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::GOOD, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}}); CertStatus cert_status; - DoConnection(ssl_options, &cert_status); + DoConnection(cert_config, &cert_status); EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS); @@ -9883,17 +9845,20 @@ TEST_F(HTTPSOCSPTest, IntermediateResponseOldButStillValid) { return; } - SpawnedTestServer::SSLOptions ssl_options( - SpawnedTestServer::SSLOptions::CERT_AUTO_WITH_INTERMEDIATE); - ssl_options.ocsp_status = SpawnedTestServer::SSLOptions::OCSP_OK; - ssl_options.ocsp_intermediate_status = SpawnedTestServer::SSLOptions::OCSP_OK; + EmbeddedTestServer::ServerCertificateConfig cert_config; + cert_config.policy_oids = {kOCSPTestCertPolicy}; + cert_config.intermediate = EmbeddedTestServer::IntermediateType::kInHandshake; + cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::GOOD, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}}); // Use an OCSP response for the intermediate that would be too old for a leaf // cert, but is still valid for an intermediate. - ssl_options.ocsp_intermediate_date = - SpawnedTestServer::SSLOptions::OCSP_DATE_LONG; + cert_config.intermediate_ocsp_config = EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::GOOD, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kLong}}); CertStatus cert_status; - DoConnection(ssl_options, &cert_status); + DoConnection(cert_config, &cert_status); EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS); @@ -9909,15 +9874,18 @@ TEST_F(HTTPSOCSPTest, IntermediateResponseTooOld) { return; } - SpawnedTestServer::SSLOptions ssl_options( - SpawnedTestServer::SSLOptions::CERT_AUTO_WITH_INTERMEDIATE); - ssl_options.ocsp_status = SpawnedTestServer::SSLOptions::OCSP_OK; - ssl_options.ocsp_intermediate_status = SpawnedTestServer::SSLOptions::OCSP_OK; - ssl_options.ocsp_intermediate_date = - SpawnedTestServer::SSLOptions::OCSP_DATE_LONGER; + EmbeddedTestServer::ServerCertificateConfig cert_config; + cert_config.policy_oids = {kOCSPTestCertPolicy}; + cert_config.intermediate = EmbeddedTestServer::IntermediateType::kInHandshake; + cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::GOOD, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}}); + cert_config.intermediate_ocsp_config = EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::GOOD, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kLonger}}); CertStatus cert_status; - DoConnection(ssl_options, &cert_status); + DoConnection(cert_config, &cert_status); if (UsingBuiltinCertVerifier()) { // The builtin verifier enforces the baseline requirements for max age of an @@ -9939,14 +9907,18 @@ TEST_F(HTTPSOCSPTest, IntermediateRevoked) { return; } - SpawnedTestServer::SSLOptions ssl_options( - SpawnedTestServer::SSLOptions::CERT_AUTO_WITH_INTERMEDIATE); - ssl_options.ocsp_status = SpawnedTestServer::SSLOptions::OCSP_OK; - ssl_options.ocsp_intermediate_status = - SpawnedTestServer::SSLOptions::OCSP_REVOKED; + EmbeddedTestServer::ServerCertificateConfig cert_config; + cert_config.policy_oids = {kOCSPTestCertPolicy}; + cert_config.intermediate = EmbeddedTestServer::IntermediateType::kInHandshake; + cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::GOOD, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}}); + cert_config.intermediate_ocsp_config = EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::REVOKED, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}}); CertStatus cert_status; - DoConnection(ssl_options, &cert_status); + DoConnection(cert_config, &cert_status); #if defined(OS_WIN) // TODO(mattm): Seems to be flaky on Windows. Either returns @@ -9968,14 +9940,19 @@ TEST_F(HTTPSOCSPTest, ValidStapled) { return; } - SpawnedTestServer::SSLOptions ssl_options( - SpawnedTestServer::SSLOptions::CERT_AUTO); - ssl_options.ocsp_status = SpawnedTestServer::SSLOptions::OCSP_OK; - ssl_options.staple_ocsp_response = true; - ssl_options.ocsp_server_unavailable = true; + EmbeddedTestServer::ServerCertificateConfig cert_config; + cert_config.policy_oids = {kOCSPTestCertPolicy}; + + // AIA OCSP url is included, but does not return a successful ocsp response. + cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig( + EmbeddedTestServer::OCSPConfig::ResponseType::kTryLater); + + cert_config.stapled_ocsp_config = EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::GOOD, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}}); CertStatus cert_status; - DoConnection(ssl_options, &cert_status); + DoConnection(cert_config, &cert_status); EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS); @@ -9992,275 +9969,279 @@ TEST_F(HTTPSOCSPTest, RevokedStapled) { return; } - SpawnedTestServer::SSLOptions ssl_options( - SpawnedTestServer::SSLOptions::CERT_AUTO); - ssl_options.ocsp_status = SpawnedTestServer::SSLOptions::OCSP_REVOKED; - ssl_options.staple_ocsp_response = true; - ssl_options.ocsp_server_unavailable = true; + EmbeddedTestServer::ServerCertificateConfig cert_config; + cert_config.policy_oids = {kOCSPTestCertPolicy}; + + // AIA OCSP url is included, but does not return a successful ocsp response. + cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig( + EmbeddedTestServer::OCSPConfig::ResponseType::kTryLater); + + cert_config.stapled_ocsp_config = EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::REVOKED, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}}); CertStatus cert_status; - DoConnection(ssl_options, &cert_status); + DoConnection(cert_config, &cert_status); EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS); EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED); } +TEST_F(HTTPSOCSPTest, OldStapledAndInvalidAIA) { + if (!SystemSupportsOCSPStapling()) { + LOG(WARNING) + << "Skipping test because system doesn't support OCSP stapling"; + return; + } + + EmbeddedTestServer::ServerCertificateConfig cert_config; + cert_config.policy_oids = {kOCSPTestCertPolicy}; + + // Stapled response indicates good, but is too old. + cert_config.stapled_ocsp_config = EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::GOOD, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kOld}}); + + // AIA OCSP url is included, but does not return a successful ocsp response. + cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig( + EmbeddedTestServer::OCSPConfig::ResponseType::kTryLater); + + CertStatus cert_status; + DoConnection(cert_config, &cert_status); + + EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS); + EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); + EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED); +} + +TEST_F(HTTPSOCSPTest, OldStapledButValidAIA) { + if (!SystemSupportsOCSPStapling()) { + LOG(WARNING) + << "Skipping test because system doesn't support OCSP stapling"; + return; + } + + EmbeddedTestServer::ServerCertificateConfig cert_config; + cert_config.policy_oids = {kOCSPTestCertPolicy}; + + // Stapled response indicates good, but response is too old. + cert_config.stapled_ocsp_config = EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::GOOD, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kOld}}); + + // AIA OCSP url is included, and returns a successful ocsp response. + cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::GOOD, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}}); + + CertStatus cert_status; + DoConnection(cert_config, &cert_status); + + EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS); + EXPECT_EQ(SystemUsesChromiumEVMetadata(), + static_cast<bool>(cert_status & CERT_STATUS_IS_EV)); + EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED); +} + static const struct OCSPVerifyTestData { - std::vector<SpawnedTestServer::SSLOptions::OCSPSingleResponse> ocsp_responses; - SpawnedTestServer::SSLOptions::OCSPProduced ocsp_produced; - OCSPVerifyResult::ResponseStatus response_status; - bool has_revocation_status; - OCSPRevocationStatus cert_status; + EmbeddedTestServer::OCSPConfig ocsp_config; + OCSPVerifyResult::ResponseStatus expected_response_status; + // |expected_cert_status| is only used if |expected_response_status| is + // PROVIDED. + OCSPRevocationStatus expected_cert_status; } kOCSPVerifyData[] = { // 0 - {{{SpawnedTestServer::SSLOptions::OCSP_OK, - SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}}, - SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID, - OCSPVerifyResult::PROVIDED, - true, - OCSPRevocationStatus::GOOD}, + {EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::GOOD, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}}, + EmbeddedTestServer::OCSPConfig::Produced::kValid), + OCSPVerifyResult::PROVIDED, OCSPRevocationStatus::GOOD}, // 1 - {{{SpawnedTestServer::SSLOptions::OCSP_OK, - SpawnedTestServer::SSLOptions::OCSP_DATE_OLD}}, - SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID, - OCSPVerifyResult::INVALID_DATE, - false, - OCSPRevocationStatus::UNKNOWN}, + {EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::GOOD, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kOld}}, + EmbeddedTestServer::OCSPConfig::Produced::kValid), + OCSPVerifyResult::INVALID_DATE, OCSPRevocationStatus::UNKNOWN}, // 2 - {{{SpawnedTestServer::SSLOptions::OCSP_OK, - SpawnedTestServer::SSLOptions::OCSP_DATE_EARLY}}, - SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID, - OCSPVerifyResult::INVALID_DATE, - false, - OCSPRevocationStatus::UNKNOWN}, + {EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::GOOD, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kEarly}}, + EmbeddedTestServer::OCSPConfig::Produced::kValid), + OCSPVerifyResult::INVALID_DATE, OCSPRevocationStatus::UNKNOWN}, // 3 - {{{SpawnedTestServer::SSLOptions::OCSP_OK, - SpawnedTestServer::SSLOptions::OCSP_DATE_LONG}}, - SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID, - OCSPVerifyResult::INVALID_DATE, - false, - OCSPRevocationStatus::UNKNOWN}, + {EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::GOOD, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kLong}}, + EmbeddedTestServer::OCSPConfig::Produced::kValid), + OCSPVerifyResult::INVALID_DATE, OCSPRevocationStatus::UNKNOWN}, // 4 - {{{SpawnedTestServer::SSLOptions::OCSP_OK, - SpawnedTestServer::SSLOptions::OCSP_DATE_LONG}}, - SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID, - OCSPVerifyResult::INVALID_DATE, - false, - OCSPRevocationStatus::UNKNOWN}, + {EmbeddedTestServer::OCSPConfig( + EmbeddedTestServer::OCSPConfig::ResponseType::kTryLater), + OCSPVerifyResult::ERROR_RESPONSE, OCSPRevocationStatus::UNKNOWN}, // 5 - {{{SpawnedTestServer::SSLOptions::OCSP_TRY_LATER, - SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}}, - SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID, - OCSPVerifyResult::ERROR_RESPONSE, - false, - OCSPRevocationStatus::UNKNOWN}, + {EmbeddedTestServer::OCSPConfig( + EmbeddedTestServer::OCSPConfig::ResponseType::kInvalidResponse), + OCSPVerifyResult::PARSE_RESPONSE_ERROR, OCSPRevocationStatus::UNKNOWN}, // 6 - {{{SpawnedTestServer::SSLOptions::OCSP_INVALID_RESPONSE, - SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}}, - SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID, - OCSPVerifyResult::PARSE_RESPONSE_ERROR, - false, + {EmbeddedTestServer::OCSPConfig( + EmbeddedTestServer::OCSPConfig::ResponseType::kInvalidResponseData), + OCSPVerifyResult::PARSE_RESPONSE_DATA_ERROR, OCSPRevocationStatus::UNKNOWN}, // 7 - {{{SpawnedTestServer::SSLOptions::OCSP_INVALID_RESPONSE_DATA, - SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}}, - SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID, - OCSPVerifyResult::PARSE_RESPONSE_DATA_ERROR, - false, - OCSPRevocationStatus::UNKNOWN}, + {EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::REVOKED, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kEarly}}, + EmbeddedTestServer::OCSPConfig::Produced::kValid), + OCSPVerifyResult::INVALID_DATE, OCSPRevocationStatus::UNKNOWN}, // 8 - {{{SpawnedTestServer::SSLOptions::OCSP_REVOKED, - SpawnedTestServer::SSLOptions::OCSP_DATE_EARLY}}, - SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID, - OCSPVerifyResult::INVALID_DATE, - false, - OCSPRevocationStatus::UNKNOWN}, + {EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::UNKNOWN, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}}, + EmbeddedTestServer::OCSPConfig::Produced::kValid), + OCSPVerifyResult::PROVIDED, OCSPRevocationStatus::UNKNOWN}, // 9 - {{{SpawnedTestServer::SSLOptions::OCSP_UNKNOWN, - SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}}, - SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID, - OCSPVerifyResult::PROVIDED, - true, - OCSPRevocationStatus::UNKNOWN}, + {EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::UNKNOWN, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kOld}}, + EmbeddedTestServer::OCSPConfig::Produced::kValid), + OCSPVerifyResult::INVALID_DATE, OCSPRevocationStatus::UNKNOWN}, // 10 - {{{SpawnedTestServer::SSLOptions::OCSP_UNKNOWN, - SpawnedTestServer::SSLOptions::OCSP_DATE_OLD}}, - SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID, - OCSPVerifyResult::INVALID_DATE, - false, - OCSPRevocationStatus::UNKNOWN}, + {EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::UNKNOWN, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kEarly}}, + EmbeddedTestServer::OCSPConfig::Produced::kValid), + OCSPVerifyResult::INVALID_DATE, OCSPRevocationStatus::UNKNOWN}, // 11 - {{{SpawnedTestServer::SSLOptions::OCSP_UNKNOWN, - SpawnedTestServer::SSLOptions::OCSP_DATE_EARLY}}, - SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID, - OCSPVerifyResult::INVALID_DATE, - false, - OCSPRevocationStatus::UNKNOWN}, + {EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::GOOD, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}}, + EmbeddedTestServer::OCSPConfig::Produced::kBeforeCert), + OCSPVerifyResult::BAD_PRODUCED_AT, OCSPRevocationStatus::UNKNOWN}, // 12 - {{{SpawnedTestServer::SSLOptions::OCSP_OK, - SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}}, - SpawnedTestServer::SSLOptions::OCSP_PRODUCED_BEFORE_CERT, - OCSPVerifyResult::BAD_PRODUCED_AT, - false, - OCSPRevocationStatus::UNKNOWN}, + {EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::GOOD, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}}, + EmbeddedTestServer::OCSPConfig::Produced::kAfterCert), + OCSPVerifyResult::BAD_PRODUCED_AT, OCSPRevocationStatus::UNKNOWN}, // 13 - {{{SpawnedTestServer::SSLOptions::OCSP_OK, - SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}}, - SpawnedTestServer::SSLOptions::OCSP_PRODUCED_AFTER_CERT, - OCSPVerifyResult::BAD_PRODUCED_AT, - false, - OCSPRevocationStatus::UNKNOWN}, + {EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::GOOD, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kOld}, + {OCSPRevocationStatus::GOOD, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}}, + EmbeddedTestServer::OCSPConfig::Produced::kValid), + OCSPVerifyResult::PROVIDED, OCSPRevocationStatus::GOOD}, // 14 - {{{SpawnedTestServer::SSLOptions::OCSP_OK, - SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}}, - SpawnedTestServer::SSLOptions::OCSP_PRODUCED_AFTER_CERT, - OCSPVerifyResult::BAD_PRODUCED_AT, - false, - OCSPRevocationStatus::UNKNOWN}, + {EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::GOOD, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kEarly}, + {OCSPRevocationStatus::GOOD, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}}, + EmbeddedTestServer::OCSPConfig::Produced::kValid), + OCSPVerifyResult::PROVIDED, OCSPRevocationStatus::GOOD}, // 15 - {{{SpawnedTestServer::SSLOptions::OCSP_OK, - SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}}, - SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID, - OCSPVerifyResult::PROVIDED, - true, - OCSPRevocationStatus::GOOD}, + {EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::GOOD, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kLong}, + {OCSPRevocationStatus::GOOD, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}}, + EmbeddedTestServer::OCSPConfig::Produced::kValid), + OCSPVerifyResult::PROVIDED, OCSPRevocationStatus::GOOD}, // 16 - {{{SpawnedTestServer::SSLOptions::OCSP_OK, - SpawnedTestServer::SSLOptions::OCSP_DATE_OLD}, - {SpawnedTestServer::SSLOptions::OCSP_OK, - SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}}, - SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID, - OCSPVerifyResult::PROVIDED, - true, - OCSPRevocationStatus::GOOD}, + {EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::GOOD, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kEarly}, + {OCSPRevocationStatus::GOOD, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kOld}, + {OCSPRevocationStatus::GOOD, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kLong}}, + EmbeddedTestServer::OCSPConfig::Produced::kValid), + OCSPVerifyResult::INVALID_DATE, OCSPRevocationStatus::UNKNOWN}, // 17 - {{{SpawnedTestServer::SSLOptions::OCSP_OK, - SpawnedTestServer::SSLOptions::OCSP_DATE_EARLY}, - {SpawnedTestServer::SSLOptions::OCSP_OK, - SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}}, - SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID, - OCSPVerifyResult::PROVIDED, - true, - OCSPRevocationStatus::GOOD}, + {EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::UNKNOWN, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}, + {OCSPRevocationStatus::REVOKED, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}, + {OCSPRevocationStatus::GOOD, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}}, + EmbeddedTestServer::OCSPConfig::Produced::kValid), + OCSPVerifyResult::PROVIDED, OCSPRevocationStatus::REVOKED}, // 18 - {{{SpawnedTestServer::SSLOptions::OCSP_OK, - SpawnedTestServer::SSLOptions::OCSP_DATE_LONG}, - {SpawnedTestServer::SSLOptions::OCSP_OK, - SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}}, - SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID, - OCSPVerifyResult::PROVIDED, - true, - OCSPRevocationStatus::GOOD}, + {EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::UNKNOWN, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}, + {OCSPRevocationStatus::GOOD, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}}, + EmbeddedTestServer::OCSPConfig::Produced::kValid), + OCSPVerifyResult::PROVIDED, OCSPRevocationStatus::UNKNOWN}, // 19 - {{{SpawnedTestServer::SSLOptions::OCSP_OK, - SpawnedTestServer::SSLOptions::OCSP_DATE_EARLY}, - {SpawnedTestServer::SSLOptions::OCSP_OK, - SpawnedTestServer::SSLOptions::OCSP_DATE_OLD}, - {SpawnedTestServer::SSLOptions::OCSP_OK, - SpawnedTestServer::SSLOptions::OCSP_DATE_LONG}}, - SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID, - OCSPVerifyResult::INVALID_DATE, - false, - OCSPRevocationStatus::UNKNOWN}, + {EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::UNKNOWN, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}, + {OCSPRevocationStatus::REVOKED, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kLong}, + {OCSPRevocationStatus::GOOD, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}}, + EmbeddedTestServer::OCSPConfig::Produced::kValid), + OCSPVerifyResult::PROVIDED, OCSPRevocationStatus::UNKNOWN}, // 20 - {{{SpawnedTestServer::SSLOptions::OCSP_UNKNOWN, - SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}, - {SpawnedTestServer::SSLOptions::OCSP_REVOKED, - SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}, - {SpawnedTestServer::SSLOptions::OCSP_OK, - SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}}, - SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID, - OCSPVerifyResult::PROVIDED, - true, - OCSPRevocationStatus::REVOKED}, + {EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::GOOD, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid, + EmbeddedTestServer::OCSPConfig::SingleResponse::Serial::kMismatch}}, + EmbeddedTestServer::OCSPConfig::Produced::kValid), + OCSPVerifyResult::NO_MATCHING_RESPONSE, OCSPRevocationStatus::UNKNOWN}, // 21 - {{{SpawnedTestServer::SSLOptions::OCSP_UNKNOWN, - SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}, - {SpawnedTestServer::SSLOptions::OCSP_OK, - SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}}, - SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID, - OCSPVerifyResult::PROVIDED, - true, - OCSPRevocationStatus::UNKNOWN}, + {EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::GOOD, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kEarly, + EmbeddedTestServer::OCSPConfig::SingleResponse::Serial::kMismatch}}, + EmbeddedTestServer::OCSPConfig::Produced::kValid), + OCSPVerifyResult::NO_MATCHING_RESPONSE, OCSPRevocationStatus::UNKNOWN}, // 22 - {{{SpawnedTestServer::SSLOptions::OCSP_UNKNOWN, - SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}, - {SpawnedTestServer::SSLOptions::OCSP_REVOKED, - SpawnedTestServer::SSLOptions::OCSP_DATE_LONG}, - {SpawnedTestServer::SSLOptions::OCSP_OK, - SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}}, - SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID, - OCSPVerifyResult::PROVIDED, - true, - OCSPRevocationStatus::UNKNOWN}, + {EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::REVOKED, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}}, + EmbeddedTestServer::OCSPConfig::Produced::kValid), + OCSPVerifyResult::PROVIDED, OCSPRevocationStatus::REVOKED}, // 23 - {{{SpawnedTestServer::SSLOptions::OCSP_MISMATCHED_SERIAL, - SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}}, - SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID, - OCSPVerifyResult::NO_MATCHING_RESPONSE, - false, - OCSPRevocationStatus::UNKNOWN}, + {EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::REVOKED, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kOld}}, + EmbeddedTestServer::OCSPConfig::Produced::kValid), + OCSPVerifyResult::INVALID_DATE, OCSPRevocationStatus::UNKNOWN}, // 24 - {{{SpawnedTestServer::SSLOptions::OCSP_MISMATCHED_SERIAL, - SpawnedTestServer::SSLOptions::OCSP_DATE_EARLY}}, - SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID, - OCSPVerifyResult::NO_MATCHING_RESPONSE, - false, - OCSPRevocationStatus::UNKNOWN}, - -// These tests fail when using NSS for certificate verification, as NSS fails -// and doesn't return the partial path. As a result the OCSP checks being done -// at the CertVerifyProc layer cannot access the issuer certificate. -#if !defined(USE_NSS_CERTS) - // 25 - {{{SpawnedTestServer::SSLOptions::OCSP_REVOKED, - SpawnedTestServer::SSLOptions::OCSP_DATE_VALID}}, - SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID, - OCSPVerifyResult::PROVIDED, - true, - OCSPRevocationStatus::REVOKED}, - - // 26 - {{{SpawnedTestServer::SSLOptions::OCSP_REVOKED, - SpawnedTestServer::SSLOptions::OCSP_DATE_OLD}}, - SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID, - OCSPVerifyResult::INVALID_DATE, - false, - OCSPRevocationStatus::UNKNOWN}, - - // 27 - {{{SpawnedTestServer::SSLOptions::OCSP_REVOKED, - SpawnedTestServer::SSLOptions::OCSP_DATE_LONG}}, - SpawnedTestServer::SSLOptions::OCSP_PRODUCED_VALID, - OCSPVerifyResult::INVALID_DATE, - false, - OCSPRevocationStatus::UNKNOWN}, -#endif + {EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::REVOKED, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kLong}}, + EmbeddedTestServer::OCSPConfig::Produced::kValid), + OCSPVerifyResult::INVALID_DATE, OCSPRevocationStatus::UNKNOWN}, }; class HTTPSOCSPVerifyTest @@ -10268,18 +10249,16 @@ class HTTPSOCSPVerifyTest public testing::WithParamInterface<OCSPVerifyTestData> {}; TEST_P(HTTPSOCSPVerifyTest, VerifyResult) { - SpawnedTestServer::SSLOptions ssl_options( - SpawnedTestServer::SSLOptions::CERT_AUTO); OCSPVerifyTestData test = GetParam(); - ssl_options.ocsp_responses = test.ocsp_responses; - ssl_options.ocsp_produced = test.ocsp_produced; - ssl_options.staple_ocsp_response = true; + EmbeddedTestServer::ServerCertificateConfig cert_config; + cert_config.policy_oids = {kOCSPTestCertPolicy}; + cert_config.stapled_ocsp_config = test.ocsp_config; SSLInfo ssl_info; OCSPErrorTestDelegate delegate; ASSERT_NO_FATAL_FAILURE( - DoConnectionWithDelegate(ssl_options, &delegate, &ssl_info)); + DoConnectionWithDelegate(cert_config, &delegate, &ssl_info)); // The SSLInfo must be extracted from |delegate| on error, due to how // URLRequest caches certificate errors. @@ -10288,10 +10267,13 @@ TEST_P(HTTPSOCSPVerifyTest, VerifyResult) { ssl_info = delegate.ssl_info(); } - EXPECT_EQ(test.response_status, ssl_info.ocsp_result.response_status); + EXPECT_EQ(test.expected_response_status, + ssl_info.ocsp_result.response_status); - if (test.has_revocation_status) - EXPECT_EQ(test.cert_status, ssl_info.ocsp_result.revocation_status); + if (test.expected_response_status == OCSPVerifyResult::PROVIDED) { + EXPECT_EQ(test.expected_cert_status, + ssl_info.ocsp_result.revocation_status); + } } INSTANTIATE_TEST_SUITE_P(OCSPVerify, @@ -10302,7 +10284,9 @@ class HTTPSAIATest : public HTTPSCertNetFetchingTest {}; TEST_F(HTTPSAIATest, AIAFetching) { EmbeddedTestServer test_server(EmbeddedTestServer::TYPE_HTTPS); - test_server.SetSSLConfig(EmbeddedTestServer::CERT_AUTO_AIA_INTERMEDIATE); + EmbeddedTestServer::ServerCertificateConfig cert_config; + cert_config.intermediate = EmbeddedTestServer::IntermediateType::kByAIA; + test_server.SetSSLConfig(cert_config); test_server.AddDefaultHandlers( base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); ASSERT_TRUE(test_server.Start()); @@ -10350,25 +10334,16 @@ TEST_F(HTTPSHardFailTest, FailsOnOCSPInvalid) { return; } - SpawnedTestServer::SSLOptions ssl_options( - SpawnedTestServer::SSLOptions::CERT_AUTO); - ssl_options.ocsp_status = - SpawnedTestServer::SSLOptions::OCSP_INVALID_RESPONSE; + EmbeddedTestServer::ServerCertificateConfig cert_config; + cert_config.policy_oids = {kOCSPTestCertPolicy}; + cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig( + EmbeddedTestServer::OCSPConfig::ResponseType::kInvalidResponse); CertStatus cert_status; - DoConnection(ssl_options, &cert_status); + DoConnection(cert_config, &cert_status); - if (UsingBuiltinCertVerifier()) { - EXPECT_EQ(CERT_STATUS_UNABLE_TO_CHECK_REVOCATION, - cert_status & CERT_STATUS_ALL_ERRORS); - } else { -#if defined(USE_NSS_CERTS) - EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS); -#else - EXPECT_EQ(CERT_STATUS_UNABLE_TO_CHECK_REVOCATION, - cert_status & CERT_STATUS_ALL_ERRORS); -#endif - } + EXPECT_EQ(CERT_STATUS_UNABLE_TO_CHECK_REVOCATION, + cert_status & CERT_STATUS_ALL_ERRORS); // Without a positive OCSP response, we shouldn't show the EV status. EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); @@ -10389,13 +10364,13 @@ TEST_F(HTTPSEVCRLSetTest, MissingCRLSetAndInvalidOCSP) { return; } - SpawnedTestServer::SSLOptions ssl_options( - SpawnedTestServer::SSLOptions::CERT_AUTO); - ssl_options.ocsp_status = - SpawnedTestServer::SSLOptions::OCSP_INVALID_RESPONSE; + EmbeddedTestServer::ServerCertificateConfig cert_config; + cert_config.policy_oids = {kOCSPTestCertPolicy}; + cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig( + EmbeddedTestServer::OCSPConfig::ResponseType::kInvalidResponse); CertStatus cert_status; - DoConnection(ssl_options, &cert_status); + DoConnection(cert_config, &cert_status); EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS); EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); @@ -10409,12 +10384,14 @@ TEST_F(HTTPSEVCRLSetTest, MissingCRLSetAndRevokedOCSP) { return; } - SpawnedTestServer::SSLOptions ssl_options( - SpawnedTestServer::SSLOptions::CERT_AUTO); - ssl_options.ocsp_status = SpawnedTestServer::SSLOptions::OCSP_REVOKED; + EmbeddedTestServer::ServerCertificateConfig cert_config; + cert_config.policy_oids = {kOCSPTestCertPolicy}; + cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::REVOKED, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}}); CertStatus cert_status; - DoConnection(ssl_options, &cert_status); + DoConnection(cert_config, &cert_status); // The CertVerifyProc implementations handle revocation on the EV // verification differently. Some will return a revoked error, others will @@ -10455,12 +10432,14 @@ TEST_F(HTTPSEVCRLSetTest, MissingCRLSetAndGoodOCSP) { return; } - SpawnedTestServer::SSLOptions ssl_options( - SpawnedTestServer::SSLOptions::CERT_AUTO); - ssl_options.ocsp_status = SpawnedTestServer::SSLOptions::OCSP_OK; + EmbeddedTestServer::ServerCertificateConfig cert_config; + cert_config.policy_oids = {kOCSPTestCertPolicy}; + cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::GOOD, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}}); CertStatus cert_status; - DoConnection(ssl_options, &cert_status); + DoConnection(cert_config, &cert_status); EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS); @@ -10476,16 +10455,17 @@ TEST_F(HTTPSEVCRLSetTest, ExpiredCRLSet) { return; } - SpawnedTestServer::SSLOptions ssl_options( - SpawnedTestServer::SSLOptions::CERT_AUTO); - ssl_options.ocsp_status = - SpawnedTestServer::SSLOptions::OCSP_INVALID_RESPONSE; + EmbeddedTestServer::ServerCertificateConfig cert_config; + cert_config.policy_oids = {kOCSPTestCertPolicy}; + cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig( + EmbeddedTestServer::OCSPConfig::ResponseType::kInvalidResponse); + CertVerifier::Config cert_verifier_config = GetCertVerifierConfig(); cert_verifier_config.crl_set = CRLSet::ExpiredCRLSetForTesting(); context_.cert_verifier()->SetConfig(cert_verifier_config); CertStatus cert_status; - DoConnection(ssl_options, &cert_status); + DoConnection(cert_config, &cert_status); EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS); EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV); @@ -10499,17 +10479,18 @@ TEST_F(HTTPSEVCRLSetTest, FreshCRLSetCovered) { return; } - SpawnedTestServer::SSLOptions ssl_options( - SpawnedTestServer::SSLOptions::CERT_AUTO); - ssl_options.ocsp_status = - SpawnedTestServer::SSLOptions::OCSP_INVALID_RESPONSE; + EmbeddedTestServer::ServerCertificateConfig cert_config; + cert_config.policy_oids = {kOCSPTestCertPolicy}; + cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig( + EmbeddedTestServer::OCSPConfig::ResponseType::kInvalidResponse); + CertVerifier::Config cert_verifier_config = GetCertVerifierConfig(); cert_verifier_config.crl_set = - CRLSet::ForTesting(false, &kOCSPTestCertSPKI, "", "", {}); + CRLSet::ForTesting(false, &kTestRootCertSPKIHash, "", "", {}); context_.cert_verifier()->SetConfig(cert_verifier_config); CertStatus cert_status; - DoConnection(ssl_options, &cert_status); + DoConnection(cert_config, &cert_status); // With a fresh CRLSet that covers the issuing certificate, we shouldn't do a // revocation check for EV. @@ -10526,16 +10507,17 @@ TEST_F(HTTPSEVCRLSetTest, FreshCRLSetNotCovered) { return; } - SpawnedTestServer::SSLOptions ssl_options( - SpawnedTestServer::SSLOptions::CERT_AUTO); - ssl_options.ocsp_status = - SpawnedTestServer::SSLOptions::OCSP_INVALID_RESPONSE; + EmbeddedTestServer::ServerCertificateConfig cert_config; + cert_config.policy_oids = {kOCSPTestCertPolicy}; + cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig( + EmbeddedTestServer::OCSPConfig::ResponseType::kInvalidResponse); + CertVerifier::Config cert_verifier_config = GetCertVerifierConfig(); cert_verifier_config.crl_set = CRLSet::EmptyCRLSetForTesting(); context_.cert_verifier()->SetConfig(cert_verifier_config); CertStatus cert_status = 0; - DoConnection(ssl_options, &cert_status); + DoConnection(cert_config, &cert_status); // Even with a fresh CRLSet, we should still do online revocation checks when // the certificate chain isn't covered by the CRLSet, which it isn't in this @@ -10548,33 +10530,19 @@ TEST_F(HTTPSEVCRLSetTest, FreshCRLSetNotCovered) { static_cast<bool>(cert_status & CERT_STATUS_REV_CHECKING_ENABLED)); } -class HTTPSCRLSetTest : public HTTPSOCSPTest { - protected: - CertVerifier::Config GetCertVerifierConfig() override { - CertVerifier::Config config; - return config; - } - - void SetUp() override { - HTTPSOCSPTest::SetUp(); - - // Unmark the certificate's OID as EV, which should disable revocation - // checking (as per the user preference). - ev_test_policy_.reset(); - } -}; +class HTTPSCRLSetTest : public HTTPSCertNetFetchingTest {}; TEST_F(HTTPSCRLSetTest, ExpiredCRLSet) { - SpawnedTestServer::SSLOptions ssl_options( - SpawnedTestServer::SSLOptions::CERT_AUTO); - ssl_options.ocsp_status = - SpawnedTestServer::SSLOptions::OCSP_INVALID_RESPONSE; + EmbeddedTestServer::ServerCertificateConfig cert_config; + cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig( + EmbeddedTestServer::OCSPConfig::ResponseType::kInvalidResponse); + CertVerifier::Config cert_verifier_config = GetCertVerifierConfig(); cert_verifier_config.crl_set = CRLSet::ExpiredCRLSetForTesting(); context_.cert_verifier()->SetConfig(cert_verifier_config); CertStatus cert_status; - DoConnection(ssl_options, &cert_status); + DoConnection(cert_config, &cert_status); // If we're not trying EV verification then, even if the CRLSet has expired, // we don't fall back to online revocation checks. @@ -10591,16 +10559,17 @@ TEST_F(HTTPSCRLSetTest, ExpiredCRLSetAndRevoked) { return; } - SpawnedTestServer::SSLOptions ssl_options( - SpawnedTestServer::SSLOptions::CERT_AUTO); - ssl_options.ocsp_status = SpawnedTestServer::SSLOptions::OCSP_REVOKED; + EmbeddedTestServer::ServerCertificateConfig cert_config; + cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::REVOKED, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}}); CertVerifier::Config cert_verifier_config = GetCertVerifierConfig(); cert_verifier_config.crl_set = CRLSet::ExpiredCRLSetForTesting(); context_.cert_verifier()->SetConfig(cert_verifier_config); CertStatus cert_status; - DoConnection(ssl_options, &cert_status); + DoConnection(cert_config, &cert_status); EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS); @@ -10614,18 +10583,32 @@ TEST_F(HTTPSCRLSetTest, CRLSetRevoked) { return; } - SpawnedTestServer::SSLOptions ssl_options( - SpawnedTestServer::SSLOptions::CERT_AUTO); - ssl_options.ocsp_status = SpawnedTestServer::SSLOptions::OCSP_OK; - ssl_options.cert_serial = 10; + EmbeddedTestServer test_server(EmbeddedTestServer::TYPE_HTTPS); + EmbeddedTestServer::ServerCertificateConfig cert_config; + cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::GOOD, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}}); + test_server.SetSSLConfig(cert_config); + test_server.AddDefaultHandlers( + base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); + ASSERT_TRUE(test_server.Start()); CertVerifier::Config cert_verifier_config = GetCertVerifierConfig(); cert_verifier_config.crl_set = - CRLSet::ForTesting(false, &kOCSPTestCertSPKI, "\x0a", "", {}); + CRLSet::ForTesting(false, &kTestRootCertSPKIHash, + test_server.GetCertificate()->serial_number(), "", {}); context_.cert_verifier()->SetConfig(cert_verifier_config); - CertStatus cert_status = 0; - DoConnection(ssl_options, &cert_status); + TestDelegate d; + d.set_allow_certificate_errors(true); + std::unique_ptr<URLRequest> r(context_.CreateRequest( + test_server.GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d, + TRAFFIC_ANNOTATION_FOR_TESTS)); + r->Start(); + EXPECT_TRUE(r->is_pending()); + d.RunUntilComplete(); + EXPECT_EQ(1, d.response_started_count()); + CertStatus cert_status = r->ssl_info().cert_status; // If the certificate is recorded as revoked in the CRLSet, that should be // reflected without online revocation checking. @@ -10640,20 +10623,35 @@ TEST_F(HTTPSCRLSetTest, CRLSetRevokedBySubject) { return; } - SpawnedTestServer::SSLOptions ssl_options( - SpawnedTestServer::SSLOptions::CERT_AUTO); - ssl_options.ocsp_status = SpawnedTestServer::SSLOptions::OCSP_OK; - static const char kCommonName[] = "Test CN"; - ssl_options.cert_common_name = kCommonName; + EmbeddedTestServer test_server(EmbeddedTestServer::TYPE_HTTPS); + EmbeddedTestServer::ServerCertificateConfig cert_config; + cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig( + {{OCSPRevocationStatus::GOOD, + EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}}); + test_server.SetSSLConfig(cert_config); + test_server.AddDefaultHandlers( + base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); + ASSERT_TRUE(test_server.Start()); + + std::string common_name = test_server.GetCertificate()->subject().common_name; { CertVerifier::Config cert_verifier_config = GetCertVerifierConfig(); cert_verifier_config.crl_set = - CRLSet::ForTesting(false, nullptr, "", kCommonName, {}); + CRLSet::ForTesting(false, nullptr, "", common_name, {}); + ASSERT_TRUE(cert_verifier_config.crl_set); context_.cert_verifier()->SetConfig(cert_verifier_config); - CertStatus cert_status = 0; - DoConnection(ssl_options, &cert_status); + TestDelegate d; + d.set_allow_certificate_errors(true); + std::unique_ptr<URLRequest> r(context_.CreateRequest( + test_server.GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d, + TRAFFIC_ANNOTATION_FOR_TESTS)); + r->Start(); + EXPECT_TRUE(r->is_pending()); + d.RunUntilComplete(); + EXPECT_EQ(1, d.response_started_count()); + CertStatus cert_status = r->ssl_info().cert_status; // If the certificate is recorded as revoked in the CRLSet, that should be // reflected without online revocation checking. @@ -10662,26 +10660,31 @@ TEST_F(HTTPSCRLSetTest, CRLSetRevokedBySubject) { EXPECT_FALSE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED); } - const uint8_t kTestServerSPKISHA256[32] = { - 0xb3, 0x91, 0xac, 0x73, 0x32, 0x54, 0x7f, 0x7b, 0x8a, 0x62, 0x77, - 0x73, 0x1d, 0x45, 0x7b, 0x23, 0x46, 0x69, 0xef, 0x6f, 0x05, 0x3d, - 0x07, 0x22, 0x15, 0x18, 0xd6, 0x10, 0x8b, 0xa1, 0x49, 0x33, - }; - const std::string spki_hash( - reinterpret_cast<const char*>(kTestServerSPKISHA256), - sizeof(kTestServerSPKISHA256)); - + HashValue spki_hash_value; + ASSERT_TRUE(x509_util::CalculateSha256SpkiHash( + test_server.GetCertificate()->cert_buffer(), &spki_hash_value)); + std::string spki_hash(spki_hash_value.data(), + spki_hash_value.data() + spki_hash_value.size()); { CertVerifier::Config cert_verifier_config = GetCertVerifierConfig(); cert_verifier_config.crl_set = - CRLSet::ForTesting(false, nullptr, "", kCommonName, {spki_hash}); + CRLSet::ForTesting(false, nullptr, "", common_name, {spki_hash}); context_.cert_verifier()->SetConfig(cert_verifier_config); - CertStatus cert_status = 0; - DoConnection(ssl_options, &cert_status); + TestDelegate d; + d.set_allow_certificate_errors(true); + std::unique_ptr<URLRequest> r(context_.CreateRequest( + test_server.GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d, + TRAFFIC_ANNOTATION_FOR_TESTS)); + r->Start(); + EXPECT_TRUE(r->is_pending()); + d.RunUntilComplete(); + EXPECT_EQ(1, d.response_started_count()); + CertStatus cert_status = r->ssl_info().cert_status; - // When the correct SPKI hash is specified, the connection should succeed - // even though the subject is listed in the CRLSet. + // When the correct SPKI hash is specified in + // |acceptable_spki_hashes_for_cn|, the connection should succeed even + // though the subject is listed in the CRLSet. EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS); } } diff --git a/chromium/net/websockets/websocket_basic_handshake_stream.cc b/chromium/net/websockets/websocket_basic_handshake_stream.cc index b3db99c5046..692b61a50f5 100644 --- a/chromium/net/websockets/websocket_basic_handshake_stream.cc +++ b/chromium/net/websockets/websocket_basic_handshake_stream.cc @@ -12,8 +12,8 @@ #include "base/base64.h" #include "base/bind.h" +#include "base/check_op.h" #include "base/compiler_specific.h" -#include "base/logging.h" #include "base/metrics/histogram_functions.h" #include "base/stl_util.h" #include "base/strings/string_number_conversions.h" diff --git a/chromium/net/websockets/websocket_basic_handshake_stream_test.cc b/chromium/net/websockets/websocket_basic_handshake_stream_test.cc index 06dc980cd72..1df0a1658f7 100644 --- a/chromium/net/websockets/websocket_basic_handshake_stream_test.cc +++ b/chromium/net/websockets/websocket_basic_handshake_stream_test.cc @@ -8,7 +8,6 @@ #include <utility> #include <vector> -#include "base/logging.h" #include "net/base/address_list.h" #include "net/base/ip_address.h" #include "net/base/ip_endpoint.h" diff --git a/chromium/net/websockets/websocket_channel.cc b/chromium/net/websockets/websocket_channel.cc index 02d86758963..dea22fcf40c 100644 --- a/chromium/net/websockets/websocket_channel.cc +++ b/chromium/net/websockets/websocket_channel.cc @@ -132,7 +132,7 @@ class DependentIOBuffer : public WrappedIOBuffer { private: ~DependentIOBuffer() override = default; - scoped_refptr<net::IOBuffer> buffer_; + scoped_refptr<IOBuffer> buffer_; }; void LogCloseCodeForUma(uint16_t code) { @@ -230,7 +230,7 @@ class WebSocketChannel::ConnectDelegate public: explicit ConnectDelegate(WebSocketChannel* creator) : creator_(creator) {} - void OnCreateRequest(net::URLRequest* request) override { + void OnCreateRequest(URLRequest* request) override { creator_->OnCreateURLRequest(request); } @@ -315,11 +315,11 @@ void WebSocketChannel::SendAddChannelRequest( const std::vector<std::string>& requested_subprotocols, const url::Origin& origin, const SiteForCookies& site_for_cookies, - const net::NetworkIsolationKey& network_isolation_key, + const IsolationInfo& isolation_info, const HttpRequestHeaders& additional_headers) { SendAddChannelRequestWithSuppliedCallback( socket_url, requested_subprotocols, origin, site_for_cookies, - network_isolation_key, additional_headers, + isolation_info, additional_headers, base::BindOnce(&WebSocketStream::CreateAndConnectStream)); } @@ -459,12 +459,12 @@ void WebSocketChannel::SendAddChannelRequestForTesting( const std::vector<std::string>& requested_subprotocols, const url::Origin& origin, const SiteForCookies& site_for_cookies, - const net::NetworkIsolationKey& network_isolation_key, + const IsolationInfo& isolation_info, const HttpRequestHeaders& additional_headers, WebSocketStreamRequestCreationCallback callback) { SendAddChannelRequestWithSuppliedCallback( socket_url, requested_subprotocols, origin, site_for_cookies, - network_isolation_key, additional_headers, std::move(callback)); + isolation_info, additional_headers, std::move(callback)); } void WebSocketChannel::SetClosingHandshakeTimeoutForTesting( @@ -482,7 +482,7 @@ void WebSocketChannel::SendAddChannelRequestWithSuppliedCallback( const std::vector<std::string>& requested_subprotocols, const url::Origin& origin, const SiteForCookies& site_for_cookies, - const net::NetworkIsolationKey& network_isolation_key, + const IsolationInfo& isolation_info, const HttpRequestHeaders& additional_headers, WebSocketStreamRequestCreationCallback callback) { DCHECK_EQ(FRESHLY_CONSTRUCTED, state_); @@ -497,7 +497,7 @@ void WebSocketChannel::SendAddChannelRequestWithSuppliedCallback( auto connect_delegate = std::make_unique<ConnectDelegate>(this); stream_request_ = std::move(callback).Run( socket_url_, requested_subprotocols, origin, site_for_cookies, - network_isolation_key, additional_headers, url_request_context_, + isolation_info, additional_headers, url_request_context_, NetLogWithSource(), std::move(connect_delegate)); SetState(CONNECTING); } diff --git a/chromium/net/websockets/websocket_channel.h b/chromium/net/websockets/websocket_channel.h index 28c29fdb5c9..d05207e8bc3 100644 --- a/chromium/net/websockets/websocket_channel.h +++ b/chromium/net/websockets/websocket_channel.h @@ -36,6 +36,7 @@ class HttpRequestHeaders; class IOBuffer; class IPEndPoint; class NetLogWithSource; +class IsolationInfo; class SiteForCookies; class URLRequest; class URLRequestContext; @@ -56,7 +57,7 @@ class NET_EXPORT WebSocketChannel { const std::vector<std::string>&, const url::Origin&, const SiteForCookies&, - const NetworkIsolationKey&, + const IsolationInfo&, const HttpRequestHeaders&, URLRequestContext*, const NetLogWithSource&, @@ -81,7 +82,7 @@ class NET_EXPORT WebSocketChannel { const std::vector<std::string>& requested_protocols, const url::Origin& origin, const SiteForCookies& site_for_cookies, - const net::NetworkIsolationKey& network_isolation_key, + const IsolationInfo& isolation_info, const HttpRequestHeaders& additional_headers); // Sends a data frame to the remote side. It is the responsibility of the @@ -130,7 +131,7 @@ class NET_EXPORT WebSocketChannel { const std::vector<std::string>& requested_protocols, const url::Origin& origin, const SiteForCookies& site_for_cookies, - const net::NetworkIsolationKey& network_isolation_key, + const IsolationInfo& isolation_info, const HttpRequestHeaders& additional_headers, WebSocketStreamRequestCreationCallback callback); @@ -192,7 +193,7 @@ class NET_EXPORT WebSocketChannel { const std::vector<std::string>& requested_protocols, const url::Origin& origin, const SiteForCookies& site_for_cookies, - const net::NetworkIsolationKey& network_isolation_key, + const IsolationInfo& isolation_info, const HttpRequestHeaders& additional_headers, WebSocketStreamRequestCreationCallback callback); diff --git a/chromium/net/websockets/websocket_channel_test.cc b/chromium/net/websockets/websocket_channel_test.cc index b445a2cf400..07f90d5b23b 100644 --- a/chromium/net/websockets/websocket_channel_test.cc +++ b/chromium/net/websockets/websocket_channel_test.cc @@ -754,7 +754,7 @@ struct WebSocketStreamCreationCallbackArgumentSaver { const std::vector<std::string>& requested_subprotocols, const url::Origin& origin, const SiteForCookies& site_for_cookies, - const net::NetworkIsolationKey& network_isolation_key, + const IsolationInfo& isolation_info, const HttpRequestHeaders& additional_headers, URLRequestContext* url_request_context, const NetLogWithSource& net_log, @@ -762,7 +762,7 @@ struct WebSocketStreamCreationCallbackArgumentSaver { this->socket_url = socket_url; this->origin = origin; this->site_for_cookies = site_for_cookies; - this->network_isolation_key = network_isolation_key; + this->isolation_info = isolation_info; this->url_request_context = url_request_context; this->connect_delegate = std::move(connect_delegate); return std::make_unique<MockWebSocketStreamRequest>(); @@ -771,7 +771,7 @@ struct WebSocketStreamCreationCallbackArgumentSaver { GURL socket_url; url::Origin origin; SiteForCookies site_for_cookies; - net::NetworkIsolationKey network_isolation_key; + IsolationInfo isolation_info; URLRequestContext* url_request_context; std::unique_ptr<WebSocketStream::ConnectDelegate> connect_delegate; }; @@ -809,7 +809,7 @@ class WebSocketChannelTest : public TestWithTaskEnvironment { channel_->SendAddChannelRequestForTesting( connect_data_.socket_url, connect_data_.requested_subprotocols, connect_data_.origin, connect_data_.site_for_cookies, - connect_data_.network_isolation_key, HttpRequestHeaders(), + connect_data_.isolation_info, HttpRequestHeaders(), base::BindOnce(&WebSocketStreamCreationCallbackArgumentSaver::Create, base::Unretained(&connect_data_.argument_saver))); } @@ -846,9 +846,9 @@ class WebSocketChannelTest : public TestWithTaskEnvironment { : socket_url("ws://ws/"), origin(url::Origin::Create(GURL("http://ws"))), site_for_cookies(SiteForCookies::FromUrl(GURL("http://ws/"))) { - url::Origin top_frame_origin = url::Origin::Create(GURL("http://ws-1")); - this->network_isolation_key = - net::NetworkIsolationKey(top_frame_origin, origin); + this->isolation_info = IsolationInfo::Create( + IsolationInfo::RedirectMode::kUpdateNothing, origin, origin, + SiteForCookies::FromOrigin(origin)); } // URLRequestContext object. @@ -862,8 +862,8 @@ class WebSocketChannelTest : public TestWithTaskEnvironment { url::Origin origin; // First party for cookies for the request. net::SiteForCookies site_for_cookies; - // NetworkIsolationKey created from the origin of the top level frame. - net::NetworkIsolationKey network_isolation_key; + // IsolationInfo created from the origin. + net::IsolationInfo isolation_info; WebSocketStreamCreationCallbackArgumentSaver argument_saver; }; @@ -984,10 +984,9 @@ TEST_F(WebSocketChannelTest, EverythingIsPassedToTheCreatorFunction) { connect_data_.origin = url::Origin::Create(GURL("http://example.com")); connect_data_.site_for_cookies = SiteForCookies::FromUrl(GURL("http://example.com/")); - url::Origin top_frame_origin = - url::Origin::Create(GURL("http://example-1.com")); - connect_data_.network_isolation_key = - net::NetworkIsolationKey(top_frame_origin, connect_data_.origin); + connect_data_.isolation_info = net::IsolationInfo::Create( + IsolationInfo::RedirectMode::kUpdateNothing, connect_data_.origin, + connect_data_.origin, SiteForCookies::FromOrigin(connect_data_.origin)); connect_data_.requested_subprotocols.push_back("Sinbad"); CreateChannelAndConnect(); @@ -1001,7 +1000,8 @@ TEST_F(WebSocketChannelTest, EverythingIsPassedToTheCreatorFunction) { EXPECT_EQ(connect_data_.origin.Serialize(), actual.origin.Serialize()); EXPECT_TRUE( connect_data_.site_for_cookies.IsEquivalent(actual.site_for_cookies)); - EXPECT_EQ(connect_data_.network_isolation_key, actual.network_isolation_key); + EXPECT_TRUE( + connect_data_.isolation_info.IsEqualForTesting(actual.isolation_info)); } TEST_F(WebSocketChannelEventInterfaceTest, ConnectSuccessReported) { diff --git a/chromium/net/websockets/websocket_deflate_stream_fuzzer.cc b/chromium/net/websockets/websocket_deflate_stream_fuzzer.cc index 3734128fa5d..95f74867959 100644 --- a/chromium/net/websockets/websocket_deflate_stream_fuzzer.cc +++ b/chromium/net/websockets/websocket_deflate_stream_fuzzer.cc @@ -10,7 +10,7 @@ #include <string> #include <vector> -#include "base/logging.h" +#include "base/check.h" #include "base/memory/scoped_refptr.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_piece.h" diff --git a/chromium/net/websockets/websocket_deflater.cc b/chromium/net/websockets/websocket_deflater.cc index 459b84c0c59..8f93a014e33 100644 --- a/chromium/net/websockets/websocket_deflater.cc +++ b/chromium/net/websockets/websocket_deflater.cc @@ -8,8 +8,8 @@ #include <algorithm> #include <vector> +#include "base/check_op.h" #include "base/containers/circular_deque.h" -#include "base/logging.h" #include "net/base/io_buffer.h" #include "third_party/zlib/zlib.h" diff --git a/chromium/net/websockets/websocket_end_to_end_test.cc b/chromium/net/websockets/websocket_end_to_end_test.cc index 86e2580fa2b..caf50d9e26d 100644 --- a/chromium/net/websockets/websocket_end_to_end_test.cc +++ b/chromium/net/websockets/websocket_end_to_end_test.cc @@ -31,6 +31,7 @@ #include "net/base/auth.h" #include "net/base/host_port_pair.h" #include "net/base/ip_endpoint.h" +#include "net/base/isolation_info.h" #include "net/base/proxy_delegate.h" #include "net/base/url_util.h" #include "net/http/http_request_headers.h" @@ -293,12 +294,14 @@ class WebSocketEndToEndTest : public TestWithTaskEnvironment { url::Origin origin = url::Origin::Create(GURL("http://localhost")); net::SiteForCookies site_for_cookies = net::SiteForCookies::FromOrigin(origin); - net::NetworkIsolationKey network_isolation_key(origin, origin); + IsolationInfo isolation_info = IsolationInfo::Create( + IsolationInfo::RedirectMode::kUpdateNothing, origin, origin, + SiteForCookies::FromOrigin(origin)); event_interface_ = new ConnectTestingEventInterface(); channel_ = std::make_unique<WebSocketChannel>( base::WrapUnique(event_interface_), &context_); channel_->SendAddChannelRequest(GURL(socket_url), sub_protocols_, origin, - site_for_cookies, network_isolation_key, + site_for_cookies, isolation_info, HttpRequestHeaders()); event_interface_->WaitForResponse(); return !event_interface_->failed(); @@ -465,8 +468,8 @@ TEST_F(WebSocketEndToEndTest, MAYBE_ProxyPacUsed) { ProxyConfigWithAnnotation(proxy_config, TRAFFIC_ANNOTATION_FOR_TESTS)); std::unique_ptr<ProxyResolutionService> proxy_resolution_service( ConfiguredProxyResolutionService::CreateUsingSystemProxyResolver( - std::move(proxy_config_service), /*quick_check_enabled=*/true, - NetLog::Get())); + std::move(proxy_config_service), NetLog::Get(), + /*quick_check_enabled=*/true)); ASSERT_EQ(ws_server.host_port_pair().host(), "127.0.0.1"); context_.set_proxy_resolution_service(proxy_resolution_service.get()); InitialiseContext(); diff --git a/chromium/net/websockets/websocket_errors.cc b/chromium/net/websockets/websocket_errors.cc index b7ca7bc5636..eeb0bf52e52 100644 --- a/chromium/net/websockets/websocket_errors.cc +++ b/chromium/net/websockets/websocket_errors.cc @@ -4,7 +4,6 @@ #include "net/websockets/websocket_errors.h" -#include "base/logging.h" namespace net { diff --git a/chromium/net/websockets/websocket_extension.cc b/chromium/net/websockets/websocket_extension.cc index f1d7bf7f989..96435856b37 100644 --- a/chromium/net/websockets/websocket_extension.cc +++ b/chromium/net/websockets/websocket_extension.cc @@ -8,7 +8,7 @@ #include <string> #include <utility> -#include "base/logging.h" +#include "base/check.h" #include "net/http/http_util.h" namespace net { diff --git a/chromium/net/websockets/websocket_extension_parser.cc b/chromium/net/websockets/websocket_extension_parser.cc index 6532ae3b298..8d673c1ea1f 100644 --- a/chromium/net/websockets/websocket_extension_parser.cc +++ b/chromium/net/websockets/websocket_extension_parser.cc @@ -4,7 +4,7 @@ #include "net/websockets/websocket_extension_parser.h" -#include "base/logging.h" +#include "base/check_op.h" #include "net/http/http_util.h" namespace net { diff --git a/chromium/net/websockets/websocket_frame.cc b/chromium/net/websockets/websocket_frame.cc index d07facdfe16..d858e060b8a 100644 --- a/chromium/net/websockets/websocket_frame.cc +++ b/chromium/net/websockets/websocket_frame.cc @@ -5,10 +5,12 @@ #include "net/websockets/websocket_frame.h" #include <stddef.h> +#include <string.h> + #include <algorithm> #include "base/big_endian.h" -#include "base/logging.h" +#include "base/check_op.h" #include "base/rand_util.h" #include "net/base/net_errors.h" diff --git a/chromium/net/websockets/websocket_handshake_stream_create_helper.cc b/chromium/net/websockets/websocket_handshake_stream_create_helper.cc index 5c25a0b4fe3..75021b4a4be 100644 --- a/chromium/net/websockets/websocket_handshake_stream_create_helper.cc +++ b/chromium/net/websockets/websocket_handshake_stream_create_helper.cc @@ -6,7 +6,7 @@ #include <utility> -#include "base/logging.h" +#include "base/check.h" #include "base/memory/weak_ptr.h" #include "net/socket/client_socket_handle.h" #include "net/websockets/websocket_basic_handshake_stream.h" diff --git a/chromium/net/websockets/websocket_http2_handshake_stream.cc b/chromium/net/websockets/websocket_http2_handshake_stream.cc index 30d1fee9c7c..2a81c69a4b4 100644 --- a/chromium/net/websockets/websocket_http2_handshake_stream.cc +++ b/chromium/net/websockets/websocket_http2_handshake_stream.cc @@ -8,7 +8,8 @@ #include <utility> #include "base/bind.h" -#include "base/logging.h" +#include "base/check_op.h" +#include "base/notreached.h" #include "base/strings/stringprintf.h" #include "base/time/time.h" #include "net/base/ip_endpoint.h" diff --git a/chromium/net/websockets/websocket_inflater.cc b/chromium/net/websockets/websocket_inflater.cc index 6b61f49798e..c150b5f624d 100644 --- a/chromium/net/websockets/websocket_inflater.cc +++ b/chromium/net/websockets/websocket_inflater.cc @@ -7,7 +7,7 @@ #include <algorithm> #include <vector> -#include "base/logging.h" +#include "base/check_op.h" #include "net/base/io_buffer.h" #include "third_party/zlib/zlib.h" diff --git a/chromium/net/websockets/websocket_stream.cc b/chromium/net/websockets/websocket_stream.cc index 934a8c88f38..c58f608fe66 100644 --- a/chromium/net/websockets/websocket_stream.cc +++ b/chromium/net/websockets/websocket_stream.cc @@ -115,7 +115,7 @@ class WebSocketStreamRequestImpl : public WebSocketStreamRequestAPI { const URLRequestContext* context, const url::Origin& origin, const SiteForCookies& site_for_cookies, - const net::NetworkIsolationKey& network_isolation_key, + const IsolationInfo& isolation_info, const HttpRequestHeaders& additional_headers, std::unique_ptr<WebSocketStream::ConnectDelegate> connect_delegate, std::unique_ptr<WebSocketStreamRequestAPI> api_delegate) @@ -126,6 +126,9 @@ class WebSocketStreamRequestImpl : public WebSocketStreamRequestAPI { kTrafficAnnotation)), connect_delegate_(std::move(connect_delegate)), api_delegate_(std::move(api_delegate)) { + DCHECK_EQ(IsolationInfo::RedirectMode::kUpdateNothing, + isolation_info.redirect_mode()); + HttpRequestHeaders headers = additional_headers; headers.SetHeader(websockets::kUpgrade, websockets::kWebSocketLowercase); headers.SetHeader(HttpRequestHeaders::kConnection, websockets::kUpgrade); @@ -142,8 +145,7 @@ class WebSocketStreamRequestImpl : public WebSocketStreamRequestAPI { url_request_->SetExtraRequestHeaders(headers); url_request_->set_initiator(origin); url_request_->set_site_for_cookies(site_for_cookies); - url_request_->set_isolation_info(IsolationInfo::CreatePartial( - IsolationInfo::RedirectMode::kUpdateNothing, network_isolation_key)); + url_request_->set_isolation_info(isolation_info); auto create_helper = std::make_unique<WebSocketHandshakeStreamCreateHelper>( connect_delegate_.get(), requested_subprotocols, this); @@ -470,14 +472,14 @@ std::unique_ptr<WebSocketStreamRequest> WebSocketStream::CreateAndConnectStream( const std::vector<std::string>& requested_subprotocols, const url::Origin& origin, const SiteForCookies& site_for_cookies, - const net::NetworkIsolationKey& network_isolation_key, + const IsolationInfo& isolation_info, const HttpRequestHeaders& additional_headers, URLRequestContext* url_request_context, const NetLogWithSource& net_log, std::unique_ptr<ConnectDelegate> connect_delegate) { auto request = std::make_unique<WebSocketStreamRequestImpl>( socket_url, requested_subprotocols, url_request_context, origin, - site_for_cookies, network_isolation_key, additional_headers, + site_for_cookies, isolation_info, additional_headers, std::move(connect_delegate), nullptr); request->Start(std::make_unique<base::OneShotTimer>()); return std::move(request); @@ -489,7 +491,7 @@ WebSocketStream::CreateAndConnectStreamForTesting( const std::vector<std::string>& requested_subprotocols, const url::Origin& origin, const SiteForCookies& site_for_cookies, - const net::NetworkIsolationKey& network_isolation_key, + const IsolationInfo& isolation_info, const HttpRequestHeaders& additional_headers, URLRequestContext* url_request_context, const NetLogWithSource& net_log, @@ -498,7 +500,7 @@ WebSocketStream::CreateAndConnectStreamForTesting( std::unique_ptr<WebSocketStreamRequestAPI> api_delegate) { auto request = std::make_unique<WebSocketStreamRequestImpl>( socket_url, requested_subprotocols, url_request_context, origin, - site_for_cookies, network_isolation_key, additional_headers, + site_for_cookies, isolation_info, additional_headers, std::move(connect_delegate), std::move(api_delegate)); request->Start(std::move(timer)); return std::move(request); diff --git a/chromium/net/websockets/websocket_stream.h b/chromium/net/websockets/websocket_stream.h index 5d89951d2f2..a5ab95ccc85 100644 --- a/chromium/net/websockets/websocket_stream.h +++ b/chromium/net/websockets/websocket_stream.h @@ -15,8 +15,8 @@ #include "base/optional.h" #include "base/time/time.h" #include "net/base/completion_once_callback.h" +#include "net/base/isolation_info.h" #include "net/base/net_export.h" -#include "net/base/network_isolation_key.h" #include "net/cookies/site_for_cookies.h" #include "net/websockets/websocket_event_interface.h" #include "net/websockets/websocket_handshake_request_info.h" @@ -154,7 +154,7 @@ class NET_EXPORT_PRIVATE WebSocketStream { const std::vector<std::string>& requested_subprotocols, const url::Origin& origin, const SiteForCookies& site_for_cookies, - const net::NetworkIsolationKey& network_isolation_key, + const IsolationInfo& isolation_info, const HttpRequestHeaders& additional_headers, URLRequestContext* url_request_context, const NetLogWithSource& net_log, @@ -170,7 +170,7 @@ class NET_EXPORT_PRIVATE WebSocketStream { const std::vector<std::string>& requested_subprotocols, const url::Origin& origin, const SiteForCookies& site_for_cookies, - const net::NetworkIsolationKey& network_isolation_key, + const IsolationInfo& isolation_info, const HttpRequestHeaders& additional_headers, URLRequestContext* url_request_context, const NetLogWithSource& net_log, diff --git a/chromium/net/websockets/websocket_stream_cookie_test.cc b/chromium/net/websockets/websocket_stream_cookie_test.cc index 7d7b86a002e..d1e9aca194d 100644 --- a/chromium/net/websockets/websocket_stream_cookie_test.cc +++ b/chromium/net/websockets/websocket_stream_cookie_test.cc @@ -12,6 +12,7 @@ #include "base/strings/string_util.h" #include "base/strings/stringprintf.h" #include "base/threading/thread_task_runner_handle.h" +#include "net/base/isolation_info.h" #include "net/cookies/canonical_cookie.h" #include "net/cookies/canonical_cookie_test_helpers.h" #include "net/cookies/cookie_store.h" @@ -38,7 +39,7 @@ class TestBase : public WebSocketStreamCreateTestBase { void CreateAndConnect(const GURL& url, const url::Origin& origin, const SiteForCookies& site_for_cookies, - const net::NetworkIsolationKey& network_isolation_key, + const IsolationInfo& isolation_info, const std::string& cookie_header, const std::string& response_body) { // We assume cookie_header ends with CRLF if not empty, as @@ -53,8 +54,7 @@ class TestBase : public WebSocketStreamCreateTestBase { std::string()), response_body); CreateAndConnectStream(url, NoSubProtocols(), origin, site_for_cookies, - network_isolation_key, HttpRequestHeaders(), - nullptr); + isolation_info, HttpRequestHeaders(), nullptr); } std::string AddCRLFIfNotEmpty(const std::string& s) { @@ -143,7 +143,9 @@ TEST_P(WebSocketStreamClientUseCookieTest, ClientUseCookie) { const url::Origin origin = url::Origin::Create(GURL("http://www.example.com")); const SiteForCookies site_for_cookies = SiteForCookies::FromOrigin(origin); - const net::NetworkIsolationKey network_isolation_key(origin, origin); + const IsolationInfo isolation_info = + IsolationInfo::Create(IsolationInfo::RedirectMode::kUpdateNothing, origin, + origin, SiteForCookies::FromOrigin(origin)); const std::string cookie_line(GetParam().cookie_line); const std::string cookie_header(AddCRLFIfNotEmpty(GetParam().cookie_header)); @@ -157,8 +159,7 @@ TEST_P(WebSocketStreamClientUseCookieTest, ClientUseCookie) { CanonicalCookie::Create(cookie_url, cookie_line, base::Time::Now(), base::nullopt /* server_time */); store->SetCanonicalCookieAsync( - std::move(cookie), cookie_url.scheme(), - net::CookieOptions::MakeAllInclusive(), + std::move(cookie), cookie_url, net::CookieOptions::MakeAllInclusive(), base::BindOnce(&SetCookieHelperFunction, run_loop.QuitClosure(), weak_is_called.GetWeakPtr(), weak_set_cookie_result.GetWeakPtr())); @@ -166,8 +167,8 @@ TEST_P(WebSocketStreamClientUseCookieTest, ClientUseCookie) { ASSERT_TRUE(is_called); ASSERT_TRUE(set_cookie_result); - CreateAndConnect(url, origin, site_for_cookies, network_isolation_key, - cookie_header, WebSocketStandardResponse("")); + CreateAndConnect(url, origin, site_for_cookies, isolation_info, cookie_header, + WebSocketStandardResponse("")); WaitUntilConnectDone(); EXPECT_FALSE(has_failed()); } @@ -182,7 +183,9 @@ TEST_P(WebSocketStreamServerSetCookieTest, ServerSetCookie) { const url::Origin origin = url::Origin::Create(GURL("http://www.example.com")); const SiteForCookies site_for_cookies = SiteForCookies::FromOrigin(origin); - const net::NetworkIsolationKey network_isolation_key(origin, origin); + const IsolationInfo isolation_info = + IsolationInfo::Create(IsolationInfo::RedirectMode::kUpdateNothing, origin, + origin, SiteForCookies::FromOrigin(origin)); const std::string cookie_line(GetParam().cookie_line); const std::string cookie_header(AddCRLFIfNotEmpty(GetParam().cookie_header)); @@ -198,8 +201,7 @@ TEST_P(WebSocketStreamServerSetCookieTest, ServerSetCookie) { CookieStore* store = url_request_context_host_.GetURLRequestContext()->cookie_store(); - CreateAndConnect(url, origin, site_for_cookies, network_isolation_key, "", - response); + CreateAndConnect(url, origin, site_for_cookies, isolation_info, "", response); WaitUntilConnectDone(); EXPECT_FALSE(has_failed()); diff --git a/chromium/net/websockets/websocket_stream_create_test_base.cc b/chromium/net/websockets/websocket_stream_create_test_base.cc index 65411a1babc..d160de2f96f 100644 --- a/chromium/net/websockets/websocket_stream_create_test_base.cc +++ b/chromium/net/websockets/websocket_stream_create_test_base.cc @@ -96,17 +96,16 @@ void WebSocketStreamCreateTestBase::CreateAndConnectStream( const std::vector<std::string>& sub_protocols, const url::Origin& origin, const SiteForCookies& site_for_cookies, - const net::NetworkIsolationKey& network_isolation_key, + const IsolationInfo& isolation_info, const HttpRequestHeaders& additional_headers, std::unique_ptr<base::OneShotTimer> timer) { auto connect_delegate = std::make_unique<TestConnectDelegate>( this, connect_run_loop_.QuitClosure()); auto api_delegate = std::make_unique<TestWebSocketStreamRequestAPI>(); stream_request_ = WebSocketStream::CreateAndConnectStreamForTesting( - socket_url, sub_protocols, origin, site_for_cookies, - network_isolation_key, additional_headers, - url_request_context_host_.GetURLRequestContext(), NetLogWithSource(), - std::move(connect_delegate), + socket_url, sub_protocols, origin, site_for_cookies, isolation_info, + additional_headers, url_request_context_host_.GetURLRequestContext(), + NetLogWithSource(), std::move(connect_delegate), timer ? std::move(timer) : std::make_unique<base::OneShotTimer>(), std::move(api_delegate)); } diff --git a/chromium/net/websockets/websocket_stream_create_test_base.h b/chromium/net/websockets/websocket_stream_create_test_base.h index 8c6079e0e94..bdcc3d7fecc 100644 --- a/chromium/net/websockets/websocket_stream_create_test_base.h +++ b/chromium/net/websockets/websocket_stream_create_test_base.h @@ -25,6 +25,7 @@ namespace net { class HttpRequestHeaders; class HttpResponseHeaders; +class IsolationInfo; class URLRequest; class WebSocketStream; class WebSocketStreamRequest; @@ -40,14 +41,13 @@ class WebSocketStreamCreateTestBase : public WithTaskEnvironment { // A wrapper for CreateAndConnectStreamForTesting that knows about our default // parameters. - void CreateAndConnectStream( - const GURL& socket_url, - const std::vector<std::string>& sub_protocols, - const url::Origin& origin, - const SiteForCookies& site_for_cookies, - const net::NetworkIsolationKey& network_isolation_key, - const HttpRequestHeaders& additional_headers, - std::unique_ptr<base::OneShotTimer> timer); + void CreateAndConnectStream(const GURL& socket_url, + const std::vector<std::string>& sub_protocols, + const url::Origin& origin, + const SiteForCookies& site_for_cookies, + const IsolationInfo& isolation_info, + const HttpRequestHeaders& additional_headers, + std::unique_ptr<base::OneShotTimer> timer); static std::vector<HeaderKeyValuePair> RequestHeadersToVector( const HttpRequestHeaders& headers); diff --git a/chromium/net/websockets/websocket_stream_test.cc b/chromium/net/websockets/websocket_stream_test.cc index a3932292701..d4dfb6f582b 100644 --- a/chromium/net/websockets/websocket_stream_test.cc +++ b/chromium/net/websockets/websocket_stream_test.cc @@ -22,6 +22,7 @@ #include "base/test/scoped_feature_list.h" #include "base/timer/mock_timer.h" #include "base/timer/timer.h" +#include "net/base/isolation_info.h" #include "net/base/net_errors.h" #include "net/base/url_util.h" #include "net/http/http_request_headers.h" @@ -90,11 +91,11 @@ static net::SiteForCookies SiteForCookies() { return net::SiteForCookies::FromOrigin(Origin()); } -static net::NetworkIsolationKey CreateNetworkIsolationKey() { - // Top frame origin can be different but currently not testing in a - // third-party context so using the same kOrigin. - url::Origin top_frame_origin = url::Origin::Create(GURL(kOrigin)); - return net::NetworkIsolationKey(top_frame_origin, Origin()); +static IsolationInfo CreateIsolationInfo() { + url::Origin origin = Origin(); + return IsolationInfo::Create(IsolationInfo::RedirectMode::kUpdateNothing, + origin, origin, + SiteForCookies::FromOrigin(origin)); } class WebSocketStreamCreateTest : public TestWithParam<HandshakeStreamType>, @@ -166,7 +167,7 @@ class WebSocketStreamCreateTest : public TestWithParam<HandshakeStreamType>, WebSocketExtraHeadersToString(extra_response_headers)) + additional_data_); CreateAndConnectStream(socket_url, sub_protocols, Origin(), - SiteForCookies(), CreateNetworkIsolationKey(), + SiteForCookies(), CreateIsolationInfo(), WebSocketExtraHeadersToHttpRequestHeaders( send_additional_request_headers), std::move(timer_)); @@ -301,7 +302,7 @@ class WebSocketStreamCreateTest : public TestWithParam<HandshakeStreamType>, EXPECT_FALSE(request->is_pending()); CreateAndConnectStream(socket_url, sub_protocols, Origin(), - SiteForCookies(), CreateNetworkIsolationKey(), + SiteForCookies(), CreateIsolationInfo(), WebSocketExtraHeadersToHttpRequestHeaders( send_additional_request_headers), std::move(timer_)); @@ -328,7 +329,7 @@ class WebSocketStreamCreateTest : public TestWithParam<HandshakeStreamType>, WebSocketExtraHeadersToString(extra_request_headers)), response_body); CreateAndConnectStream(socket_url, sub_protocols, Origin(), - SiteForCookies(), CreateNetworkIsolationKey(), + SiteForCookies(), CreateIsolationInfo(), WebSocketExtraHeadersToHttpRequestHeaders( send_additional_request_headers), nullptr); @@ -351,7 +352,7 @@ class WebSocketStreamCreateTest : public TestWithParam<HandshakeStreamType>, WebSocketStandardRequest(socket_path, socket_host, Origin(), "", ""), WebSocketStandardResponse(extra_response_headers)); CreateAndConnectStream(socket_url, sub_protocols, Origin(), - SiteForCookies(), CreateNetworkIsolationKey(), + SiteForCookies(), CreateIsolationInfo(), HttpRequestHeaders(), nullptr); } @@ -365,7 +366,7 @@ class WebSocketStreamCreateTest : public TestWithParam<HandshakeStreamType>, AddRawExpectations(std::move(socket_data)); CreateAndConnectStream(GURL(url), sub_protocols, Origin(), SiteForCookies(), - CreateNetworkIsolationKey(), additional_headers, + CreateIsolationInfo(), additional_headers, std::move(timer_)); } |